GDPR

GDPR and UK data protection support.

Trackely is designed to support common UK GDPR and EU GDPR obligations, but this page is not a certification, legal opinion, or substitute for your own compliance programme.

Last updated

24 April 2026

Security controls

Layered access controls, TLS in transit, role checks, tenant isolation, audit-oriented records, and managed infrastructure protections.

Transparency and control

Account settings, export features, audit trails, and retention-oriented workflows help customers explain how the service is being used.

Processor terms

Controller and processor responsibilities can be reflected in commercial paperwork and a signed DPA where required.

Rights support

Export, deletion, and operational review tools support access, correction, deletion, and audit processes.

This page explains how Trackely is intended to support customers who need to meet data protection requirements when handling route, driver, customer, proof-of-delivery, and account data. It sits alongside our Privacy Policy and DPA summary.

1. Typical data protection roles

  • the Trackely customer is usually the controller for driver, recipient, and delivery data;
  • Trackely usually acts as the processor for that operational data; and
  • Trackely acts as controller for its own billing, security, and service administration processing.

2. Data categories typically processed

  • account and user identity data;
  • driver assignment, location, route execution, and check data;
  • recipient and delivery details;
  • proof-of-delivery records such as signatures, photos, timestamps, and notes;
  • notification and tracking activity;
  • audit, diagnostic, and security logs.

3. Worker monitoring and GPS tracking

Driver location tracking can be sensitive. Customers should assess necessity, proportionality, transparency, and employment-law implications before enabling or using it.

4. Data subject rights

When Trackely acts as a processor, the relevant customer usually remains the first point of contact for requests.

5. Retention and end-of-contract handling

Retention should be limited to what is necessary for operational history, dispute management, compliance, and security.

6. Security and breach support

Trackely is intended to support customers with breach reporting, DPIAs, and security obligations through documented technical and organisational controls and, where applicable, contractual assistance commitments.

7. International transfers and sub-processors

Customers should review Trackely's sub-processor position, transfer mechanisms, and deployment arrangements before using the service for regulated or sensitive workflows.

8. What customers should still do themselves

  • publish their own controller-facing privacy notices for drivers and recipients;
  • document lawful bases and legitimate interests where relevant;
  • carry out DPIAs where required;
  • review retention settings, integration flows, and notification content;
  • enter into a signed DPA where processor terms are required.

9. Contact

For GDPR or UK data protection questions, email support@trackely.co.uk.