Privacy Policy

Effective since last update: [27/01/2026]

PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy sets out how IconicTaxiApp (“we”, “us”, “our”, “the Company”) collects, processes, and protects personal data in connection with our mobile application (the “App” or “Platform”). We are committed to safeguarding your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller
IconicTaxiApp
Email: account@iconictaxiapp.com
Registered Address: [INSERT YOUR BUSINESS ADDRESS]

2. SCOPE AND APPLICATION

This Privacy Policy applies to all users of the App, including:

  • Licensed Hackney Carriage (Black Cab) drivers (“Drivers”)
  • Drivers with administrative privileges (“Admin Drivers”)
  • Trade-related business organisations purchasing advertising services (“Advertisers”)
  • Platform administrators

3. CATEGORIES OF DATA COLLECTED

3.1 Sensitive Personal Information

The following categories of data are considered sensitive and are subject to enhanced protection measures:

Driver Registration Data:

  • Full name (first name and surname)
  • Professional badge or licence number
  • Telephone number
  • Email address
  • Location of operation (general geographic area, not residential address)
  • Driver photograph (physical image of the driver)
  • Badge photograph (physical image of the actual Hackney Carriage badge)

Advertiser Business Information:

  • Business name and trading details (trade-related businesses only)
  • Authorised contact person details
  • Business correspondence address
  • Telephone and email contact details
  • Payment and billing information

3.2 Non-Sensitive Platform Data

The following information shared through the Platform is not considered personal data and is used to facilitate information exchange between Drivers:

  • Traffic conditions and road updates
  • Public event information and schedules
  • Public transport information (train schedules, delays)
  • Theatre and entertainment venue information
  • Taxi rank status and availability
  • Airport operational information
  • General industry-related updates

This non-sensitive information does not identify individual users and is shared collaboratively within the Platform community.

3.3 Technical and Usage Data

We collect limited technical data necessary for Platform operation:

  • Device type and operating system
  • App version and performance data
  • Login timestamps and session duration
  • Subscription status and payment transaction records

We process personal data on the following lawful grounds under UK GDPR:

a) Contractual Necessity (Article 6(1)(b))
Processing is necessary to fulfil our contractual obligations to provide the App services for which you have subscribed.

b) Legitimate Interests (Article 6(1)(f))
We have a legitimate interest in processing data to:

  • Maintain Platform security and integrity
  • Prevent fraudulent activity and Terms violations
  • Improve service functionality and user experience
  • Enforce Platform rules and community standards

c) Legal Obligation (Article 6(1)(c))
We process data where required to comply with legal and regulatory obligations, including financial record-keeping and response to lawful requests from authorities.

d) Consent (Article 6(1)(a))
Where required by law, we obtain explicit consent for specific processing activities, which you may withdraw at any time.

5. PURPOSE AND USE OF PERSONAL DATA

We process personal data for the following purposes:

5.1 Account Administration

  • Creating and maintaining Driver and Advertiser accounts
  • Verifying professional credentials and eligibility
  • Managing subscription services
  • Processing payments and maintaining financial records

5.2 Platform Functionality

  • Facilitating information exchange between Drivers
  • Enabling Admin Drivers to perform moderation functions
  • Delivering advertising services to Advertisers
  • Providing customer support and responding to enquiries

5.3 Platform Security and Compliance

  • Detecting and preventing fraudulent or abusive behaviour
  • Enforcing Terms and Conditions and Platform rules
  • Investigating violations and disputes
  • Complying with legal obligations and regulatory requirements

5.4 Service Improvement

  • Analysing usage patterns to enhance Platform features
  • Developing new functionality
  • Conducting quality assurance and testing

6. DATA SHARING AND DISCLOSURE

6.1 Internal Access Controls

Regular Drivers:
Have no access to other Drivers’ personal information. They can view and contribute only non-sensitive platform data (traffic updates, events, etc.).

Admin Drivers:
Have limited access restricted to Driver names and Driver identification numbers only. Admin Drivers do not have access to any other sensitive personal information.

Platform Administrators:
Company employees and authorised personnel have access to all Driver and Advertiser information solely for the purposes of platform management, security, compliance, and customer support.

6.2 Third-Party Service Providers

We may share personal data with trusted third-party service providers who process data on our behalf under strict contractual obligations:

Payment Processing Services:
To facilitate subscription payments and advertising fees securely.

Cloud Hosting and Infrastructure Providers:
To store and manage data securely in UK/EEA-based data centres.

Technical Support and Maintenance Services:
To ensure Platform reliability and performance.

All third-party processors are carefully selected and bound by data processing agreements compliant with UK GDPR requirements.

We may disclose personal data when legally required or necessary to:

  • Comply with court orders, warrants, or legal processes
  • Respond to lawful requests from regulatory authorities
  • Protect the rights, property, or safety of the Company, users, or the public
  • Enforce our Terms and Conditions
  • Investigate potential violations or fraudulent activity

6.4 No Sale of Personal Data

We do not sell, rent, or trade personal data to third parties for marketing or commercial purposes.

7. DATA RETENTION

7.1 Active Subscriptions

Personal data is retained for the duration of your active subscription and for such period as necessary to provide ongoing services.

