Liverpool Community Transport is committed to protecting the privacy and security of your personal information.
Liverpool Community Transport is a “data controller” referred to as “we”, “us”, “our” or the “company” in this privacy notice. This means that we are responsible for deciding how we hold and use personal information about you and are required under data protection legislation to notify you of the information contained within this notice.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018. We aim to give you information on how we use your personal data when you use this website, use or enquire about our products or services or if we decide to market our services to you. Data relating to prospective employees, current/former employees, self-employed contractors and agency workers are contained in a separate recruitment and employee privacy notice.
It is important that you read this notice, together with any other privacy notice we may provide to you, this is so that you are aware of how and why we are using such data at the time we use it.
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
If you have any questions about our policies on data protection or your rights and how you can exercise them please contact a member of our team on 0151 207 5400.
THE NATURE OF THE INFORMATION WE HOLD ABOUT YOU
We may collate, store and utilise the following categories of personal information about you:
- Personal contact details such as name, title, postal addresses, telephone numbers and personal email addresses;
- Financial information such as credit reference checks, details of financial/payment transactions, bank account and payment card details;
- Marketing. Information including contact details and your preferences in receiving marketing from us;
- Feedback. We may gather feedback from customers on how to improve our products or services or gather some personal data in order to deal with customer complaints or enquiries about ongoing orders or deliveries;
- Technical Data. Includes for example browser type and version, location (country and city), language, operating system and platform, ISP, screen resolution, device type (mobile or PC system), client ID;
- Profile Data. We do not collate profile data through our online forms.
- CCTV. We have installed CCTV systems in our premises. This system may record your personal data when on site. Each CCTV camera has it’s own site or task specific objective which includes crime prevention and detection, public safety, traffic management, parking and surveillance of buildings and land for the purpose of maintenance and repairs. Signs are displayed on site notifying you that CCTV is in operation. We will only disclose CCTV images to others who intend to use the images for the above stated purposes and where the law allows us to do so. CCTV images will not be released to the media for entertainment purposes or placed on the internet. Images captured by CCTV will not be kept for longer than necessary.
When our site includes links to other websites or applications, we would advise you to read the privacy and cookies policies of that website to assess how they use your personal data.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect personal data about you in a variety of ways:
- Direct from you – This could be when you make an enquiry about our products and services, enter into a contract with us to deliver our products and services, request marketing information or make a customer complaint or provide us with feedback. You may provide personal data by contacting us direct or by completing forms and forwarding them to us via post, email or using our online contact form. You may provide personal data over the phone or in person or by using social media.
- Google Analytics – We use Google Analytics to collect information about how people use our website. We do this to make sure it’s meeting peoples’ needs and to understand how we can make the website work better. Google Analytics stores information about what pages on our site you visit, how long you are on the site, how you got there and what you click on while you are there. We do not collect or store any other personal information (e.g. your name or address etc) so this data cannot be used to identify who you are.
- Third parties or publicly-available sources. We may also receive personal data about you from various third parties such as:
- Publicly-accessible resources such as Companies House, the Bankruptcy and Insolvency register;
- Your bank or another financial institution;
- Local Authorities – such as Councils etc;
- Analytics providers such as Google Analytics;
- Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal, Sagepay,Worldpay, Paypal Direct, Payaway IP, Bankline.
FAILURE TO PROVIDE PERSONAL DATA
We may not be able to enter into or fulfil a contract with you (for example, the delivery of products or services) if you do not provide data we may need either by law or to perform that contract. As a result we may have to cancel a contract or delay goods or services. We would inform you if this occurs.
HOW WE WILL USE YOUR PERSONAL DATA
We will only use your personal data for a lawful reason. This will usually be in the following situations:
- In order for us to perform the contract we have with you;
- Where we need to comply with a legal obligation;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where you have given consent.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests)
- Where it is needed in the public interest (or for official purposes).
Liverpool Community Transport is required to gather member information ie. passenger’s names, for self-drive hire insurance purposes. For all self-drive hire we require passenger lists for each trip. These lists will be kept for 3 years and only used if there has been an incident or accident. In this case we may be required to share this information with a third party as stated under the ‘Data Sharing’ section of this notice.
Home to School Transport:
When schools or local authorities contract with us to provide home to school transport services, the school/local authorities may provide us with personal information about the children who will be using our services each day. This will include personal information (names & addresses). Where relevant and necessary, we may also receive information about ethnic origin, medical needs, health conditions, dates of birth, mobility issues, emergency contact details, language or communication requirements and/or disabilities. In this regard, we will be acting as a data processor on behalf of the school or local authority and it is the responsibility of the contracting body to ensure that it has appropriate consents or authorisations to transfer this information to us.
We will share this information with our drivers for the purposes of delivering the home to school transport services and we will keep this information on record to comply with safeguarding best practice
Liverpool Community Transport may be required to gather specific information related to member groups and/or service users in the future in order to comply with any possible grant aid or funding opportunities. In this case we may be required to process or share anonymous personal information with possible future funders.
In the limited circumstances where you may have provided your consent to the processing of your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact a member of staff on 0151 207 5400. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We generally do not rely on consent as a basis for processing personal data though may do so in gaining your consent to direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us on 0151 207 5400 or by opting-out or unsubscribing to any communications.
