Description of processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us to provide a transport service to our customers, maintain our accounts and records, promote our services and manage and support our staff. We also process personal information using CCTV system to monitor and collect visual images for the purpose of security and the prevention and detection of crime.

Type/classes of information processed

We process information relevant to the above reasons/purposes. This may include:

• personal details
• family details
• education and employment details
• financial details
• goods and services
• visual images, personal appearance and behaviour

We also process sensitive classes of information that may include:

• racial and ethnic origin
• physical or mental health details
• trade union membership
• religious and similar beliefs
• criminal proceedings, outcomes and sentences
• offences and alleged offences

Who the information is processed about?

We process personal information about:

• customers
• employees
• suppliers and service providers
• collection and delivery locations
• complainants, enquirers
• professional advisers and consultants
• individuals captured by CCTV images

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

• family, associates and representatives of the person whose personal information we are processing
• current, past or prospective employers
• suppliers and service providers
• business associates and professional advisers
• financial organisations
• persons making an enquiry or complaint
• educators and examining bodies
• employment and recruitment agencies
• credit reference agencies
• debt collection and tracing agencies
• central government
• police forces and security organisations

Data subjects have the right of access to information held by the Company, subject to the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. Any data subject wishing to access their personal data should put their request in writing to the DPC. The Company will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 40 days for access to records and 21 days to provide a reply to an access information request.

The information will be imparted to the data subject as soon as is reasonably possible after it has come to the Company’s attention and in compliance with the relevant Acts.

The Company will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.

The Company will take appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the Act. The Company and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data. An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite.

The Company must ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.

For clarification on the above, please contact mark@matthewkibble.com