Last Updated: 26 January 2026

Green Way Logistics Ltd. is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, protect and process personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to personal data collected through our website, during the provision of our services and through other interactions with our business. By using our website or engaging our services, you consent to the data practices described in this policy.

1. Data Controller Information

Data Controller: Green Way Logistics Ltd.
Address: Warehouse 12, Eco Park, Southampton, SO15 1BJ, Hampshire, United Kingdom
Email:
Phone:

As the data controller, Green Way Logistics Ltd. determines the purposes and means of processing personal data. We are responsible for ensuring that processing complies with applicable data protection laws.

2. Types of Personal Data We Collect

2.1 Client and Business Contact Information

When you enquire about or engage our services, we collect:

• Names and job titles of contact persons
• Company or business name
• Business addresses
• Email addresses
• Telephone numbers
• VAT registration numbers and other tax identifiers
• Payment and billing information

2.2 Service Delivery Information

In the course of providing logistics services, we collect:

• Delivery and collection addresses
• Contact details of consignees and recipients
• Proof of delivery signatures and recipient names
• Cargo descriptions and shipment details
• Delivery instructions and special requirements

2.3 Website Usage Information

When you visit our website, we may automatically collect:

• IP addresses
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring websites
• Date and time of visits

2.4 Correspondence and Communications

We retain records of:

• Email correspondence
• Telephone conversation notes
• Enquiry form submissions
• Complaint or feedback communications
• Contract documents and agreements

2.5 Employment Information

For employees, drivers and other personnel, we process comprehensive employment-related personal data including identification documents, employment history, qualifications, payroll information, performance records and other information necessary for employment purposes. Employee data processing is governed by separate employment contracts and policies.

3. How We Collect Personal Data

3.1 Direct Collection

Most personal data is collected directly from you when you:

• Submit enquiry forms on our website
• Contact us by email, telephone or post
• Enter into service agreements
• Provide shipment or delivery instructions
• Visit our premises

3.2 Automatic Collection

Some data is collected automatically through:

• Website server logs and analytics
• Essential cookies required for website functionality
• Email tracking for service communications

3.3 Third Party Sources

Occasionally we receive personal data from third parties including:

• Business partners or intermediaries arranging services on behalf of clients
• Credit reference agencies for credit checks
• Publicly available business directories

4. Legal Basis for Processing

We process personal data under the following legal bases as required by UK GDPR:

4.1 Contract Performance

Processing is necessary to perform contracts for logistics services including arranging transport, delivering goods, managing warehousing, invoicing and other activities required to fulfil service obligations.

4.2 Legitimate Interests

We process personal data based on legitimate business interests including:

• Operating and managing our business efficiently
• Communicating with clients and prospects about our services
• Maintaining records for business administration
• Protecting against fraud and ensuring security
• Improving our services and operations
• Establishing, exercising or defending legal claims

We balance these interests against individual privacy rights and do not process data in ways that override individual interests or rights.

4.3 Legal Obligations

We process personal data to comply with legal obligations including:

• Tax and accounting requirements
• Transport and safety regulations
• Employment and social security law
• Regulatory reporting and audits
• Court orders or law enforcement requests

4.4 Consent

In some cases, we rely on consent for processing including marketing communications. Where consent is the legal basis, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. How We Use Personal Data

5.1 Service Provision

Personal data is used to:

• Process service enquiries and quotations
• Arrange and coordinate transport and logistics services
• Manage warehousing and inventory
• Communicate regarding shipments and deliveries
• Obtain proof of delivery
• Handle exceptions, delays or problems
• Process returns and resolve issues

5.2 Business Administration

We use personal data for:

• Billing, invoicing and payment processing
• Credit control and debt collection
• Accounting and financial reporting
• Contract management
• Record keeping and audit trails
• Business planning and analysis

5.3 Communication

Personal data enables us to:

• Respond to enquiries and requests
• Provide customer support
• Send service updates and notifications
• Handle complaints and feedback
• Conduct client satisfaction surveys

5.4 Legal and Regulatory Compliance

We process data to:

• Comply with legal obligations
• Respond to regulatory enquiries
• Cooperate with law enforcement
• Establish, exercise or defend legal rights
• Prevent fraud and ensure security

5.5 Service Improvement

We analyse data to:

• Understand service usage patterns
• Identify improvement opportunities
• Enhance operational efficiency
• Develop new service offerings

6. Data Sharing and Disclosure

6.1 Service Delivery Partners

We share necessary personal data with third parties involved in service delivery including:

• Partner carriers and subcontractors who handle portions of transport
• Warehouse facility operators
• Technology providers supporting our operations

These parties are contractually obligated to protect personal data and use it only for purposes of providing services to us.

6.2 Professional Advisers

We may share data with professional advisers including lawyers, accountants, auditors and insurers who require access to provide professional services to our business.

6.3 Payment Processors

Payment and billing information is shared with financial institutions and payment processors necessary to process transactions. These entities maintain their own data protection practices and policies.

