queensawrd

Privacy Policy

1.       Road Safety Support (RSS) respects your privacy and is committed to protecting the privacy of its staff, members and customers. RSS has fully committed to compliance with the UK General Data Protection Regulation (UK-GDPR). The RSS Privacy Notice applies to all personal data processed by full-time and part-time employees when acting on behalf of RSS, contractors and partners doing business with and on behalf of RSS, and all business processes conducted by RSS.

2.       What information do we collect?

2.1     RSS sometimes collects and handles a variety of personal data so that we can deliver services to our customers. This Privacy Notice applies to any personal data collected by us, by any format – phone, letter, email, online or face to face.

2.3     We collect and handle data to:

•    Provide the service you’ve asked for – for example, if you have a query that you need a response to.

•    Stay in contact with you – for example, if you sign up to one of our newsletters to get information about Road Safety or are involved in our consultation exercises.

•    Fulfil legal obligations.

3.       Road Safety Supports Lawful Basis for Processing Personal Data

3.1     There are six options available to RSS to legally ‘process’ your personal data. The most common for us will be ‘legal obligation’ or ‘public task’ because our focus is delivering services to you that are required, or permitted, by other existing laws or Home Office guidance.  Other options that we use are ‘contract’ (for example we have employment contracts for our staff).

4.       RSS Sharing of Personal Data

4.1     Within RSS - We share data internally across our team. In some cases, two or more people might be jointly responsible for delivering a service, so they need to access data. In these cases, we make sure that the sharing is reasonable, is in line with data protection law, and respects your rights.

4.2     We may hold a central basic contact record for you, so that we can provide a better service to you and have the most up-to-date contact details for you across services to support your right to accurate data.

4.3     Outside RSS – RSS will not sell personal data to a third party nor will we commercially exploit your personal information in any other way. Sometimes we will work with an outside company which will result in that organisation collecting, storing or handling your information on our behalf, to help us to deliver our services. For example, the RSS annual conference. When we remain solely responsible for your personal information, we ensure that the right safeguards are in place through measures such as contract clauses. At other times the responsibility is shared, and then we work with partners to ensure that we jointly safeguard your data.

5.       RSS Retention Period for Personal Information

5.1     RSS will consider a number of factors when deciding how long to keep data for they include:

•    How long we need it to deliver the service to you.

•    How long other laws tell us to keep it for.

•    This means that different services, and sometimes different activities within the same service, will need to keep data for different lengths of time.

6.       Security of Personal Data Collected by RSS

6.1     RSS uses a range of systems to store and process data about our customers. We have a mixture of:

•    On-site servers, held in secure buildings that meet the highest standards for security. These undergo regular audits to ensure compliance with national and international standards.

•    RSS website that requires secure log-in, access to which is restricted by our IT team.

•    Network access that requires either a username, password, or both.

•    Buildings that have access only to staff, and secure files stored in areas that are further restricted. 

•    Systems are only available through strictly controlled security processes. We ensure that only the right people have access to systems, through centrally controlled management of systems.

•    For some services, we share data with other agencies such as the Police or Casualty Reduction Partnerships. In some of these cases we remain responsible for your data, and in other cases the responsibility is shared.

•    We ensure that the right safeguards are in place to keep your information safe and will always tell you more about this when the data is collected.

•    There are times where we legally need to share your data with other parties, for example, if a court order asks for it. 

•    There may be exceptional cases where we feel compelled to share your data for a reason that outweighs your right to privacy in order to detect and prevent fraud and crime.

6.2     This list is not exhaustive, but RSS will never share your information if it’s not legal to do so, and will always consider your rights, and whether there is another way of achieving our aim, before doing so.

6.3     RSS may require your ‘consent’ for us to process your personal data. If that’s the case, we’ll let you know at the point of data collection, and we’ll remind you that you have the right to withdraw your consent at any time.

7.       Your Rights Regarding the Collection of Personal Information by RSS

7.1     Data protection legislation gives you several rights relating to the way that RSS uses your data and the way that you access it. However, these may not apply all of the time.

7.2     The right to know what happens with your data - You have the right to be informed about:

•    What data we process about you. 

•    For what reasons we process the data. 

•    Who we share it with. 

•    How long we will do this for. 

•    Your rights. 

•    How to complain. 

7.3     This notice is part of us informing you about your rights, but we’ll try to do this in a number of ways.

7.4     The right to access your data - You have a right to access information we hold about you, through a subject access request.

7.5     The right to correct inaccurate data - You have the right to have information corrected or completed if it’s incomplete. We aim to have complete data for our customers, so please make us aware as soon as possible if something is wrong or missing.

7.6     The right to have your data deleted - You have the right to ask us to erase your data. This is not an absolute right and if we have a lawful reason to continue to hold your information, we’ll continue to do so. The reasons behind this will be explained in our response to your request.

7.7     The right to ask us to limit the way we use your data, or to stop entirely - You have the right to ask us to restrict the processing of your data. This may apply if:

•    Data about you is not accurate.

•    There’s no legal reason for us to process the data about you, but you choose not to ask for erasure.

•    When data processing is restricted, it means we can continue to securely store it but use of it is restricted (with some specific exceptions).

7.8     You have the right to object to us processing your data at all, but often if we do this, you’ll no longer be able to receive the related service, and this will often be overridden by our legal obligations as a business.

7.9     The right to data portability - You have a right to ask RSS for data that you provide us with to be transferred to another service provider. This won’t apply to most of our services.

7.10  Rights relating to automated decision making and profiling - Currently RSS doesn’t use any automated decision making or profiling systems. This means that any decision that will affect you is made by a human.

7.11  RSS will always consider privacy and our customers’ rights if we introduce new systems that involve profiling or automated decision making, and we’ll make our customers aware of projects like this. You have the right to ask for a human to reconsider an automated decision.

8.       Contact Us

8.1     RSS is accountable to the Information Commissioner’s Office (ICO). You can contact RSS if you have any queries regarding your personal information using the contact us option on the RSS website:

https://www.roadsafetysupport.co.uk/contact-us

9.       Independent Advice

9.1     For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Or you can visit the Information Commissioner's website.