Privacy Policy

Who we are

Ivory Enterprise Limited T/A Carrot Cars (“We”) is committed to protecting and respecting your privacy, and safeguarding your data and individual-level information in a secure, respectful and trustworthy manner.

This notice sets out how we will process any personal data we collect from you, or that you provide to us. Please read the following carefully to understand our views, practices and processes regarding your personal data and how we will treat this information.

For the purposes of the Data Protection Act 2018 and the General Data Protection Regulation, referred to collectively as ‘the Legislation’, the data controller is Ivory Enterprise Limited T/A Carrot Cars of Suite 4, Laybourne House, Admirals Way, London E14 9UH.

Carrot Cars is committed to, and fully compliant with all our statutory and legislative regulations (and our supporting in-house best practice guidelines) to ensure the security and confidentiality of the data relating to that of our customers, our staff and all associated third parties. Our processes and systems, both computer-based and paper-based, adhere to the standards set by the Legislation.

We ensure that our company servers, personal computers (PCs), laptops and company mobile devices are suitably secure for the purposes of our work with our customers and suppliers.

We have rigorous systems and safeguards in place which we underpin with in-house training and regular auditing of our IT systems to ensure that all sensitive commercial data and individual level information is shared only on a need-to-know basis, and to ensure that cyber threats are managed, mitigated, and eliminated.

Carrot Cars has proactively sought external guidance in order to ascertain how we as a business can implement the stipulations of the Legislation in order to best serve our customers.

We are further developing our GDPR policy that we will be seeking feedback on in order to inform users how we manage their data. We are also honing and refining our comprehensive set of internal policies and guidance for how we as a business can maximise the opportunities offered by the Legislation.

The information we collect

We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:

  • To carry out our obligations arising from any agreement entered into between you and us;
  • To notify you about changes to our service;
  • For the detection and prevention of fraud, crime, or other malpractice;
  • To conduct market or customer satisfaction research or for statistical analysis;
  • To deliver targeted email marketing, coupons, email newsletters, and any other information with regards to promotions and the Carrot Cars services to you, which you can unsubscribe from at any time;
  • For audit and record keeping purposes;
  • In connection with legal proceedings;
  • We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law;
  • Collect information about the device you are using to view the Carrot Cars website, such as your IP address or the type of internet browser or operating system you are using;
  • To respond to your queries or comments.
  • Data provided by users – for example, data given in the process of app account registration;
  • Data created by users in the process of using app services, like geopositioning, data about app operation and data about user’s device;
  • Data gathered from other sources – like business partners, financial services providers and state authorities.

1. Data provided by users

  • User profile data, such as: first name, last name, email, mobile number, physical address, payment and bank account data, driving license data, user vehicle data, user photos. User photo needs to be provided in order to meet requirements of “Name of the Legislative Act” (or some other similar text);
  • User profile data, such as: first name, last name, email, mobile number, physical address, payment and bank account data, driving license data, user vehicle data, user photos. In some cases it is required by the law to provide driver photo;
  • Checking documents and verifying driver’s identity might require checking licenses, photos, user name and last name;
  • Some data can be provided when users turn to technical support, this might include bank details, user device information, user app information, recordings of telephone calls in case of a user calls support, trip data (date and time, physical addresses, flight information).

2. Data created by users in the process of using app services

  • Geopositioning data. We track geoposition of drivers and passengers in order to organise a ride, provide maximum comfort and service level, provide safety and identify and prevent any fraud activity. Geopositioning is collected from mobile devices and only if users allow. Users can disable geopositioning, but this may result in poor service;
  • Transaction data. We collect data on transactions made due to using our services, this includes type of transaction, amount, date and time of transaction, card holder name;
  • App usage data. We gather data on how users interact with our app and services. This data includes data and time of logging in and logging out, app functionality, app failures and system data needed to improve app quality and performance;
  • Device data. We may collect data about the device which is used for access to our services, such as device model, IP address, unique device id, geo data and connection quality data.

3. Data collected from other sources

  • This is data from business partners which provide additional services: payment providers, apps and web-sites which use our API or which API is used by our app;
  • This is data from business partners, such as travel data, including information about passengers or drivers;
  • State authorities data.

Depending upon the nature of our relationship with you, we may collect different information and these differences are outlined above.

