Driving Assessment Privacy Notice
Insurance Declaration, Driver Assessment and Licence Check
Your Personal Data
The University of Glasgow is the ‘Data Controller’ of your personal data processed in relation to the requirements of the Insurance Declaration, the Driving Assessment and the licence check: the Insurance Declaration form and the Driving Assessment form (referred to respectively as Ins1 and Ins2 throughout the remainder of this document) processed by University staff and a DVLA licence check carried out by Licence Check Ltd (DAVIS). This privacy notice will explain how the University of Glasgow will process your personal data. Further information about DAVIS can be found in our FAQs.
Why we need it
We are collecting the following elements of personal data on the Ins 1 and Ins 2 forms and in respect of the licence check: name, date of birth, School or College and driving licence details; to ensure that a driver is eligible to drive vehicles insured under the University’s insurance policy. To support the new endorsement policy that will be put in place, we will also require access to data pertaining to endorsements, in order to complete the eligibility check. As part of the new policy, advice and external driver training will be offered to approved drivers who accumulate endorsements.
Basis for processing your data
Legal Obligation: The data must be processed in order to ensure that University drivers have the correct licence and driving qualifications to drive any vehicle insured under the University’s insurance policy. The Road Traffic Act 1988 and Health and Safety at Work Act 1974 requires that the driver of a vehicle is correctly licensed to drive that vehicle. Employers can commit an offence if they cause or permit an employee to drive on their behalf with the incorrect licence.
Legitimate Interest: The use of the DAVIS system to conduct licence checks will simplify the process and ease the administrative burden for both admin staff and drivers. It will also allow the University to manage the health and safety risk to drivers and the public.
Consent: Consent is required to allow DAVIS to access the DVLA licence records and to store those records on the DAVIS portal. DAVIS will contact all approved drivers directly to obtain consent.
What we do with it and who we share it with
All the personal data you submit is processed by staff at the University of Glasgow and DAVIS in the United Kingdom.
Ins1 and/or Ins2, provided in paper form, are digitised and uploaded to the DAVIS cloud portal immediately; the paper forms are securely shredded in batches once a month. Information provided to DAVIS is stored securely to ISO 27001:2013 standard. The Approved Drivers database, containing driver name, department, contact details and the vehicles they are permitted to drive, is saved on the University’s server. The Approved Drivers database is updated at the annual licence check, when a new driver is approved and when a driver’s licence expires. The driving licence expiry dates are monitored on the DAVIS cloud portal by UofG staff on a monthly basis.
How long do we keep it for?
Ins1 and the DAVIS licence check are renewed annually; A new Ins1 form will be emailed annually to each approved driver to be completed and returned. The completed form is uploaded to the drivers profile on the DAVIS portal. The previous years Ins1 form is then securely deleted. GU staff will carry out a driver licence check annually using the DAVIS portal.
If a driver’s annual licence check is successful i.e. the driver has a current full driving licenceand valid photocard, the driver remains on the Approved Drivers database.
If the driver’s annual check is unsuccessful i.e. the driver has been disqualified , doesn’t have a current full driving licence or the photocard has expired or the driver has left the University’s employment the driver is removed from the Approved Drivers database and all data pertaining to that driver is securely deleted from both the Davis portal and the University server.
The digital copy of Ins2 is retained on the DAVIS cloud portal until the staff member is removed from the Approved Drivers database at which any previous data is securely deleted.
What are your rights?
You have the right to request access to your data, rectify any data you have provided to us, and object to the processing of your data.
You can request access to the information we process about you at any time. If at any point you believe that the information we process relating to you is incorrect, you can request to see this information and may in some instances request to have it restricted, corrected or erased.
*Please note that the ability to exercise these rights will vary and depend on the legal basis on which the processing is being carried out.
Queries or Complaints
Please contact firstname.lastname@example.org with any questions or concerns.
If you wish to raise a complaint on how we have handled your personal data, you can contact the University Data Protection Officer who will investigate the matter.
Our Data Protection Officer can be contacted at email@example.com
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).