PRIVACY POLICY
- 1 Introduction
- 1 The term Scole cabs or us or we refers to the owners of the website
and company Scole cabs Our address is 3 The Terrace Norwich Road Scole
Diss Norfolk IP21 4DY
- 2 We collect and store the minimum information possible to provide the
services you've requested (i.e. to process your order). We may also use
this information for auditing, research and analysis to operate and improve
our technologies and services.
- 3 The term 'you' refers to the user or viewer or user of our website
and company
- 4 Where required to fulfil your transfer, we may pass selected information
to third parties.
- 5 We may update this policy from time to time by publishing a new version
on our website.
- 6 You should check this page occasionally to ensure you are happy with
any changes to this policy.
- 2 How we collect and use your personal data
- In this Section we set out:
- a the categories of personal data that we may process;
- b the reason why we may process personal data;
- c the legal basis for processing this data;
- d when we provide your personal data to others;
- e the steps we take to protect your personal data.
- 2 We may collect and process data about your use of our website ('analytics
data'). The analytics data may include any of the following: your IP address;
approximate location, internet browser type and version, your PC's operating
system, the source of referral, length of your visit, and website navigation
paths, as well as information about the frequency, and pattern of your
visits. We gather this data through the Google Analytics service. The
legal basis for the processing of this data is our legitimate interests
in improving our website and service.
- 3 We collect and process data relating to Customer Profiles ('Customer
Data'). This data includes: your full name, email address, phone number
& billing address). You will be required to provide this data during the
process of booking our service. The legal basis for processing this data
is for the performance of the contract, in particular for us to be able
to reliably communicate with you regarding your bookings as well as organise
and provide the service you have requested. Some of this data may be passed
to a third-party service as part of Transaction Information, for more
information see section 2.5.
- 4 We may collect and process personal data relating to Journeys or Transfers
('Journey Data'). This data includes: head passenger name, passenger mobile
telephone number, the route of your journey, flight / service numbers
& the date and time of your travel. The legal basis for processing this
data is for the performance of the contract. Some of the journey data,
where required to fulfil your transfer, may be passed to third-parties,
for example independent taxi drivers. Where possible, without impacting
the quality of service, this sharing of data is restricted to un-identifiable
information, for example when checking the availability of a third-party
only the date, time, waypoint postcodes, number of passengers and type
of vehicle are provided.
- 5 We may collect and process data relating to the payment of services
('Transaction Data'). Transaction data includes: card number, card expiry
date & card security code, as well as some customer data: billing address
and card holder's name, we also process some additional data this data
may include: your email address & telephone numbers. Transaction data
is handled but not stored by us and is passed to a third-party service,in
our case iZettle The transaction data may be processed for supplying the
purchased services and keeping proper records of those transactions. The
legal basis for this processing is the performance of a contract between
you and us.
- 6 We may process information contained in or relating to any communication
that you send to or have with us ('correspondence data'). The correspondence
data may include: email content, online chat transcripts, call recordings
and metadata associated with the communication. The correspondence data
may be processed for the purposes of communicating with you. Where possible
we avoid collecting transaction data .
- 7 We may process your personal data where necessary, for use in the
defence of legal claims in court or another legal proceeding. The legal
basis for this is to protect and assert our legal rights, the rights of
our customers or the rights of others.
- 8 We may process any of your personal data where such processing is
necessary to comply with a legal obligation to which we are subject, or
to protect your interests or the interests of another person.
- 3 Retaining and deleting personal data
- 1 This Section sets out our data retention policies, these are designed
to ensure that we comply with our legal obligations in relation to the
retention and deletion of personal data and are designed so that we maintain
the lowest possible level of risk to our customers.
- 2 Personal data that we process for any purpose or purposes shall not
be kept for longer than is necessary to fulfil the purchased service and
our, or a third-parties, legal obligations.
- 3 We will retain and delete your personal data as follows:
- a Analytics Data:
- i Google Analytics retains data relating to a visit to our website indefinitely,
the data collected is non-identifiable.
- ii We collect some identifiable analytics data, this is stored for at
most 1 month following a visit to our website, at the end of which period
it will be deleted from our systems.
- b Journey Data will be retained for at most 5years following the completion
of the journey in accordance with our legal obligations as a registered
Private Hire Operator, at the end of which period it will be deleted from
our systems.
- d Data will be retained for 6 years from the end of last tax period
in order to comply with uk tax laws
- 4 We may retain your personal data where it is vital for use in defence
of legal claims in court or another legal proceeding.
- 5 We may retain your personal data where such retention is necessary
for compliance with a legal obligation to which we are subject, or in
order to protect your vital interests or the vital interests of another
natural person.