Customers

We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you and for certain other purposes explained below. We do not knowingly set out to collect personal data, it is only provided to us by you by contacting us via our website www.carrotcars.co.uk (“our website”) or through our mobile application (“our app”), by phone or by email. Once collected, this data is only used to deliver the service and to respond to you, answer any questions you have. We do not collect sensitive data – financial, health or information about children. This does however include name, phone number, email etc. We collect and process the following information relating to our customers:

  • Information collected includes information provided at the time of making bookings for our services or for any other reason if you need to make a complaint or report a problem with our site or our app. Examples of information we collect from you are names, email address and telephone number and this is done at the point of creating an account with Carrot Cars;
  • If you contact us, we may keep a record of that correspondence. If you contact us by telephone, your telephone call may be recorded;
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
  • To confirm and verify your identity or to verify that you are an authorised customer for security and compliance purposes;
  • Additionally, we may collect non-personal information such as geographical location. This is collected as part of the services we provide and are not held for any other purpose. You cannot be identified from this information and it is only used to assist us in providing an effective service.

Employees and Drivers

We will collect information relevant to our legal obligations as an employer or as a contracted party for drivers and may include your name, phone number and email, in addition to address, bank account details, licencing information and information relating to criminal convictions, health information and other information as part of our screening and vetting processes.

Suppliers

We will collect information relevant to our status as a customer of yours and may include your name, phone number and email, in addition to address, bank account details, licencing information and information relating to the services and products you provide us.

Why we need it

We need to know your personal data in order to reply to you and provide you with services. We will not collect any personal data from you which we do not need to provide and oversee this service to you. The lawful basis for processing data identified by Carrot Cars includes:

  • Legal obligations (for example, as an employer or as part of obligations with regards to HMRC);
  • Performance of a contract (especially with regards to our customers and our suppliers);
  • Legitimate interest (such as when we ask for your feedback or advice on how to continually improve);
  • Consent (only used when sensitive information is required to be processed by us).

What we do with it

The personal data we process is processed and hosted in the UK, EEA and on some occasions, in the US. The necessary arrangements for all non-EEA transfers have been reviewed and found to be adequate. Third parties will have access to your personal data only when they are under contract and following the signature of a non-disclosure agreement and only in line with the services these third parties are contracted to do so in order for Carrot Cars to function as a business. These third parties include:

What we may do with the personal data

Customers (website, phone and app users)

  • Data will be disclosed to the designated driver on a fare by fare basis so as they can complete the service requested;
  • Auditors, consultants and specialist service providers for the purposes of ensuring Carrot Cars operate legally and safely. These include hosting and IT services providers, critical to the infrastructure of our website and app;
  • Carrot Car personnel so as they can assist with the delivery of the service requested or to respond to any contact from customers;
  • We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services purchased from Carrot Cars and on an exceptional basis);
  • Transport for London (upon receipt of a proper and justified request);
  • Police and other regulatory authorities (upon receipt of a proper and justified request).
  • Service providing
  • Security providing
  • Customer support
  • Research and development
  • Sending non-marketing messages
  • Sending marketing messages, with option to optout
  • Fulfilling legislation requirements and court orders
  • Business process automation.

1. Service Providing

Ivory Enterprise Ltd – T/A Carrot Cars uses data for proving, personification, support and improving of its services. Such as:

  • Creating accounts and changing its data;
  • Providing riding service (geopositioning data for service improvement), data exchange (calculation of arriving time, security providing, routes calculation, linking to flight information, tracking and sending information about a ride);
  • Payment processing and other financial data;
  • Performing operations which are needed in order to improve service and customer support, testing, analysis and also monitoring of services used;

2. Security Providing

Ivory Enterprise Ltd – T/A Carrot Cars uses data for proving security and protection of users and also security for our services. This includes:

  • In order to comply with government requirements we may ask to provide driver photo and also passing it to passengers;
  • Using data from drivers and passengers devices in order to evaluate journey safety and reminding to subcontractors to make their driving safer;
  • Using data from drivers and passengers devices in order to identify and prevent any fraud activity. For example, we detect fraud accounts and cases when our services are used for illegal purposes, and prevent unauthorised access to our users accounts;
  • Using rating system for evaluation of driver and passengers in order to prevent colliding users with potentially high risk of conflict;
  • Sending information about serious violations to third parties such as police authorities – in accordance to legislation requirements.

3. Client Support

Ivory Enterprise Ltd – T/A Carrot Cars uses personal data, application data, systems and devices in order to provide technical support and improve quality of its services.

