This Privacy Policy explains how Team Dispatch Ltd, trading as TeamDispatch (“TeamDispatch”, “we”, “us” or “our”), collects, uses, shares and protects personal data when you use our mobile applications, web application and related services (together, the “Service”).
TeamDispatch is a job management and dispatch platform used by field service and trades businesses to organise bookings, dispatch work to technicians, manage customer records, and share jobs with other connected businesses. The Service is used across a range of industries including, but not limited to, locksmithing, plumbing, heating, electrical, vehicle servicing, cleaning, landscaping and other mobile or site-based trades.
We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Important for end-customers: If you are an end-customer of a business that uses TeamDispatch (for example, someone who has booked a tradesperson or service provider), please contact that business directly for questions about how your personal data is used. That business is the data controller for your information; TeamDispatch acts as a data processor on its behalf. See Section 3 for details.
1. Who we are and how to contact us
Data controller: Team Dispatch Ltd, a company registered in England and Wales (company number 17180872), trading as TeamDispatch, with its registered office at Second Floor, 21 Graham Street, Birmingham B1 3JR.
For questions about this Privacy Policy, to exercise your data rights, or to raise a concern, please contact us at:
- Email: support@teamdispatch.co.uk
- Post: Data Protection, Team Dispatch Ltd, Second Floor, 21 Graham Street, Birmingham B1 3JR
We are registered with the UK Information Commissioner’s Office (ICO) under registration number [TODO: ICO registration number — registration in progress; will be filled before launch].
2. Scope of this policy
This policy applies to personal data we collect through:
- The TeamDispatch iOS and Android mobile applications;
- The TeamDispatch web application and related domains;
- Our marketing website at teamdispatch.co.uk;
- Any communications you have with us by email or through our support channels;
- Any other service or page that links to this Privacy Policy.
3. Our role: data controller and data processor
UK data protection law distinguishes between a “data controller” (who decides how and why personal data is used) and a “data processor” (who processes data on behalf of a controller). Because TeamDispatch is a platform used by businesses to manage their own operations, our role depends on whose data is being processed.
3.1 When we are the data controller
We are the data controller for personal data relating to:
- Individuals who sign up for a TeamDispatch account — including business owners, managers and technicians (collectively, our “Users”);
- Visitors to our websites;
- Individuals who contact us for support, sales, or other enquiries.
3.2 When we are a data processor
We act as a data processor in respect of personal data that our business customers (each, a “Customer Business”) upload to, or generate within, the Service about their own end-customers — for example, the name, address and phone number of a homeowner, motorist or business booking a service. In this context:
- The Customer Business is the data controller of its end-customer data;
- TeamDispatch processes that data only on the documented instructions of the Customer Business, in accordance with our Terms of Service and any applicable Data Processing Agreement;
- End-customers wishing to exercise their data rights should contact the relevant Customer Business in the first instance. We will assist Customer Businesses in responding to such requests where required.
4. Personal data we collect
The categories of personal data we process depend on how you interact with the Service.
4.1 Data you provide to us
| Category | Examples |
|---|---|
| Account data | Name, email address, password (stored in hashed form), phone number, and your role within the Customer Business (Manager, Office Staff or Technician). |
| Business data | Business name, trading address, business phone number, VAT number (where applicable) and trade or industry type. |
| Customer records | Names, addresses, emails, phone numbers and other details of the Customer Business’s own end-customers, entered into the Service by the Customer Business. |
| Job data | Details of bookings, appointments, job types, job notes, job status, pricing and payment status, entered into the Service. |
| Asset / vehicle data | Where relevant to a job, details of the vehicle, property or asset being serviced — for example, vehicle registration, make, model and mileage. |
| Media | Photos (up to 5 per job) and video (up to 1 per job) uploaded by Users in connection with a job. |
| Payment data | Billing contact details and, for Customer Business subscriptions, payment card or direct debit details (which are collected and held by our payment provider, not stored by us). |
| Communications | Emails, support messages, feedback and any other correspondence you send to us. |
4.2 Data collected automatically
When you use the Service, we and our service providers automatically collect certain technical information, including:
- Device information (device type, operating system and version, unique device identifiers, mobile network information);
- Usage data (screens viewed, actions taken, features used, session duration and timestamps);
- Crash and performance data (stack traces, error logs and app state at the time of a crash);
- Approximate location (derived from IP address) for security and analytics purposes;
- Push notification tokens, used to deliver notifications to your device.
4.3 Data from third parties
We may receive limited personal data from:
- Apple, Google and other authentication providers, if you choose to sign in using single sign-on;
- Analytics and crash reporting providers (see Section 9);
- Your employer or business administrator, if they invite you to join the Service.
4.4 Sensitive data
We do not intentionally collect special category personal data (such as health data, religious beliefs or biometric data). Users are instructed not to upload such data to the Service. If you believe special category data has been uploaded, please contact us immediately so we can take appropriate action.
