The Data Protection Act 1998 (“Act”) regulates the processing of data relating to individuals. This includes the obtaining, holding, using or disclosing of such data and covers computerised records as well as manual filing systems and card indexes.
The Company (Smarter Travel Limited) shall hold the minimum personal data necessary to enable it to perform its functions. All such data is confidential and needs to be treated with care, to comply with the law.
We recognise that the lawful and correct treatment of personal data is very important to successful operations and to maintaining customers’ and employees’ confidence in ourselves.
Any personal data which we collect, record or use in any way whether it is held on paper, on computer or other media shall have appropriate safeguards applied to it to ensure that we comply with the Act.
Smarter Travel Ltd is registered with the Information Commissioner (Ref. ZA298556).
The Company is fully committed to adhering to the Principles of Data Protection, as set out in the Act.
In summary, the Principles state that personal data shall:
To comply with the law, information shall be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
In terms of the Act, we are the ‘data controller’, and as such determine the purpose for which, and the manner in which, any personal data are, or are to be, processed. To assist in achieving compliance with the principles, the Company has appointed a Data Protection Officer (DPO) with specific responsibility for data protection within the company.
It is the responsibility of the DPO to:
All staff are responsible for ensuring that:
Any breach of this Data Protection Policy whether deliberate or through negligence may lead to disciplinary action being taken or even a criminal prosecution.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.
All company computers have a log in system and each Travel Plan Contact Database is password protected, which allow only authorised staff to access personal data. Passwords on all computers are changed frequently. All personal and financial data is kept in a locked filing cabinet and can only be accessed by approved staff. When staff members are using the laptop computers out of the office care should always be taken to ensure that personal data on screen is not visible to strangers.
We will not use data for a purpose other than those agreed by data subjects (residents, employees, staff and others). If the data held by us are requested by external organisations for any reason, this will only be passed if data subjects (residents, employees, staff and others) agree. Also, external organisations must state the purpose of processing, agree not to copy the data for further use and sign a disclaimer agreeing to abide by The Data Protection Act 1998 and the Smarter Travel Ltd Data Protection Policy.
The Company will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. If data given or obtained are excessive for such purpose, they will be immediately deleted or destroyed. The Company will always put our logo on all paperwork, stating their intentions on processing the data and state if, and to whom, we intend to give the personal data.
We discourage the retention of data for longer than it is required. All personal data will be deleted or destroyed by us after two years from receiving said data has elapsed.
All individuals that the Company hold data on have the right to:
Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual. The Company takes particular care to be aware of this when obtaining survey information via the Internet, which can be accessed from anywhere in the globe. This is because transfer includes placing data on a web site that can be accessed from outside the European Economic Area.
If you ever wish to see your personal information we hold, please refer to section 1.2.5 so that arrangements can be made.
Your privacy is of the utmost importance to us. Because we gather certain types of information about residents / staff associated with Travel Plans, we feel you should understand fully the terms and conditions surrounding the capture and use of that information. This Policy discloses what information and/or data we gather, how we use it, and how to correct or change it. This includes information supplied to us by you through a third-party service, such as Facebook or Liftshare. If you have any questions in relation to our Policy please contact the DPO on [email protected]
We gather two types of information about data subjects: data that subjects provide through optional, voluntary data gathered through information derived mainly by postal / online survey questionnaires and journey plan posts throughout the Liftshare Network.
Occasionally, we conduct surveys to understand better the travel needs of our audience in order to analyse current travel habits to and from regular destinations as well as to improve our features. We sometimes share the aggregated demographic information in these surveys with our clients or partners. We never share any information about a specific data subject gathered in a survey with any third party without that Member’s express consent. We do not, however, control the practices of our partners. If you have questions about how our partners uses information about you please contact them directly (we will divulge information only as necessary to comply with English law).
We use your data to create aggregate reports and carry out analysis on demographics and traffic patterns for our Clients and carefully selected third party partners in order compare travel data and to improve our Services.
The personal type of data subjects that may be held by us would include:
The personal data held by us will only be used for the following purposes:
Personnel Data of staff and clients associated with Smarter Travel Ltd will be subject to the Data Protection Policy of Richard Jackson Limited.
One of the rules under Data Protection gives you the right to see certain information held about you.
Personal data is confidential and access is restricted. Under Section 7 of the Data Protection Act, 1998 (DPA) an individual has the right to request copies of all their personal data known as a subject access request (SAR).
In order to get a copy of their personal data, an individual has to make a request in writing, provide sufficient information to identify themselves and the information they are seeking and the necessary fee (the Act allows a Data Controller to charge up to £10 for a request).
SAR forms should be completed by the individual and returned to the Data Protection Administrator at Smarter Travel Ltd, 847 The Crescent, Colchester, Essex, CO4 9YQ
The Company will acknowledge all SARs within 5 working days and will respond to a SAR within 15 working days of the required documents and fee being submitted.
All SARs will be treated in the strictest confidence and will only be processed by authorised Smarter Travel Ltd staff in order to locate the information and process the SAR. Only information which is considered to be personal data will be released under a SAR. The anonymity of other individuals or other information which is not considered to be personal data may be protected, as appropriate, by redaction or omission in accordance with the DPA.
In order to request information on behalf of another individual Smarter Travel Ltd requires proof that you are acting with the authorisation of that individual. Therefore, some additional information is required.
If you are acting on behalf of another individual a written request must be submitted along with the statutory £10 fee, signed authorisation confirming the data subject’s consent to the agent acting on individual’s behalf, and evidence of the identity of the data subject.
The Website tracks visitor traffic patterns throughout its network. This information may be used to help personalize the Website or target advertising. We also break down overall usage statistics according to a Member’s domain name, browser type, and MIME type by reading this information from the browser string (information contained in every Visitor’s browser). We also use third party providers including Google Analytics to help us improve our Services.