top of page

DATA PROTECTION & GDPR POLICY


Last Updated: [28 November 2025]


Fast Track Mobility Ltd

 

1. Our Commitment

 

Fast Track Mobility Ltd is committed to protecting personal data and upholding the highest standards of data protection.

 

We comply with:

  • UK GDPR

  • EU GDPR

  • Data Protection Act 2018

 

All personal data processing — including future identity verification — is conducted lawfully, securely, and transparently.

 

2. GDPR Principles

 

We process personal data in accordance with the GDPR principles of:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

 

3. Data We Process

 

3.1 Current Website & Pilot Programme Data

  • Name

  • Email address

  • Organisation or employer

  • Enquiry and pilot-registration details

 

3.2 Identity Verification Data (Future Platform Feature)

 

Where identity verification is required, we may process:

 

Passport data

  • MRZ data

  • Passport number

  • Expiry date

  • Date of birth

  • Embedded chip data (NFC)

 

Driving licence data

  • Licence number

  • Issuing authority

  • Expiry date

  • Address (if applicable)

 

Biometric data

  • Selfie or live facial scan

  • Liveness-detection frames

  • Facial comparison template

 

Verification outputs

  • Match scores

  • Fraud indicators

  • Pass/fail result

  • Verification timestamp

 

Raw biometric images are deleted immediately after verification.

 

4. Lawful Basis for Processing

 

We rely on the following lawful bases under GDPR:

  • Consent (biometric data and document uploads)

  • Contractual necessity (rental check-in and platform services)

  • Legitimate interests (fraud prevention and operational security)

  • Legal obligation (identity-related compliance where applicable)

 

Biometric data is processed only with explicit consent.

 

5. Data Security

 

We implement appropriate technical and organisational measures, including:

  • TLS 1.2+ encryption in transit

  • AES-256 encryption at rest

  • Zero-trust access controls

  • Secure, certified identity-verification partners

  • Audit logging and monitoring

 

6. Data Retention

  • Raw biometric frames: deleted immediately

  • Identity-verification results: retained for 30–90 days

  • Audit logs: retained for up to 24 months

  • Website enquiries and pilot registrations: retained for 12–24 months

 

7. Your Rights

 

You have the right to:

  • Access your personal data

  • Request correction or deletion

  • Restrict or object to processing

  • Withdraw consent at any time

  • Request data portability

  • Lodge a complaint with the ICO or relevant EU authority

 

8. Data Breach Procedure

In the event of a personal data breach:

  • The ICO will be notified within 72 hours where required

  • Affected individuals will be informed if there is a high risk

  • An investigation and remediation process will be carried out

 

9. Contact

 

Fast Track Mobility Ltd
Registered in England & Wales

Company No. 16844617
📧 info@fasttrackmobility.co.uk

bottom of page