4.5 Children
The Service is a business tool and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.
5. How we use personal data, and our lawful bases
We process personal data for the purposes set out below. For each purpose, we rely on one or more lawful bases under UK GDPR.
| Purpose | Lawful basis | Example |
|---|---|---|
| Providing the Service to Users and Customer Businesses | Contract | Creating and managing accounts, storing job and customer records, delivering the core scheduling and dispatch features. |
| Billing and subscription management | Contract; legal obligation | Processing subscription payments, issuing invoices, maintaining financial records. |
| Communicating with you about the Service | Contract; legitimate interests | Sending service announcements, responding to support requests, sending notifications about jobs and team activity. |
| Keeping the Service secure and preventing misuse | Legitimate interests; legal obligation | Detecting fraud, enforcing our Terms, investigating misuse, securing accounts. |
| Improving the Service and developing new features | Legitimate interests | Analysing aggregated usage patterns, diagnosing bugs, prioritising product improvements. |
| Complying with legal and regulatory obligations | Legal obligation | Responding to lawful requests from authorities, maintaining tax records, meeting UK GDPR obligations. |
| Marketing our own Service to existing Users and business contacts | Legitimate interests (you can opt out at any time) | Sending product updates, newsletters and relevant offers. You can unsubscribe using the link in any marketing email. |
| Sending marketing to prospective customers | Consent (where required) | Responding to sign-ups on our marketing website; contacting prospects who have opted in. |
Where we rely on legitimate interests, we have carried out a balancing assessment to ensure our interests are not overridden by your rights and freedoms. You can ask us for more information about this assessment by contacting support@teamdispatch.co.uk.
6. Inter-company job sharing
TeamDispatch allows a Customer Business to send a job to another connected Customer Business (for example, to pass overflow work or to sub-contract). Where this feature is used:
- The originating Customer Business (“Source Company”) and the receiving Customer Business (“Assigned Company”) both have visibility of the shared job, including the end-customer details associated with that job;
- Each Customer Business remains a separate data controller of its own data, and is jointly responsible with the other Customer Business for the personal data visible in the shared job for the limited purpose of delivering that job;
- Neither Customer Business gains access to the other’s wider customer database or internal (non-shared) jobs. Strict data-isolation rules prevent cross-company access outside the shared job itself;
- Customer Businesses are responsible for ensuring they have an appropriate lawful basis to share end-customer personal data in this way, and for informing their end-customers as required.
7. When we share personal data
We do not sell personal data. We share personal data only in the following circumstances:
7.1 Service providers (processors acting on our behalf)
We use a small number of carefully selected service providers to operate the Service. These include:
| Provider | Purpose | Location of processing |
|---|---|---|
| Google Cloud / Firebase | Core backend hosting: database (Firestore), file storage, authentication, Cloud Functions, push notifications, crash reporting and analytics. | United Kingdom (europe-west2, London region) for primary data storage. Some supporting infrastructure (e.g. analytics, Crashlytics) may process data in the United States under Standard Contractual Clauses. |
| Apple Push Notification service | Delivery of push notifications to iOS devices. | United States (under the UK–US Data Bridge / Standard Contractual Clauses). |
| Firebase Cloud Messaging | Delivery of push notifications to Android devices. | United States / European Union. |
| Stripe | Processing subscription payments from Customer Businesses. | United Kingdom / European Economic Area / United States (under Standard Contractual Clauses). |
| Email delivery provider | Sending transactional emails (email verification, invitations, notifications) and support correspondence. | United Kingdom / European Economic Area / United States (under Standard Contractual Clauses). |
| Legal, accounting and professional advisors | Providing legal, tax, audit and other professional services. | United Kingdom. |
7.2 Other Customer Businesses
Where you or your Customer Business uses the inter-company job sharing feature, personal data related to the shared job will be visible to the other Customer Business, as described in Section 6.
7.3 Legal and regulatory disclosures
We may disclose personal data where we are required to do so by law, court order or regulatory request, or where necessary to establish, exercise or defend legal claims, to protect the rights, property or safety of TeamDispatch, our Users or others, or to investigate suspected fraud or misuse of the Service.
7.4 Business transfers
If Team Dispatch Ltd is involved in a merger, acquisition, restructuring or sale of assets, personal data may be transferred to the acquiring entity as part of that transaction. We will take reasonable steps to ensure that your personal data continues to be protected in accordance with this Privacy Policy.
8. International transfers
Your personal data is primarily stored on servers located in the United Kingdom (Google Cloud’s europe-west2 / London region). Some of our service providers may process limited personal data outside the United Kingdom, including in the United States and the European Economic Area.
