Legal Page

Privacy Policy

Effective Date: 27 January 2026

Last Reviewed: 27 January 2026

1. INTRODUCTION

This Privacy Policy sets out how IconicTaxiApp ("we", "us", "our", "the Company") collects, processes, and protects personal data in connection with our mobile application (the "App" or "Platform"). We are committed to safeguarding your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller
IconicTaxiApp
Email: [email protected]
Registered Address: Office 18042
182-184 High Street North
East Ham
London
E6 2JA

2. SCOPE AND APPLICATION

This Privacy Policy applies to all users of the App, including:

  • Licensed Hackney Carriage (Black Cab) drivers ("Drivers")
  • Drivers with administrative privileges ("Admin Drivers")
  • Trade-related business organisations purchasing advertising services ("Advertisers")
  • Platform administrators

3. CATEGORIES OF DATA COLLECTED

3.1 Sensitive Personal Information

The following categories of data are considered sensitive and are subject to enhanced protection measures:

Driver Registration Data:

  • Full name (first name and surname)
  • Professional badge or licence number
  • Telephone number
  • Email address
  • Location of operation (general geographic area, not residential address)
  • Driver photograph (physical image of the driver)
  • Badge photograph (physical image of the actual Hackney Carriage badge)

Camera Permission:
We request camera access only so users can capture and upload required photos (such as driver photo, badge photo, and taxi listing images) within the App. Camera access is not used for background recording.

Advertiser Business Information:

  • Business name and trading details (trade-related businesses only)
  • Authorised contact person details
  • Business correspondence address
  • Telephone and email contact details
  • Payment and billing information

3.2 Advertiser Materials

As part of trade advertising services, we may host and display advertiser-provided business materials within the Platform, including:

  • Business logos, promotional images, and advertising artwork
  • Business contact details and website links provided by the advertiser
  • Campaign scheduling and placement information required to deliver advertising services

These materials are used only to operate advertising features within the Platform. We do not sell personal data to advertisers.

3.3 Non-Sensitive Platform Data

The following information shared through the Platform is not considered personal data and is used to facilitate information exchange between Drivers:

  • Traffic conditions and road updates
  • Public event information and schedules
  • Public transport information (train schedules, delays)
  • Theatre and entertainment venue information
  • Taxi rank status and availability
  • Airport operational information
  • General industry-related updates

This non-sensitive information does not identify individual users and is shared collaboratively within the Platform community.

3.4 Technical and Usage Data

We collect limited technical data necessary for Platform operation:

  • Device type and operating system
  • App version and performance data
  • Login timestamps and session duration
  • Subscription status and payment transaction records

4. LEGAL BASIS FOR PROCESSING

We process personal data on the following lawful grounds under UK GDPR:

a) Contractual Necessity (Article 6(1)(b))
Processing is necessary to fulfil our contractual obligations to provide the App services for which you have subscribed.

b) Legitimate Interests (Article 6(1)(f))
We have a legitimate interest in processing data to:

  • Maintain Platform security and integrity
  • Prevent fraudulent activity and Terms violations
  • Improve service functionality and user experience
  • Enforce Platform rules and community standards

c) Legal Obligation (Article 6(1)(c))
We process data where required to comply with legal and regulatory obligations, including financial record-keeping and response to lawful requests from authorities.

d) Consent (Article 6(1)(a))
Where required by law, we obtain explicit consent for specific processing activities, which you may withdraw at any time.

