Privacy Policy: GDPR Compliance
Asset Tag Limited – Privacy Policy Last updated: 1 st September 2025 Asset Tag Limited (“we”, “us”, “our”) is committed to protecting your privacy and ensuring the security of the information we process. We comply with the UK General Data Protection Regulation (UK-GDPR), the Data Protection Act 2018, and all relevant data-protection laws. This Privacy Policy explains what information we collect, how we use it, and your rights. 1. Who we are (Data Controller) Asset Tag Limited Company Number: 15340855 Registered Office: Fernley Commonmoor Liskeard PL14 6EP Email: garry@assettag.co.uk Data Protection Lead: Garry Fitch-Goodwin Asset Tag Limited is the Data Controller for any personal data processed on our website and through our services. 2. What information we collect 2.1 Non-personal Asset Data (IOT / Machine-to-Machine Communication) Most of the data we process is not personal data. Our tags and systems use Internet of Things (IOT) and machine-to-machine (M2M) Technology. This includes: • Asset Tag ID numbers • Tag status (active/inactive) • Battery/health reports • Location signals and network identifiers • Movement alerts • Connection logs • SIM card metadata • Machine-generated timestamps and technical events This data does not identify any individual and cannot be linked to a person by us. 2.2 Client or business contact data We may collect: • Name • Work email • Work telephone number • Job title • Company name 2.3 Portal user account information If we provide you access to our reporting platform: With Username and password. 3. How we use your information Service delivery • Providing asset monitoring services • Operating IOT and M2M communication systems • Ensuring the performance and integrity of our platform Security and fraud prevention • Preventing misuse or unauthorised access • Supporting finance providers in protecting assets • Operating monitoring required for asset-related security Business administration • Managing contracts • Handling customer queries • Maintaining accurate operational records Marketing (B2B only) We may send: • Service notices • Important operational updates • Limited business-to-business communications You can opt out at any time. We do not sell or share data for advertising. 4. Legal basis for processing We rely on: • Contractual necessity – to deliver asset monitoring services • Legitimate interests – fraud prevention, asset protection, system security • Legal obligation – where required by law • Consent – for optional cookies and marketing We do not make automated decisions with legal or significant effects. 5. Who we share data with We only share data where necessary and never for marketing. Platform, hosting, and security providers We work with trusted compliant service providers for: • Cloud hosting • Security infrastructure • SIM communications • IT support and system maintenance These providers operate under strict contractual controls. Finance providers We may share asset-related information (not personal data) with authorised lenders and finance organisations for: • Asset protection • Contractual security obligations Legal or regulatory authorities Only when required by law or for legitimate investigations (e.g., stolen assets). 6. International data transfers We do not knowingly transfer personal data outside the UK or EU. If a transfer becomes necessary, we will only do so: • To countries with an adequacy decision, or • Under UK-GDPR approved safeguards (e.g., Standard Contractual Clauses) 7. Data retention We keep information only as long as necessary: • Asset/IOT/M2M data: normally tag battery life 48 months • Customer account and contract records: contract period + 6 years • Support enquiries/logs: up to 48 months • Cookie preferences: as selected by you After these periods, data is securely deleted or anonymised. 8. Cookies Our website uses: • Essential cookies (always active) • Optional analytics cookies (only with consent) A detailed Cookie Notice is available on our website. 9. Security We use strong technical and organisational measures, including: • Encrypted IOT/M2M communications • Microsoft 365 enterprise-grade security • Multi-factor authentication • Encrypted backups • Secure data centres • Role-based access control • No personal data stored on any tags • Regular audits and security reviews 10. Your rights You have the right to: • Access your personal data • Request corrections • Request deletion • Restrict processing • Object to certain processing • Request data portability • Withdraw consent (for consent-based processing) To exercise your rights, contact: garry@assettag.co.uk You may also complaint to the Information Commissioner’s Office (ICO) via www.ico.org.uk. 11. Changes to this policy We may update this Privacy Policy when necessary. The most recent version will always appear on our website. 12. Contact us For any questions about this policy or how we handle data: Email: garry@assettag.co.uk Address: Asset Tag Limited Fernley Commonmoor Liskeard PL14 6EP
Anti-Bribery and Corruption Policy for Asset Tag Limited
1. Introduction Asset Tag Limited is committed to conducting business with integrity, transparency, and in compliance with all applicable laws and regulations. This policy outlines our stance against bribery and corruption and provides guidelines for our employees and business associates to ensure ethical conduct in all business dealings.
2. Policy Statement Asset Tag Limited strictly prohibits bribery and corrupt practices in any form. This includes, but is not limited to, offering, promising, giving, accepting, or soliciting anything of value as an inducement or reward for granting business favors or influencing decision-making.
3. Scope This policy applies to all employees, officers, directors, agents, consultants, contractors, and any other individuals or entities acting on behalf of Asset Tag Limited, worldwide.
