DSA privacy statement
Driving Standards Agency (DSA) – Privacy Statement
This statement covers the services provided by the Driving Standards Agency (DSA), including those services provided by its website – www.dsa.gov.uk. The purpose of this statement is to inform customers about the information that is collected from them when they use DSA services, how this information is used, if it is disclosed and the ways in which users’ privacy is protected.
Data Protection Act 1998
The Data Protection Act 1998 establishes rights for individuals who disclose their personal information - where personal information is widely defined - to any organisation for any purposes involving processing of that information. Any organisation which processes information about living individuals is a data controller for the purposes of the Act; that is a person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.
A data controller is required by the Act to ensure that the data subject has, is provided with, or has made readily available to him certain specified information, including the data controller's identity, the identity of any other person to whom he may disclose the information, and the purpose or purposes for which the data are intended to be processed.
We collect and process data that you provide for specific purposes. You will be asked to provide information about yourself when you use certain site facilities, in order to complete your request or transaction. This may include personal information such as your name, email addresses, mailing address and telephone number. We use this data to provide you with the information, products or services that you request from us and to communicate with you. We may keep a record of any contacts you have with us. We may use the information that you provide for record keeping, statistical, or research purposes.
We only retain this information where required to do so by law; for the length of time needed to provide the service or information you have requested (including any retention period specified by law or by government policy), or for the length of time that you choose to store information or permit us to contact you if you have registered with our website.
Other rights
In addition to subject access rights, the data subject can, in certain circumstances require the data controller to stop processing their personal data, or to order the rectification, blocking or erasure of inaccurate data and to claim compensation for damage or distress caused by a breach of the Act.
Where personal data are being processed automatically for the purpose of evaluating matters relating to the data subject, and the processing is likely to constitute the sole basis for a decision affecting the data subject, he/she is entitled to be given an explanation of the logic involved in the decision process.
DSA is an Executive Agency of the Department for Transport (DfT). The notified data controller for personal data processed by DSA is DfT. DSA, however, has delegated responsibility for the processing of the personal data it holds and, as such, carries out its processing as if it were the data controller. The purposes for which the data are intended to be processed are as follows:
1. Test Booking Services
DSA uses personal data for the purposes of confirming identity and entitlement, booking a test, providing tests and results and creating statistical management information. This includes analysis and research to improve road safety and customer service.
Credit card details are submitted via a secure server using industry standard encryption.
For the purpose of administering and conducting a variety of Driver Theory Tests, Pearson Driving Assessments Limited (Pearson) act as DSA’s data processors and are authorised to collect and process personal information on DSA’s behalf. Personal data shall be processed by Pearson in both the United Kingdom and United States of America. For the USA processing, compliance with the requirements of the UK Data Protection Act 1998 is established via the US Department of Commerce’s ‘Safe Harbor’ framework. For more information visit www.export.gov/safeharbor/.
Personal information is also used to provide links for validating and enabling the lawful provision of driving licenses by the UK Driver and Vehicle Licensing Agency (DVLA). DSA must ensure the integrity of the driving test. We may use personal data for the purposes of preventing or detecting crime and catching or prosecuting offenders. This may include hidden monitoring when appropriate.
No further disclosures shall be made by DSA other than in accordance with the law, to comply with legal obligations and in accordance with the Data Protection Act 1998.
2. Register of Approved Driving Instructors (ADIs)
Personal data is used to help administer the Register of ADIs and practical driving test. DSA may also use personal data for statistics and analysis to assess equality and improve our customer service.
DSA must ensure the integrity of the driving test. We may use personal data for the purposes of preventing or detecting crime and catching or prosecuting offenders. This may include hidden monitoring when appropriate.
DSA does not disclose or share personal data with any third parties other than in line with the Data Protection Act 1998. This may include, but is not restricted to, disclosure to the police, HM Revenue and Customs, local governments and DVLA. In the case of transfers from DVLA, this may include details of endorsements for the purpose of ensuring that registered ADIs continue to be fit to remain on the register.
In order to ensure that Potential Driving Instructors (PDIs) and ADIs are fit to be entered onto / remain on the register, DSA uses the services of the Criminal Records Bureau to obtain criminal record disclosures for individuals normally resident in England and Wales, and of Disclosure Scotland for individuals normally resident in Scotland.
3. Driver Certificate of Professional Competence (Driver CPC)
Personal data will be collected for the purposes of recording periodic training necessary for a professional bus or lorry driver to qualify for the Driver Certificate of Professional Competence (Driver CPC) and for the issue of a Driver Qualification Card (DQC). Both of these functions enable professional bus and lorry drivers to comply with EU legislation.
Data collected may be shared with other bodies to enable them to carry out their statutory duties in respect of enforcement of the legislation. These bodies will include the Vehicle and Operator Services Agency (VOSA) and the police.
Data collected may be shared with the Driver and Vehicle Licensing Agency (DVLA) for the purpose of including a professional bus or lorry driver’s Driver CPC qualification information (but not their training information) on their driver record.
The data collected may also be used by bodies working on DSA’s behalf, for example, to enable the production of a DQC card, or to provide management information to the Joint Approvals Unit for Periodic Training (JAUPT).
Information will be used for determining the entitlement of the driver to hold Driver CPC in relation to a particular vehicle category.
DSA must ensure the integrity of Driver CPC and the issue of DQCs. Data may be used by the DSA Fraud and Integrity Team as part of investigations into fraudulent / criminal activities and may be used as evidence for prosecuting offenders.
Data collected will not be shared with any third parties other than for the statutory duties listed above.
4. Driver Trainers
DSA uses personal data for the purpose of administering the Integrated Register of Driver Trainers and other driver training registers and for the administration of practical driving tests. Users’ details are also used for statistics and analysis to assess equality and improve customer service.
5. Theory Test Website
The theory test website does not use cookies or other technology to gather information about users without their knowledge, though users’ IP addresses will be automatically recognised by the web server.
6. Public Consultations and feedback forms
Any personal data provided to DSA in order to take part in a public consultation will be processed by DSA for the purpose of administering the consultation. Formal responses to consultations will be retained and used to inform future policy.
Where personal data is gathered alongside a public consultation by use of forums, blogs or similar methods, such data will be held for the duration of the consultation only and deleted thereafter.
In line with our policy on openness, DSA will aim to make available the responses received to public consultations. Responses will be published on our website – www.dsa.gov.uk - at the end of the consultation period, unless you specifically ask us not to do so. You should also be aware that we might have to disclose your response if asked to do so as part of a request for information made under the Freedom of Information Act 2000. You may ask that your response is kept confidential, but we will only be able to do this if withholding the information is consistent with the obligations under that legislation. Please note that a confidentiality disclaimer generated by an IT system in e-mail responses will not be regarded as a confidentiality request. If third parties ask for hard copies of responses, we will make a reasonable charge for processing and copying.
DSA will occasionally provide a feedback form to allow users to give general feedback about the site. The information collected on this form will be used by DSA to measure customer satisfaction and, where necessary, make improvements to the website.
In most cases, the information provided on a form is entirely optional. General feedback can be sent without having to provide a name or email address. However, there is an option to provide contact details if you wish.
Information collected from feedback forms is stored on the website for the duration of the survey and then deleted.
7. Requests for Information: Freedom Of Information Act 2000 and Environmental Information Regulations 2004
DSA uses the personal data provided by requestors for the purpose of answering their Freedom Of Information or Environmental Information request, for any further correspondence or appeals related to the request and for reporting response statistics to DfT. Any statistical analysis will be anonymised.
8. Subject Access Requests
Individuals have various rights under the Data Protection Act 1998, including the right to access any personal data held about them by a data controller. Details of how you can make a subject access request to DSA are available on the DSA website and can be found by clicking here. Requests should be made in writing to the DSA’s Information Compliance Manager, enclosing the prescribed forms of identification and a fee of £10.
9. Competitions
DSA periodically runs competitions via its website. The personal data provided by entrants for the purpose of entering these competitions is not used for any other purpose.
10. Crown Copyright
All material featured on this website is subject to Crown Copyright protection unless otherwise indicated. DSA’s Crown Copyright policy includes guidance relating to the obtaining of licences for applicants wishing to reuse DSA Crown Copyright material within a product to be offered for sale on a commercial basis. DSA’s Crown Copyright policy can be found by clicking here.
11. Changes to Privacy Statement
If this privacy statement changes in any way, an updated version will appear upon this page. Regular updating of this page ensures you are always aware of any personal data DSA collects, how it is used and the circumstances, if any, in which it may be shared with other parties.
12. Links to Other Websites
This site contains links to other websites, both of government departments and of other organisations. This privacy policy applies only to our site, so you should always be aware when you are moving to another site and read the privacy statement of any other site(s) which collect personal information about you.
We do not pass on any personal information you have given us to any other site.
Where you are directed to this site from another site (whether a third party site or a government site) we may receive personal information relating to you from the other site(s). You should read the privacy policies applicable to such sites as these will govern the use of any personal information that you provide when accessing such sites.
13. Miscellaneous and General
The DSA website does not store or capture personal data but logs the user’s IP address which is automatically recognised by the web server.
Cookies
Cookies are sometimes used to enable personalisation of the site but are not used to capture any other data. Cookies are pieces of data that are often created when you visit a website, and which are stored in the cookies directory of your computer. You can set your browser not to accept cookies. The cookies do not contain any personal information about you, and they cannot be used to identify an individual user.
You can find out about cookies and how to manage them on the aboutcookies.org website - Opens in a new window or read about managing cookies on the allaboutcookies.org website - Opens in a new window.
Page tagging
We use JavaScript to aggregate and analyse customer usage patterns on all websites that are part of the Directgov domain. This provides us with data on usability and behaviour. We use this information to make changes to the layout of the website and to the information in it. This does not collect any personal or identifiable information about users.
We sometimes tag pages on this website during promotion campaigns using pixel tags (which are sometimes called spotlight tags or web beacons). These tags enable us to find out which advertisements are successful in bringing users to our internet site(s). With this technology, the information that we collect and share is anonymous and not personally identifiable.
You can disable JavaScript on your computer. If you would like advice on how to disable JavaScript please contact us, giving details about the type of browser you use and we will do our best to help. Disabling JavaScript should not affect your ability to access Directgov’s internet site.
Government Gateway
Some government transactions and services such as Tax Self Assessment and the State Pensions Forecast will require you to register with the Government Gateway. This site provides secure and encrypted online services and it has its own privacy policy.
Government Gateway privacy policy Opens new window
Further Information
The DfT’s entry in the UK Information Commissioner’s Public Register of Data Controllers can be viewed by visiting www.ico.gov.uk. The DfT’s registration number is Z7122992.
For further information about this privacy statement please write to Driving Standards Agency, Knowledge and Information Management Team, The Axis, 112 Upper Parliament Street, Nottingham, NG1 6LP or email Knowledge.InformationManagement@dsa.gsi.gov.uk