IMPORTANT INFORMATION GDPR –Update Data Protection Policy
On 25th May 2018 legislation relating to Data Protection is changing and although the changes do not alter what we use your personal information for, it does make it easier for you to have more control over how your data is handled, stored, and protected. Your Data is important to us and the change in the law only builds on what we already do – keeping your information secure.
You have the right to request a copy of your information we hold. Should you wish to do this, requests must be in writing to Philip Bradley who is the nominated Data Controller as Proprietor of Phils-taxis-Bodmin You do not need to take any further action – however you can review a full GDPR Policy Statement below.
GDPR – Policy Statement This policy covers personal and confidential information held by Philip Bradley
The Data collected
Personal Data: Including name, address, email, telephone numbers, Financial Data: Bank card payments are processed securely by a Processor (Third Party) in line with Payment Card Security as currently regulated. Copies of your card details are not collected, stored or re-used.
Transactional Data: This may include details of services provided and type of payment made by you, for the purpose of accounting and will held as required by currently UK Legislation to fulfil my duties particularly in relation to supporting income and expenditure to HM Revenue & Customs.
Special Categories: Special Categories Data is NOT collected. This is specified as details about you, such as: your race, ethnic background, religious or philosophical beliefs, sexual orientation, political opinion, trade union memberships, health and genetic/biometric data, or details of criminal activities and offences.
Where there is a need to collect personal data by law, under the terms of the contract we have or are trying to enter into with you – and you fail to provide that information we will be unable to perform that contract, i.e. to provide you with services.
How the Data is Collected Different methods to collect information, but including primarily:-
Direct Interactions: Where you give us personal information by requesting booking for Taxi services, or by corresponding with us via email or telephone. This information may be held on paper, computer or both.
Third Party Information: Financial, Identity and contact data may also be collected from publicly available sources such as Companies House, based within the EU. CCTV imaging for security purposes is in operation within the Taxi and this is widely advertised in being in operation. This is normally overwritten daily and only downloaded if Evidence is required by an interested Authority such as the Police.
How your Data is Used Your information is used primarily to provide you with services, and as part of our accounting function. This recognises you as a customer, and allows us to perform a contract with you, processing bookings, manage payments, collect monies owed. This is a lawful basis for legitimate interest in running a business – to keep records updated, to provide security for our driver and customers.
Disclosure of your Data
Third Party Payment Processors; You (the Customer) consent to our transfer of your data via certified Payment Processors via PDQ terminal processing upon production of Bank Payment Card. We do hold full details of this transaction in line with Payment Security Standards IT and Systems Administrations:
I may have to share your personal data with External Third Parties in exceptional instances such as data recovery, where Systems Providers require a backup of data held, and Accounting systems require a backup data file transmitted in order to rectify an IT problem.
This is deemed to be sharing of your data, but these Third Party Providers are not allowed to use this data for their own commercial or personal use, and Security Standards maintained by Third Party software providers are robust and can be relied upon for security. Any such transfer is for a specified purpose and with our permission for each necessary transfer. This data is solely transferred within the UK.
We may share your data when required to assist other professional Data Processors or joint Controllers you may have authorised; to include but not limited to; lawyers, bankers, auditors, insurers, bookkeepers and accountancy services based in the UK.
Regulatory Authority Processors: HM Revenues & Customs, and other Regulators and Authorities who may require reporting to in certain circumstances where we have a lawful duty to comply. Direct Marketing: We DO NOT sell or issue your personal data to any third party solely for the purposes of marketing.
You have the right to implement a “data subject access request” – to receive a copy of the personal data we hold. You have the right to request “Erasure” of your personal data.
You have the right to ask us to remove the processing of your personal data – this is “successfully exercising your right to objection of processing of Personal Data” However, we may not be able to erase your data for specific legal requirements where historical information must be held in order to us to fulfil our legal requirements.
In such instances however we will notify you of such reasons if applicable. All such requests must be made in writing to our nominated Data Controller
The Data Controller is Mr Philip Bradley Licenced to Operate Under North Cornwall Zone, Cornwall Council Chy Trevail, Beacon Technology Park, Dunmere Road, Bodmin PL31 2FR
GDPR, Boring tick, Essential tick tick tick