Skyfleet Ltd is committed to protecting the privacy and security of personal data. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This policy explains how we collect, use, store and protect personal information.
Skyfleet Ltd is the Data Controller for the personal data we process. We decide how and why data is used. We are registered with the Information Commissioner’s Office (ICO), registration number Z5828790.
We may collect personal data including: names, addresses, email addresses, phone numbers, date of birth, identification documents, bank details (for identity checks), employment information, business details and any information required to assess finance applications.
We only process personal data when we have a lawful reason. Under UK GDPR, this includes:
1) Contract – to arrange vehicle finance or provide services
2) Legal obligation – to comply with FCA or anti‑money laundering requirements
3) Legitimate interests – to operate our business and prevent fraud
4) Consent – for marketing communications.
We follow the six principles of UK GDPR. Personal data must be:
1) Used lawfully, fairly and transparently.
2) Collected for specific purposes.
3) Limited to what is necessary.
4) Accurate and kept up to date.
5) Kept only as long as necessary.
6) Kept secure.
We are also responsible for demonstrating compliance with these principles.
Under UK GDPR you have the right to:
1) Access your data.
2) Have inaccurate data corrected.
3) Have data deleted (in some cases).
4) Restrict processing.
5) Object to processing or marketing.
6) Request data transfer to another provider.
7) Not be subject to solely automated decisions.
Requests will be completed within one month and are free of charge.
If you want to see the information we hold about you, you can email [email protected]. We will ask for proof of identity and respond within one month. We will not charge a fee unless the request is excessive.
We use personal data to:
1) Provide quotations.
2) Process finance applications.
3) Verify identity and prevent fraud.
4) Administer contracts.
5) Manage customer relationships.
6) Meet FCA and legal requirements.
7) Provide updates and customer service.
8) Send marketing where consent has been given.
We only send marketing emails or messages when you have given consent or where allowed under PECR. You can withdraw consent at any time by emailing [email protected].
We may share personal data with:
1) Finance lenders.
2) Vehicle suppliers and delivery agents
3) Identity and credit-check partners
4) Regulators such as the FCA or ICO
5) Fraud‑prevention agencies.
We only share the minimum data required and never sell personal data.
We normally store data in the UK. If data must be processed outside the UK, we ensure appropriate safeguards such as ICO‑approved International Data Transfer Agreements (IDTAs) or UK Addendums.
We use strong passwords, encryption, firewalls, secure servers and restricted access to protect data. Paper documents are stored securely and shredded when no longer required. Electronic data is backed up and protected by authorised software. Data must not be stored on personal devices unless authorised.
We keep personal data only as long as needed. Typically:
1) Finance application data: up to 7 years.
2) Customer records: duration of contract + 6 years.
3) Marketing consent records: until consent is withdrawn. After this time, data is securely deleted or anonymised.
Staff Responsibilities
All staff must follow this policy, keep data secure, report suspected breaches, and complete training. Staff must not share data informally or with anyone who is not authorised.
Any suppliers that handle personal data on our behalf must meet UK GDPR standards. Contracts with third parties include data‑processing terms and are reviewed regularly.
Our website may use cookies to improve user experience. Visitors can manage cookie settings at any time. Our website Privacy Notice explains this in more detail.
The Data Protection Officer (DPO) is Toby Mileham. He is responsible for monitoring compliance, handling data requests and reviewing policies. Email: [email protected]
Skyfleet Ltd, Capital House, Units 3‑4 High House Business Park, Kenardington, Kent, TN26 2LF. Phone: 01233 730260. FCA Reference Number: 669102.
(V8 – 05/01/2026)