Our Privacy Policy
WHO ARE WE?
The Right Fuel Card Company Limited (“TRFC”), whose head office is located at One The Embankment, Neville Street, Leeds, LS1 4DW, are a UK-based Fuelcard reseller. We are a subsidiary of our parent company, Edenred SE (head office located 14-16 Boulevard Garibaldi, 92130 Issy-les-Moulineaux, France).
We have implemented this privacy policy to outline how we use personal data relating to prospective customers, current fuelcard holders, web users and other individuals who interact with us.
The terms below shall have the following meaning when used in this Policy:
TRFC, We, Our, Us: The Right Fuelcard Company Limited
GDPR: General Data Protection Regulation of the EU no2016/679
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
SCOPE OF THIS POLICY
This policy explains how we handle personal data in respect of:
Partnerships, Limited Company and Limited Liability Partnerships (collectively referred to as “Company”) – we process information relating to your business and its employees or representatives.
Sole Traders – we process information relating directly to you as a person, or your employees, trading on their own with unlimited liability, not registered at Companies’ House and not in partnership with another.
This Notice does not apply in the following situations:
Personal Data collected by third parties during your communications/dealings with those third parties or your use of their products or services (for example, where you allow links to third-party websites over which we have no control).
Personal Data processed and stored by us when we act as a Processor on behalf of our customers while providing our Services (see section Processing of Driver Data). In these cases, the relevant customer privacy statement will apply, and our data processing agreement will govern our processing of your Personal Data.
Private Individuals (Consumers) – We operate solely in a Business-to-Business market and do not conduct business with Consumers.
WHAT PERSONAL DATA DO WE COLLECT AND THE LEGAL BASIS FOR DOING SO
Whether you are a company or a sole trader, we collect the following categories of personal data when you visit our website, enquire about or apply for a fuel card service:
Activity | Purpose | Type of Data | Legal Basis |
|---|---|---|---|
Apply for a fuelcard | Provide a fuel and mobility payment solution to end users (Drivers). Sub-purposes: » Account creation & setup » Card production, delivery, loading » Card and account management (activation/authentication, renewal, blocking, etc) and secure access to mobility services » Card transactions processing at affiliated Acceptance Partners
If applicable (main potential sub-purposes - examples): » Transaction confirmations and usage notifications » Enable fleet management and operational reporting for Corporate Client/Fleet Manager | Business Contact Identity: » Full name » Date of birth
Contact Information: » Telephone
Company Information: » Legal name » Registered and/or billing address » Registration number » Business type
Fleet Information: » Fuelcard preference » Fleet type and size » Embossing details
| Legitimate Interest
Performance of the contract (T&Cs) |
Fraud prevention and risk control | Detect, prevent, and investigate fraudulent use, misuse, or anomalies in transaction patterns, documentation and interactions.
Monitor, detect, and respond to security incidents, unauthorised access, fraud attempts, or cyberattacks; ensure system and process integrity
Investigate and respond to reports of misconduct, fraud, abuse or violations of policies | Proof of Identity: » Address and Photograph ID
Creditworthiness: » Credit checks
Debt recovery tracing
| Legitimate interest (where investigations are for fraud prevention, misconduct or to protect the business)
Contract (T&Cs)
Legal Obligation (if based on regulatory requirement)
|
Access and manage fuelcard services | This includes the following sub-purposes: » Fleet Manager Authentication. » Processing of orders and service provisioning (including personalisation, delivery of cards and product management and reporting) » Driver account and card administration (add/block/reassign/card loading and limit set-up) » Invoice generation and payment management. | Account Information: » Fuelcard account number
Transaction Data: » Drawing data » Statement history
Invoicing Data: » Invoices
Direct Debit Guarantee Bank Details
Customer profile (active/inactive) | Performance of our contract |
Respond to enquiries and provide customer support | Manage customer care support requests (e.g. provide support for card-related issues, app usage, PIN recovery, lost/stolen cards, transaction disputes/chargebacks, and usage questions).
