Privacy Policy

We, The Right Fuelcard Company (‘RFC’), respect your privacy and are committed to protecting your personal data. This privacy policy (‘Policy’) will let you know how we process your data when you visit our website, purchase a product or subscribe to our services (altogether ‘Services’). Please read it carefully before using our Services. We may, freely and without notice, update this Policy for compliance to the applicable laws or to our activity. Please make sure to consult it regularly.

The terms below shall have the following meaning when used in this Policy:

Cookie Policy
Our Website cookie policy, available here
Data Protection Officer
European Economic Area
European Union
General Data Protection Regulation of the EU n°2016/679
Edenred group to which RFC belongs
The Right Fuelcard Company including its affiliates and subsidiaries
Terms and Conditions
Our online terms and conditions in their latest published version available here
we, us, our
The United Kingdom

In this Policy, the terms ‘Commission’, ‘cross-border transfer’ ‘data breach’, ‘(data) controller’, ‘(data) processor’, ‘data subject’, ‘(personal) data’, ‘processing’, ‘supervisory authority’ shall have the meaning attributed under GDPR.

Who are we?

RFC acts as data controller for your personal and has appointed a DPO, who can be contacted at:

The Right Fuelcard Company
One The Embankment
Neville Street

or via this form

What data do we process, why and on which legal basis?

We only collect the following personal data of professional nature (as our Services are solely intended for businesses):

Type of data
Legal basis
To apply for fuelcards
  • Identity of contact person (full name, title, email, signature, birthdate)
  • Contacts (telephone numbers, email, preferences)
  • Company details (legal name, registered and billing address, registration number, type)
  • Fleet information (fuelcards type, mileage, vehicles registration, drivers’ names)
  • Company banking details
Performance of a contract (our Terms and Conditions)
For fraud prevention and risk control
  • Proof of identity and address
  • Creditworthiness (balance sheets, credit check)
  • Debts recovery tracing
Our legitimate interests (to control our financial risks)
For payment collection
  • Identity
  • Contact
  • Company banking details
  • Transaction details (drawings)
  • Company information
Performance of a contract (our Terms and Conditions)
To provide you with necessary information (i.e. about policies or legal changes)
  • Identity
  • Contact
  • Customer profile (active/inactive)
Performance of our legal or contractual obligation (to inform you)
For review and survey
  • Name or full name (as provided by you)
  • Contact
  • Review or feedback message content
Our legitimate interests (to improve our services and offers and customers experience)
To partake in a prize draw or competition
  • Identity
  • Contact
  • Customer profile
  • Services use
  • Transaction
  • Marketing preferences
Our legitimate interest (to offer you to join in)
Your consent (your marketing preferences)
For our Website administration and security
  • Digital data (credentials, IP addresses, website interactions)
  • Technical data (incidents, support requests, etc.)
Our legitimate interests (to secure our Website and provide you with technical support)
To personalise our Website’s content and advertisements
  • Digital data (analytics, browsing, interests, IP addresses or credentials)
  • Technical data
  • Marketing preferences
Our legitimate interests (to improve customers experience and offer you personalised content)
Your consent (see our Cookie Policy)
To improve our Website
  • Technical data
  • Website usage
Our legitimate interests (to improve our Website)
Your consent (see our Cookie Policy)

To send you offers
  • Identity
  • Contact
  • Technical data
  • Usage data
  • Customer profile
Our legitimate interests (to develop our business)
Your consent (opt-in, absence of opt-out or soft opt-in)
To access and manage your account
  • Credentials
  • Contact
  • Identity
  • Registration and login dates
  • Account information
  • Balance
  • Transaction data (statements history, drawings, balance)
  • Invoicing data (invoices, billing addresses)
Performance of a contract (our Terms and Conditions)
To contact us
  • Name
  • Email
  • Account number if any
  • Enquiry type and content
  • Any attachment you may submit
Your consent (to this Privacy)
Our legitimate interest (to address your enquiry)

What if you fail to provide personal data?

Please note that where we need to collect personal data by law or contract, if you fail to provide the necessary data, we will not be able to provide you with our services and products at no liability or costs for us. It is essential that you ensure that your personal data is accurate and current. Please keep us informed of any change clicking here.

How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions (e.g. when you apply for our Services, subscribe to marketing communications, etc.); Automated technologies or interactions (e.g. when you interact with our Website)
  • Third parties or publicly available sources (e.g. financial data from providers, identity data from Company House)

How can you opt out from marketing communications?

You can opt-out from marketing messages at any time by:

  • clicking here to update your marketing preferences; or
  • following the unsubscribe links on any marketing message you receive; or
  • via this web form; or
  • contacting us at any time.

What about cookies?

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Who are the recipients of your data?

We may need to share your data internally (to affiliates and subsidiaries as well as with other entities of the Group) and externally (to third parties) with our providers and partners:

  • for printing and mailing;
  • for email services: with emailing tools;
  • for website maintenance: with our webmaster and similar providers;
  • for website tracking and analytics: with analytics tools such as Google Analytics;
  • for surveys and feedbacks: with survey and feedback providers such as Trustpilot or Medallia;
  • for external counsel: with our legal firms;
  • for credit check, fraud prevention and cash collection: with credit reference agencies which may also share information about your settled accounts and late payments with other organisations. For more information, click here.

Our providers and partners are required to process your data solely for the purposes indicated and according to our instructions and all applicable data protection laws and to implement all necessary security measures to protect your personal data.   

Some of our partners and providers may be located within or outside the UK or EEA (e.g. in the United-States). Additionally, RFC is part of an international Group with entities located outside the EEA, which may have access to your data while conducting business. No transfer of your personal data is conducted without the appropriate applicable safeguards (like the Commission Standard Contractual Clauses).

In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at 

What data security have we implemented?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way. Only recipients with a need-to-know (according to the above-mentioned purposes) may access your data and are subject to confidentiality undertakings.

How long is your data retained for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for and according to applicable legal or regulatory prescriptions:

Data category
Retention period
For data relating to customers
For the time of the contractual relationship (active base) and up to 10 years afterwards (archive with restricted access)
For data relating to prospects
Up to three years since last contact (active base)

We may retain data for a longer period but only in an anonymised format for statistical purposes.

What are your rights and how to exercise them?

You have a right to access, rectification, erasure, portability of your personal data as well as a right to restrict or object a data processing, a right not to be subject to automated decision-making and be notified in case of a data breach and a right to lodge a complaint to the competent supervisory authority. Please note however that each request will be subject to prior analysis as to its legitimacy and to prior identity verification for which we may require you to provide a proof of identity. We may also require you to precise your request and provide complementary information. To exercise your rights, click here or contact our DPO at To inform us about a change of address, please click here. To update your marketing preferences, please click here. For any other request, click on ‘Contact’.