Your privacy,
plainly explained.
We collect only what we need to book and complete your journey. Here's exactly how we use it, who sees it, and how long we keep it.
You are in control of your data.
Under UK GDPR, you have seven rights over your personal information. Email us any time to exercise them — free of charge.
Access
Request a copy of the personal data we hold about you.
Rectification
Correct any inaccurate or incomplete information we hold.
Erasure
Ask us to delete your data where there is no legal reason to keep it.
Restriction
Pause our processing of your data while a dispute is resolved.
Portability
Receive your data in a structured, machine-readable format.
Object
Object to processing based on legitimate interest or direct marketing.
Withdraw Consent
Withdraw consent for analytics or cookies at any time.
Full Privacy Policy
01 Who We Are
The data controller responsible for your personal information is:
Mr Anton Nemeth t/a Leo Taxis
3 Waterford Close
Bridgwater, Somerset, TA6 6UN
United Kingdom
Email: [email protected]
Phone: +44 1823 924403
ICO Registration Number: ZC074970
Date registered: 05 January 2026
Registration expires: 04 January 2027
Payment tier: Tier 1
We are registered with the Information Commissioner's Office (ICO) as required under the UK Data Protection Act 2018. As a small business, Anton Nemeth acts as the data protection contact for all enquiries.
02 What Personal Data We Collect
Data you provide when booking:
- Full name and contact phone number
- Email address (optional)
- Pickup and drop-off addresses
- Date, time, and number of passengers
- Flight or cruise ship details (for airport and port transfers)
- Special requirements (child seats, luggage, accessibility needs)
Data collected automatically when you visit our website:
- IP address and approximate location
- Browser type and device information
- Pages visited, time on site, and referring source
- Cookie identifiers (see Section 09)
Data collected when you contact us directly:
- Phone number (from inbound calls)
- WhatsApp message content and contact details
- Email correspondence
We do not collect or store payment card details. All card payments are processed securely by Stripe.
03 Why We Process Your Data (Lawful Basis)
We only process your personal data when we have a lawful basis under UK GDPR to do so:
04 Who We Share Your Data With
We share your data only with trusted third-party processors who need it to deliver our service. We do not sell your data or share it for marketing purposes.
| Processor | Purpose | Location |
|---|---|---|
| FareBookings | Booking platform — manages reservations and customer accounts | UK / EU |
| Stripe | Payment processing — PCI DSS Level 1 compliant; no card data stored by us | US (SCCs) |
| Google Analytics | Website analytics — anonymised visitor behaviour with IP anonymisation enabled | US (SCCs) |
| WhatsApp / Meta | Customer communication — booking contact, journey updates, and review requests | US (SCCs) |
| TextMagic | SMS service — booking confirmations and review requests | UK |
Legal disclosures: We may share data with Somerset Council (licensing compliance), police authorities (crime prevention), or courts and tribunals (where required by legal order). In all cases, only the minimum necessary data is disclosed.
05 International Data Transfers
Some of our processors are based in the United States. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place:
- Stripe — transfers governed by Standard Contractual Clauses (SCCs) approved by the ICO.
- Google Analytics / Google LLC — transfers governed by SCCs and the EU-US Data Privacy Framework.
- WhatsApp / Meta Platforms — transfers governed by SCCs approved by the ICO.
FareBookings and TextMagic process data within the UK — no international transfer applies.
You can request a copy of the relevant SCCs by emailing [email protected].
06 How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose for which it was collected:
- Booking records (financial transactions): 6 years — required by HMRC
- Customer communications (email, WhatsApp, SMS): 3 years from last contact
- Google Analytics data: 26 months (Google's standard retention period)
- Cookie consent records: 12 months
- Unsuccessful enquiries: 6 months, then securely deleted
After each retention period, data is securely deleted or anonymised. To request early deletion of your data, email [email protected].
07 Your Rights in Detail
To exercise any of the rights below, email [email protected]. We will respond within one month (extendable to three months for complex requests). There is no charge for exercising your rights. We may ask you to verify your identity before responding.
- Right of Access (Art 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art 16): Ask us to correct inaccurate or incomplete data.
- Right to Erasure (Art 17): Ask us to delete your data where there is no legal obligation to retain it.
- Right to Restriction (Art 18): Ask us to pause processing your data while a dispute is resolved.
- Right to Data Portability (Art 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to Object (Art 21): Object to processing based on legitimate interest (including review requests). We will stop unless we can demonstrate compelling legitimate grounds.
- Right to Withdraw Consent (Art 7): Withdraw consent for analytics cookies at any time via our cookie banner. This does not affect the lawfulness of any processing carried out before withdrawal.
08 Marketing Communications
We do not currently send marketing emails or newsletters. Your email address is used only to process and confirm your booking.
We may contact you via WhatsApp or SMS to request a review after your completed journey. This is based on our legitimate interest in improving our service. You may opt out of review requests at any time by replying STOP to any SMS or messaging us on WhatsApp, or by emailing [email protected].
If we introduce an email marketing programme in the future, we will ask for your explicit opt-in consent before sending any promotional communications, and you will always be able to unsubscribe easily.
09 Cookies & Analytics
Our website uses cookies — small text files stored on your device. We use two categories:
- Essential cookies: Required for the website and booking form to function correctly. No consent is needed for these.
- Analytics cookies (Google Analytics): Help us understand how visitors use our site — pages visited, time on site, and general geographic region. IP addresses are anonymised. These require your consent.
You can manage your cookie preferences via the banner when you first visit our site, or at any time by clearing your browser cookies and revisiting. Declining analytics cookies will not affect your ability to use the site or booking form.
Google Analytics data is processed by Google LLC (US) under Standard Contractual Clauses. For more information, see Google's Privacy Policy.
10 Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse:
- SSL/TLS encryption across all pages (https://leotaxis.co.uk)
- No payment card details stored — Stripe handles all card data under PCI DSS Level 1 compliance
- Password-protected WordPress admin with restricted access
- Regular security updates and patches applied to the website
- Encrypted website backups stored securely
In the event of a personal data breach that is likely to pose a risk to your rights and freedoms, we will notify the ICO within 72 hours and will inform affected individuals without undue delay where required by law.
11 Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Booking acceptance is always subject to human review of availability and suitability.
12 Children's Privacy
Our services are intended for adults aged 16 and over. We do not knowingly collect personal data directly from children under 16. Where a journey involves minors as passengers, the booking must be made by a parent or guardian who accepts responsibility for the accuracy of information provided.
If you believe we have inadvertently collected data relating to a child under 16, please contact us at [email protected] and we will delete it promptly.
13 Third-Party Links
Our website may contain links to third-party platforms including Google Maps, Facebook, Instagram, and WhatsApp. These services operate under their own privacy policies, which we encourage you to review. Leo Taxis is not responsible for the data practices of any third-party website or application.
14 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we use, or legal requirements. When we do, we will update the "Last updated" date shown in the header of this page.
For significant changes that affect how we use your data, we will notify you directly where we hold your contact details, or display a prominent notice on our website.
Continued use of our services after an updated policy is posted constitutes acceptance of the revised terms.
15 Complaints & How to Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us first:
Email: [email protected]
Phone: +44 1823 924403
Post: Anton Nemeth t/a Leo Taxis, 3 Waterford Close, Bridgwater, Somerset, TA6 6UN
We aim to resolve all data concerns within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Email: [email protected]
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Questions about your data?
We're always happy to explain how we handle your information. Get in touch and we'll respond within one working day.
Contact Us