Rail Insider takes the greatest care to ensure that we are fully compliant with both the General Data Protection Regulations 2018 (GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
This policy explains how Rail Insider gathers and uses certain information about individuals. In the natural course of business, individuals can include customers, suppliers, business contacts, employees and other people that the organisation interacts with, or needs to be in contact with. This document explains how this data must be collected, handled, stored and destroyed to meet the company’s standards and comply with relevant legislation.
If you have any questions about this policy or procedures, contact the Data controller on firstname.lastname@example.org.
Rail Insider processes information to enable:
• Marketing, advertising and public relations service to clients
• Maintenance of accounts and records
• Promotion of services
• Undertaking of research
• Support and management of employees
Type of information processed
The information required to carry out the above processes may include:
• Personal details
• Membership details
• Details of goods and services used
• Family details
• Lifestyle and social circumstances
• Financial details
• Education and employment details
Rail Insider also potentially processes sensitive classes of information, that may include:
• Physical or mental health details
• Racial or ethnic origin
• Religious or other belief of a similar nature
• Offences/alleged offences
• Trade union memberships
Who we process information about:
Rail Insider processes personal information about our:
• Customers and clients
• Enquirers and complainants
• Survey respondents
• Professional advisors and consultants
If required, it may be necessary to share information that Rail Insider processes with the individual themselves and also with other organisations. If this is necessary, Rail Insider is required to comply with all relevant data protection legislation.
The types of organisations that Rail Insider may need to share some of the personal information with include:
• Current, past or prospective employers
• Suppliers and service providers
• Financial organisations
• Family, associates and representatives of the person whose personal data we are processing
• Trade associations and bodies
• Professional advisers and consultants
• Central government
• Employment and recruitment agents
• Business associates
• Survey and research organisations
• Credit reference agencies
• Debt collection agencies
A full list of the processors that Rail Insider interacts with regularly is available on request. Contact email@example.com.
Data storage and deletion
Data should be stored within password protected files within the company Google Drive, away from central storage areas. There should be no duplication on desktop/laptop storage. All Rail Insider technology should be protected by appropriate security systems. All Rail Insider makes all attempts to avoid data being stored on paper. However, should this be necessary, the documents should be kept secure in a locked drawer or filing cabinet. The same procedures apply to data stored within portable devices, such a USB sticks/DVDs. Once no longer required, paper documents should be shredded and disposed of securely.
Procedures are in place to oversee the containment and recovery of data, assessment of ongoing risk, notification of the breach and an ongoing procure assessment. In line with the requirements of data protection legislation, Rail Insider would report a data breach to the relevant authorities if it was likely to result in a risk to the rights or freedoms of individuals. You can find details on how to report a data breach under GDPR or PECR at https://ico.org.uk/make-a-complaint/ or by calling 0303 123 1113.
It is important that the data held by Rail Insider is accurate and correct. Data protection legislation requires data to be kept as accurate as possible. In order to ensure that minimal inaccuracies are recorded, Rail Insider follows the following procedure:
• Hosting data in minimal locations
• Minimal replication of data
• Updating of individuals data as often as realistically possible
• Removal of inaccurate data as soon as it is discovered
• Regular data audits
Contact details: firstname.lastname@example.org
ICO contact details: 0303 123 1113