Gather feedback about Customer experience and satisfaction with the service. | Account Information: » Fuelcard account number » Account history
Transaction Data: » Drawings
Invoicing Data: » Invoices
Disputes and complaint information
Enquiry type and content
Any attachments you may submit | Performance of the contract
Legitimate Interest (for fleet managers when representing the contract with the Corporate Client) |
To use data analytics to improve our website, products/services and marketing | To keep our website updated and relevant, to develop our business and to inform our marketing strategy. | Digital data: » Analytics » Browsing » Website interactions » IP addresses » Credentials
Marketing preferences
Technical data: » Incidents » Support requests | Our legitimate interest
(Profiling statistical analysis, secure our website, offer technical support, personalised content) |
Send service updates about policy or legal changes | Notify users about regulatory changes, privacy notice updates, etc.
Notify users about operational updates, outages, and contract-relevant information. | Business Contact Identity: » Full name
Contact Information: » Telephone
Company Information: » Legal name | Performance of the contract
Legal obligation |
Conduct marketing and promotional activities | Send promotional communications to customers about offers, discounts, and services provided by Edenred’s partners.
Send promotional offers, product updates, or service recommendations (if applicable and permitted). | Business Contact Identity: » Full name
Contact Information: » Telephone
Company Information: » Legal name
Marketing preferences | Consent or legitimate interest (where permitted) |
Driver legal helpline support | To provide drivers with access to a legal helpline following a road traffic accident or other driving incident where liability may be disputed or unclear. | Business Contact Identity: » Driver Name
Contact Information: » Telephone
Incident Information: » Date, time and location of the incident » Details provided about the incident » Vehicle registration number, where relevant | Performance of the contract |
LEGAL OBLIGATIONS
In some circumstances, we are required by law to use or share personal data, for example, when a court, law enforcement agency or regulator makes a legally binding request or order for disclosure of personal data.
HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you, including:
» Direct interactions, such as when you apply for our Services or subscribe to marketing communications.
» Automated technologies or interactions, such as via our Website.
» Third parties or publicly available sources such as Companies House.
HOW DO WE KEEP PERSONAL DATA SECURE?
We have industry-standard technical and organisational measures to protect personal data from accidental loss, alteration, disclosure, use, or unauthorised access.
HOW LONG CAN WE KEEP YOUR DATA?
We keep personal data only for as long as necessary for the purposes for which it was collected, including to provide our services, comply with legal, regulatory, tax and accounting requirements, resolve disputes and enforce our legal rights.
How long we keep personal data depends on the type of data involved, the purpose for which it is used and any legal or regulatory obligations that apply. For example:
Customer account and contact data will generally be retained for as long as the customer relationship continues and for a reasonable period afterwards, where required for administration, legal, regulatory or dispute resolution purposes
Financial records, including invoices and related transaction records, will be retained in line with applicable legal and tax requirements
Data used for fraud prevention, security and risk management may be retained for an appropriate period where necessary to protect our business, customers and services
Where personal data is no longer required, we will securely delete it or anonymise it so that it cannot be linked to an individual.
Further details on retention periods may be set out in our internal retention schedule.
INTERNATIONAL TRANSFERS
While the UK and EU countries have high data protection standards, this is not the case in all countries. On occasion, we may need to send or allow access to personal data from these areas. This can occur when one of our processors or a client is based overseas or uses overseas data centres.
We will make sure suitable safeguards are in place in accordance with UK data protection requirements, including:
Sending data to countries that have been approved by UK authorities (eg, Isle of Man, Switzerland, and Canada)
Putting contracts in place to ensure suitable levels of protection
MARKETING COMMUNICATIONS
We may send you information about our products, partner offers, promotions or industry updates by email or SMS.
You can opt out of marketing messages at any time by:
Following the unsubscribe links on any marketing message you receive.
Via this web form.
Contact us at any time.
ANALYTICS – PIANO
Our website uses Piano Analytics, a third-party analytics service, to measure traffic and user behaviour. Piano collects pseudonymous data such as IP address, device/browser information, and on-site actions.
Data is processed in accordance with UK GDPR and may be transferred to the EU with appropriate safeguards.
You can opt out of Piano tracking via our cookie banner or by adjusting your browser settings.
