Tracking Guardian – GDPR & Data Protection FAQ
Is Tracking Guardian GDPR compliant?
Yes. Tracking Guardian is designed to operate in line with the UK GDPR and the Data Protection Act 2018.
Engineer M8 applies appropriate technical and organisational measures to protect tracking data and ensure it is handled lawfully, securely, and transparently.
Who is the Data Controller and Data Processor?
-
You (the customer) are the Data Controller
-
Engineer M8 is the Data Processor
This means:
-
You decide how and why tracking data is used
-
Engineer M8 stores and presents the data only to deliver the service
What personal data is collected?
Tracking Guardian collects operational tracking data only, such as:
-
Location data
-
Timestamps
-
Device status information
It does not collect:
-
Names
-
Contact details
-
Audio or video
-
Communications data
If a tracked asset can be linked to an individual (e.g. a vehicle assigned to a staff member), that association is managed by the customer, not Engineer M8.
Do I need to inform my staff or users?
Yes. If tracking data could reasonably be linked to an individual, you are responsible for:
-
Informing them that tracking is in place
-
Explaining the purpose of tracking
-
Ensuring lawful use under employment or data protection law
Tracking Guardian is intended for legitimate business and safety purposes.
Where is tracking data stored?
Tracking data is stored securely within Engineer M8–managed systems.
Access is restricted to authorised users and protected by security controls such as encryption and authentication.
How long is tracking data kept?
Data retention depends on your service plan and operational requirements.
You can:
-
View historical data in the portal
-
Export data when needed
-
Request clarification on retention periods
Data is not kept indefinitely without purpose.
Can I access or export my data?
Yes. Customers can:
-
View their data at any time via the portal
-
Export tracking records for audits or compliance
-
Request assistance with data access if required
Can tracking data be deleted?
Yes. You may request deletion of tracking data in line with GDPR rights, subject to:
-
Legal obligations
-
Legitimate business requirements (e.g. billing records)
Upon service cancellation, live data collection stops and access is removed.
Is tracking data shared with third parties?
No. Engineer M8 does not sell or share tracking data.
Data is only accessed by:
-
Authorised customer users
-
Engineer M8 support staff where required for service delivery
-
Legal or regulatory authorities where required by law
How is tracking data protected?
Tracking Guardian uses security measures including:
-
Encrypted data transmission
-
Secure login and access controls
-
Restricted internal access
-
System monitoring for misuse
These measures are designed to protect against unauthorised access or data loss.
What happens if there is a data breach?
In the unlikely event of a data breach:
-
Engineer M8 will investigate promptly
-
Affected customers will be notified where required by law
-
Appropriate corrective actions will be taken
Does Tracking Guardian use tracking for surveillance?
No. Tracking Guardian is designed to monitor assets and equipment, not individuals.
Any use of tracking data to monitor individuals is controlled by the customer and must comply with applicable laws and internal policies.
Who do I contact about data protection questions?
If you have any GDPR or data protection questions, you can:
-
Contact Engineer M8 support via the CMS client area
-
Submit a data protection enquiry through your account
