The General Data Protection Regulation (‘the GDPR’) came into effect on 25th May 2018. The GDPR applies across the European Union (EU) and aims to give individuals more rights, control and understanding of how their personal data is processed.
The Nation Transport Authority Authority has published an updated TFI Local Link privacy notice here – RURAL TRANSPORT PRIVACY STATEMENT
The GDPR will have no impact on the service we provide to you. It does, however, require Meath Accessible Transport Project CLG to keep you informed of the following:
- The types of data we hold on you;
- The purpose it is used for; and
- Your rights concerning how it is processed.
This Statement applies to all our service users.
Meath Accessible Transport Project CLG- Flexibus Data Protection Statement
What is the purpose of this notice?
We aim to provide you with a Transport service or a Training service. To fulfil that aim and provide you with suitable services, we need to get to know you and your needs.
This means that we collect certain information about you while operating our business. This notice sets out details of the information we collect, how we process it and who we share it with. It also explains your rights under data protection law concerning our processing of your data.
Who controls the use of your personal data?
Meath Accessible Transport Project CLG-Flexibus, whose registered address is Unit 23 Mullaghboy Industrial Estate, Navan, Co Meath. is the company that controls and is responsible for personal data collected concerning our services
If you have any queries concerning the processing of your personal data, we have appointed a data protection officer that you can contact as follows: by post at Data Protection Officer, Unit 23 Mullaghboy Industrial Estate, Navan, Co Meath. or by email at email@example.com.
Who do we share your personal data with?
We do not share your personal data with third parties. We process your data for several government bodies.
Transport Service providers– as a Transport Co-ordination Unit for Louth, Meath and Fingal, we rely on trusted third parties to help us to provide this transport. We share operational information only to provide transportation. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.
Service providers – We rely on trusted third parties to help us run the business and to provide us with specialised services. These can include companies that provide IT services (to maintain our IT Systems and keep us up to date with security on our software systems). These can also include legal advisors, auditors and consultants. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.
What is personal data collected?
To provide our services to you, we need to process certain personal data concerning you, which includes·:
Biographical data –
- Transport: We collect the following biographical data: name, assumed names, address, phone number, next of kin if required, email address, gender, date of birth, and any special requirements for your transport.
- Training: We collect the following biographical data: name, address, phone number, email address, gender, date of birth, PPS number and driver license.
Payment data – If you pay by direct debit or receive payments through electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society details where relevant.
Interactions with us – If you interact with us, we will record details of those interactions (e.g. phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make bookings, etc. or a complaint, we will process details in relation to that correspondence.
Online Social media services – When you interact with us online (by computer, tablet or smartphone), you may provide personal data to us, which you will be aware of when using the services or for which you give consent.
Processing Transport bookings – To process a booking, we will need to process personal data in relation to that booking, this includes locations, durations, some medical information if required,
Processing Training bookings– to process a booking, we will need to process your personal data such as PPS number; this is a requirement by the RSA to upload your CPC training records to the RSA National database.
Running our business– As we are a non-for-profit company and received grant funding we have a requirement to report on historical and statistical information to the National Transport Authority and the Department of Transport. To do this, we undertake to record all trips by passenger numbers and types, which we use to identify volume, patterns and utilization of transport services. to show value for money of government grants. This information may be used to help us develop new services. In addition, we also need to process your data to meet certain regulatory and legislative obligations that apply to our business.
We try to do all the above using aggregated or anonymous data where possible so that you won’t be identifiable from the data. Still, some of this work involves processing your data without anonymizing it. Where we process driver logs from an operational side to provide the services, this will be on the basis that it is necessary and proportionate for the purposes of providing Transport services.
Marketing – the marketing we partake in would be advertising new or existing services; therefore no personal data will be collected in this process. however in the process of development of new services we may collect personal data that would be using to research the need and demand for services. With your permission, this may include processing your health data to identify services that might be particularly relevant to you. We may also use it to ensure that we don’t send you details about a service that isn’t relevant to you.
If we process your personal data for marketing and/or market research, this will be subject to your consent.
We process your data for several government bodies.
Meath Accessible Transport Project CLG-Flexibus – We are the data controller for all all personal data that are not part of the contract with the NTA. As outlined above.
National Transport Authority –NTA is the data controller for all personal data that are part of the contract with TCU and we the TCU is the data processor. As outlined above in the Rural Transport Privacy Statement.
RSA -we are the data processors of your personal data (including your PPSN) uploading to the RSA system for CPC training. As outlined above.
Regulators– In certain circumstances is obliged to provide information to a regulator, (e.g. Charity regulator, funders ( NTA , HSE) and Auditors
Retention of personal data
We will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data
This has been revised and review with Article 13 of the EU GDPR