Data Protection Policy

Effective date: 14 April 2026  |  Last reviewed: 14 April 2026

Tektrans operates at the intersection of public safety technology and data privacy. We provide advanced highway surveillance and traffic enforcement systems to public sector clients, and we recognise that data protection is not just a legal requirement for us — it is central to the trust our clients and the public place in the technology we deliver. This policy sets out how Tektrans handles personal data in compliance with UK GDPR and the Data Protection Act 2018, both as a data controller in our own right and as a data processor acting on behalf of our public sector clients.

Who we are

Tektrans Limited (company number 15354373) is the sales, service and client support entity within the Arrowsmith Analytics Group. We supply and manage computer vision-based road safety and traffic enforcement systems for local authorities, councils, police forces and public sector transport bodies across the UK. Our technology is developed by our sister company Pulsare, also part of the Arrowsmith Analytics Group.

Tektrans Limited

Company number: 15354373

Brame Cottage, Sutton Lane, Hilton, Derbyshire, DE65 5GQ

Website: tektrans.co.uk

Our dual role under UK GDPR

Data controller and data processor

Tektrans operates in two distinct capacities under UK data protection law, and it is important to understand the difference:

As a data controller — Tektrans determines the purposes and means of processing personal data relating to its own business activities. This includes data about website visitors, enquirers, employees, and contacts at client and partner organisations. This policy primarily addresses that role.

As a data processor — when Tektrans operates surveillance and enforcement systems on behalf of a local authority, council or police force, that public sector body is the data controller for the operational data collected (such as vehicle images, number plate data and road user behaviour analytics). Tektrans processes that data only on the instructions of the relevant controller, under a written Data Processing Agreement (DPA). Members of the public with questions about data collected by a specific enforcement scheme should contact the relevant local authority or public sector body.

Our data protection principles

We process all personal data in accordance with the seven principles of UK GDPR:

01
Lawfulness & fairness
Data is processed on a clear legal basis and never in a deceptive or harmful way.
02
Purpose limitation
Data is collected for specific, stated purposes and not used in incompatible ways.
03
Data minimisation
We only collect what is genuinely needed — nothing more.
04
Accuracy
We take reasonable steps to keep personal data accurate and up to date.
05
Storage limitation
Data is not kept longer than necessary for the purpose it was collected.
06
Security
Appropriate technical and organisational measures protect against unauthorised access or loss.
07
Accountability
We take responsibility for compliance and can demonstrate how we meet these principles.

What data we hold and why

Public sector client contacts

We hold names, job titles, work email addresses and phone numbers for individuals at local authorities, councils, police forces and transport bodies who engage with us about our solutions. This information is used to manage enquiries, deliver projects, maintain service contracts and communicate relevant updates.

Website enquiries and prospective clients

When someone contacts us through our website, we collect the information they provide — typically name, organisation, contact details and a description of their traffic management or road safety challenge. This is used solely to respond to the enquiry and, where appropriate, to follow up about our services.

Operational and contract records

For active managed service contracts, we maintain records relating to the deployment, configuration and ongoing operation of our systems at client sites. These records may include details of the client organisation, site locations, system performance data and correspondence relating to the delivery of services.

Surveillance and enforcement system data (processor role)

Where Tektrans operates highway surveillance and enforcement systems on behalf of a public sector client, the data collected by those systems — including vehicle images, automatic number plate recognition (ANPR) data, and road user behaviour analytics — is processed strictly on behalf of and under the instruction of that client. Tektrans does not use this operational data for its own purposes. Retention periods, access controls and data subject rights relating to that data are governed by the relevant Data Processing Agreement and the policies of the controlling public sector body.

Arrowsmith Analytics Group and Pulsare

As part of the Arrowsmith Analytics Group, Tektrans may share relevant business and operational data with Pulsare (our technology development company) and with the Group where necessary to deliver services and manage the business. All intra-group data sharing is governed by appropriate agreements and handled in accordance with UK GDPR.

Lawful bases for processing

  • Contract performance — to deliver managed service contracts with public sector clients
  • Legitimate interests — to manage client relationships, respond to enquiries and develop our business
  • Legal obligation — to meet record-keeping, regulatory and contractual compliance requirements
  • Public task — where processing supports the delivery of road safety and traffic enforcement functions carried out by our public sector clients in the public interest
  • Consent — for any direct marketing communications

How long we keep data

  • Website enquiry and contact data — up to 2 years
  • Client contact and relationship records — for the duration of the relationship and up to 6 years after it ends
  • Managed service contract and operational records — up to 6 years after contract end
  • Financial and invoicing records — up to 7 years (HMRC requirement)
  • Surveillance and enforcement system data — as specified in the relevant Data Processing Agreement with the public sector client

All data is securely deleted or anonymised once it is no longer needed.

Data security

Given the sensitive nature of the technology we provide and the public sector environments we operate in, we apply robust technical and organisational security measures across all data we hold or process. These include access controls, encrypted communications, secure system architecture and regular security reviews. Our managed service systems are designed and operated to meet the security expectations of local authority and public sector procurement requirements.

In the event of a personal data breach that poses a risk to individuals, we will notify the ICO within 72 hours as required by law, and will inform affected controllers and individuals where necessary.

Who we share data with

We do not sell personal data. We may share it in limited and necessary circumstances with:

  • Pulsare and other Arrowsmith Analytics Group entities, under intra-group data sharing agreements
  • Public sector clients, in connection with the delivery and management of their enforcement schemes
  • Trusted IT infrastructure and service providers, under appropriate data processing agreements
  • Regulatory bodies, law enforcement or authorities, where required by law

We do not transfer personal data outside the UK or European Economic Area without appropriate safeguards in place.

Your rights

Under UK GDPR, you have the following rights in relation to personal data that Tektrans holds about you in its capacity as data controller:

Right of access — request a copy of the data we hold about you
Right to rectification — ask us to correct inaccurate information
Right to erasure — request deletion of your data in certain circumstances
Right to restrict processing — ask us to limit how we use your data
Right to data portability — receive your data in a structured, readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — at any time, where consent is our legal basis

If your request relates to data collected by a traffic enforcement scheme operated in your area, please contact the relevant local authority or public sector body, as they are the data controller for that information. We will respond to all requests within one calendar month.

ICO registration and complaints

ICO

Tektrans Limited is registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.

If you have a concern about how we handle personal data and we have not been able to resolve it to your satisfaction, you have the right to lodge a complaint with the ICO:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

Changes to this policy

We may update this policy from time to time to reflect changes in the law, our services or the way we operate. The date at the top of this page will always show when it was last reviewed.