Privacy Policy
Last updated: 1 January 2025
Skooa (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data when you visit our website at www.skooa.co.uk, use our web application at app.skooa.co.uk, or interact with our vehicle tracking and fleet management services (the “Service”).
Skooa is a trading name of Nordern Ltd, registered in England and Wales. Our registered office is Unit 18, Brookvale Trading Estate, Moor Ln, Birmingham, B6 7AQ.
This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
For the purposes of data protection law, the data controller is:
- Company: Nordern Ltd (trading as Skooa)
- Address: Unit 18, Brookvale Trading Estate, Moor Ln, Birmingham, B6 7AQ
- Email: hey@skooa.co.uk
- Phone: 0333 049 1066
Where we process personal data on behalf of a Customer (for example, vehicle location data relating to their employees), we act as a Data Processor. In those circumstances, the Customer is the Data Controller.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Information You Provide to Us
- Account information: Name, email address, phone number, company name, job title
- Billing information: Billing address, payment method details (processed securely by our payment provider)
- Communication data: Messages, emails, and enquiries you send us
- Demo request data: Name, company, email, phone, and fleet size submitted via our contact forms
2.2 Information Collected Automatically
- Device and browser data: IP address, browser type and version, operating system, device type
- Usage data: Pages visited, time spent, navigation patterns, referral source
- Cookie data: See our Cookie Policy for full details
2.3 Telematics and Vehicle Data
When you use the Service, our tracking devices collect:
- Location data: Real-time GPS coordinates, speed, heading, and altitude
- Journey data: Start and end points, route taken, distance travelled, journey duration
- Driver behaviour data: Harsh braking, rapid acceleration, cornering events, speeding incidents
- Vehicle diagnostics: Ignition status, engine data, mileage readings
- Camera footage: Dashcam images and video clips (where camera hardware is installed)
This data may include personal data where it can be linked to an identifiable individual (for example, a named driver assigned to a vehicle).
3. How We Use Your Data
We use personal data for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| Providing and operating the Service | Performance of a contract |
| Processing payments and managing subscriptions | Performance of a contract |
| Responding to enquiries and support requests | Legitimate interests |
| Sending service-related communications (e.g. alerts, updates) | Performance of a contract |
| Improving the Service and developing new features | Legitimate interests |
| Analysing website usage and performance | Legitimate interests / Consent (cookies) |
| Marketing communications (where opted in) | Consent |
| Complying with legal and regulatory obligations | Legal obligation |
| Fraud prevention and security | Legitimate interests |
4. Who We Share Your Data With
We do not sell your personal data. We may share data with the following categories of recipients:
- Service providers: Hosting providers, payment processors, email service providers, and analytics tools that help us operate the Service. All service providers are bound by data processing agreements.
- Device and connectivity partners: Third-party telematics hardware providers and mobile network operators, where necessary to deliver the Service.
- Professional advisers: Accountants, auditors, and lawyers where required.
- Law enforcement and regulators: Where we are legally required to disclose data, or to protect our rights, property, or safety.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
5. International Transfers
We host data on UK-based and EEA-based infrastructure. Where data is transferred outside the UK or EEA (for example, to cloud sub-processors), we ensure appropriate safeguards are in place, such as:
- UK International Data Transfer Agreements (IDTAs)
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the UK Secretary of State
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: Retained for the duration of your subscription plus 12 months
- Vehicle and journey data: Retained for the duration of your subscription plus a reasonable wind-down period, unless you request earlier deletion
- Camera footage: Retained in accordance with your account settings and plan, typically up to 90 days
- Marketing consent records: Retained until consent is withdrawn
- Financial records: Retained for 7 years in accordance with UK tax and accounting requirements
- Website analytics: Aggregated and anonymised data may be retained indefinitely
7. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and role-based permissions
- Regular security assessments and monitoring
- Secure UK-hosted data centres with physical security controls
- Employee training on data protection best practices
While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your data where there is no compelling reason for us to continue processing it
- Right to restriction: Request restriction of processing in certain circumstances
- Right to data portability: Receive your data in a structured, commonly used, and machine-readable format
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
- Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects
To exercise any of these rights, please contact us at hey@skooa.co.uk. We will respond within one month of receiving your request.
If you are unsatisfied with our handling of your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
9. Children’s Data
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any third-party website you visit.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Platform. The “Last updated” date at the top of this page indicates when the policy was last revised.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
- Email: hey@skooa.co.uk
- Phone: 0333 049 1066
- Address: Unit 18, Brookvale Trading Estate, Moor Ln, Birmingham, B6 7AQ