- 4 Your rights
- 1 You have the right to access; rectify or request the removal of any
personal information we hold about you. We are legally bound to provide/remove
this information free of charge within 30 days. This right however is
subject to some limitations:
- a There may be a legal reason we cannot remove the data.
- b The data may be integral to providing the service, deleting or removing
it would result in the cancellation of service. In this case you would
be subject to our normal cancellation fees / procedure.
- c You will be required to supply proof of your identity, in most circumstances
we will accept two forms of ID such as a passport, driving license or
a copy of a utility bill showing your address listed. This information
must be provided by email or post along with your request to which you
will receive confirmation of receipt by us within 14 days
- d If the request is complicated the timeframe for rectification can
be extended by up to two months.
- 2 You have the right to lodge a complaint with a supervisory authority.
- 3 You have the right to withdraw consent to our use of this data. In
some cases this may result cancellation of your service and any relevant
charges.
GDPR (GENERAL DATA PROTECTION REGULATION)
The 'General Data Protection Regulation' (GDPR) is a piece of European
data protection legislation designed to replace and strengthen the '1995
EU Data Protection Directive' as well as unify these standards across the
European Union.
When you use our service, we may store your personal data . Doing so allows
us to operate our business issue you documentation for your journey and
ensure your travel runs smoothly. This classes us, Scole cabs, as a 'data
controller' and a 'data processor', you as a customer or passenger of Scole
cabs,are a 'data subject', although you may also be acting as a 'data controller'
especially if you are booking on behalf of someone else. As a data controller,
you may need to take steps yourself in order to comply with GDPR requirements.
- Your Responsibilities
- As a data controller, you should ensure you're compliant with the current
legislation. The ICO recommends taking these 12 steps.
- 1 Awareness: You should make sure that decision makers and key people
in your organisation are aware that the law is changing to the GDPR. They
need to appreciate the impact this is likely to have.
- 2 Information you hold: You should document what personal data you hold,
where it came from and who you share it with. You may need to organise
an information audit.
- 3 Communicating privacy information: You should review your current
privacy notices and put a plan in place for making any necessary changes
in time for GDPR implementation.
- 4 Individuals' rights: You should check your procedures to ensure they
cover all the rights individuals have, including how you would delete
personal data or provide data electronically and in a commonly used format.
- 5 Subject access requests: You should update your procedures and plan
how you will handle requests within the new timescales and provide any
additional information.
- 6 Lawful basis for processing personal data: You should identify the
lawful basis for your processing activity in the GDPR, document it and
update your privacy notice to explain it.
- 7 Consent: You should review how you seek, record and manage consent
and whether you need to make any changes. Refresh existing consents now
if they don't meet the GDPR standard.
- 8 Children: You should start thinking now about whether you need to
put systems in place to verify individuals' ages and to obtain parental
or guardian consent for any data processing activity.
- 9 Data breaches: You should make sure you have the right procedures
in place to detect, report and investigate a personal data breach.
- 10 Data Protection by Design and Data Protection Impact Assessments:
You should familiarise yourself now with the ICO's code of practice on
Privacy Impact Assessments as well as the latest guidance from the Article
29 Working Party, and work out how and when to implement them in your
organisation.
- 11 Data Protection Officers: You should designate someone to take responsibility
for data protection compliance and assess where this role will sit within
your organisation's structure and governance arrangements. You should
consider whether you are required to formally designate a Data Protection
Officer.
- 12 International: If your organisation operates in more than one EU
member state (ie you carry out cross-border processing), you should determine
your lead data protection supervisory authority. Article 29 Working Party
guidelines will help you do this.
- What We're Doing to be GDPR Compliant
- Scole cabs takes data security seriously. We take many steps to protect
your data, these include:
- • Running regular security scans on our network.
- • Regular scheduled scans of all PC's with heavy duty virus protection
software.
- • Keeping an inventory of all the personal data we store and ensuring
we only collect data that is required to carry out the service.
- • Regularly reviewing our Data Protection Policies and ensuring appropriate
training is provided to employees.
- • Training staff on the 'Data Breach Protocol' to ensure everyone
knows what to do.
- Please also read our privacy policy
- The GDPR has expanded consumers right of access to their data, as well
as the removal/deletion of records. There are however some legal limitations
placed on us that could limit our ability to comply with your request.
This would include south Norfolk council our licensing authority's requirement
that we store 1 year of full journey records
- Scolecabs is committed to being fully compliant with this regulation.
- If you have any questions please use our Contacts page alternatively
you can download a PDF copy of the General Data Protection Regulation
here. >>>