Privacy and Cookie Policy
Who we are
The data controller for this website is Driveability Scotland.
Driveability Scotland operates as part of the network of Driving Assessment Centres in the UK.
If you wish to contact us about this policy or your personal data, please visit our Contact Us page or write to us at:
Driveability Scotland
117 Brook Street
Glasgow
G40 3AP
Email: info@driveabilityscotland.org.uk
What Information We May Collect and Why Your Name and Contact Details
| How we collect it | How we use it | Lawful basis |
|---|---|---|
| When you fill out a contact form on our website or contact us by phone or email | To respond to your enquiry or request | Legitimate interests |
| When you complete a registration or assessment form | To register you for an assessment, course, or service | Contract |
| When you submit responses to a survey or feedback form | To analyse service usage and improve our services | Legitimate interests |
Information About Your Device and Website Usage
| How we collect it | How we use it | Lawful basis |
|---|---|---|
| When you visit our website, your device details (e.g. IP address, browser, and operating system) are automatically logged | To ensure website security and performance | Legitimate interests |
| When you log in to a restricted area | To protect member-only or restricted content | Legitimate interests |
| When you browse our site (pages visited, time spent, etc.) | To understand how visitors use our site and improve usability | Legitimate interests |
Aggregated Data
We may collect, use, and share aggregated data such as statistical or demographic information for analysis purposes. This data does not identify individuals. If we combine aggregated data with personal data so that it can identify you, we treat the combined data as personal data in accordance with this policy.
Marketing
We do not currently collect or use personal data for marketing purposes through this website.
Special Category Data
We do not collect any special category (sensitive) personal data, such as medical information or details of race, religion, or health, through this website.
Children Under 16
This website is intended for use by individuals aged 16 or over. We do not knowingly collect information relating to children.
Data Retention
We retain personal data only as long as necessary for the purposes it was collected.
Data processed under contract will be retained for between six and ten years to meet legal, tax, or audit requirements.
Data processed under legitimate interests will be retained for no more than two years.
Data Storage
Your data is stored on password-protected, encrypted systems located in the UK.
We may share your data with trusted third-party service providers who help us operate our website and services. These providers are required to comply with UK data protection law.
| Reason | Location |
|---|---|
| Website hosting and server management | Secure UK datacentre (e.g. Layershift) |
| Backup storage | Secure encrypted backups stored in the UK or EU (e.g. Hetzner, Germany) |
We ensure that all third parties handling personal data provide adequate levels of protection and comply with the UK GDPR.
Cookies
Like most websites, we use cookies to ensure our site functions correctly and securely.
Essential Cookies
| Cookie name | Purpose |
|---|---|
| wordpress_[hash], wordpress_sec_[hash], wordpress_logged_in_[hash] | Used by WordPress to manage authentication for logged-in users |
| wordpress_test_cookie | Tests whether your browser accepts cookies |
| wp-settings-{time}-[UID] | Customises your admin or site view |
| __cfduid | Set by Cloudflare for security and performance |
Analytics and Embedded Services
We use third-party services such as Google Analytics, Google Maps, YouTube, and Google Fonts. These may set cookies and collect anonymised usage data (e.g. IP addresses).
| Cookie name | Purpose |
|---|---|
| _ga, _gid | Set by Google Analytics to distinguish users (IP anonymisation enabled) |
| SID, SAPISID, APISID, SSID, HSID, NID, PREF | Set by Google Maps |
| YSC, VISITOR_INFO1_LIVE, CONSENT, PREF | Set by YouTube for embedded video playback |
You can learn more about managing cookies at All About Cookies.
Security Measures
We take security seriously and implement appropriate measures to safeguard personal data.
| Measure | Purpose |
|---|---|
| SSL encryption | Ensures secure transmission of information through our site |
| Firewalls and IP blocking | Prevent unauthorised access |
| Cloudflare protection | Defends against malicious traffic and denial-of-service attacks |
| Security plugins | Detect and block malware or suspicious activity |
| Activity logging | Helps identify security issues or breaches |
| Uptime monitoring | Alerts us to technical or availability issues |
Despite our efforts, the internet is not completely secure, and we cannot guarantee absolute protection.
Data Breach Notifications
In the event of a personal data breach, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours, as required by law, and inform affected individuals where appropriate.
Your Rights
You have the following rights under the UK General Data Protection Regulation (UK GDPR):
- Right to confirmation – to know whether we hold your personal data.
- Right of access – to receive a copy of your personal data.
- Right to rectification – to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your personal data.
- Right to restrict processing – to limit how we use your data.
- Right to complain – to the Information Commissioner’s Office (ICO), though we would appreciate the chance to resolve any concerns first.
If you wish to exercise any of these rights, please contact us using the details above.
Changes to This Policy
We may update this policy from time to time. Any changes will be posted on this page with the revised date. Please check back periodically to ensure you are aware of the latest version.
