This policy reflects the final Drivest platform model, including subscriptions, route features, location use, analytics choices, lesson bookings, disputes, and audit logging.
1. Introduction
This Privacy Policy explains how Drivest Limited collects, uses, stores, shares, retains, and protects personal data when users access the Drivest mobile application, related website pages, and connected support services.
Drivest Limited acts as a data controller for the processing described in this Policy except where another party is clearly acting as a separate controller for its own services, such as an app store, payment provider, or instructor acting independently for their own business and compliance records.
2. Company Details
Drivest Limited is registered in England and Wales under company number 16939236.
The public-facing address is Studio X, Innovation Centre, Boundary Road, Colchester, Essex, CO4 3ZQ.
Email: admin@drivest.uk
3. Categories of Personal Data
Drivest may process different categories of personal data depending on how a user interacts with the platform:
- Account and identity data: name, email address, phone number, role, account status, and profile details.
- Consent and compliance data: legal document versions accepted, acceptance timestamps, age confirmation flags, safety acknowledgement flags, analytics choices, notification choices, and similar evidence.
- Device and technical data: device type, operating system, app version, push token, crash diagnostics, error logs, IP-related service logs, and session-level identifiers.
- Usage and behavioural data: feature usage, learning progress, route activity, navigation interaction, booking actions, cancellation actions, review actions, settings choices, and other support records.
- Location-related data: approximate or precise location where the user has granted device permission and where the feature requires it, such as route navigation, hazard prompts, or parking guidance.
- Marketplace and lesson data: instructor profile information, booking details, availability, lesson status, review eligibility, ratings, support interactions, and moderation actions.
- Payment and subscription metadata: product identifiers, entitlement state, transaction references, payment status, refund status, payout status, and similar processor-provided metadata.
- Dispute, audit, and fraud prevention data: dispute summaries, uploaded evidence metadata, admin actions, moderation notes, suspicious activity flags, and audit logs.
Drivest does not store full payment card numbers entered directly into authorised payment systems.
4. Sources of Personal Data
Drivest collects personal data directly from users, from the user's device, from activity within the platform, from the other party to a booking where necessary to operate the booking or dispute process, from payment and subscription providers, and from diagnostic or analytics tools where they are active in accordance with the lawful basis used for those tools.
5. How Personal Data Is Used
Personal data is processed to create and manage accounts, provide app features, deliver subscriptions and entitlements, operate learning modules, support route and parking functions, run the instructor marketplace, process bookings and refunds, manage payouts, send notifications, handle support and disputes, investigate complaints, prevent fraud, maintain security, improve service performance, and comply with legal obligations.
Drivest may also use aggregated or anonymised information for service improvement, operational reporting, and product development where individual users are not identified.
6. Legal Bases for Processing
Drivest relies on one or more lawful bases under UK data protection law, including:
- performance of a contract where the user has requested services from the platform
- legitimate interests, including maintaining service security, preventing abuse, improving reliability, investigating complaints, administering the marketplace, and keeping records for audit and defence of claims
- consent where optional analytics, optional notifications, or optional permissions require it
- legal obligations, including record-keeping, tax, accounting, anti-fraud, and legal defence requirements
7. Consent and Control
Where processing is based on consent, Drivest seeks consent before the relevant optional feature is activated. Consent is not pre-enabled. Users may change their consent choices through device settings or in-app settings where those controls are available.
Withdrawal of consent does not affect processing already carried out before the consent was withdrawn. Drivest may retain a record of the fact that consent was given or withdrawn, together with relevant timestamps and document versions, to demonstrate compliance.
8. Location Data
Location data is used only when required for features such as route navigation, hazard prompts, and parking guidance. Location permissions are controlled by the operating system and by the user.
Where route sessions or related location-linked events are stored, they are stored as session or usage records rather than being presented as continuous background tracking, unless and until a future product version clearly implements and discloses that behaviour.
9. Analytics, Diagnostics and Notifications
Drivest may use analytics and diagnostic tools to understand feature usage, improve reliability, investigate errors, and detect crashes. Where analytics relies on consent, it remains off until consent is granted. Diagnostic tooling may in some cases be processed under legitimate interests where reasonably necessary to keep the service secure and operational.
Push tokens and notification delivery metadata may be processed to send service notifications, booking updates, support messages, account notices, and learning reminders. Users can manage notification permissions at device level and, where applicable, within the app.
10. Data Sharing
Drivest may share personal data with infrastructure and hosting providers, analytics and diagnostic tools, mapping and routing providers, payment processors, communication services, professional advisers, and regulators or authorities where required by law.
Where marketplace features are enabled, Drivest may share the minimum necessary booking or dispute information between the relevant learner and instructor to operate the booking, provide support, review complaints, and protect platform integrity.
Drivest does not sell personal data for advertising or marketing purposes.
11. International Transfers
Where personal data is processed outside the United Kingdom, Drivest seeks to rely on an adequacy decision, approved contractual safeguards, processor commitments, or another lawful transfer mechanism required by applicable law.
12. Data Retention
Drivest keeps personal data only for as long as reasonably necessary for the purposes described in this Policy. Different categories of data may have different retention periods.
Active account data may be kept while the account remains active. Consent logs, audit logs, payment records, lesson records, support records, moderation records, dispute records, and legal defence records may be retained after account deletion where reasonably necessary for compliance, fraud prevention, dispute handling, payment reconciliation, security, or the establishment, exercise, or defence of legal claims.
Routine diagnostic or analytics data should be reviewed against a shorter retention approach than records needed for finance, compliance, or dispute defence.
13. Security
Drivest applies technical and organisational measures appropriate to the nature of the data and the risks involved. These measures may include access controls, separation of roles, secure token handling, moderation controls, and operational logging.
No digital system is completely secure, and Drivest cannot guarantee absolute security.
14. User Rights
Depending on the circumstances, users may have rights to access their personal data, correct inaccurate data, request deletion, restrict processing, object to certain processing, request portability where applicable, and withdraw consent where consent is the lawful basis.
Rights are not absolute in every case. Drivest may retain or continue processing certain information where this is necessary for legal obligations, fraud prevention, payment reconciliation, platform security, or legal claims handling. Identity verification may be required before action is taken.
15. Children
Drivest is intended for users aged 16 and over. Drivest does not knowingly seek to collect personal data from younger children for independent use of the service.
16. Complaints
Users may contact Drivest first at admin@drivest.uk so that concerns can be reviewed. Users also have the right to complain to the Information Commissioner's Office at ico.org.uk.
17. Changes to This Policy
This Privacy Policy may be updated from time to time. Material changes may be highlighted in the app, on the website, or through another suitable channel. Continued use of the platform after the effective date of an updated version constitutes acceptance of the revised Policy.