Where personal data is transferred outside the United Kingdom, we rely on one or more of the following safeguards:
- A UK Government adequacy decision in respect of the destination country;
- The UK International Data Transfer Agreement, or the International Data Transfer Addendum to the EU Standard Contractual Clauses;
- The UK Extension to the EU–US Data Privacy Framework, where applicable.
You can request a copy of the safeguards we rely on by emailing support@teamdispatch.co.uk.
9. Analytics, crash reporting and cookies
9.1 In-app analytics and crash reporting
Within the mobile and web applications, we use Firebase Analytics and Firebase Crashlytics to understand how the Service is used, diagnose problems and improve performance. These tools collect technical data about your device and how you interact with the Service. We use this data in aggregated form and do not use it to build advertising profiles.
9.2 Cookies on our websites
Our websites use a limited number of cookies and similar technologies. Strictly necessary cookies are used to keep you signed in and to keep our sites secure. With your consent, we may also use analytics cookies to understand how visitors use the site. You can manage or withdraw consent at any time through the cookie banner or your browser settings. The TeamDispatch mobile apps (iOS and Android) do not use cookies; the web application uses Firebase SDK local-storage entries for authentication state and App Check tokens — no advertising or third-party tracking cookies.
10. How long we keep personal data
We keep personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting or reporting obligations.
| Category of data | Typical retention period |
|---|---|
| Active User account data | For the duration of the Customer Business’s subscription, plus up to 90 days after account closure for operational recovery. |
| Deactivated User data | Retained in a deactivated state (not accessible to the user) to preserve historical job records for the Customer Business, until the Customer Business deletes its account. |
| Customer and job records (processed on behalf of a Customer Business) | For the duration of the Customer Business’s subscription. On account closure, data is deleted within 90 days unless the Customer Business requests earlier deletion or export, or unless retention is required by law. |
| Media (photos and video) attached to jobs | As above — retained with the associated job record. |
| SERMI audit records (auto locksmiths only) | Retained for 5 years from the job completion date as required by SERMI scheme rules, regardless of account deletion. |
| Billing and transaction records | At least 6 years from the end of the relevant financial year, to comply with UK tax and accounting law. |
| Support correspondence | Up to 3 years from the date of the last interaction, unless retained for longer to defend legal claims. |
| Analytics and crash data | Up to 14 months in identifiable form, then aggregated. |
| Marketing contact details | Until you unsubscribe or request erasure, and for a short reasonable period thereafter to action your request. |
When personal data is no longer needed, we will delete it or anonymise it so that it can no longer be associated with you.
11. Your rights under UK GDPR
You have the following rights in relation to your personal data. Some rights only apply in certain circumstances.
- Access: You can ask us for a copy of the personal data we hold about you.
- Rectification: You can ask us to correct inaccurate or incomplete personal data.
- Erasure: You can ask us to delete your personal data in certain circumstances.
- Restriction: You can ask us to restrict the processing of your personal data in certain circumstances.
- Portability: You can ask us to provide certain personal data to you, or to another controller, in a structured, commonly used, machine-readable format.
- Objection: You can object to our processing of your personal data where we rely on legitimate interests, and to direct marketing at any time.
- Withdraw consent: Where we rely on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
- Automated decision-making: We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.
You can exercise most of these rights from within the Service: Users can access and export their personal data, and request deletion of their account, from the Settings menu. Alternatively, you can contact us at support@teamdispatch.co.uk.
If you are an end-customer of a Customer Business, please see Section 3.2 — your first point of contact is the relevant Customer Business.
Complaints: You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or by calling 0303 123 1113. We would appreciate the chance to address your concerns first, so please do contact us before making a complaint.
12. How we protect personal data
We take the security of personal data seriously and use appropriate technical and organisational measures to protect it, including:
- Encryption of data in transit (TLS) and at rest;
- Role-based access controls, with Users only able to see data belonging to their own Customer Business;
- Firebase App Check, which verifies that requests to our backend come from genuine instances of our apps;
- Firestore and Storage security rules, which enforce company-level data isolation at the server;
- Mandatory email verification for all new accounts;
- Monitoring, logging and alerting to detect and respond to unusual activity;
- Regular backups and disaster recovery procedures provided by our cloud infrastructure;
- Staff access to personal data on a need-to-know basis only, under confidentiality obligations.
While we take reasonable steps to protect your personal data, no system can be guaranteed to be 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO, and where required, you, in accordance with UK GDPR.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Effective date” at the top of this page. For material changes, we will also notify you within the Service or by email. We encourage you to review this policy periodically.
14. Definitions
- “Customer Business” means a business that has registered to use the Service.
- “User” means an individual (Manager, Office Staff or Technician) who holds an account on behalf of a Customer Business.
- “End-customer” means an individual or business that receives services from a Customer Business and whose details are entered into the Service by that Customer Business.
- “UK GDPR” means Regulation (EU) 2016/679 as it forms part of UK law by virtue of the European Union (Withdrawal) Act 2018.