Home / Privacy Policy

Privacy Policy

Last Updated: November 1, 2023

At Leyland Transport, your privacy is fundamental to how we operate. As a healthcare transportation provider, we handle sensitive medical and personal information — and we take that responsibility seriously. This Privacy Policy explains what we collect, why we collect it, and how we protect it.

1. Information We Collect

We collect information that you provide directly to us, including:

  • Identity information: Full name, date of birth, gender
  • Contact information: Email address, phone numbers, home and pickup addresses
  • Medical information: Conditions relevant to transport needs, mobility aids, oxygen requirements, height, weight, and special needs
  • Insurance & billing information: Insurance carrier, member ID, responsible party details
  • Emergency contacts: Names and phone numbers of designated contacts
  • Technical information: IP address, browser type, device information, and website usage data
  • Employment information: For job applicants — work history, qualifications, and availability

2. How We Collect Information

We collect information through the following channels:

  • Trip booking forms on our website
  • Phone calls with our dispatch team
  • Email correspondence
  • Healthcare providers and insurance companies (with your consent or as authorized by law)
  • Cookies and analytics tools on our website (see Section 9)
  • Job application forms

3. How We Use Your Information

We use the information we collect to:

  • Schedule, dispatch, and coordinate your transportation
  • Ensure our drivers have the information they need to provide safe and appropriate care during transport
  • Process payments and submit insurance claims on your behalf
  • Communicate trip confirmations, reminders, and updates
  • Respond to your inquiries and support requests
  • Comply with legal, regulatory, and HIPAA obligations
  • Improve our services, website, and operations
  • Review and process employment applications

We will not use your information for purposes beyond those listed above without your explicit consent.

4. Information Sharing & Disclosure

We do not sell your personal information. We may share it only in the following circumstances:

  • Healthcare providers: Facilities or providers involved in your care, to the extent necessary for transport coordination
  • Insurance companies: For billing and authorization purposes only
  • Service providers: Vendors who assist our operations (e.g., email delivery, secure data storage) under strict confidentiality agreements
  • Legal requirements: When required by law, court order, or government authority
  • Emergency situations: With emergency contacts or first responders when your health or safety is at risk
  • Business transfers: In the event of a merger, acquisition, or sale of our business, with appropriate notice to you

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of sensitive data in transit (HTTPS/TLS) and at rest
  • Strict access controls — only staff who need your data to perform their duties can access it
  • Regular security assessments and vulnerability testing
  • Employee training on privacy, data security, and HIPAA obligations
  • Secure physical and digital storage of all records

While we take all reasonable steps to protect your information, no method of transmission or storage is 100% secure. If we become aware of a data breach that affects your information, we will notify you as required by law.

6. HIPAA Compliance

As a healthcare transportation provider, Leyland Transport is a HIPAA Business Associate and is subject to the Health Insurance Portability and Accountability Act (HIPAA). We are committed to:

  • Maintaining the privacy and security of all Protected Health Information (PHI)
  • Using and disclosing PHI only as permitted or required by HIPAA and applicable law
  • Implementing required administrative, physical, and technical safeguards
  • Providing patients with required notices of privacy practices
  • Honoring patient rights regarding their PHI, including rights to access, amendment, and accounting of disclosures

To exercise your HIPAA rights or to file a complaint, contact us using the information in Section 12.

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law:

  • Trip records: Retained for a minimum of 7 years to comply with healthcare and tax regulations
  • Medical information: Retained per HIPAA requirements (generally 6 years from creation or last effective date)
  • Job applications: Retained for up to 2 years; active employees are subject to our employee data policy
  • Website analytics: Aggregated, anonymized data retained indefinitely; identifiable data deleted within 26 months

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Restriction: Request that we limit how we use your information in certain circumstances
  • Portability: Receive your information in a structured, machine-readable format
  • Objection: Object to certain uses of your information
  • Withdraw consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us using the details in Section 12. We will respond within 30 days.

9. Cookies & Tracking

Our website uses cookies and similar technologies. For full details on the cookies we use, their purpose, and how to manage them, please see our Cookie Policy.

10. Children's Privacy

We do not knowingly collect personal information from children under the age of 13 without verifiable parental or guardian consent. When transporting minors, we collect information from the parent, guardian, or authorized caregiver booking the trip. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the revised Policy on this page and updating the "Last Updated" date. For significant changes affecting your PHI, we will provide direct notice as required by HIPAA.

12. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us:

To file a HIPAA complaint, you may also contact the U.S. Department of Health & Human Services Office for Civil Rights at www.hhs.gov/ocr.

Call Now