ECT Privacy Notice, valid as of 25th May 2018
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
(a) What sort of personal data do we collect?
ECT Charity collects your name, address, gender, date of birth, contact information (including emergency contact details), health and mobility status (as relevant to be able to use accessible transport services), details of previous and desired bookings and records of your interactions with us via email or post.
(b) Who holds your personal data?
ECT Charity is the data controller when you provide your information directly to us to use our services. Our contact details are 020 8813 3210, email@example.com
, Greenford Depot, Greenford, Middlesex UB6 9AP.
(c) How and why do we use your personal data?
We collect your information through registration forms, over the phone and via email.
We use your personal data to process any bookings that you wish to make over the phone or in writing. If we don’t collect your personal data during your registration for our services, we won’t be able to process your booking and comply with our obligations to you.
From time to time we will send you updates about our services and activities, including newsletters, community updates, special events and day trips. We may also send you periodic surveys to help us improve the service we provide to you and calculate our social value as a charity. We’ll do this on the basis of our legitimate business interest.
You are free to opt out of hearing from us by post at any time.
We may also process your personal data to comply with our contractual or legal obligations to share data with law enforcement or insurance providers.
(d) What is our legal basis for collecting and processing your personal data?
Contractual obligations – in certain circumstances, we need your personal data to comply with our contractual obligations. For example, in providing our accessible transport services to you we need to process your data to make bookings.
Legitimate interest – in specific situations, we use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, sending you a newsletter or survey to improve our services.
Legal compliance – if the law requires us to, we may need to collect and process your data. For example, in the event of a road accident involving yourself as a passenger on one of our vehicles we may need to pass details to law enforcement and/or our insurance provider.
(g) How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, so that it can be used in a non-identifiable way for statistical analysis, social value calculation and business planning.
We review our customer database annually for inactive customers and will contact you to see if you are still interested in our services. If you do not respond we will consider you inactive and delete your record.
We need to retain certain personal data even after you stop using our services, for legal and auditing purposes. This will be held for a maximum of seven years.
(h) Who do we share your personal data with?
We may share your personal data where we are required to do so by law. All our personal data (including yours) is housed within the EU, backed up in the UK and is not exported outside the EU/EEA.
Occasionally, we may share your personal data with contractors or suppliers who provide us with services. For example, we use email providers for our marketing communications. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller.
(i) How do we protect your personal data?
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
Access to your personal data is password-protected and we regularly monitor our system for possible vulnerabilities and attacks.
When transferred to driver manifests, we have robust operational procedures in place to protect your personal data.
(j) What are your rights over your personal data?
You have the following specific rights regarding the personal data we have collected from you:
You can contact us to request to exercise these rights at any time by emailing firstname.lastname@example.org
or calling 020 8813 3210.
(k) Your right to lodge a complaint
- The right to be informed (this Privacy Notice provides you with your right to be informed)
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling (we do not perform any automated decision making and profiling)
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns