Replace a lost or damaged CBT certificate: privacy notice
Updated 12 March 2025
© Crown copyright 2025
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected].
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at /government/publications/dvsa-privacy-notices/replace-a-lost-or-damaged-cbt-certificate-privacy-notice
1. About this serviceÌý
The Driver and Vehicle Standards Agency (DVSA) is responsible for the regulation and administration of moped and motorcycle compulsory basic training (CBT). DVSA provides the service of replacing CBT certificates where the original training school is no longer in business or has not responded to repeated requests for a replacement.â€�DVSA is an executive agency of the Department for Transport (DfT).Ìý
The data controller forâ€�DVSA is DfT â€� a data controller determines the reasons and how personal data is processed. For more information, see the Information Commissioner’s Office (ICO)â€�. DfT’s registration number is Z7122992.Ìý
2.  What data we needÌý
The personal data we collect from you includes:Ìý
- ²Ô²¹³¾±ðÌý
- driving licence numberÌý
- email addressÌý
- telephone numberÌý
The lawful basis for processing this data is public task.Ìý
Our legal powers are contained within:Ìý
- The Motor Vehicles (driving licences) regulations 1999 (as amended), part V details Approved Training Courses for Riders of Motor Bicycles and MopedsÌý
- The Road Traffic Act section 97(3)(e)Ìý
3. Why we need itÌý
We need the personal data we collect from you to process your application for a replacement CBT certificate.Ìý
4. What we do with itÌý
We collect, use and store the data you give us for the reasons set out in this policy.ÌýÌýWe will not:Ìý
- sell or rent your data to third partiesÌý
- share your data with third parties for marketing purposesÌý
We will share your data if required to do so by law â€� for example, by court order, or to prevent fraud or other crime.Ìý
5. How long we keep your dataÌý
We’ll only keep your personal data for as long as it is needed for the reasons set out in this policy or as long as is required by law.Ìý
We will hold your personal data for up to 1 year.Ìý
6. Where it might goÌý
Our IT infrastructure and technology has been checked to make sure it’s safe and secure.Ìý
All your data is held onâ€�DVSA servers based in the UK or hosted within cloud services based in the European Economic Area (EEA). They meet security safeguards equivalent to those required by data protection legislation.Ìý
7. Protecting your data and your rightsÌý
°Õ³ó±ðâ€�DVSA personal information charter sets out what steps are taken to protect your data, and the rights you have over your data.Ìý
8. Automated decision making and profilingÌý
Your data is not subject to automated decision making or profiling as defined in data protection legislation.Ìý
9. Changes to this noticeÌý
We may change this privacy notice at our discretion at any time.Ìý
When we change this notice, the date on the page will be updated. Any changes to this privacy notice will be applied to you and your data as of the revision date.Ìý
We encourage you to periodically review this privacy notice to be informed about how your data is protected.Ìý
10. How to contact usÌý
If you have any questions about anything in this document or if you consider that your personal data has been misused or mishandled, you can contact theâ€�DVSA data protection managerÌý
DVSA data protection managerÌý
Data Protection ManagerÌý
DVSAÌý
1 Unity SquareÌý
NottinghamÌý
NG2 1AYÌý
·¡³¾²¹¾±±ôâ€�[email protected]Ìý
°ä´Ç²Ô³Ù²¹³¦³Ùâ€�DVSA customer services if you have a query that is not about how your personal data is used.Ìý
You may also�, who is an independent regulator.