7.2 Post-Cancellation Retention

Following cancellation or termination of your account:

  • Sensitive personal data (photographs, phone number, location) is deleted within 30 days
  • Minimal data (name, badge number, email address) is retained for 12 months to address potential disputes, queries, regulatory requirements, and maintain platform security
  • Financial records are retained for 7 years in accordance with UK tax and accounting regulations

7.3 Automatic Deletion

Accounts inactive for 12 months will have all retained data automatically deleted, with the exception of financial records required by law.

7.4 Anonymised Data

Non-personal, anonymised, and aggregated data may be retained indefinitely for statistical and analytical purposes.

Data may be retained beyond standard periods where required by law, regulatory obligation, or ongoing legal proceedings.

8. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)
You may request a copy of the personal data we hold about you.

Right to Rectification (Article 16)
You may request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)
You may request deletion of your personal data, subject to legal obligations and legitimate grounds for retention.

Right to Restriction of Processing (Article 18)
You may request limitation of how we process your data in certain circumstances.

Right to Data Portability (Article 20)
You may request transfer of your data to another service provider in a structured, commonly used format.

Right to Object (Article 21)
You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Article 7(3))
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner’s Office (see Section 12).

8.1 Exercising Your Rights

To exercise any of these rights, please contact us using the details provided in Section 13. We will respond to all valid requests within 30 days, or as otherwise required by law.

9. DATA DELETION PROCEDURE

9.1 Deletion Requests

You may request deletion of your account and personal data at any time by contacting us at account@iconictaxiapp.com.

9.2 Deletion Process

Upon receipt of a valid deletion request:

Immediate Actions:

  • Your account access will be terminated immediately
  • Sensitive personal data will be deleted within 30 days, including:
    • Driver and badge photographs
    • Phone number
    • Location of operation information

Retained Data (12-month period): To handle potential disputes, queries, regulatory requirements, and maintain platform security, we retain minimal information for 12 months following account cancellation:

  • Name
  • Badge number
  • Email address (required for account authentication and security purposes)
  • Subscription dates and payment records

This retention is based on our legitimate business interests under UK GDPR Article 6(1)(f).

Financial Records: Payment and subscription records are retained for 7 years as required by UK tax and accounting regulations.

9.3 Automatic Deletion

If your account remains inactive (cancelled or unpaid) for 12 months, all retained data (excluding financial records) will be automatically deleted from our systems.

9.4 Right to Object

If you object to the 12-month retention period, you may contact us to discuss your specific circumstances. We will review each case individually and may delete data earlier where we determine retention is no longer necessary.

Please note that deletion is irreversible and will result in permanent loss of access to the Platform.

10. DATA SECURITY MEASURES

We implement comprehensive technical and organisational security measures to protect personal data, including:

Technical Safeguards:

  • Encryption for data transmission using industry-standard secure protocols
  • Secure cloud infrastructure provided by reputable third-party service providers
  • Encrypted data storage using industry-standard algorithms
  • Secure authentication mechanisms with password hashing
  • Regular security updates and vulnerability assessments
  • Access control systems and monitoring

Organisational Safeguards:

  • Role-based access controls limiting personnel access to personal data
  • Mandatory data protection training for all staff with data access
  • Confidentiality agreements with employees and contractors
  • Regular security reviews and compliance audits
  • Incident response and data breach procedures

User Responsibilities:
Users are responsible for maintaining the confidentiality of their account credentials and must report any suspected unauthorised access immediately.

While we implement robust security measures, no system can guarantee absolute security. Users should exercise caution when sharing sensitive information.

11. INTERNATIONAL DATA TRANSFERS

All personal data is stored and processed within the United Kingdom and the European Economic Area (EEA). In the event that data must be transferred to countries outside the UK/EEA, we will ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK Information Commissioner’s Office
  • Adequacy decisions recognising equivalent data protection standards
  • Binding Corporate Rules or other approved transfer mechanisms

We will not transfer personal data internationally without implementing adequate protections as required by UK GDPR.

12. CHILDREN AND AGE RESTRICTIONS

The Platform is intended solely for use by individuals aged 21 years or older who hold valid Hackney Carriage (Black Cab) driver licences. We do not knowingly collect personal data from individuals under 21 years of age. If we become aware that we have inadvertently collected data from someone under 21, we will delete it promptly.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or Platform functionality. Material changes will be communicated to users via:

  • Email notification to registered email addresses
  • In-app notification upon login
  • Posting of the updated policy on our website

The “Last Reviewed” date at the top of this document indicates when the policy was last modified. Continued use of the Platform following notification of changes constitutes acceptance of the updated Privacy Policy.

Users who do not agree to changes may cancel their subscription in accordance with our Terms and Conditions.

14. COMPLAINTS AND SUPERVISORY AUTHORITY

If you have concerns regarding our data processing practices or believe your rights have been violated, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO). Further details are available at https://ico.org.uk.

We encourage you to contact us first to resolve any concerns, but you have the right to approach the ICO at any time.

15. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Data Protection Contact
IconicTaxiApp
Email: account@iconictaxiapp.com
Address: [INSERT YOUR BUSINESS ADDRESS]

We will respond to all enquiries within 30 days as required by UK GDPR.

BY USING THE APP, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, PROCESSING, AND USE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.