GDPR Statement

The process for opt-in consent involves all data receiving a telephone call to confirm involvement in the fleet decision-making process and inviting them to join our research panel. A follow-up email is then sent which confirms their inclusion in our research panel, this includes a copy of our privacy policy - as stipulated by GDPR - and provides a reminder of the ways in which to exercise their rights and opt-out from being included, each request is captured and stored.

Research panel members are invited to complete at least one survey per year. They are incentivised with options to access FREE reports and attend events. We also use publicly available sources such as registra- tions for our events to enhance our panel, repeating the process outlined above. All research conducted includes an opt-out clause. All respondents are anonymised, adhering to the Market Research Society code of conduct. All contacts are individuals working for corporate and SME businesses. Consent is agreement to be contacted by 360 Media Group & third party suppliers.Whilst this is still categorised under GDPR as persona data, it can be used within the current legislative framework for business to business sales and marketing purposes, assuming the Privacy and Electronic Communications Regulations (PECR) are also adhered to.

Named individuals who have opted-in to contact from 360 Media Group are invited to participate in our webinars and events. We stipulate that by booking the event ‘you agree to our terms and conditions’. To summarise the delegate agrees to be contacted by 360 Media Group and our events partners in relation to events and related content. As our events are FREE to attend, we rely on our partners for funding and on occasions they may contact you during 'reasonable period' aligned to the event that you are booking. We will also ask you to complete a short survey and you will have priority access to the results .You may opt-out at any time by contacting the

We also invite our fleet communities to attend events (i.e. the Fleet250 & Fleet500). Our fleet community offers individuals (that represent a company) access to FREE reports, peer-to-peer engagement, and access to white papers. We refer to the community as members to encourage engagement and elicit trust. When the individual ceases to work for their registered organisation their membership is revoked. We make our privacy policy available - as stipulated by GDPR - and provide a reminder of the ways in which to exercise there rights and opt-out from being included. All future communication includes an option to opt-out.

Information usage: we may use your information to: complete any membership and subscription requests, send press releases, send relevant content updates that are requested, and/or may be of interest, send relevant products/services that have been requested, invite to an event that is requested, and/or may be of interest, seek views through research surveys and conduct interviews. We also facilitate contact within the community, so if company A wants to communicate with company B, this is stated as a purpose and benefit of the fleet community.

Accountability and Transparency, accountability is one of the key tenants of the GDPR regulation and data controllers will need to have evidence of compliance and be able to demonstrate this if necessary. It is highly likely that privacy policies and statements will need to be reviewed to ensure transparency around the process of a subjects’ data. Individuals should have more information about how their data is processed and this should be made available in a ‘clear and understandable way.’

Consent: The two grounds for processing personal data are consent or legitimate interest. The GDPR states that consent must be: “...freely given, specific, informed and unambiguous, and given by means of a statement or clear affirmative action.” Consent must be specific to each data processing activity; consent can be withdrawn at any time and must be easy to do.

Legitimate interest: our data is provided to customers on the legitimate interest of enhancing marketing efficiencies for buyers and sellers within the UK fleet market. Legitimate interest is one of six lawful grounds for processing data under the GDPR. It is likely to be most appropriate where you use peoples data in ways that they would reasonable expect and which have minimal privacy impact or where there is a compelling justifications for the processing. For business-to-business purposes, where customers are utilising data to identify companies and individuals that are likely to have a need for their products and services, this is appropriate. Individuals are likely to be people within the organisation who would expect to be contacted for business purposes. Our legitimate interest in collecting this type of data has been audited and fully documented.

Right to be forgotten: this allows for an individual to request that their data is deleted provided there are no legitimate grounds for keeping it. Data controllers must take reasonable steps to inform other data processors with whom the data has been shared.

Subject Access Request: an individual can request access to their data, and this must be within one month and no fee charged. If the Data Controller processes a large quantity of data about the individual, it is reasonable to ask for the request to be narrowed down.

Data portability: Individuals can ask for their personal data to be provided in a useable format so it can be transferred to another data controller.

Data protection by design and default: data protection and privacy will be at the forefront of any pro- ject from the very start. It is also concerned with the amount of data collected, the purpose and the length of time the data is kept. Where necessary, Privacy Impact Assessments (PIA’s) may need to be conducted to identify and reduce any privacy risk from the earliest stages of development. In fact, PIAs are mandatory for companies dealing with processes that present high risk to their data subjects.

Research: all research carried out by 360 Media Group is compliant with GDPR regulations.

Our research code of conduct forbids the use of names attributed to respondents of research.

Listings: our reports compile listings of UK fleets (not people) ranked by fleet size sourced through re- search and publicly available information. This data does not contain named individuals and is therefore not subject to GDPR. For further information please contact the company secretary"