5. PURPOSE AND USE OF PERSONAL DATA

We process personal data for the following purposes:

5.1 Account Administration

  • Creating and maintaining Driver and Advertiser accounts
  • Verifying professional credentials and eligibility
  • Managing subscription services
  • Processing payments and maintaining financial records

5.2 Platform Functionality

  • Facilitating information exchange between Drivers
  • Enabling Admin Drivers to perform moderation functions
  • Delivering advertising services to Advertisers
  • Providing customer support and responding to enquiries
  • Using camera-captured images to verify accounts and support Taxi for Sale listings

5.3 Advertising Partner Content Use

  • Hosting and displaying advertiser-provided images, logos, and business promotions within the Platform
  • Reviewing advertiser submissions to confirm they meet legal and Platform standards
  • Managing advertiser campaign placements and subscription-linked visibility

5.4 Platform Security and Compliance

  • Detecting and preventing fraudulent or abusive behaviour
  • Enforcing Terms and Conditions and Platform rules
  • Investigating violations and disputes
  • Complying with legal obligations and regulatory requirements

5.5 Service Improvement

  • Analysing usage patterns to enhance Platform features
  • Developing new functionality
  • Conducting quality assurance and testing

6. DATA SHARING AND DISCLOSURE

6.1 Internal Access Controls

Regular Drivers:
Have no access to other Drivers' personal information. They can view and contribute only non-sensitive platform data (traffic updates, events, etc.).

Admin Drivers:
Have limited access restricted to Driver names and Driver identification numbers only. Admin Drivers do not have access to any other sensitive personal information.

Platform Administrators:
Company employees and authorised personnel have access to all Driver and Advertiser information solely for the purposes of platform management, security, compliance, and customer support.

6.2 Third-Party Service Providers

We may share personal data with trusted third-party service providers who process data on our behalf under strict contractual obligations:

Payment Processing Services:
To facilitate subscription payments and advertising fees securely.

Cloud Hosting and Infrastructure Providers:
To store and manage data securely in UK/EEA-based data centres.

Technical Support and Maintenance Services:
To ensure Platform reliability and performance.

All third-party processors are carefully selected and bound by data processing agreements compliant with UK GDPR requirements.

6.3 Legal Disclosures

We may disclose personal data when legally required or necessary to:

  • Comply with court orders, warrants, or legal processes
  • Respond to lawful requests from regulatory authorities
  • Protect the rights, property, or safety of the Company, users, or the public
  • Enforce our Terms and Conditions
  • Investigate potential violations or fraudulent activity

6.4 No Sale of Personal Data

We do not sell, rent, or trade personal data to third parties for marketing or commercial purposes.

6.5 Advertiser Access Limitations

Advertisers do not receive Driver or user personal data for independent marketing. Advertisers may only provide their own business materials for display through our advertising services, and those materials are handled under our Platform controls.

7. DATA RETENTION

7.1 Active Subscriptions

Personal data is retained for the duration of your active subscription and for such period as necessary to provide ongoing services.

7.2 Post-Cancellation Retention

Following cancellation or termination of your account:

  • Sensitive personal data (photographs, phone number, location) is deleted within 30 days
  • Minimal data (name, badge number, email address) is retained for 12 months to address potential disputes, queries, regulatory requirements, and maintain platform security
  • Financial records are retained for 7 years in accordance with UK tax and accounting regulations

7.3 Automatic Deletion

Accounts inactive for 12 months will have all retained data automatically deleted, with the exception of financial records required by law.

7.4 Anonymised Data

Non-personal, anonymised, and aggregated data may be retained indefinitely for statistical and analytical purposes.

7.5 Legal Obligations

Data may be retained beyond standard periods where required by law, regulatory obligation, or ongoing legal proceedings.

7.6 Advertiser Materials Retention

Advertiser-provided logos, images, and campaign materials are retained only for the period necessary to provide the advertising service, meet legal obligations, and resolve legitimate disputes, after which they are removed or archived in line with operational and legal requirements.

8. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)
You may request a copy of the personal data we hold about you.

Right to Rectification (Article 16)
You may request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)
You may request deletion of your personal data, subject to legal obligations and legitimate grounds for retention.

Right to Restriction of Processing (Article 18)
You may request limitation of how we process your data in certain circumstances.

Right to Data Portability (Article 20)
You may request transfer of your data to another service provider in a structured, commonly used format.

Right to Object (Article 21)
You may object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Article 7(3))
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Commissioner's Office (see Section 14).

