Privacy policy

Commercial Vehicle Service Privacy Notice

About this service

The Commercial Vehicle Service is an online portal for:

  • Authorised Testing Facility (ATF) staff
  • Privately Owned Testing Facility (POTF) staff
  • Users who have a DVSA vehicle testing pre-funded account

The service will enable ATF and POTF staff to view real-time testing taking place at their testing facility, view historical testing and invoices, view and top up their pre-funded account, and manage their vehicle testing account.

Non-testing users can view the balance and top up their DVSA vehicle testing pre-funded account.

DVSA is an executive agency of the Department for Transport (DfT). We carry out commercial vehicle testing to ensure that all vehicles operating on UK roads do so safely. This service lets you manage vehicle tests conducted at an Authorised Testing Facility or a Privately Owned Testing Facility. It also allows non-testing users can view the balance and top up their DVSA vehicle testing pre-funded account.

The data controller for DVSA is DfT – a data controller determines the reasons and how personal data is processed. For more information, please see the Information Commissioner’s Office (ICO) Data Protection Public Register. DfT’s registration number is Z7122992.

What we need

The personal data we collect from you will include:

Authorised Testing Facility (ATF)

  • Name
  • Address

Authorised Testing Facility Staff

  • Name
  • Phone number
  • Email address
  • ATF address

Prefunded Account Customers (including ATFs)

  • Vehicle identification number (VIN)
  • Registration mark
  • Name
  • Work address
  • Phone number

Prefunded Account delegates

  • Name
  • Phone number
  • Email address
  • Work address

The lawful basis for processing this data is Public Task as part of the statutory nature of vehicle testing at Authorised Testing Facilities. In addition, The Public Records Act 1958 defines the procedures for the retention, preservation, transfer, and destruction of public records pertaining to the Commercial Vehicle Testing Service.

Why we need it

We need the personal data we collect from you to:

  • Capture annual vehicle test results
  • Capture details of vehicle defects and any prohibitions
  • Support the financial processes around testing including payments
  • Schedule testing periods
  • Support the identification and testing of vehicles
  • Ensure an accurate vehicle testing record is maintained including details of all test passes/fails, prohibitions, and the locations of each test. This information may be relied on in future investigations relating to vehicle incidents.
  • Support the statutory requirement to maintain a record of vehicle tests and technical details, including the identity of the tester and the vehicle, whilst a vehicle is still on the road.
  • Ensure an accurate record of your pre-funded account transactions, test history, and invoicing
  • Allow the Commercial Vehicle Testing Service to perform an organisational search of our database for existing contact information as part of the ‘invite team member’ process
  • Payment card details are not collected and retained by DVSA

What we do with it

We collect, use and store the data you give us for the reasons set out in this privacy notice.

We will not:

  • Sell or rent your data to third parties
  • Share your data with third parties for marketing purposes

We share vehicle test record information with the Driving and Vehicle Licensing Agency (DVLA), Driver and Vehicle Agency (DVA) and Transport for London (TfL).

We will share your data if required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We’ll only keep your personal data for as long as it is needed for the reasons set out in this privacy notice or as long as is required by law.

We will hold your personal data for 5 years, as per GDPR requirements. Additionally, any data relating to financial transactions will be retained for a minimum of 7 years from the data of the relevant financial transaction, as per GDPR requirements.

Vehicle test data is to be retained for the duration of a vehicle’s lifetime until it is scrapped, at which point data will be erased. This is a statutory requirement to support potential vehicle investigations.

Where it might go

Our IT infrastructure and technology has been checked to make sure it’s safe and secure. Our services operate from Microsoft Azure cloud services, hosted in UK data centres, and Amazon Web Services cloud infrastructure, hosted in EU-WEST data centres in Ireland. External auditors routinely review and assure these for DVSA use.

Protecting your data and your rights

The DVSA personal information charter sets out what steps are taken to protect your data, and the rights you have over your data.

Automated decision making and profiling

Your data is not subject to automated decision making or profiling as defined in data protection legislation.

Changes to this notice

We may change this privacy notice at our discretion at any time. When we change this notice, the date and version of this notice will be updated and you will be notified. Any changes to this privacy notice will be applied to you and your data as of the revision date.

We encourage you to periodically review this privacy notice to be informed about how your data is protected.

How to contact us

If you have any questions about anything stated within this document or if you consider that your personal data has been misused or mishandled, you can contact the DVSA data protection manager using the below details:

DVSA data protection manager
Data Protection Manager
DVSA
1 Unity Square
Nottingham
NG2 1AY
Email: information.handling@dvsa.gov.uk

Contact DVSA customer services Contact DVSA customer services if you have a query that does not relate to how your personal data is used.

You may also make a complaint to the Information Commissioner, who is an independent regulator.