4. Research and Development

Ivory Enterprise Ltd – T/A Carrot Cars uses personal data in order to perform testing, research, analysis, development and improvement of its services. This helps us to make our services better and more secure and develop new functionality.

5. Sending Non-Marketing Messages

We can use personal data in order to inform our users about changing of terms and rules, and also for sending non-marketing messages which are needed to provide services.

6. Fulfilling Legislation Requirements and Court orders

We can use personal data in order to settle litigations and court orders associated with using of Ivory Enterprise Ltd – T/A Carrot Cars services, fulfilling law orders, in cases when data is required by public authorities, including police.

7. Automation of Business Processes

Ivory Enterprise Ltd – T/A Carrot Cars uses personal data for automation of business processes, such as:

  • Finding eligible drivers. Drivers can be found on the basis or availability, nearest position and other factors, as well as on the basis of statistical user data;
  • Elicitating users who are suspected in fraud activity or any other activity which may cause harm to Ivory Enterprise Ltd. In cases when users provide false information or fake license details this may lead to disabling user account after a specialist performs their checks;
  • Using of driver’s data (their geoposition, rating) and passenger’s data (departure location, rating) in order to eliminate collisions of users with high risk of conflict.

Using Cookies

Ivory Enterprise Ltd – T/A Carrot Cars uses Cookie files in order to: Perform user authentication;

  • Save user settings;
  • Keep history of rides and other historical user data;
  • Display a language in web-site interface according to your geographical position.

Cookie is a small piece of data which is sent by a web-service and stored on a user device (i.e. personal computer, mobile phone, tablet).

Transfer and Disclosure of User Data

Ivory Enterprise Ltd – T/A Carrot Cars performs data transfer to other users or provides data on demand in cases where it falls under law requirements or when it is required in order to satisfy claims or settle dispute resolutions. Ivory Enterprise Ltd can transfer user data in the following cases:

1. To Other Users:

  • In order to perform a ride we may give to a driver your name, email, telephone, information about pickup location and destination location;
  • In order to perform a ride we may give to a passenger your name, photograph, license number, vehicle brand and model and vehicle registration number.

2. To Suppliers and Business Partners:

  • Ivory Enterprise Ltd may transfer ride details to its partners via API integrations;
  • We also transfer data to credit card transaction providers

3. Providing Data Under Legislation Grounds or in Dispute Cases.

Ivory Enterprise Ltd may disclose personal data in cases when legislation requires to do so, in court disputes, or when public authorities, including police, require this.

4. Cases When Users Allow Sending Data.

Ivory Enterprise Ltd may send data to third parties in cases that go beyond this Agreement, if we have informed you about our intention to send data and you have allowed this.

Employees

  • Data will be disclosed to drivers so as they can be assisted in the completion of the service purchased by the customer;
  • Auditors, consultants and specialist service providers for the purposes of ensuring Carrot Cars operate legally and safely. These include hosting and IT services providers, critical to the infrastructure of our website and app;
  • Other Carrot Car personnel;
  • We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services provided to Carrot Cars and on an exceptional basis);
  • Transport for London (as part of our London Taxi and Private Hire (LTPH) licence number 06294/02/03);
  • Police and other regulatory authorities (upon receipt of a proper and justified request).

Employees

  • Data will be disclosed to drivers so as they can be assisted in the completion of the service purchased by the customer;
  • Auditors, consultants and specialist service providers for the purposes of ensuring Carrot Cars operate legally and safely. These include hosting and IT services providers, critical to the infrastructure of our website and app;
  • Other Carrot Car personnel;
  • We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services provided to Carrot Cars and on an exceptional basis);
  • Transport for London (as part of our London Taxi and Private Hire (LTPH) licence number 06294/02/03);
  • Police and other regulatory authorities (upon receipt of a proper and justified request).

Suppliers

  • Auditors, consultants and specialist service providers for the purposes of ensuring Carrot Cars operate legally and safely. These include hosting and IT services providers, critical to the infrastructure of our website and app;
  • Carrot Car personnel and drivers so as they can assist with the delivery of the service requested or to respond to any contact from customers;
  • We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (only where this relates to the services provided to Carrot Cars and on an exceptional basis);
  • Transport for London (upon receipt of a proper and justified request);
  • Police and other regulatory authorities (upon receipt of a proper and justified request).

