GDPR and Data Protection Statement
The General Data Protection Regulation (‘the GDPR’) which came into effect on May 25th 2018. The GDPR applies across the European Union (EU) and aims to give individuals more rights, control and understanding of how their personal data is processed.
The GDPR will have no impact on the service we provide to you. It does however require Clare Accessible Transport t/a Clarebus to keep you informed of the following:
- The types of data we hold on you;
- The purpose it is used for; and
- Your rights in relation to how it is processed.
You will find all this information in the enclosed Data Protection Statement. This Statement is applicable to our service users.
There is no need for you to do anything, we just wanted to update you on the GDPR changes.
Clare Accessible Transport t/a Clarebus
Data Protection Statement
What is the purpose of this notice?
Our aim is to provide you with a demand responsive public transport service or a training service (Driver CPC). To fulfil that aim, and to provide you with suitable services, we need to get to know you and what your needs are.
This means that we collect certain information about you while operating our business. This notice sets out details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.
Who controls the use of your personal data?
Clare Accessible Transport t/a Clarebus whose registered address is Unit 1, The Creamery, V94 N727 Feakle, Co. Clare is the company that controls and is responsible for personal data that is collected in relation to our transport and training needs.
We are also Joint Controllers on behalf of the National Transport Authority in relation to your transport needs under the Locallink program. If you have any queries in relation to the processing of your personal data, we have appointed a data protection officer that you can contact as follows: by post at Data Protection Officer, Unit 1, The Creamery, V94 N727 Feakle, Co. Clare or by email at firstname.lastname@example.org
What personal data is collected?
To provide our services to you we need to process certain personal data in relation to you, which includes·:
Biographical data –
§ Transport: We collect the following biographical data: name, assumed names, address, phone number, next of kin if required, email address, gender, date of birth, and any special requirements for your transport.
§ Training: We collect the following biographical data: name, address, phone number, email address, gender, date of birth, PPS number and driver license.
Payment data – If you pay by direct debit or receive payments through electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society details where relevant.
Interactions with us – If you interact with us we will record details of those interactions (e.g. phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make bookings, etc. or a complaint we will process details in relation to that correspondence.
Online social media services – When you interact with us online (by computer, tablet or smartphone), you may provide personal data to us, which you will be aware of when using the services or for which you give consent.
Processing transport bookings – To process a booking, we will need to process personal data in relation to that booking, this includes locations, durations, medical conditions,
Processing training bookings – to process a booking, we will need to process your personal data such as PPS number, this is a requirement by the RSA to upload your CPC training records to the RSA National data base.
Running our business – As we are a not-for-profit company and receive grant funding we have a requirement to report on historic and statistical information to the National Transport Authority and the Department of Transport. To do this, we undertake to record all trips by passenger numbers and types, which we use to identify volume, patterns and utilization of transport services, to show value for money of government grants. This information may be used to help us develop new services. In addition, we also need to process your data to meet certain regulatory and legislative obligations that apply to our business.
We try to do all the above by using aggregated or anonymous data where possible, so you won’t be identifiable from the data, but some of this work involves processing your data without anonymizing it. Where we process driver logs from an operational side to provide the services, this will be on the basis that it is necessary and proportionate for the purposes of providing Transport services.
Marketing – the marketing we partake in would be advertising new or existing services therefore no personal data will be collect in this process, however in the process of development of new services we may collect personal data that would be using to research the need and demand for services. With your permission, this may include processing your health data to identify services that might be particularly relevant to you. We may also use it to ensure that we don’t send you details about a service that isn’t relevant to you.
If we process your personal data for marketing and/or market research, this will be subject to your consent.
Who do we share your personal data with?
We do not share your personal data following third parties. We process your data for several government bodies.
Transport service providers– as a Transport Coordination Unit for Clare, we rely on trusted third parties to help us to provide this transport service. We share operational information only to provide the transport. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.
Service providers – We rely on trusted third parties to help us run the business and to provide us with specialised services. These can include companies that provide IT services (to maintain our IT Systems and keep us up to date with security on our software systems). These can also include legal advisors, auditors and consultants. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.
We process your data for several government bodies.
National Transport Authority – we are Joint Data Controllers of your personal data on the NTA ITMS software system. As outlined above.
RSA - we are the data processors of your personal data uploading to the RSA system for CPC training. As outlined above.
Regulators – In certain circumstances we are obliged to provide information to a regulator, (e.g. charity regulator, funders (NTA, HSE) and Auditors
Retention of personal data
We will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data