Home / Policies / GDPR & Data Protection

GDPR & Data Protection Policy

Our commitment to handling personal information lawfully, fairly and transparently under UK GDPR and the Data Protection Act 2018.

Last updated: 13 May 2026

Scope and purpose

This policy sets out how K.A.Z Carriers complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all personal data we hold about customers, suppliers, drivers and other contacts in the course of running our business.

Data protection principles

All personal data we process is:

  • Processed lawfully, fairly and transparently
  • Collected for specified, explicit and legitimate purposes only
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Retained no longer than necessary for the purpose collected
  • Protected by appropriate technical and organisational security

Roles

K.A.Z Carriers is the data controller for personal data we collect directly from customers. Where we act as a data processor on behalf of a business client (for example handling a manifest of recipient addresses for a scheduled run), we operate strictly on that client's documented instructions.

Lawful basis for processing

We rely on one or more of the following lawful bases under Article 6 of UK GDPR:

  • Contract — to deliver the courier service you have booked
  • Legal obligation — to meet tax, accounting and insurance duties
  • Legitimate interests — to run our business, prevent fraud and improve our service
  • Consent — for any optional communication you have opted into

Security controls

We protect personal data with measures that are appropriate to the level of risk, including:

  • Strong passwords and multi-factor authentication on business accounts
  • Up-to-date device security and encrypted storage
  • Locked vehicles, secure parking and chain-of-custody handling for sensitive consignments
  • Written agreements with any subcontracted driver or service provider
  • Secure destruction of paper records once they are no longer required

Data breach response

Any suspected personal data breach is investigated immediately. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office within 72 hours and the affected individuals without undue delay.

International transfers

Personal data is processed in the United Kingdom. Where a service provider we use stores data in another jurisdiction, we ensure appropriate safeguards are in place (such as UK adequacy decisions or standard contractual clauses).

Subject Access Requests

You can ask for a copy of the personal data we hold about you, ask us to correct it, or ask us to delete it (subject to any legal retention duty). Email info@kazcarriers.com with the subject line "Subject Access Request" and we will respond within one calendar month.

Complaints

If you are not satisfied with how we have handled your personal data, you can raise a complaint with us directly or with the UK regulator, the Information Commissioner's Office, at ico.org.uk.

Book Now