When you interact with this website and associated services, we collect some personal data from you in a number of ways.
Nova Drive Limited is the Data Controller. This means that we are responsible for overseeing the collection and processing of your personal data. If you opt to use the insurance provided through our website the insurance provider will sometimes act as Joint Data Controller.
The Information Commissioner’s Office (ICO) is the body that regulates data rights in the UK. More information can be found at www.ico.org.uk. Nova Drive Limited is registered with the ICO as a data controller under the registration number ZA568280.
elmo reserves the right to amend or modify this policy. Any material changes will be communicated to our existing customers by email.
If you have any questions or queries about your data and privacy, please contact us by:
Post: Nova Drive Limited, 93a Kirkton Road, London, N15 5EY
2. Legal rights and permissions
The GDPR provides the following rights for individuals:
- The right to be informed about the collection and use of your personal data
- The right of access to a copy of the personal data we hold about you free of charge
- The right to rectification of any inaccurate personal data we hold about you
- The right to erasure of the data we hold about you. This right only applies in certain circumstances.
- The right to restrict processing (i.e. to request that we limit the processing of your data)
- The right to data portability – to receive a copy of your data in a structured and commonly used format
- The right to object to the processing of your personal data
You can find more information on these rights on the ICO website here. If you would like to invoke any of these rights, withdraw consent or complain, then please contact us at the address provided above or by emailing firstname.lastname@example.org. Alternatively you can complain directly to the ICO by contacting them here.
Legal justification for data processing
The data collection and processing outlined in this document has been reviewed and approved by elmo, as well as external legal advisors, as necessary, appropriate, and proportionate. All the processing of your personal data is justified legally through at least one of the following means:
- With your Consent
- To satisfy a Contract
- It is elmo’s Legal Obligation
- It is a Vital Interest
- It is a Public Task
- It is in elmo’s Legitimate Interests
3. The personal data we collect about you
Data collected when you visit the elmo website
As you are reading this, then it is likely you have visited our website; www.elmodrive.com. If you are just browsing the website and have not signed up and logged into an elmo account then no personally identifiable information is collected, however we do collect cookies and tracking information such as:
- IP address
- Geographic location
- Browser type
- Type of device used
- Operating system
We use this information to analyse our site performance and how people are using the website, the outputs of this allow us to make improvements. For example, if lots of people access the site using their desktop computers, we prioritise improvements to the desktop version of our website over the mobile version. This data is completely anonymised and in no way can be tracked back to you – it is used solely for our own analysis.
Information from our EV Suitability Tool
The website functionality includes an EV Suitability tool, which assesses your suitability for driving different models of electric cars based on your driving habits. To use the tool, we gather the following information:
- Home address
- Work address
- Whether you have access to off-street parking
- Your driving behaviour
Data collected from elmo customers
If you decide to create an elmo account, we will then collect additional information from you. This additional information is detailed below:
The information you provide during the sign-up process
- Personal information including your name and date of birth
- Contact information including your email address, home address, and phone number
The information you provide us during the vehicle booking process
- Copies of documents including your, and any named drivers, driving licence(s) and DVLA Driving Record(s). In some cases, we may also ask for proof of address.
- Payment details including your card and account details.
- Details of your driving record including past insurance claims, motor convictions, previous accidents for you and all named drivers including in your booking.
When you make a Subscription Order
When you submit a Subscription Order on the website, we carry out a robust approval process. We do these checks to protect ourselves and they form part of our obligation to ensure your eligibility and suitability for our service. These checks also help prevent crime and identify fraud and money-laundering.
We perform the following checks to verify that you are eligible to use our service:
- Identity and document checks to verify your personal information and confirm the authenticity of your driving licence.
- Document checks to verify your driving history. This includes confirming your licence status, entitlement, restrictions, and convictions.
- A soft credit check on you in order to access your credit score and see any previous bankruptcies or county court judgements (CCJs). As this is a ‘soft credit check’ this will not show up on your credit history.
- Anti-fraud checks using the electoral register, sanction lists and other available databases.
Some of these approval checks are performed by third party sources such as suppliers chosen by elmo, anti-fraud databases, credit reference agencies, and the DVLA.
Credit reference agencies
As part of the Subscription Order approval, we conduct credit and identity checks by submitting your personal information to Credit Reference Agencies. These companies use public records such as the Electoral Register to verify the accuracy of the information you have provided and report to us your credit score.
