Privacy Notice
About this service or activity
The Driver and Vehicle Standards Agency (DVSA) provide this service to set up an application portal to collect the information for the application of Automated Passenger Service (APS) permit under the Chapter 5 of the Automated Vehicle Act 2024. DVSA is an executive agency of the Department for Transport (DfT).
We will use the information collected to conduct assessment for your APS application process.
This service allows you to send information as needed within your APS permit application.
The data controller for DVSA is DfT; a data controller decides the reasons and how personal data is processed. For more information, see the Information Commissioner’s Office (ICO). DfT’s registration number is Z7122992.
What data we need
The personal data we collect from you will include:
- Operator details (contact person name, title, telephone number, email address)
- Operating centre details (location, purpose, contact person name, title, telephone)
- Service details (type of service, service description, vehicle details, third party provider name, contact person name, telephone number, email address)
- Authority details (authority name, contact person name, title, telephone number, email address)
The personal data we collect about you is from external customers (potential applicants applying for an APS permit). This includes:
- Primary contact persons for business, sites, and services
- Emergency/incident contact persons
- Contacts at operating centres
- Contacts at relevant authorities and stakeholders
Lawful basis for processing this data
The lawful basis for processing this data is:
- Public task (Article 6(1)(e) UK GDPR); processing is necessary for the performance of a task conducted in the public interest or in the exercise of official authority vested in DVSA, specifically to assess applications for an Automated Passenger Service (APS) permit under the Automated Vehicles Act 2024.
- Consent (Article 6(1)(a) UK GDPR) is relied upon where applicants explicitly agree to the sharing of relevant information with consenting and consulting authorities as part of the application.
Why we need it
We need the personal data we collect from you to:
- Conduct pre-assessment activities to assess readiness of potential applicants
- Support the formal APS permit application assessment process
- Enable communication with applicants, authorities, and stakeholders involved in the application
- Assess compliance with safety, operational, and regulatory requirements under the Automated Vehicles Act 2024
What we do with it
We collect, use, and store the data you give us for the reasons set out in this policy:
- Conducting pre-assessment and formal assessment of APS applications
- Reviewing operational, safety, and organisational information given as part of the application
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We may share relevant personal data with public sector partners involved in the APS assessment process, including:
- Vehicle Certification Agency (VCA)
- Centre for Connected and Autonomous Vehicles (CCAV)
- Relevant Local Authorities
- Traffic Authorities
- Police
Where possible, information shared will be minimised or anonymised, unless identifiable data is needed for assessment or consultation purposes.
We will also share your data if required to do so by law (for example, court order, fraud prevention, or criminal investigation).
How long we keep your data
We will only keep your personal data for as long as it is needed for the reasons set out in this policy or as long as is required by law.
We will hold your personal data for:
- The duration of the pre-assessment and application process, and
- If a permit is granted, for the duration of the permit and a defined retention period thereafter in line with DVSA/DfT retention schedules.
After this period, your data will be securely deleted or anonymised.
Where it might go
All application data is held on DVSA servers based in the UK or hosted within cloud services based in the European Economic Area (EEA) and as such meets security safeguards equivalent to those required by Data Protection Legislation.
Protecting your data and your rights
The personal information chartersets out what steps are taken to protect your data, and the rights you have over your data.
- How your data is protected
- Your rights under data protection legislation (including access, rectification, erasure, restriction, and objection)
Automated decision making and profiling
No automated decision making or profiling will be used.
You can find further information about automated decision making and profiling, on the Information Commissioner’s website or by contact Information Management and Security.
Changes to this notice
We may change this privacy notice at our discretion at any time.
When we change this notice, the date on the page will be updated. Any changes to this privacy notice will be applied to you and your data as of the revision date.
We encourage you to periodically review this privacy notice to be informed about how your data is protected.
How to contact us
If you have any questions about anything in this document or if you consider that your personal data has been misused or mishandled, please contact the
- Data Protection Manager
- DVSA
- 1 Unity Square
- Nottingham
- NG2 1AY
Queries and Complaints
Contact DVSA if you have a query that is not about how your personal data is used.
You may also make a complaint to the ICO, who is an independent regulator.