logo

Data Processing Agreement (DPA)

Last Updated: November 2025

This Data Processing Agreement (“Agreement”) forms part of the Terms & Conditions between VIP Taxi Group (“Controller”) and any user or business entity (“Processor” or “Customer”) that interacts with, uses, or processes data through our services.

The purpose of this Agreement is to ensure full compliance with the UK GDPR, Data Protection Act 2018, and all applicable data protection regulations.

1. Definitions

  • Controller: VIP Taxi Group, which determines the purpose and means of processing Personal Data.
  • Processor: Any entity or user processing Personal Data on behalf of the Controller.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on Personal Data, such as collection, storage, transmission, or deletion.

2. Scope of Data Processing

The Processor will process Personal Data solely for the following purposes:

  • Managing taxi bookings and ride coordination
  • Customer identity verification
  • Communication related to service delivery
  • Payment and billing
  • Safety, security, and compliance

The Processor shall not process data for any additional purpose without written consent from the Controller.

3. Obligations of the Processor

The Processor agrees to:

a. Process Only on Documented Instructions

All Personal Data shall be processed strictly in accordance with written or digital instructions issued by VIP Taxi Group.

b. Maintain Confidentiality

The Processor must ensure all individuals handling data:

  • Are bound by confidentiality agreements
  • Are trained in data protection obligations

c. Implement Security Measures

Appropriate technical and organisational measures must be implemented, including but not limited to:

  • Encrypted data storage
  • Secure transmission of information
  • Access control measures
  • Regular monitoring for security compliance

4. Sub-Processors

The Processor must not engage any sub-processor without prior written approval from the Controller.
Any approved sub-processor must comply with the same obligations outlined in this DPA.

5. Data Subject Rights

The Processor must assist VIP Taxi Group in fulfilling data subject requests under UK GDPR, including:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability

Requests must be communicated to the Controller immediately.

6. Data Breach Notification

In case of a Personal Data breach, the Processor must notify VIP Taxi Group within 24 hours, including:

  • Nature of the breach
  • Categories of data affected
  • Likely consequences
  • Actions taken or proposed to address the breach

7. Return or Deletion of Data

Upon termination of services:

  • All Personal Data must be returned or securely deleted, unless retention is legally required.
  • Written confirmation of deletion must be provided if requested.

8. Compliance & Audit Rights

VIP Taxi Group reserves the right to audit:

  • Compliance with security measures
  • Data handling processes
  • Sub-processor arrangements

Reasonable access must be granted for audits.

9. International Data Transfers

Personal Data must not be transferred outside the UK without:

  • Adequate legal safeguards, such as SCCs (Standard Contractual Clauses), or
  • Written approval from the Controller.

10. Term & Termination

This Agreement remains effective for as long as the Processor handles Personal Data on behalf of VIP Taxi Group.
Either party may terminate with written notice if obligations are breached.

11. Contact Information

For all DPA-related inquiries or compliance requests:

Booking@viptaxigroup.co.uk
(+44) 07379 188080
viptaxigroup.co.uk