The KADOE Service and your data
The KADOE service is a managed service for access to the DVLA’s Vehicle Keeper data.
Within the scope of the GDPR legislation, the KADOE service is a data processor, it is our customers who are the data controllers. This means we act on behalf of our customers; any requests for data must come from them. We do not provide our customer’s data to anyone but the customer who controls it. Our customers can request and receive the data from the DVLA using the KADOE service for valid business reasons. This is governed by the contract they sign with the DVLA and not with the KADOE service.
The KADOE service process Vehicle Keeper Enquiry and Vehicle Keeper Response data. An enquiry is a request for a vehicle keeper’s name and address on a particular date. A response is the vehicle keeper’s information on that date.
These are the data in an Enquiry and a Response:
Because the names and addresses of vehicle keepers is personal data, we keep them encrypted on the service.
Normally, your data is provided after you have authenticated with the service. This is the case for the day-to-day operations when you log-in to download your data.
We can provide you with any of your data if you make a request to us in writing. We will respond to the request in a timely manner, usually between 1 and 2 working days.
We cannot change your data. If, for whatever reason, you need to change your data, we can remove any personal information.
Yes. If you provide us with the details necessary to find the data, we will replace the vehicle keeper information with an error response. The error response, the vehicle information, and the associated enquiry will remain on the service until the end of your data retention period.
Normally, we will retain your data for 2 years. This is aligned to the 2 years the DVLA expects you to retain the data within your organisation. However, you are the data controller, and we can configure the service to retain your data for a period specified by you. You can ask us in writing to do this at any time.
At the end of the retention period, your enquiry and response data are deleted from our service’s on-line databases. Your data will be retained for a short period (7 to 14 days) in our backups after that.
If you made a request to remove a vehicle keeper during the retention period, the enquiry and vehicle information associated with the keeper will deleted at the end of the retention period.
When you leave our service, your account will be disabled so that you can no longer make connections to it. Your enquiry and response data will remain on the service for the retention period, after which your account information will also be deleted. If you would like us to delete your data before the end of the retention period, please write to us and we will arrange it. Your data in our back-ups will remain for about 14 days after it has been deleted on the Service.
No, we cannot restrict the processing of your data.
We only serve you with your data. We do not move or use your data for any other purpose or process.
Generally, the answer is no. Our test environments generate fictitious keeper data which are a fair representation of the data received from the service.
We do have a test configuration that allows the service to return a copy of your production keeper data in response to a test enquiry. This facility is available on request and is generally used for running existing and new systems in parallel.
This software can be downloaded from our website and used to send enquiries and receive responses. The program can only be used by customers who have a configured account on our service.
The desktop client stores its data locally in an encrypted database which customers cannot access except by using the desktop client. The desktop client provides functions to limit access to the program by username, password, and role.
The KADOE API uses HTTPS connections to transfer data between customers and the service. Each message in the conversation with the API contains a username and password to authenticate the message with the service.
The SFTP gateway uses Secure Shell Protocol (SSH) connections to transfer data between customers and the service. Customers use a username and either a password or a public key to authenticate with the SFTP gateway. Customer must also provide an IP address of their client so that we can add it to our firewall.
Connections to and from our Value Added Network (VAN) provider are secured with private keys. The connection between a customer and their VAN, is beyond our control but almost certainly secure.
The KADOE service is hosted in a very secure UK data centre by a leading hosting provider. The data never leaves the UK. As a managed service, we maintain backup and maintenance schedules to ensure that our infrastructure is secure.
Only members of the support team have access to the service and this is further controlled by roles and responsibilities.
We encrypt data containing personal information using AES.
We have off-line but maintained servers configured to take over if our primary servers fail, and routine back-ups of our data. If we have a failure, you will be notified and kept up to date with our progress restoring the service. We would expect the service to be unavailable for about 3 hours. In most cases, there will be no need to resend data to us.
All the KADOE support team have been on courses to understand what is involved in handling a customer’s data. The team’s access to the service is strictly by role, username, and password. Only members of the team that have day-to-day responsibility for the service have access to it. Connections to the service by members of the team is guarded by an IP address list on the firewall.
We maintain a customer contact list which we use to send round-robin or specific emails to you. Round-robin emails are normally concerned with any delays in the processing of data, or the closure of the service for maintenance. Apart from routine announcements, we will contact you if any event occurs which has a direct impact on the security of your data.
We do not share your contact details with anyone, and we do not use them for anything other than managing the KADOE service.
If you are contacting us regarding specific data, please include as much information as you are able but, as a minimum: the vehicle registration mark and the reference number you assigned to the enquiry when you sent it to us. We will confirm this with you before we make any changes.