Replace a lost or damaged CBT certificate: privacy notice
Updated 2 December 2024
1. About this service
The Driver and Vehicle Standards Agency (DVSA) is responsible for the regulation and administration of moped and motorcycle compulsory basic training (CBT). DVSA provides the service of replacing CBT certificates where the original training school is no longer in business or has not responded to repeated requests for a replacement. DVSA is an executive agency of the Department for Transport (DfT).
The data controller for DVSA is DfT – a data controller determines the reasons and how personal data is processed. For more information, see the Information Commissioner’s Office (ICO) Data Protection Public Register. DfT’s registration number is Z7122992.
2. What data we need
The personal data we collect from you includes:
- name
- driving licence number
- email address
- telephone number
The lawful basis for processing this data is public task.
Our legal powers are contained within:
- The Motor Vehicles (driving licences) regulations 1999 (as amended), part V details Approved Training Courses for Riders of Motor Bicycles and Mopeds
- The Road Traffic Act section 97(3)(e)
3. Why we need it
We need the personal data we collect from you to process your application for a replacement CBT certificate.
4. What we do with it
We collect, use and store the data you give us for the reasons set out in this policy. We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if required to do so by law – for example, by court order, or to prevent fraud or other crime.
5. How long we keep your data
We’ll only keep your personal data for as long as it is needed for the reasons set out in this policy or as long as is required by law.
We will hold your personal data for up to 1 year.
6. Where it might go
Our IT infrastructure and technology has been checked to make sure it’s safe and secure.
All your data is held on DVSA servers based in the UK or hosted within cloud services based in the European Economic Area (EEA). They meet security safeguards equivalent to those required by data protection legislation.
7. Protecting your data and your rights
The DVSA personal information charter sets out what steps are taken to protect your data, and the rights you have over your data.
8. Automated decision making and profiling
Your data is not subject to automated decision making or profiling as defined in data protection legislation.
9. Changes to this notice
We may change this privacy notice at our discretion at any time.
When we change this notice, the date on the page will be updated. Any changes to this privacy notice will be applied to you and your data as of the revision date.
We encourage you to periodically review this privacy notice to be informed about how your data is protected.
10. How to contact us
If you have any questions about anything in this document or if you consider that your personal data has been misused or mishandled, you can contact the DVSA data protection manager
DVSA data protection manager
Data Protection Manager
DVSA
1 Unity Square
Nottingham
NG2 1AY
Email information.handling@dvsa.gov.uk
Contact DVSA customer services if you have a query that is not about how your personal data is used.
You may also make a complaint to the Information Commissioner, who is an independent regulator.