Join the Hive
Login
Join the Hive
Login

Privacy Policy (FleetHive Limited)

Last updated: [23/10/2025]

Data controller

  • Name: FleetHive Limited [1.2]
  • Registered address: 179 Park Lane, Poynton, SK12 1RH, UK [1.2]
  • Contact for data protection queries: info@fleethive.ai [1.2]

What information we collect

We collect and process personal and company data from you directly when you create an account or use our services.

  • Identity data: Name, business name, and proof of identity if required.
  • Contact data: Email address, business address, and phone number.
  • Account data: Your username, password, and subscription details.
  • Vehicle data: Details about your vehicles, including make, model, registration, and maintenance history.
  • Financial data: Payment information (handled securely by our payment providers, such as Stripe) and billing information for subscriptions and transactions.
  • Usage data: Information about how you use our platform, tools, and dashboards to help us improve our service.

How we collect your data

  • Direct interactions: You provide data when you register, use our services, or communicate with our support team.
  • Automated technologies: As you interact with our platform, we may automatically collect usage data.

How and why we use your data (lawful basis)

We use your data only when we have a valid legal basis to do so, primarily a contractual obligation or a legitimate business interest.

Purpose: To create and manage your FleetHive account.

  • Lawful basis: Performance of a contract with you. This is necessary to fulfil the agreement made when you created your account.
  • Data collected: Identity, contact, and account data.

Purpose: To deliver our services, including cost management, forecasting, and discount access.

  • Lawful basis: Performance of a contract with you. We need to process this data to provide the services you subscribed to.
  • Data collected: Vehicle, financial, and usage data.

Purpose: To improve our tools and platform for all users.

  • Lawful basis: Legitimate interests. We use aggregated and anonymised data to analyse and improve our services without impacting your privacy.
  • Data collected: Usage data.

Purpose: To process transactions and payments on your behalf.

  • Lawful basis: Performance of a contract with you. This is required for billing and to pass on payments to our partners.
  • Data collected: Financial data.

Purpose: To comply with legal obligations, such as financial record-keeping.

  • Lawful basis: Legal obligation. This is a mandatory requirement imposed by law.
  • Data collected: Financial data and account data.

Who we share your data with

We only share your data with third parties to deliver our services, and we never sell your data [1.2].

  • Payment providers: Services like Stripe receive financial data to process subscription payments and partner transactions [1.2].
  • Maintenance and parts partners: Companies such as  1 Link/ATS or Solera receive limited, specific vehicle and request data to fulfil your maintenance or parts discount requests [1.2]. We do not provide them any private data; only the vehicle registration number and your postcode to match to local service providers.
  • Third-party service providers: We may share data with other selected partners (e.g., fuel card providers) to provide you with integrated services. Your use of these services is governed by their own privacy policies [1.2].
  • Regulatory authorities: In rare cases, we may share your data to comply with a legal obligation or a court order [1.2].

Your data protection rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Have inaccurate or incomplete personal data corrected.
  • Erasure (the right to be forgotten): Request that we delete your personal data under certain conditions.
  • Restrict processing: Ask us to suspend the processing of your personal data under certain conditions.
  • Object to processing: Object to our processing of your personal data under certain conditions, such as for direct marketing.
  • Data portability: Request that we transfer the data you gave us to another organisation, or directly to you, under certain conditions.
  • Withdraw consent: If we rely on your consent for processing, you can withdraw it at any time.

To exercise any of these rights, contact us at info@fleethive.ai [1.2].

Data retention

We will only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. We use anonymisation where possible for data we keep for longer periods for statistical analysis.

Business and consumer specific provisions

  • B2C users: Retail users (individuals) have additional rights under consumer law, such as a 14-day cooling-off period [1.2]. You also have the right to cancel your subscription at any time [1.2].
  • B2B users: When acting on behalf of a business, you warrant that you are authorised to provide the company and employee data. By accessing the services, your company waives the 14-day cooling-off period [1.2].
  1. Internal compliance mechanisms

Beyond the public-facing policy, FleetHive must implement internal procedures to ensure UK GDPR compliance.

Data protection by design and default

  • New systems or features must be developed with privacy and data protection in mind from the initial design phase.
  • The default settings of the platform should be the most privacy-friendly option for users.

Data protection impact assessment (DPIA)

  • FleetHive will conduct a DPIA for any new project or feature involving high-risk data processing, such as extensive profiling or large-scale processing of personal data.

Staff training

  • All employees who handle personal data will receive mandatory data protection training to ensure they understand their responsibilities and the importance of data security.

Accountability and record-keeping

  • FleetHive will maintain internal records of all data processing activities, including the lawful basis, categories of data processed, and recipients of the data.
  1. Data breach response plan

In the event of a personal data breach, FleetHive will follow a strict, documented procedure.

Detection and containment

  • Implement technical security measures like encryption and access controls to prevent breaches.
  • Contain the breach immediately upon detection to minimise its impact.
  •  

Assessment

  • Quickly assess the scale and nature of the breach, including the types of data involved and the number of individuals affected.
  • Determine the potential risk to individuals’ rights and freedoms.

Notification

  • Supervisory authority (ICO): Report the breach to the UK Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it, if it poses a risk to people’s rights.
  • Data subjects: Notify the affected individuals “without undue delay” if the breach poses a high risk to their rights and freedoms. The notification will clearly explain what happened and what steps they can take to mitigate the risks.

Review and response

  • Conduct a full review of the breach to understand its root cause and implement measures to prevent future occurrences.
  • Document all actions taken in response to the breach to demonstrate accountability.