Privacy Policy

Last updated: March 2026

Introduction

Greenarc Fuel Cards provides associated fuel-related services to commercial and public sector customers across the UK. As a responsible company, it is our duty to ensure that all activities we undertake are conducted in accordance with applicable UK and European data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.

Company Details

Data Processing, Storage and Security

What data do we process?

We collect and process a wide range of data for the purpose of the sale and supply of liquid fuel products and associated equipment and services, to comply with legal obligations, and to improve our products and services.

Some of the data we process is classified as personal data because it can be used to identify an individual.

The types of data we may process include:

• Contact information such as name, telephone number, and email address
• Address information
• Historical transactional information
• Financial information including credit information and information required for direct debits

During our marketing activities we regularly follow a process to remove old or inaccurate data which either holds no purpose or is incorrect. This includes bounced email addresses.

We do not collect or store special category personal data such as information relating to religion, political opinions, genetic data, biometric data, trade union membership, or sexual orientation.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Source of personal data

We may collect personal data from:

• You directly
• Employers, clients, or representatives of your organisation where relevant
• Publicly available sources such as professional networking sites, company websites, and public records
• Credit reference agencies where required for consumer credit, identity, or affordability checks
• Third-party service providers used to support our operational, screening, and compliance processes

Why do we store this data?

We store enough data to be able to operate our business effectively. We do not store needless data such as a customer’s date of birth or detailed residential information unless it is required for a lawful and legitimate business purpose.

We review the data we store on a regular basis to decide whether the stored or processed data remains necessary, accurate, and proportionate.

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority.
FCA Firm Reference Number: 742313

TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority.
FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information.

This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information can be found here:

• Creditsafe Transparency Notice
• TransUnion CRAIN
• TransUnion Bureau Privacy Notice

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Fulfilment of contract
• Legal obligation
• Legitimate interest
• Consent, where required

How long do we hold data?

• Historical sales and financial data is retained for 7 years in line with HMRC requirements
• Prospective customer data is deactivated or removed when there is no longer a valid opportunity for the sale of our goods or services
• Data is securely deleted or anonymised when no longer required

Provision of Personal Data

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

Personal data is required to:

• Enter into and perform contracts with customers, suppliers, and business partners
• Process orders, manage accounts, and deliver goods and services
• Verify identity and prevent fraud
• Comply with legal, regulatory, accounting, and tax obligations

If you choose not to provide the personal data requested:

• We may be unable to enter into a contract with you
• We may be unable to fulfil orders or provide services
• We may be unable to complete necessary verification, compliance, or fraud prevention checks
• Our services may be delayed, restricted, or declined

Where personal data is requested for optional purposes such as marketing communications, providing that data is not mandatory and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.

How do we keep data secure?

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure systems protected by firewalls and access controls
• Controlled access to systems and physical environments
• Regular password changes and access restrictions
• Device and asset tracking for core ICT equipment
• Regular system updates and security patching
• Staff training in data protection and information security

Access to sensitive systems is restricted and monitored. Staff are not permitted to access transactional systems outside of their authorised requirements.

We recognise that one of the easiest ways for data security to fail is through human error. For this reason, staff are trained to understand the importance of data security and how to carry out their duties in a secure way.

Data Sharing

To carry out our operations it is, from time to time, necessary to share data with trusted third-party suppliers who provide services to our company. For example, our delivery systems and operational platforms may require data to be transferred in order to fulfil services.

All third-party processors are required to comply with applicable data protection laws and maintain appropriate safeguards. We have contacted relevant third-party processors to confirm that they have their own GDPR policies and security arrangements in place.

Under no circumstances do we sell or share our database with any third party for third-party sales or marketing purposes unless explicitly agreed by the data subject.

International Data Transfers

We may transfer personal data to recipients or service providers located outside the UK and or European Economic Area where necessary for the delivery of our services or the operation of our systems.

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries recognised as providing an adequate level of data protection.

Cookies and Website Data

Our website uses cookies to improve functionality and user experience. Session cookies may be used to carry information across pages and avoid the need to re-enter information. These cookies expire at the end of your visit.

Cookies may:

• Maintain session data
• Improve navigation
• Help improve your visit to our site
• Analyse website usage and performance

You can choose to accept or decline cookies through your browser settings. If cookies are disabled, some features of the website may not function properly.

We may also collect non-identifiable technical data such as IP addresses to support website functionality, performance, and analytics. This information is not generally used to identify you personally.

Automated Decision Making and Profiling

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations.

However, we do not make decisions that have legal or similarly significant effects on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

What happens in the event of a data breach?

Although all reasonable steps are taken to prevent a data breach in the first place, Greenarc Fuel Cards acknowledges the requirement to report relevant personal data breaches to the Information Commissioner’s Office within 72 hours where required by law.

Data Subject Rights

How can your data be updated or amended?

We want to make sure that the information we process is accurate. If you wish to update your data, for example with a new contact number or change of surname, this can be done by contacting us using the details set out below.

The right to be forgotten

Where legally possible, we will remove or anonymise personal data upon request. Where retention is required, for example to meet HMRC or other legal obligations, data will only be retained for as long as necessary. We also make the ability to unsubscribe from marketing communications readily available throughout our digital marketing activities.

Subject access requests

We acknowledge that if a subject access request is issued by a data subject, we have up to one month to process the request and this cannot normally be chargeable. The ability to extract relevant data for this purpose has been incorporated into our systems.

Your wider rights

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure where applicable
• Restrict processing
• Object to processing
• Request data portability where applicable

You also have the right to lodge a complaint with the Information Commissioner’s Office if you are dissatisfied with how we manage your personal data.

Visit the ICO website

Contact Details

If you have any questions regarding this policy, please contact:

Data Protection Officer
Joe Ford
Email:
Joe@greenarc.com

Telephone:
0345 646 5451
Email:
hello@greenarcfuelcards.co.uk

Mail:
Greenarc Limited t/a Greenarc Fuel Cards
First House, Shuttleworth Mead Group
12a Meadway
Padiham
Burnley
BB12 7NG