COOKIES
We use essential cookies for site functionality and optional cookies (including Piano) for analytics and marketing.
You can manage or withdraw consent at any time via our cookie banner or your browser settings, but please note that some parts of this website may become inaccessible or not function correctly.
For more information about the cookies we use, please see our Cookie Policy.
USE OF ARTIFICIAL INTELLIGENCE (AI)
We use artificial intelligence technologies in a limited and controlled way to support certain customer contact and lead management activities.
Processor | Purpose |
|---|---|
AI-enabled contact centre and customer experience services, including support across virtual agents, call handling, analytics and workflow management |
Where AI tools process personal data, this is done in accordance with applicable data protection law. We carry out appropriate assessments and controls to ensure that the use of these tools is lawful, proportionate and does not override individuals’ rights and freedoms.
Our AI tools are designed to support human decision-making, not replace it. While AI may assist with tasks such as handling enquiries, analysing interactions or routing contacts, we do not make significant decisions about individuals based solely on automated processing without appropriate human oversight.
Where automated processing is used, we apply appropriate safeguards to help ensure that processing is fair, transparent and properly governed.
WHO ARE THE RECIPIENTS OF YOUR DATA?
We may need to share your data internally (to affiliates and subsidiaries as well as with other entities of the Group) and externally (to third parties) with our providers and partners:
Types of Processors | Processors (links to individual privacy policies) |
|---|---|
Oil Companies | |
Credit* and ID Verification | |
Customer Satisfaction | |
Customer Rewards | |
Telematics | |
Phone Systems | |
Payments | |
External Legal Advice | |
Lead Generation | |
Internal Systems | |
Marketing | |
Website | |
Parent Company |
*For credit check, fraud prevention and cash collection: with credit reference agencies, which may also share information about your settled accounts and late payments with other organisations. For more information, please click here.
In all instances, our providers and partners are required to process your data solely in accordance with our instructions and to implement all necessary security measures to protect your personal data.
RFC AND INTRODUCERS
TRFC works with several external third parties who will act as introducers (facilitating introductions to TRFC). Depending on the type of introducer agreement in place, your data will either be sent from the introducer to TRFC, or you will be asked to contact TRFC directly to discuss your needs.
TRFC works with introducers within the (but not limited to) the following industry sectors:
Construction
Retail
Transportation and Storage
Automotive
Information and Communications Technology
Depending on the type of introducer contact in place, we may share information back to the introducer, containing the company name and litres drawn.
PROCESSING OF DRIVER DATA
When our business customers issue fuel cards to their drivers, we may process personal data about those drivers on their behalf. This may include:
Driver identification details, such as full name and vehicle registration number
Usage data, such as the date, time, location and value of fuel purchases
We process this driver data only in our capacity as a data processor, acting on the instructions of our business customer, who is the data controller. We process this data for the following purposes:
To provide and administer the fuel card service
To generate usage and expense reports
To detect and prevent fraud or misuse of the cards
Our responsibilities as a processor include:
Entering into a written Data Processing Agreement with our business customers, as required under UK GDPR
Implementing appropriate technical and organisational measures to protect driver data
Processing driver data only in accordance with the instructions of the relevant data controller
Assisting the data controller, where appropriate, in responding to requests from drivers exercising their data protection rights
We do not use driver data for our own direct marketing purposes. We will only appoint approved sub-processors in accordance with our contractual and legal obligations.
A copy of the Data Processing Agreement can be found here.
Business customers are responsible for ensuring they have an appropriate lawful basis for providing driver data to us and that drivers receive the required privacy information.
YOUR RIGHTS
All data subjects (company representatives and sole traders) have the right to:
Access, correct or delete personal data
Object to or restrict processing
Withdraw consent where consent is the lawful basis
Data portability
If you wish to exercise your rights or have any concerns about how we collect, use, or handle your personal data, we encourage you to contact us in the first instance so we can address your concerns promptly and effectively. Click here to contact our DPO or email DPO@rightfuelcard.co.uk.
To inform us about a change of address, please click here.
To update your marketing preferences, please click here.
For any other request, click on Contact.