Get In Touch
Get A Quote
AMCO Logo

END-TO-END GLOBAL LOGISTICS
+44 1905 758 000

AMCO Logo

END-TO-END GLOBAL LOGISTICS
+44 1905 758 000

Privacy Policy

PROTECTING AND RESPECTING YOUR PRIVACY

PROTECTING AND RESPECTING YOUR PRIVACY

Effective Date: April 2025

Last Reviewed: April 2026

At AMCO, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information, your rights under applicable data protection laws (including the UK GDPR and the Data Protection Act 2018), and how you can contact us with any concerns.

________________________________________

 

1. Introduction

AMCO is a UK-based logistics and warehousing provider that operates globally. Since 1983, we have served industrial and commercial clients, offering tailored supply chain and logistics services.

For data protection purposes, AMCO is the Data Controller of the personal data you provide to us.

Contact Information:

• Email: hr@amco-group.co.uk

• Phone: +44 (0) 1905 758 000

• Postal Address: AMCO Park, Acanthus Road, North Moons Moat, Redditch, Worcestershire B98 9EX.

Application Related

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our driver tracking application. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the UK GDPR and EU GDPR where applicable, and South African POPIA.

 

2. Data Controller

Application Related

The data controller for your personal information is CBW Resources Ltd T/A Amco.

For queries or to exercise your rights, please contact: – SA Information Officer: sgpopia@supergrp.com – UK Information Officer: hr@amco-group.co.uk

3. Data Subjects Covered

This policy applies to the following categories:

• Website visitors

• Customers and clients

• Suppliers and business partners

• Job applicants

• Employees (covered in a separate internal policy)

• Event participants and competition entrants

4. What Data We Collect

We may collect the following types of personal data depending on your interaction with us:

• Identity Data – Name, job title, company

• Contact Data – Email address, phone number, postal address

• Technical Data – IP address, browser type, device ID, operating system

• Usage Data – Page interactions, browsing history, referring sites

• Marketing Preferences – Opt-ins for newsletters and promotions

• Job Application Data – CV, education history, references

Application Related

We may collect the following categories of personal data:

Location data

Device and network information

Authentication tokens

Push notification identifiers

Local storage and state management data

Device ID (IMEI number)

5. How We Collect Your Data

We collect personal data when you:

• Visit our website and use our online forms

• Contact us via email, phone, or post

• Apply for a job

• Register for an event or enter a competition

• Engage with us through social media or other channels

6. Why We Collect Your Data

Application Related

We collect your data for purposes such as:

Calculating delivery estimated times of arrival (ETAs)

Authenticating devices and authorizing access

Sending push notifications

Optimising routes and monitoring performance

Associating a driver’s device with deliveries

7. Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

• Fulfilling a contract – Article 6(1)(b) – Contract

• Sending marketing communications – Article 6(1)(a) – Consent

• Improving our services – Article 6(1)(f) – Legitimate Interest

• Compliance with legal obligations – Article 6(1)(c) – Legal Obligation

• Processing job applications – Article 6(1)(b) and 6(1)(f)

Application Related

We process personal data only where we have a lawful basis to do so under applicable data protection law. Depending on the circumstances, this includes:

Performance of a contract – where processing is necessary to provide the services requested through the application, including delivery tracking, route optimisation and proof of delivery.

Legitimate interests – where processing is necessary for operational efficiency, service improvement, security, fraud prevention and business continuity, and where those interests are not overridden by the rights of data subjects.

Consent – where required by law or platform rules, including for precise or background location data, push notifications, and any optional features. Consent may be withdrawn at any time through device settings or in-app controls.

8. How We Use Your Data

We may use your data to:

• Respond to your enquiries or requests

• Fulfil service agreements

• Process job applications or CVs

• Send marketing communications (where consent has been given)

• Administer competitions or promotions

• Improve our website and services

• Comply with legal or regulatory obligations

• Prevent fraud and enhance security

Application Related

Your data is used to:

Provide and improve our services

Authenticate and authorise devices

Communicate important updates

Optimise delivery operations

9. Data Sharing & Third Parties

We do not sell or rent your personal data.

We may share it with:

• Service providers or subcontractors assisting in service delivery

• Law enforcement, regulators, or courts (where legally required)

• Other entities during business transfers or restructuring (with safeguards)

All third parties are contractually bound to use your data only for specified purposes and to protect it appropriately.

Application Related

We may share certain data (for example, registration number and device position) with customers via various communication methods such as email or EDI. Third-party SDKs and service providers may process data as required for app functionality. All third-party integrations are assessed for privacy and security compliance, and we limit data sharing to the minimum necessary.

10. Third-Party Services

Application Related

The application uses third-party service providers and software development kits (SDKs) to support functionality such as hosting, analytics, messaging and security. These providers process personal data only on our instructions and are subject to contractual obligations to protect data and use it solely for the agreed purposes. We do not permit third-party advertising or profiling unless explicitly stated and permitted by the user.

