Legal
Privacy Policy
Last updated: July 2026
This Privacy Policy explains how NORTH EAST OPERATOR LTD (trading as N.E.O — North East Operator) ("N.E.O", "we", "us") collects, uses and protects your personal information when you use this website or make an enquiry with us.
We are committed to handling your data with the same discretion we bring to every journey. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Data Controller: NORTH EAST OPERATOR LTD (trading as N.E.O — North East Operator)
Company Number: 17163527 (Registered in England & Wales)
Registered address: Suite Ra01, 195–197 Wood Street, London, E17 3NU
Contact: omar@rideneo.co.uk · 07599 769672
ICO Registration: N.E.O is in the process of registering with the Information Commissioner's Office as a data controller. Our ICO registration number will be published here upon confirmation. In the meantime, any data subject rights requests (see Section 8) will be responded to within 30 days.
2. What Data We Collect
Depending on how you interact with this website, we may collect the following categories of personal data:
Booking enquiries
- Identity data: your full name
- Contact data: phone number, email address
- Journey data: pickup location, destination, date, time, number of passengers, flight number, special notes
- Location data: if you use the "Use My Location" feature, your device's GPS coordinates are used solely to fill in your pickup address and are not stored by us
- Communications: any messages sent to us via WhatsApp or email
Account registration
- Identity data: your full name
- Contact data: email address; phone / WhatsApp number (optional)
- Account data: date of registration, journey history once N.E.O commences trading
We do not collect payment card data. No payment is taken through this website.
3. How We Use Your Data
We use your personal data only for the purpose for which it was provided:
Booking enquiry data is used to respond to your enquiry and, once N.E.O commences trading, to confirm your journey, communicate with you before, during and after travel, and maintain operational records.
Legal basis: Contract performance (Article 6(1)(b) UK GDPR) — processing is necessary to take steps at your request prior to entering a contract and to perform that contract.
Account registration data is used to maintain your secure client account, give you access to the N.E.O members area, and to enable Omar to contact you personally when N.E.O goes live. We will not use your details for any other purpose without your consent.
Legal basis: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) — maintaining the client relationship you have requested.
4. How Your Data Is Stored and Transmitted
Account registration data (name, email, phone, journey history) is stored securely in Supabase, a cloud database platform. Data is encrypted at rest and in transit. Supabase infrastructure is hosted within the EU (EU West region). You can view Supabase's privacy and security documentation at supabase.com/privacy.
Journey enquiries submitted via WhatsApp or email are received directly into our secure inbox at omar@rideneo.co.uk and are not processed by any third-party form delivery service.
5. Third-Party Services Used on This Website
- Supabase — secure account authentication and data storage. Your name, email, phone and journey data are stored here. EU-hosted. See supabase.com/privacy.
- Google Fonts — loads typefaces from Google's servers. Google may log the request. See Google Privacy Policy.
- OpenStreetMap / Photon (Komoot) — provides address autocomplete when you type a location. Your typed query is sent to Photon's public API. No personal data transmitted.
- OSRM (Project OSRM) — calculates route distance and travel time. Coordinates only, no personal data.
- Nominatim (OpenStreetMap) — if you use "Use My Location", GPS coordinates are sent to convert to a readable address. Not stored.
- Leaflet / OpenStreetMap tiles — renders the route map. No personal data transmitted.
6. Data Retention
Account data is retained for the duration of your account and for up to 12 months following account deletion or the end of the client relationship, after which it is permanently deleted.
Booking and journey data is retained for no longer than 2 years from the date of the journey for operational and legal compliance purposes.
You may delete your account and all associated personal data at any time via the My Account page — no request to us required. See Section 8 for details.
7. Data Sharing and International Transfers
We do not sell, rent or share your personal data with third parties for marketing purposes.
Your account data is stored by Supabase in EU-region infrastructure. This means your data is held within the European Economic Area and is subject to GDPR-equivalent protections. No international transfer to third countries occurs in the ordinary course of your use of this website.
We will disclose personal data to law enforcement or regulatory authorities only where required by law.
8. Your Rights and Account Deletion
Under UK GDPR you have the right to:
- Access — request a copy of personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — delete your account and all personal data at any time
- Restriction — ask us to limit processing of your data
- Objection — object to processing based on legitimate interests
- Portability — receive your data in a structured, machine-readable format
Self-service account deletion: You can delete your account and all stored personal data directly from your My Account dashboard at any time. Your profile information (name, phone) is removed immediately. Your login credentials are fully removed within 24 hours, and Omar will confirm by WhatsApp or email once complete.
To exercise any other rights, or if you need assistance, contact us at omar@rideneo.co.uk. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Cookies and Local Storage
This website does not use tracking cookies or advertising cookies. A service worker is used to cache website files for offline use and faster loading — this is a functional mechanism and does not track your behaviour or identity.
Your login session is maintained using browser local storage (a standard browser feature). This stores a secure authentication token locally on your device so you remain signed in between visits. This token contains no personal data and is cleared when you sign out or delete your account.
10. Changes to This Policy
We may update this policy from time to time. The date at the top of this page will always reflect the most recent version. Continued use of the website after any update constitutes acceptance of the revised policy.