6.4 Legal and Regulatory Authorities

We disclose personal data to law enforcement, regulatory authorities, courts or other public bodies when:

• Required by law or legal process
• Necessary to protect rights, property or safety
• Required for regulatory compliance or investigations
• Necessary to enforce our terms or agreements

6.5 Business Transfers

In the event of business sale, merger, acquisition or restructuring, personal data may be transferred to relevant parties involved in the transaction. Such transfers will be conducted in accordance with applicable data protection laws.

6.6 What We Do Not Do

We do not:

• Sell personal data to third parties
• Share data with third parties for their marketing purposes
• Transfer data outside the United Kingdom except as described in Section 7
• Use personal data for purposes incompatible with those disclosed

7. International Data Transfers

Our operations are based in the United Kingdom and personal data is primarily stored and processed within the UK. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place including:

• Transfers to countries recognised as providing adequate data protection
• Use of standard contractual clauses approved for international transfers
• Other mechanisms permitted under UK data protection law

We do not routinely transfer personal data internationally but may do so when necessary to provide services or support business operations.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. Security measures include:

8.1 Technical Measures

• Encryption of data in transit and at rest
• Secure password policies and authentication
• Firewall protection and intrusion detection
• Regular security updates and patching
• Secure backup and recovery procedures
• Antivirus and malware protection

8.2 Organisational Measures

• Access controls limiting data access to authorised personnel
• Staff training on data protection and security
• Confidentiality agreements with employees and contractors
• Documented data protection policies and procedures
• Regular security assessments and audits
• Incident response procedures

8.3 Data Breach Procedures

In the event of a data breach that poses risks to individual rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours as required by law. Affected individuals will be notified without undue delay if the breach poses high risks to their rights and freedoms. We maintain documented procedures for detecting, responding to and recovering from data breaches.

9. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by legal obligations. Retention periods vary depending on data type and purpose:

9.1 Client and Service Data

Client contact information and service records are retained for the duration of the business relationship plus seven years after termination to meet legal requirements including tax, accounting and potential legal claims statutes of limitation.

9.2 Financial Records

Financial records including invoices, payment records and tax-related documents are retained for at least seven years as required by UK tax and accounting regulations.

9.3 Correspondence

Business correspondence is retained for up to three years unless part of ongoing matters, contracts or required for longer periods by legal obligations.

9.4 Website Logs

Website access logs and usage data are retained for up to 12 months for security, troubleshooting and analysis purposes.

9.5 Disposal

When retention periods expire and data is no longer required, it is securely deleted or anonymised according to documented procedures. Disposal methods ensure data cannot be reconstructed or recovered.

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

10.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to receive copies of that data. We provide the first copy free of charge, though reasonable fees may apply for additional copies.

10.2 Right to Rectification

You can request correction of inaccurate personal data or completion of incomplete personal data.

10.3 Right to Erasure

In certain circumstances, you can request deletion of your personal data including when data is no longer necessary for original purposes, you withdraw consent, or processing is unlawful. This right is not absolute and may be limited by legal obligations requiring data retention.

10.4 Right to Restriction of Processing

You can request restriction of processing in certain circumstances including when you contest data accuracy, processing is unlawful but you oppose erasure, or you need data for legal claims despite us no longer requiring it.

10.5 Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you can request personal data be provided in a structured, commonly used, machine-readable format and transmitted to another controller where technically feasible.

10.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or processing is necessary for legal claims.

10.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects individuals. If this changes, we will update this policy and ensure appropriate safeguards are in place.

10.8 Exercising Your Rights

To exercise these rights, contact us at with "Data Protection Rights" in the subject line. We respond to requests within one month, though this may be extended to two additional months for complex requests. We verify identity before fulfilling requests to ensure data is not disclosed to unauthorised parties.

11. Marketing Communications

We may send marketing communications to business contacts regarding our services, industry developments or other relevant information. Marketing communications are sent only where:

• You have provided consent
• We have a legitimate interest based on an existing business relationship
• Another lawful basis applies

You can opt out of marketing communications at any time by:

• Using unsubscribe links in email communications
• Contacting us directly to request removal
• Updating preferences through any client portal we provide

Opting out of marketing does not affect service-related communications necessary for contract performance.

12. Cookies and Similar Technologies

Our website uses only essential cookies necessary for basic functionality. We do not use analytics cookies, advertising cookies or tracking technologies that collect personal data for marketing or profiling. For complete information about our cookie usage, see our Cookie Policy.

13. Third Party Websites

Our website may contain links to third party websites for reference or convenience. We are not responsible for the privacy practices or content of third party websites. We recommend reviewing privacy policies of any third party websites you visit.

14. Children's Privacy

Our services are directed at businesses and commercial entities, not individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or business operations. Updated versions are posted on our website with revised "Last Updated" dates. Material changes that significantly affect privacy rights will be communicated more prominently. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

16. Complaints and Supervisory Authority

If you have concerns about how we handle personal data, please contact us first so we can attempt to resolve the issue. You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: www.ico.org.uk

17. Contact Information for Privacy Matters

For questions, concerns or requests regarding this Privacy Policy or our data protection practices, contact:

Green Way Logistics Ltd.
Data Protection Enquiries
Warehouse 12, Eco Park
Southampton, SO15 1BJ
Hampshire, United Kingdom

Email: (Subject: Data Protection Enquiry)
Phone: