Stagecoach North Scotland Roblox Staff Fleetlist

Privacy Policy

Last updated: 4th June 2026

This Privacy Policy describes how your personal data is collected, used, and protected when using this Fleet Management application. We operate in strict compliance with the UK General Data Protection Regulation (UK GDPR) and data protection principles outlined by the Information Commissioner's Office (ICO).

1. Data Controller

This system functions as an internal system for authorized staff members. For any data protection inquiries, corrections, or erasure requests, please contact the administrator at masterovroblox@gmail.com.

2. Data We Collect and Process

We limit data collection to the minimum information required to operate the application securely:

• Account Metadata: Corporate or operational email addresses, system access roles (e.g., 'admin', 'staff'), and secure, encrypted authentication credentials.
• Application Session State: Temporary authentication tokens stored locally within your secure web browser environment (LocalStorage) to regulate page permissions and access states.
• Fleet Logging Information: Operational vehicle identifiers, including fleet numbers, asset types, and public registration marks entered into the platform.

3. Lawful Basis for Processing

Under the UK GDPR, we process this information under the lawful basis of Legitimate Interests. The collection and storage of account details are necessary to secure system boundaries, authenticate personnel safely, and facilitate the primary operational workflow of managing the fleet list.

4. Third-Party Services and Sub-processors

To provide safe, scalable application availability, we build upon specialized third-party cloud infrastructure. Please note that these platform providers maintain separate, independent privacy frameworks governing data routing, security, and hosting environments:

• Supabase: Provides backend database hosting and structural cloud storage for authenticated account objects and fleet inventory entries. Data transactions are managed according to the Supabase Privacy Policy.
• Render: Handles web server environment distribution, repository deployment, and hosting infrastructure for frontend operations. Application file requests are subject to the Render Privacy Policy.

5. Data Retention

Staff profiles and assigned credentials persist in the secure data tier until explicitly removed. Administrators can permanently revoke system access and remove associated database objects at any time through the Management Console interface.

6. Your Rights Under UK GDPR

In alignment with individual protections endorsed by the ICO, you hold comprehensive rights regarding your records:

• The Right of Access: Request confirmation or inspection of database objects linked to your account.
• The Right to Rectification: Request changes to inaccurate or outdated administrative parameters.
• The Right to Erasure ("Right to be Forgotten"): Request complete purging of your user records when leaving the team or operation.

If you believe your information has been mishandled or your statutory protections are not being met, you retain the legal right to lodge a formal grievance directly with the Information Commissioner's Office (ICO) via ico.org.uk.