If there is a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions of supply and/or any other agreements; or to protect the rights, property, or safety of Ivory Enterprise Limited, Carrot Cars, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

How long we keep it

Service user personal data will be retained for no more than three years following each use of our service, unless you exercise your rights highlighted below.

This relates to details of your visits to our app and website app and the resources that you access will be stored, as will details of transactions you carry out through our app or website and of the fulfilment of your bookings. Under Private Hire Regulations stipulated by Transport for London, we are obliged to retain journey records for a period of 12 months as a condition of our contract. Similarly we are required to keep any complaint, lost property and account query records for the same period of time.

Employee, driver and financial data will be retained for six years from the end of their contract with Ivory Enterprise Ltd – T/A Carrot Cars.

Call recordings are held for twelve months before being erased upon request.

Of course we will look to retain records for no longer than is necessary.

Ivory Enterprise Ltd – T/A Carrot Cars stores personal data up to the point where goals of its processing which are described in this Agreement are met.

Users can any time send a request to delete their account. However Ivory Enterprise Ltd – T/A Carrot Cars may store personal data even after performing a user request in order to meet legislative requirements.

To delete your account, send a request to the [email protected].

What we would also like to do with it

We do not collect personal data for marketing purposes. We publish articles from time to time and simply post these on our website and/or on social media sites to assist and generate interest in our business. We will not record any personal data that may be used by cookies in order for this website to interact with you.

What are your Data Subject Access Rights?

You have the right for the following:

  1. The right to be informed – data subjects must be aware of what personal data we have about them and what we are doing with it;
  2. The right of access – data subjects can request we provide them the personal data we have about them;
  3. The right to rectification – Data subjects can have their personal data rectified if it is inaccurate or incomplete;
  4. The right to erasure (or the ‘right to be forgotten’) – Data subjects have the right for their data to be erased where the personal data is no longer necessary in relation to the purpose for which it was collected/processed, if consent is withdrawn or there are no overriding legitimate interest to continue processing;
  5. The right to restrict processing – Data subjects have the right to restrict the processing of personal data where they have contested its accuracy, where they have objected to the processing and we are considering whether we have a legitimate ground which overrides this and where processing is unlawful;
  6. The right to data portability – The right to data portability allows data subjects to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability;
  7. The right to object – Data subjects have the right to object to processing based on legitimate interests including profiling and direct marketing;
  8. Rights relating to automated decision making and profiling – Data subjects have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on the individual.

If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office.

Our Data Protection Officer is Marie Ellis and you can contact her at [email protected], 020 7005 0557 or by post by writing to her at Suite 4 Blake House, Admirals Way, Canary Wharf, London E14 9UJ.

Data Access and Data Collection Refusal

Ivory Enterprise Ltd – T/A Carrot Cars gives possibility to users to review settings of data collection and manage them through the following:

  • Device permissions. You can manage app permissions in Device settings -> Apps -> Permissions -> Choose permissions.
  • Confidentiality Settings
Users may set and manage settings of collection and transferring geopositioning data and getting notifications in the “Settings” > “Applications” > Carrot Cars App “Rights” and “Notifications”;
  • Geopositioning data
Users may allow or not allow collecting geopositioning of their mobile devices.
  • Permission to camera
The camera is used to scan credit card details at the time of booking payment. The payment process is provided through the financial service provider’s SDK.
  • Getting data on telephone status
Users can allow/not allow access to telephone functions on their device. If this function is disabled, this will result in failure of sending requests from the Carrot Cars App.
  • Enable/ disable notifications
Users can enable/ disable notifications about ride status changes or account actions. Disabling notifications may result in lower quality of user experience with the Carrot Cars App.

Disabling Marketing Messages

You can turn off the sending of marketing messages on the bottom of any marketing email by clicking “Unsubscribe” or by contacting [email protected]. You can also make such request by calling us on 02070050557.

Changes in Confidentiality Agreement

Ivory Enterprise Ltd – T/A Carrot Cars has a right to make changes to this Confidentiality Agreement. If changes are significant, we will notify you via Carrot Cars App or in any other available way, for example, by email.

Use of our services after an update constitutes consent to the updated notice to the extent permitted by law.

Do you want a London taxi? Why not try multi award winning London Minicab service?

Carrot Cars is London’s favourite premium Minicab service and you can now use our fantastic Carrot Cars App to book CASH AND CARD bookings as well as CORPORATE ACCOUNT bookings.