4. Gifts and Hospitality Gifts and hospitality may be offered or accepted only if they:
• Are not intended to influence business decisions
• Comply with local laws and customs
• Are of modest value and given openly and transparently
• Do not exceed prescribed limits set by the company policy
5. Donations and Sponsorships Asset Tag Limited prohibits donations or sponsorships intended as a means to gain improper business advantages. All charitable contributions and sponsorships must be ethical, legal, and align with our corporate values.
6. Compliance with Laws All business conduct must comply with relevant laws and regulations of the countries in which we operate, including adherence to anti-bribery and anti-corruption laws.
7. Reporting and Whistleblowing Employees and associates are encouraged to report any suspected bribery or corruption through designated channels, without fear of retaliation. Asset Tag Limited commits to protecting whistleblowers from any form of reprisal.
8. Training and Awareness Asset Tag Limited will provide regular training to employees on anti-bribery and anti-corruption practices to ensure understanding and compliance.
9. Monitoring and Review The company will regularly monitor and review the effectiveness of this policy and implement improvements as necessary.
10. Enforcement and Discipline Violations of this policy will result in disciplinary action, up to and including termination of employment or contracts and may involve legal proceedings.
11. Record Keeping Accurate and complete records of all transactions must be maintained to evidence compliance with this policy.
12. Policy Review This policy will be reviewed periodically and updated in accordance with legal and regulatory developments.
Understanding GPS Asset Tagging: Hired Vehicles, Human Rights, and Data Protection Laws
Introduction
Public awareness about GPS technology has grown in recent years, often accompanied by concern about privacy, surveillance, and potential misuse of tracking devices. These concerns are understandable—however, not all GPSenabled technologies function in the same way, nor do they all process personal data. In the case of GPS (or location-based) asset tags fitted to hired or financed vehicles, the technology is designed solely for asset protection, not personal monitoring. Asset tags used by Asset Tag Limited do not collect personal data, do notidentify drivers, and do not monitor personal behaviour. The tag simply reports its location once per day, meaning it cannot be used for continuous tracking or personal profiling. Understanding how asset tagging works helps clarify why it does not infringe human rights or breach data protection laws.
1. What Is GPS Asset Tagging? GPS asset tagging is a method of protecting valuable physical assets such as vehicles, machinery, or equipment. Tags are attached to the asset and periodically send a location signal to confirm the asset is where it is expected to be. Key characteristics of Asset Tag-style devices include:
• They report location only once per day (not real-time tracking)
• They generate machine-to-machine (M2M) technical data
• They do not store or transmit driver names, customer details, journey history, or behavioural information
• They cannot record conversations, speed, or usage patterns
• They do not monitor individuals The system exists solely to protect the asset, not its user. Because only the asset location is transmitted — never personal-identifying information — the data is considered non-personal under data protection legislation.
2. Human Rights and Privacy Considerations Human rights law, such as Article 8 of the European Convention on Human Rights (right to private life), protects individuals from intrusive monitoring or interference. However, asset tags used on hired or financed vehicles do not engage these rights, because:
• They do not track individuals
• They do not identify who is driving
• They do not record private activities
• They provide only a daily asset-location signal
• They operate for asset security, not personal surveillance The information collected is about the vehicle, not the person, meaning humanrights protections relating to privacy are not triggered.
3. Data Protection Laws (UK-GDPR) and Asset Tagging Under UK-GDPR, personal data is information that can identify a natural person. Asset tags used by Asset Tag Limited do not collect personal data. They do not log:
• the hirer’s name
• address
• phone number
• driving pattern
• movements of individuals
• journey details
The only data transmitted is:
• the tag’s unique ID, and
• the asset location at the time of the daily report
This means:
✔ No personal data is processed
✔ No driver can be identified
✔ No consent is required from the hirer
✔ No data-subject rights are engaged
✔ The system is fully compliant with UK-GDPR In addition, asset-finance and rental agreements typically include a clear statement that asset-location technology is used for asset protection, fraud prevention, and recovery, not for monitoring people.
4. Why This Use Is Lawful and Non-Intrusive
Asset tagging is legally and ethically acceptable because:
• It protects the legitimate interests of the asset owner (e.g., finance company)
• It collects only what is necessary to protect the asset
• It avoids monitoring drivers or individuals
• It uses minimum data (location once per day)
• It cannot be used to profile personal behaviour
• It prevents theft, fraud, loss, and hidden disposal of financed assets
This satisfies the legal principles of:
• necessity,
• data minimisation, and
• proportionality, which are central to UK-GDPR and to human-rights compliance.
5. Transparency and Trust
Although asset tagging does not involve personal data, it is still good practice for businesses to:
• Inform customers that the asset may contain a location tag
• Explain that the purpose is asset protection only
• Confirm that the tag does not track individuals
• Clarify that no personal information is collected or stored This transparency helps maintain trust and ensures customers understand the limited and lawful nature of the technology.
Conclusion
GPS asset tagging on hired or financed vehicles does not infringe human rights and does not breach UK data protection laws. The technology collects no personal data and does not monitor individuals in any way. It simply provides a daily location signal to protect valuable assets from theft, fraud, or loss. When used responsibly and transparently, asset tagging is a lawful, proportionate, and essential tool for asset protection — not a system of personal surveillance