8.1 Exercising Your Rights

To exercise any of these rights, please contact us using the details provided in Section 15. We will respond to all valid requests within 30 days, or as otherwise required by law.

9. DATA DELETION PROCEDURE

9.1 Deletion Requests

You may request deletion of your account and personal data at any time by contacting us at [email protected] or by clicking on this form icon .

9.2 Deletion Process

Upon receipt of a valid deletion request:

Immediate Actions:

  • Your account access will be terminated immediately
  • Sensitive personal data will be deleted within 30 days, including:
  • Driver and badge photographs
  • Phone number
  • Location of operation information

Retained Data (12-month period):
To handle potential disputes, queries, regulatory requirements, and maintain platform security, we retain minimal information for 12 months following account cancellation:

  • Name
  • Badge number
  • Email address (required for account authentication and security purposes)
  • Subscription dates and payment records

This retention is based on our legitimate business interests under UK GDPR Article 6(1)(f).

Financial Records:
Payment and subscription records are retained for 7 years as required by UK tax and accounting regulations.

9.3 Automatic Deletion

If your account remains inactive (cancelled or unpaid) for 12 months, all retained data (excluding financial records) will be automatically deleted from our systems.

9.4 Right to Object

If you object to the 12-month retention period, you may contact us to discuss your specific circumstances. We will review each case individually and may delete data earlier where we determine retention is no longer necessary.

Please note that deletion is irreversible and will result in permanent loss of access to the Platform.

10. DATA SECURITY MEASURES

We implement comprehensive technical and organisational security measures to protect personal data, including:

Technical Safeguards:

  • Encryption for data transmission using industry-standard secure protocols
  • Secure cloud infrastructure provided by reputable third-party service providers
  • Encrypted data storage using industry-standard algorithms
  • Secure authentication mechanisms with password hashing
  • Regular security updates and vulnerability assessments
  • Access control systems and monitoring

Organisational Safeguards:

  • Role-based access controls limiting personnel access to personal data
  • Mandatory data protection training for all staff with data access
  • Confidentiality agreements with employees and contractors
  • Regular security reviews and compliance audits
  • Incident response and data breach procedures

User Responsibilities:
Users are responsible for maintaining the confidentiality of their account credentials and must report any suspected unauthorised access immediately.

While we implement robust security measures, no system can guarantee absolute security. Users should exercise caution when sharing sensitive information.

11. INTERNATIONAL DATA TRANSFERS

All personal data is stored and processed within the United Kingdom and the European Economic Area (EEA). In the event that data must be transferred to countries outside the UK/EEA, we will ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognising equivalent data protection standards
  • Binding Corporate Rules or other approved transfer mechanisms

We will not transfer personal data internationally without implementing adequate protections as required by UK GDPR.

12. CHILDREN AND AGE RESTRICTIONS

The Platform is intended solely for use by individuals aged 21 years or older who hold valid Hackney Carriage (Black Cab) driver licences. We do not knowingly collect personal data from individuals under 21 years of age. If we become aware that we have inadvertently collected data from someone under 21, we will delete it promptly.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or Platform functionality. Material changes will be communicated to users via:

  • Email notification to registered email addresses
  • In-app notification upon login
  • Posting of the updated policy on our website

The "Last Reviewed" date at the top of this document indicates when the policy was last modified. Continued use of the Platform following notification of changes constitutes acceptance of the updated Privacy Policy.

Users who do not agree to changes may cancel their subscription in accordance with our Terms and Conditions.

14. COMPLAINTS AND SUPERVISORY AUTHORITY

If you have concerns regarding our data processing practices or believe your rights have been violated, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO). Further details are available at https://ico.org.uk.

We encourage you to contact us first to resolve any concerns, but you have the right to approach the ICO at any time.

15. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Data Protection Contact
IconicTaxiApp
Email: [email protected]
Address: Office 18042
182-184 High Street North
East Ham
London
E6 2JA

We will respond to all enquiries within 30 days as required by UK GDPR.

BY USING THE APP, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, PROCESSING, AND USE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.