SITUATIONS IN WHICH WE WILL USE YOUR PERSONAL DATA
We need all the categories of information in the list above (see ‘The nature of the information we hold about you’) primarily to allow us to perform our contract with you or for our legitimate interests.
The situations in which we will process your personal information are listed below. We have indicated the purpose or purposes for which we are processing or will process your personal information, as well as indicating which categories of data are involved:
|Processing Activity||Categories of Data||Lawful Basis|
|Customer administration and accounts:
To register you as a new customer on our internal systems
|Identity, contact and financial details.
|Customer administration and accounts:
To process and deliver your order including the management of payments, fees, credit and debtor accounts, dealing with customer complaints.
|Identity, contact, financial and transaction details.
|Business Development, Sales and Marketing:
We may use your personal data to market our services to:
We may also undertake customer surveys or monitor how you use our website.
|Identity and contact details, data obtained from usage of and cookies on our website.||
|Managing premises, equipment and facilities
Visitors to our premises will be asked to sign in and out of reception. The purpose for processing this information is for security and safety reasons.
Closed-circuit television (CCTV) is monitored to enable site security. Images of visitors and their vehicles (authorised or unauthorised) may be used for the prevention and detection of crime and may be released to third parties on request (such as the Police Force) or internally subject to access controls and appropriate protocols. This may be to investigate a crime or an internal matter.
To monitor, maintain and test the website and other ICT.
|Identity details, stills and video of visitors to site and vehicle registration details.
Identity, contact and techincal details.
CHANGE OF PURPOSE
We will only use your personal data for the purposes we outlined to you at the outset. We will continue to process your personal data for another reason if we consider that the revised reason is compatible with the original purpose. If the revised reason is for an unrelated purpose, we will notify you and outline the basis upon which we believe we have a lawful reason for continuing to process your data. We will not notify you of the change of purpose if the processing is required by law.
Your duty to update us
It is important that the personal data we hold about you is accurate. Please update us if this changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we collect about you and an outline of why we are using it;
- Request correction of the personal data that we hold about you. This enables you to have inaccurate information corrected;
- Request erasure of your personal data. This enables you to request the deletion or removal of your personal data in certain circumstances. You also have the right to request the deletion or removal of personal data where you have requested the right to object to processing;
- Object to processing of your personal data where the basis for processing is a legitimate interest (or those of a third party) and you wish to object to processing on this basis. You also have the right to object where we are processing personal data for direct marketing purposes;
- Request to restrict the processing of your personal data;
- Request the transfer of your personal data to another party.
You will not normally have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is unfounded, excessive or involves a repeat or duplicate request. Alternatively, we may refuse to comply with the request in such circumstances.
What we may require to process your request
We may need to confirm your identity and assess your rights to access the data. This is purely to ensure we comply with the requirements of the GDPR especially where there may be data that relates to another individual.
We may have to share your personal data with third parties including third-party service providers in order to administer our working relationship with you or where we have another legitimate interest in doing so.
We require third parties to respect the security of your data, treat it lawfully and only as per our instructions.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers:
- Managing facilities;
- HMRC, HSE and other regulatory bodies;
- Insurance provision;
- Legal Advice;
- ICT services and applications;
- Credit reference agencies;
- Police Force
- Funding Opportunities
We may also share your personal information for example in the context of the possible sale or restructuring of the business or with a regulator or to otherwise comply with the law.
Transferring information outside the EU
Liverpool Community Transport hosts some of its applications in industry-leading products such Microsoft Office, CTX2 & Sage whose data centres are located within the EEA, which have been thoroughly tested for security, availability and business continuity.
All data is stored within the EEA and the data will not be processed outside of the EU by Liverpool Community Transport. However, Liverpool Community Transport uses multiple third-party providers as part of our business operations and architecture for the purposes of logging, billing and system monitoring. In connection with this, data might be transferred outside our EU data centre.
To ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. This is available on request from Liverpool Community Transport – email@example.com.
We have put in place measures to protect the security of your information which include physical and application security. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being lost or used in an unauthorised way. In addition, we have access controls in place to ensure information is kept secure and only relevant and limited individuals have access to it. Our staff are subject to a duty of confidentiality. Details of these measures may be obtained from Liverpool Community Transport – firstname.lastname@example.org.
Protocols are in place to deal with suspected data security breaches. We will notify you and the ICO of a potential breach where we are legally required to.
We will only keep information as long as is necessary for the purposes we have informed you about. Details of retention periods are available by contacting Liverpool Community Transport – email@example.com. To determine relevant retention periods, we consider a number of factors including business need, regulatory and legislative requirements, the nature and sensitivity of the data and the potential risks of unauthorised disclosure.
DATA PROTECTION CONTACT
If you have any questions about this privacy notice or how we handle your personal information, please contact Liverpool Community Transport – firstname.lastname@example.org or 0151 207 5400. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), https://ico.org.uk the UK supervisory authority for data protection issues.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time. We will provide you with a new privacy notice when we make material updates or may notify you periodically about the processing of your personal data.
Browse Our Services
We have been involved Liverpool Community Transport for over 35 years it’s a pleasure to work with them!
We happily ENDORSE Liverpool Community Transport as a serious option for all your requirements.
The cost of hiring a minibus for the four weeks of the visit is beyond our means and the support of LCT allows us the opportunity of helping these very special children.
Fantastic service and support during our Annual International Conventions!