Known third-party SDKs include:

@transistorsoft/capacitor-background-geolocation (background location tracking)

onesignal-cordova-plugin (push notifications)

If we use advertising identifiers (such as IDFA) or other tracking for cross-application purposes, we will obtain your consent through the App Tracking Transparency prompt as per requirements.

11. Location Data

Application Related

The application collects precise location data, and where enabled, background location data, to:

Track deliveries in real time

Calculate and update estimated times of arrival

Provide delivery status updates to authorised customers

Support route optimisation and operational efficiency

Location data is collected only while a delivery task is active and only for as long as necessary to provide the service. Users are prompted to grant location permissions through their device operating system and may change these permissions at any time in their device settings. Disabling location access may prevent the application from functioning correctly.

12. International Transfers

Your data may be transferred outside the UK or EU. When we do so, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK or EU

• Transfers to countries with adequacy decisions

• Binding Corporate Rules (where applicable)

Application Related

Personal data may be transferred to and processed in jurisdictions outside the UK or European Economic Area, including South Africa, where our systems or service providers are located. We ensure appropriate safeguards are in place, including standard contractual clauses or equivalent lawful transfer mechanisms, to protect personal data in accordance with applicable data protection law.

13. Data Retention

We retain personal data only for as long as necessary. Typical retention periods include:

• Customer data – 7 years after last interaction

• Job applicant data – 6 months (unless consent to retain longer is given)

• Marketing data – Until consent is withdrawn or after 2 years of inactivity

• Contractual/interaction data – Up to 7 years (for legal/accounting purposes)

Application Related

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, operational and contractual requirements. In general:

Operational logs and audit records are retained for up to 6 years.

Backup data is retained in accordance with our backup and disaster recovery policies and is securely deleted when no longer required.

Data may be retained for longer periods where required by law or to establish, exercise or defend legal claims.

14. Your Rights / Data Subject Rights

You have the following rights under the UK GDPR:

• Right of access – request a copy of your personal data

• Right to rectification – correct incomplete or inaccurate data

• Right to erasure – request deletion of your data (where applicable)

• Right to restrict processing

• Right to data portability

• Right to object – to marketing or processing based on legitimate interest

• Right to withdraw consent – at any time where processing is based on consent

• Right to lodge a complaint – with the UK Information Commissioner’s Office (ICO): www.ico.org.uk

To exercise any of these rights, contact: Email: hr@amco-group.co.uk

Application Related

You have the following rights regarding your personal data under applicable data protection law:

Access: Request confirmation and access to your data.

Rectification: Request correction of inaccurate or incomplete data.

Erasure: Request deletion of data when no longer necessary or upon withdrawal of consent.

Portability: Receive your data in a structured, machine-readable format.

Objection: Object to processing based on legitimate interests or direct marketing.

15. Security Measures & Incident Management

We implement technical and organisational safeguards to protect your personal data, including:

• SSL encryption for data in transit

• Firewalls, secure servers, and access controls

• Data minimisation and pseudonymisation where applicable

While we take reasonable steps, the transmission of information via the internet is not completely secure, and any transmission is at your own risk.

Application Related

We implement robust security controls, including:

Encryption of all communications (HTTPS/TLS)

OAuth 2.0 and JWT Bearer tokens for authentication

Zero Trust security model for internal access

Regular vulnerability scanning and patch management

Database encryption (where applicable)

Least-privilege access controls

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse and maintain incident response procedures in accordance with applicable legal requirements. Should an incident occur, we follow standard processes to detect, contain, mitigate and notify affected parties and authorities within required timelines.

16. POPIA Compliance

Application Related

As the app is hosted in South Africa, we disclose cross-border data transfers to South Africa, ensure adequate protection for EU/UK data subjects, appoint an Information Officer in South Africa, and comply with POPIA Section 72 for lawful transfers.

17. Right to Lodge a Complaint

Application Related

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority:

– In the UK: the Information Commissioner’s Office (ICO) – www.ico.org.uk

18. Children’s Privacy / Data

We do not knowingly collect personal data from individuals under the age of 16 without parental or guardian consent. If you are under 16, please do not use our website or submit any personal information without supervision.

Application Related

This application is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child’s data has been provided to us, please contact us so that we can take appropriate action.

19. Cookies & Tracking

Our website uses cookies and similar technologies. These help us:

• Understand website usage

• Remember user preferences

• Improve site performance

Cookies that are not essential will only be used with your consent.

For full details, please refer to our Cookie Policy.

20. Automated Decision-Making & Profiling

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

We may create user profiles based on browsing or enquiry history to improve customer experience and tailor communications. This is based on our legitimate interests and will never override your fundamental rights.

21. Third-Party Websites

Our website may contain links to external websites. This policy applies only to AMCO’s website. Please check the privacy policies of any third-party sites you visit.

22. Changes to This Policy

We regularly review and update this Privacy Policy.

Last updated: April 2026

Application Related

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology or our practices. Where changes are material, we will notify users through the application or by other appropriate means. The latest version will always be available within the application and on the App Store listing.