Legal

Privacy Policy

How Gem Rides handles passenger, booking, account, and support information.

Last updated

12 June 2026

This Privacy Policy explains how Baltic Standard Ltd, trading as GEM Rides, collects and uses personal information when you visit our website, create an account, request a quote, make or manage a booking, travel with us, contact us, or apply to work with us.

Baltic Standard Ltd is the controller responsible for this information under UK data protection law. We are registered in England and Wales under company number 08833134 and operate as a Transport for London licensed private hire operator.

1. Information we collect

Depending on how you interact with us, we may collect:

  • Identity and contact information: name, telephone number, email address, account identifier, and profile details.
  • Booking and journey information: pickup and destination, dates and times, routes, quote and booking references, passenger and luggage requirements, flight or train details, notes, accessibility requests, and journey status.
  • Driver and vehicle information: the licensed driver and vehicle used to fulfil a booking, dispatch records, and related operational records.
  • Payment information: fare, currency, payment status, Stripe transaction or payment-link identifiers, refund and dispute information. Stripe receives and processes your full payment credentials; we do not store your full card number.
  • Communications: emails, calls, SMS and WhatsApp messages, support enquiries, complaints, lost-property reports, feedback, and records of how we responded.
  • Recruitment information: contact details, driving experience, availability, application notes, eligibility and compliance information, and the outcome of an application.
  • Technical and usage information: IP address, browser and device type, operating system, website events, consent choices, security logs, and diagnostic data.

Please avoid placing sensitive information in free-text booking notes unless it is needed for us to provide the journey safely and appropriately. Where you provide health, accessibility, or other special-category information, we use it only where necessary and where UK data protection law permits.

2. How we collect information

We collect information:

  • directly from you, the person booking for you, or a corporate travel arranger;
  • when you use our website, account, forms, booking links, or communication channels;
  • from drivers and licensed providers involved in delivering your journey;
  • from payment, authentication, mapping, communications, and analytics providers; and
  • from public authorities or regulators where this is lawful and relevant.

Our booking forms may temporarily save entered details and recent address selections in your browser for up to six hours to make the booking process easier. You can remove this information by clearing your browser storage.

3. Why we use personal information

We use personal information to:

  • provide quotes, accept bookings, dispatch journeys, take payment, and issue refunds;
  • communicate confirmations, payment links, driver details, changes, delays, cancellations, and other service information;
  • provide customer support and investigate complaints, incidents, and lost property;
  • manage customer accounts, authentication, preferences, and account security;
  • plan capacity, improve pricing, service quality, website performance, and operations;
  • review recruitment applications and complete lawful licensing or compliance checks;
  • prevent fraud, misuse, and threats to passengers, drivers, staff, and our systems;
  • maintain booking, driver, vehicle, payment, tax, and accounting records; and
  • meet legal, regulatory, licensing, insurance, and law-enforcement obligations.

4. Our lawful bases

Under UK data protection law, we rely on one or more of the following lawful bases:

  • Contract: to take steps at your request and provide a booked journey or other service.
  • Legal obligation: to meet private hire licensing, tax, accounting, safeguarding, and other legal requirements.
  • Legitimate interests: to operate and improve our service, manage customer relationships, protect our business and users, and establish or defend legal claims, where those interests are not overridden by your rights.
  • Consent: for optional analytics and advertising measurement, and for marketing where consent is required. You may withdraw consent at any time.

Where we process special-category or criminal-offence information, we also identify an additional condition permitted by law and apply appropriate safeguards.

5. Operational and marketing communications

We may send booking and service messages by email, SMS, telephone, or WhatsApp. These messages are necessary to manage a service you requested and may include confirmations, payment links, driver information, disruption notices, and responses to enquiries.

Marketing messages are handled separately. Where required, we send them only with consent and always provide a way to opt out. Opting out of marketing does not stop essential messages about an active booking or account.

6. Who we share information with

We share only what is reasonably necessary with:

  • licensed drivers, vehicle providers, and subcontracted licensed operators;
  • payment providers, including Stripe, for checkout, payment confirmation, refunds, fraud prevention, and disputes;
  • technology providers supporting authentication, hosting, storage, databases, mapping, address search, analytics, security, and customer support;
  • communications providers supporting email, telephone, SMS, and WhatsApp, including Resend and Twilio;
  • professional advisers, insurers, auditors, and prospective business purchasers; and
  • Transport for London, police, courts, tax authorities, and other public bodies where disclosure is required or permitted by law.

We do not sell personal information. Providers acting for us must handle information under contractual and legal obligations. Some recipients, such as payment providers, may also act as independent controllers for parts of their service.

7. International transfers

Some suppliers may process information outside the United Kingdom. Where UK data protection law requires it, we use an adequacy regulation, approved contractual clauses, or another lawful safeguard, and apply supplementary protections where appropriate.

8. How long we keep information

We keep information only for as long as reasonably necessary for the purpose collected. Retention periods depend on the type of record and our operational, contractual, legal, tax, insurance, dispute, and private hire licensing obligations.

  • Booking, payment, and accounting records are normally retained for the applicable legal and claims period, which may be up to six years or longer where law requires.
  • Customer support, complaint, incident, and communication records are retained for as long as needed to resolve the matter and manage legal or regulatory risk.
  • Unsuccessful recruitment information is retained for a limited period appropriate to recruitment, compliance, and potential claims.
  • Browser-saved booking drafts and recent address choices expire after approximately six hours in the normal operation of our website.

We may retain information for longer if there is an active complaint, legal claim, investigation, safeguarding concern, or regulatory requirement. We delete or anonymise it when it is no longer needed.

9. Cookies, local storage, and analytics

Essential browser storage supports authentication, security, booking continuity, and your privacy choices. Optional Google Analytics and advertising measurement technologies are loaded only after you select “Allow analytics.” You may decline them and still use essential website and booking features.

You can change your analytics choice at any time using the “Cookie preferences” control in the website footer. Browser settings can also remove stored data, but blocking essential storage may affect account or booking functionality.

10. Security

We use organisational and technical measures designed to protect personal information, including access controls, authenticated accounts, encryption in transit, supplier controls, logging, and operational monitoring. No internet service is completely secure, so please protect access to your phone and account and contact us if you suspect misuse.

11. Your data protection rights

Depending on the circumstances, you may have the right to:

  • request access to your personal information;
  • ask us to correct inaccurate or incomplete information;
  • ask us to delete information or restrict how it is used;
  • object to processing based on legitimate interests or to direct marketing;
  • receive certain information in a portable format;
  • withdraw consent without affecting earlier lawful processing; and
  • complain to the Information Commissioner's Office.

These rights are not absolute. We may need to keep or continue using information where the law permits or requires it. We may ask for information to verify your identity before responding.

12. Children

Our online account and booking services are intended for adults. A child may travel when a booking is lawfully made for them by a responsible adult or organisation, subject to appropriate supervision, restraint, safeguarding, and service requirements.

13. Changes to this policy

We may update this policy when our services, suppliers, data use, or legal obligations change. We will publish the revised version and update the date above. We will provide additional notice where a change materially affects how we use personal information.

14. Contact and complaints

To exercise your rights or ask a privacy question, contact GEM Rides:

You also have the right to complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint or by calling 0303 123 1113. We would appreciate the opportunity to address your concern first.