.jpg){kind=logo}
Private Policy
.jpg){kind=logo}
Issue 1 – Updated May 2021
Overview
We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
Our website uses cookies. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
What information do we collect?
We may collect, store and use the following kinds of personal information:
(a) Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation.
(b) Information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services.
(c) Information that you provide to us for the purpose of registering with us.
(d) Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters.
(e) Any other information that you choose to send to us.
Cookies
​
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.
Our advertisers/payment services providers may also send you cookies.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.
​
Using your personal information
Personal information submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.
We may use your personal information to:
(a) administer the website;
(b) Improve your browsing experience by personalising the website;
(c) Enable your use of the services available on the website;
(d) Send to you goods purchased via the website, and supply to you services purchased via the website;
(e) Send statements and invoices to you, and collect payments from you;
(f) Send you general (non-marketing) commercial communications;
(g) Send you email notifications which you have specifically requested;
(h) Send to you our newsletter and other marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
(i) provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
(j) deal with enquiries and complaints made by or about you relating to the website; and
(k) other uses.
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
All our website financial transactions are handled through our payment services provider Stripe. You can review their privacy policies at the following sites.
We will share information with these only to the extent necessary for the purposes of processing payments you make via our website and dealing with complaints and queries relating to such payments.
We may have to collect and use information about people with whom we work. These may include members, current, past and prospective employees, clients, and suppliers. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We will ensure that we treat personal information lawfully and correctly.
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
​
This policy applies to the processing of personal data in manual and electronic records kept by us in connection with its human resources function as described below. It also covers our response to any data breach and other rights under the GDPR.
This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. These are referred to in this policy as relevant individuals.
​
We may collect and process the following data about you:
Information you give us. This may arise from you filling in quote forms. Job applications on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you complete the job application form, when you change/update your personal details, contact preferences etc. and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial.
Information we receive from other sources. With regard to information we are legally obliged to check as a Transport Operator we collect the following information:
– Driving licence checks;
– PCO Licence checks;
– Enhanced Criminal Record Check.
We use information held about you in the following ways:
Information you give to us. We will use this information:
– to review your job application;
– to submit your application for a PCO Licence;
– providing always that you have given to us the necessary consent, share with our contracting clients and customers;
– to notify you about changes to our service;
– to communicate with you notices of importance.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you to ensure you have the necessary and legally required licences to operate as an employee for City To Coast Day Tours Ltd.
Disclosure of your information
Provided always that you have provided the necessary consent(s), legally we are required to share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and Licensing authorities.
We may disclose your personal information to third parties:
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Cruise Minibuses Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
​
Where we store your personal data
The data that we collect from you will be stored at a within the European Economic Area (“EEA”) and will not be transferred outside the EEA unless we have your explicit consent to such transfer and storage. In any event, your data will only ever be transferred to organisations where an approved code of practice in relation to data protection is adopted. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
While we use strong encryption, both when your information is moving to or from our web services and also whilst your information is held by us, unfortunately the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your responsibility
All our employees are aware that personal information should be kept in a locked filing cabinet, drawer, or safe.
Employees are aware of their roles and responsibilities when their role involves the processing of data. All employees are instructed to store files or written information of a confidential nature in a secure manner so that are only accessed by people who have a need and a right to access them and to ensure that screen locks are implemented on all PCs, laptops etc when unattended. No files or written information of a confidential nature are to be left where they can be read by unauthorised people.
Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
​
Requirement to notify breaches
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach. More information on breach notification is available in our Breach Notification policy.
Your rights
​
You have the following rights in relation to the personal data we hold on you:
-the right to be informed about the data we hold on you and what we do with it;
-the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on Subject Access Requests”;
– the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
– the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
– the right to restrict the processing of the data;
– the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
– the right to object to the inclusion of any information;
– the right to regulate any automated decision-making and profiling of personal data.
Changes to our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Data Protection Controller, Info@citytocoast.co.uk.