This is a soft credit check which does not show up on your credit history. This information allows us to assess your creditworthiness and determine the affordability of your subscription. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
You can contact the CRAs currently operating in the UK to learn more:
- Call Credit www.callcredit.co.uk
- Equifax www.equifax.co.uk
- Experian www.experian.co.uk
During your subscription
When you make a Subscription Order with is, we retain all data included in this order. This includes vehicle information, additional optional products added onto the subscription order, delivery dates and times, delivery details and named drivers.
If you choose to take out your own insurance on your elmo vehicle, we will also collect insurance information relating to your booking including policy number, a copy of your certificate and policy documents. We will also record any insurance claims you make while in an elmo booking.
All our vehicles are fitted with telematics. These devices which provide us with vehicle GPS tracking, usage and trip data, and risk score details. We use this data to ensure that vehicles are being used in a safe manner, we also use the data to provide information to elmo users on their driving habits. This data is linked to your account and a summary of the data we hold is shown on your ‘Driving Data’ account page. This data will be aggregated and anonymised for any analysis and your personal driving data will never be shared with a third party without your specific consent.
Communications between you and elmo
All communication between you and elmo - by phone, email, WhatsApp or instant messenger - are retained for a period of 5 years (or until you request we delete them). These services may be hosted by elmo’s trusted third parties.
Non-anonymised web tracking
The following information is collected when you use the elmo website while logged in:
- Search history
- Booking selections
- Vehicles viewed
- Session details including times, dates, and pages visited
- Location and IP address
We use this data to optimise and, in some cases, customise the website to better meet your requirements. We also use this data to understand what your preferences and provide personalised recommendations from our sales team.
If you have opted in to receiving marketing material or signed up to our newsletter, elmo will from time to time contact you to keep you informed with company news, products or services, as well as offers or promotions which we feel may be relevant to you. This may be by telephone, post, e-mail or SMS.
If you no longer wish to receive this marketing material just click ‘unsubscribe’ at the bottom of our emails or alternatively email us with your new marketing preferences at email@example.com.
4. Third parties we share your data with
Our third-party data processes
We sometimes uses trusted third parties to process some of your data. We share your data with the following Data Processors:
- Our insurance partners and claim processors; to administrate your insurance policy
- Insurance claims processors or Accident Management services; to administrate and process any insurance claims
- Payment providers; to process payments associated with your subscription
- Customer service providers; to organise our response to answer your questions and solve any issues you may have.
- Fleet management providers; to administer vehicle maintenance and servicing requirements and manage vehicle logistics and deliveries
- The owner of the vehicles, who may need to contact you in relation to your use of the vehicle
- Data analysis software; to perform analysis on anonymised data
- Our Home Energy Partner; to integrate your elmo and energy accounts
- Our Home Charge Point partner; to organise delivery of your home charge point
- Home charge point installers; to organise and manage the installation of your home charge point.
- Identity and anti-fraud services; to verify your identity and approve your account
- Anyone who contacts us on your behalf with your consent like family, friends, lawyers…
- Marketing software; to manage our user lists, newsletters, mailing lists and promotions
- Service providers; like Google, HubDocker and Amazon Web Services who host our databases
- The UK Government, local councils, and regulatory bodies; to ensure we meet our regulatory and legal requirements
- Debt-recovery companies; to help manage arrears and trace stolen vehicles. This may include vehicle repossession firms.
International data sharing
We may transfer your data to a group or service provider outside the European Economic Area (which is under the jurisdiction of the GDPR - General Data Protection Regulation). If this does occur, we will ensure there is an equivalent level of protection – such as a US company covered by the UK-US Privacy Shield framework. We will never transfer your data to countries that do not have an adequate level of data protection
5. Data Retention
As a general rule, we will retain your personal data for the time period that we need it for in order to complete the purpose that we collected it for.
Nova Drive Limited is authorised and regulated by the Financial Conduct Authority. This means we have an obligation to retain your data for anti-fraud and anti-money laundering purposes. For this reason, as standard protocol we will retain your data for a period of 5 years after the ends between us and yourself (unless otherwise stated or you request that we delete your personal data that we hold).
We also have the right to anonymise your personal data for analytical purposes – this anonymised data may be retained indefinitely by us.
6. Confidentiality and Security
Your personal information will always be treated as private and confidential by us. We will not disclose it to anyone not specified in this policy with the following exceptions:
- We are compelled to do so by law
- Where there is a duty to the public to disclose
- Where disclosure to another party is requested by you
We have strict technical and organisational measures in place to prevent unauthorised access to or loss of your data. These include:
- A suite of internal data protection policies and procedures which are regularly reviewed and updated
- We adopt the principle of Privacy by Default
- We have procedure to identify, rectify and report any breaches that do occur
- We use encryption where suitable
- Regular disaster recovery and penetration testing