Privacy Policy

Last updated: 25th September 2025

Diffability Driving Limited

1. Introduction

Diffability Driving Limited (“we”, “us”, “our”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (diffabilitydriving.co.uk) and our driving instruction services.

Company Details:

Company Name: Diffability Driving Limited
Company Registration Number: 15901977
Registered Office: Flat 4 Alexander Court, Station Road, Glenfield, Leicester, England, LE3 8BU
Data Protection Contact: hello@diffabilitydriving.co.uk

We are the data controller for the purposes of UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

Contact Information:

Name and surname
Address (home and/or correspondence)
Phone number(s)
Email address
Emergency contact details
Preferred contact methods and times

Driving-Related Information:

Driving license details (number, expiry, endorsements)
Previous driving experience
Driving test history
Learning goals and objectives
Lesson progress and assessment records

Medical and Health Information:

Relevant medical conditions affecting driving ability
Disability information and adaptive needs
Medical certificates and DVLA medical clearances
Medication details that may affect driving
Physical or cognitive limitations
Sensory impairments
Mental health conditions relevant to driving instruction

Special Educational Needs Information:

Learning disabilities or differences
Communication preferences
Support requirements
Educational background relevant to learning to drive

Financial Information:

Payment method preferences
Lesson package purchases
Payment history and outstanding balances
Bank details for refunds (where necessary)

2.2 Technical Information

When you use our website, we may automatically collect:

IP address and location data
Browser type and version
Device information
Pages visited and time spent on pages
Referral sources
Cookies and similar technologies

2.3 Information from Third Parties

We may receive information about you from:

DVLA (for verification purposes)
Medical professionals (with your consent)
Family members or carers (with your permission)
Previous driving instructors (with your consent)
Insurance companies (where relevant)

3. How We Use Your Information

3.1 Lawful Basis for Processing

We process your personal data on the following legal grounds:

Contract Performance:

Providing driving instruction services
Managing lesson bookings and schedules
Processing payments
Communicating about your lessons

Legitimate Interests:

Improving our services
Marketing our services (where you haven’t opted out)
Maintaining business records
Ensuring safety during lessons

Legal Compliance:

Meeting DVLA requirements
Insurance obligations
Health and safety compliance
Safeguarding requirements

Consent:

Sensitive medical information processing
Marketing communications (where required)
Sharing information with family/carers
Recording lessons for training purposes

3.2 Specific Uses

We use your information to:

Service Delivery:

Assess your learning needs and adaptive requirements
Plan personalised driving instruction programs
Provide appropriate adaptive equipment and modifications
Track your progress and development
Prepare you for driving tests
Maintain safety standards during instruction

Communication:

Contact you about lessons, schedules, and changes
Send appointment reminders
Provide updates on your progress
Share relevant driving-related information
Respond to your queries and concerns

Business Operations:

Process payments and manage accounts
Maintain accurate business records
Comply with regulatory requirements
Improve our services and teaching methods
Train our instructors

Marketing (with appropriate consent):

Send information about our services
Share success stories and testimonials
Provide educational content and tips
Notify you of special offers or new services

4. Special Category Data

4.1 Medical and Health Information

We process sensitive medical and health information to:

Provide appropriate adaptive driving instruction
Ensure your safety and the safety of others
Meet DVLA medical requirements
Customise teaching methods to your needs
Maintain appropriate insurance coverage

4.2 Legal Basis for Special Category Processing

We process medical information based on:

Explicit consent for most medical information sharing
Substantial public interest for road safety purposes
Vital interests in emergency situations
Legal compliance with DVLA requirements

4.3 Safeguards

We implement additional safeguards for sensitive data including:

Enhanced security measures
Limited access on a need-to-know basis
Regular review of processing activities
Clear retention policies
Secure disposal procedures

5. Information Sharing

5.1 When We Share Information

We may share your personal information in the following circumstances:

With Your Consent:

Sharing progress updates with family members or carers
Providing references to other driving instructors
Including testimonials in our marketing (anonymised where requested)

Legal Requirements:

DVLA reporting obligations
Court orders or legal proceedings
Regulatory investigations
Safeguarding concerns

Business Operations:

Insurance companies (for claims or coverage verification)
Vehicle breakdown services (in emergencies)
Payment processors (for secure payment handling)
Professional bodies (for complaints or investigations)

Service Providers:

IT support and website maintenance companies
Email and communication service providers
Booking and scheduling system providers
Data backup and storage services

5.2 Third Party Safeguards

All third parties we work with are required to:

Process data only as instructed by us
Maintain appropriate security measures
Comply with data protection legislation
Have appropriate contracts in place

5.3 International Transfers

We do not routinely transfer personal data outside the UK. If international transfers are necessary, we ensure:

Adequate protection through appropriate safeguards
Compliance with UK data protection requirements
Your rights remain protected

6. Data Security

6.1 Security Measures

We implement appropriate technical and organisational measures to protect your data:

