• Ipswich , UK
Facebook Instagram

01473 222 333

Contact us

Privacy

Privacy Policy — Universal Cabs

Privacy Policy

Last updated: 02/04/2026

This Privacy Policy explains how Universal Cabs ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use any of our services, including:

  • Universal Cabs Admin Portal — our web-based management application for administrators
  • Universal Cabs Driver Portal — our Progressive Web App (PWA) for drivers, accessible at driver.universalcabs.co.uk
  • Universal Cabs Mobile App — our native mobile application for drivers

Together, these are referred to as the "Services".

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Contents

  1. Data Controller
  2. Data We Collect
  3. How We Collect Your Data
  4. Legal Basis for Processing
  5. How We Use Your Data
  6. Push Notifications
  7. Data Sharing & Third Parties
  8. International Transfers
  9. Data Retention
  10. Data Security
  11. Your Rights Under UK GDPR
  12. Cookies & Local Storage
  13. Children's Privacy
  14. Changes to This Policy
  15. Contact Us

1 Data Controller

The data controller responsible for your personal data is:

Universal Cabs
39 Turret Lane
Ipswich
Ip4 1DT

Email: universalcabs21@gmail.com
Phone: 01473 222 333

If you have appointed a Data Protection Officer (DPO) or have an ICO registration number, include it here. Registration with the ICO is required for most organisations processing personal data in the UK.

2 Data We Collect

We collect and process the following categories of personal data depending on your role and interaction with our Services:

Category Examples Applies To
Identity Data Full name, date of birth, photograph Drivers, PAs, Admins
Contact Data Phone number, email address, home address Drivers, PAs, Admins
Employment Data Driver licence number, licence expiry date, DBS certificate details, NI number, contract/shift information, hire date Drivers, PAs
Vehicle Data Vehicle registration, make, model, MOT date, insurance details, taxi licence number, walk-around check photos Drivers
Operational Data Job assignments, school run routes, passenger names and contact details, pickup/drop-off addresses, shift schedules, job completion status Drivers, PAs, Admins
Financial Data Pay rates, earnings records, payroll information, job fares, payment method (cash/card/account) Drivers, PAs
Technical Data Firebase Cloud Messaging (FCM) tokens, device type, browser type and version, login timestamps, authentication tokens All users
Communications Data Messages sent via the in-app broadcast messaging system Drivers, Admins
Passenger data: We process limited passenger information (names, phone numbers, addresses) solely for the purpose of fulfilling transport services. This data is provided by the contracting party (e.g., schools, local authorities, or individual customers).

3 How We Collect Your Data

We collect personal data through the following means:

  • Directly from you — when you register as a driver or PA, submit your documents, complete walk-around vehicle checks, or communicate with us through the app.
  • From your employer or contracting authority — such as schools or local councils that provide passenger and route information for school transport services.
  • Automatically through our Services — when you log into the driver or admin portal, your device generates technical data such as FCM tokens for push notifications, authentication session data, and browser information.
  • From administrators — when an admin creates or updates your profile, assigns jobs, sets schedules, or processes payroll within the system.

4 Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Lawful Basis Purpose
Contract
Article 6(1)(b)		 Processing necessary to perform our contract with you — e.g., assigning jobs, managing shifts, processing payroll, and providing access to the driver portal.
Legal Obligation
Article 6(1)(c)		 Processing required to comply with legal obligations — e.g., maintaining driver licence records, DBS checks for safeguarding in school transport, HMRC tax obligations, and vehicle compliance records.
Legitimate Interests
Article 6(1)(f)		 Processing necessary for our legitimate business interests — e.g., operational efficiency, service quality monitoring, vehicle safety checks, internal communications via broadcast messages, and system security.
Consent
Article 6(1)(a)		 Where we rely on your consent — e.g., sending push notifications to your device. You can withdraw consent at any time by disabling notifications in your device settings.

5 How We Use Your Data

We use your personal data for the following purposes:

  • Creating and managing driver and PA profiles within the system
  • Assigning and dispatching jobs (including school runs and ad-hoc taxi jobs)
  • Managing shift schedules, rotas, and cover arrangements
  • Processing weekly payroll and generating earnings reports
  • Recording and monitoring vehicle walk-around safety checks
  • Tracking document compliance (licence expiry, MOT, insurance, DBS)
  • Sending operational messages and urgent notifications via the in-app messaging system
  • Delivering push notifications about new job assignments and important updates
  • Communicating with passengers via SMS or WhatsApp for service purposes (e.g., confirming pickups, providing feedback links)
  • Generating operational reports and analytics for business management
  • Maintaining the security and integrity of our systems

6 Push Notifications

Our Services use Firebase Cloud Messaging (FCM) to deliver push notifications to your device. These notifications inform you of new job assignments, schedule changes, and important messages from the office.

When you grant notification permission on your device, we store an FCM token — a unique identifier for your device — in our database. This token is used solely to deliver notifications and is not shared with any third party beyond Google's Firebase Cloud Messaging infrastructure.

You can withdraw your consent for push notifications at any time by:

  • Disabling notifications for the app or browser in your device settings
  • Requesting removal of your FCM token by contacting us

If your FCM token becomes invalid (e.g., you uninstall the app), it is automatically removed from our system.

7 Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share your data only in the following circumstances:

Third Party Purpose Safeguards
Google / Firebase Cloud hosting (Firestore database), user authentication, push notifications (FCM), cloud functions Google acts as a data processor under their Data Processing Terms. Data is processed in accordance with Google Cloud's security standards and certifications.
Schools & Local Authorities We may share limited driver information (name, vehicle details) with schools and local authorities as required for school transport contracts and safeguarding obligations. Data sharing agreements in place as required by contract.
HMRC / Regulatory Bodies Payroll and tax-related data as required by law. Legal obligation under UK tax legislation.
Law Enforcement If required by law, court order, or to protect the safety of our users or the public. Disclosed only when legally compelled.

8 International Transfers

Our Services are hosted on Google Firebase, which may process and store data in data centres located outside the United Kingdom, including in the United States and the European Economic Area.

Where your data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Google's compliance with UK GDPR adequacy requirements and their Data Processing Addendum
  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
  • Google Cloud's ISO 27001, SOC 2, and SOC 3 certifications

9 Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:

Data Type Retention Period
Active driver/PA profiles For the duration of your engagement with Universal Cabs, plus 12 months after departure
Job records and school run logs 6 years (for tax and regulatory compliance)
Payroll and financial records 6 years (HMRC requirement)
Vehicle check records and photos 12 months from date of check
Document compliance records (licences, DBS, MOT, insurance) Duration of engagement plus 3 years
In-app messages (broadcasts) 12 months
FCM tokens Automatically removed when invalid; otherwise deleted upon request or when the driver leaves
Authentication and login data Duration of account, deleted upon deactivation

After the retention period expires, data is securely deleted or anonymised so it can no longer be associated with you.

10 Data Security

We take the security of your data seriously and have implemented appropriate technical and organisational measures, including:

  • Encryption in transit — all data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Encryption at rest — data stored in Firebase Firestore is encrypted at rest by default using Google's encryption standards
  • Authentication controls — access to the admin portal is restricted to authorised administrators; the driver portal requires individual login credentials
  • Firestore Security Rules — database access rules ensure drivers can only read their own data; admin access is restricted by role
  • Token management — invalid or stale FCM notification tokens are automatically cleaned up
  • Regular updates — we keep our systems, dependencies, and security practices up to date

While we take all reasonable precautions, no system is 100% secure. If you suspect any unauthorised access to your data, please contact us immediately.

11 Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15) — You can request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16) — You can ask us to correct any inaccurate or incomplete data.
  • Right to Erasure (Article 17) — You can ask us to delete your personal data where there is no compelling reason for us to continue processing it. Note: we may need to retain certain records for legal or regulatory reasons.
  • Right to Restrict Processing (Article 18) — You can ask us to temporarily stop processing your data in certain circumstances.
  • Right to Data Portability (Article 20) — You can request your data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21) — You can object to processing based on legitimate interests.
  • Right to Withdraw Consent — Where processing is based on consent (e.g., push notifications), you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at universalcabs21@gmail.com. We will respond to your request within one calendar month.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

12 Cookies & Local Storage

Our Services are Progressive Web Apps (PWAs) and use minimal browser storage technologies:

Technology Purpose Duration
Firebase Authentication Tokens To keep you logged in to the driver or admin portal Session / until logout
localStorage Caching your driver profile locally for faster loading; storing authentication state Persistent until cleared
Service Worker Cache Enabling offline functionality and faster page loads for the PWA Updated on each visit
FCM Token (IndexedDB) Storing the push notification device token Persistent until cleared or token expires

We do not use any third-party tracking cookies, advertising cookies, or analytics cookies. Our Services do not track you across other websites.

13 Children's Privacy

Our Services are designed for use by adult drivers, passenger assistants, and administrators. We do not knowingly collect personal data directly from children under the age of 13.

In the context of school transport services, we may process limited data about child passengers (names and pickup/drop-off locations) as provided by schools or local authorities. This data is processed solely for the purpose of safely delivering school transport services and is handled in accordance with the contracting authority's safeguarding requirements.

If you believe a child has provided personal data to us directly without appropriate consent, please contact us immediately so we can take steps to delete it.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify active users through our in-app messaging system where appropriate

We encourage you to review this page periodically to stay informed about how we protect your data.

15 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Universal Cabs
Email: universalcabs21@gmail.com
Phone: 01473 222 333
Address: 39 turret lane , Ip4 1Dt, Ipswich

We aim to respond to all enquiries within 5 working days.

© Universal Cabs. All rights reserved.

This policy applies to all Universal Cabs digital services — Admin Portal, Driver Portal, and Mobile App.

×

How may we assist you?

Call Us Email Us Chat on WhatsApp