Technical Measures:

Encryption of sensitive data
Secure data transmission (SSL/TLS)
Regular security updates and patches
Antivirus and firewall protection
Secure backup procedures

Organisational Measures:

Staff training on data protection
Access controls and user permissions
Regular security risk assessments
Incident response procedures
Clear data handling policies

6.2 Data Breach Response

In the event of a data breach, we will:

Contain and assess the breach immediately
Notify the ICO within 72 hours (where required)
Inform affected individuals without undue delay
Take steps to minimise harm and prevent future breaches
Review and improve security measures

7. Data Retention

7.1 Retention Periods

We retain personal data only as long as necessary:

Active Students:

Contact and lesson information: Throughout the duration of instruction
Medical information: As long as relevant to instruction
Progress records: Until completion of instruction plus 2 years
Payment records: 7 years from last transaction

Former Students:

Basic contact details: 2 years after last lesson
Lesson records: 3 years (for reference and insurance purposes)
Medical information: 1 year after instruction ends (unless ongoing relevance)
Financial records: 7 years (legal requirement)

Instructor Training Records:

Training records: 5 years after completion
Assessment records: 3 years after completion
Certification information: Permanent (for verification purposes)

7.2 Secure Disposal

When data is no longer needed, we ensure:

Secure deletion of electronic records
Confidential disposal of paper records
Certification of destruction where appropriate
Regular review of retention schedules

8. Your Rights

Under UK data protection law, you have the following rights:

8.1 Right of Access

Request a copy of the personal data we hold about you
Understand how we process your information
Receive information in a commonly used electronic format

8.2 Right to Rectification

Correct inaccurate or incomplete personal data
Update your contact details and preferences
Ensure medical information is current and accurate

8.3 Right to Erasure

Request deletion of your personal data in certain circumstances
Withdraw consent for processing (where applicable)
Object to processing for direct marketing

8.4 Right to Restrict Processing

Limit how we use your data while disputes are resolved
Suspend processing if data is inaccurate
Prevent deletion while legal claims are outstanding

8.5 Right to Data Portability

Receive your data in a structured, machine-readable format
Transfer data to another service provider
Applies to data processed with consent or for contract performance

8.6 Right to Object

Object to processing based on legitimate interests
Opt out of direct marketing communications
Object to automated decision-making (where applicable)

8.7 Exercising Your Rights

To exercise any of these rights:

Contact us using the details provided below
Provide sufficient information to verify your identity
Specify which rights you wish to exercise
Allow up to one month for us to respond

9. Cookies and Website Technologies

9.1 What are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and understand how you use our site.

9.2 Types of Cookies We Use

Essential Cookies:

Enable basic website functionality
Remember your preferences during your visit
Maintain security during your session
Cannot be disabled without affecting site functionality

Analytics Cookies:

Help us understand how visitors use our website
Provide insights into popular pages and user journeys
All data is anonymised and aggregated
Used to improve website design and content

Marketing Cookies:

Track visitors across websites for advertising purposes
Provide relevant content and advertisements
Measure effectiveness of marketing campaigns
Only used with your consent

9.3 Cookie Management

You can manage cookies through:

Your browser settings
Our cookie preference center (where available)
Opt-out links in marketing communications
Contacting us directly

9.4 Other Technologies

We may also use:

Web beacons and pixels
Local storage
Analytics tools (e.g., Google Analytics)
Social media plugins

10. Children’s Privacy

10.1 Age Restrictions

Our services are primarily intended for individuals aged 17 and over (minimum age for driving lessons). For students under 18:

Parental consent is required for processing personal data
Parents/guardians may exercise data protection rights on behalf of minors
Additional safeguards apply to protect young people’s data

10.2 Young Adult Considerations

For students aged 16-18:

We balance independence with parental involvement
Medical information may be shared with parents/guardians
Emergency contact procedures include family members
We consider capacity to consent on a case-by-case basis

11. Marketing Communications

11.1 Consent and Opt-out

Marketing emails are sent only with your consent
You can opt out at any time using unsubscribe links
Opt-out requests are processed within 72 hours
We maintain suppression lists to prevent re-contact

11.2 Types of Marketing

We may send you:

Service updates and improvements
Educational content about driving
Special offers and promotions
Success stories and testimonials
Safety tips and guidance

11.3 Marketing Preferences

You can manage your preferences for:

Email frequency and content types
Text message communications
Postal communications
Phone marketing calls

12. Changes to This Policy

12.1 Updates

We may update this Privacy Policy to reflect:

Changes in data protection law
New services or features
Improvements to our practices
Feedback from regulators or customers

12.2 Notification

When we make changes:

The updated policy will be posted on our website
Significant changes will be communicated directly to you
The “Last Updated” date will be revised
You may be asked to review and accept updated terms

13. Contact Information

13.1 Data Protection Enquiries

For any questions about this Privacy Policy or your personal data: