Powells Bus Co. LTD understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and web site visitors and will only collect and use personal data in ways that is described here, and in a way that is consistent with our obligations and your rights under the law.
The European Union have brought into law a new data protection regulation knows as GDPR (General Data Protection Regulation) which comes into effect on the 25th May 2018.
The UK Government are also bringing into Law the same regulations when the UK leaves the Europe Union.
GDPR sets out laws for how companies and organisations can collect, use and processes your personal information or data. This is known as “Personally Identifiable Information” or PII for short.
2 Information about us
Powells Bus Co. LTD (also referred to as “we”, “us” and “our”) is the data controller and is responsible for your personal data when you interact with our company.
You can contact us by:-
- email – Please use our contact us form
- Telephone – 01709 702220
- By Post:
- Powells Bus Co. LTD
Unit 2, 6 Hellaby Lane,Hellaby Industrial Estate,
Our registered office is as above and our company registration number is 03190618 (registered In England).
3 What Does This Notice Cover?
This privacy notice explains how we use your persona data: how it is collected, how it is held, and how it is processed. It also explains your rights under the Law relating to your personal data.
4 Your rights under GDPR and the Law
Your privacy is important to us and we recognise the importance of keeping your personal information secure.
If you are unhappy in the way we have processed your data you have the right to complain, please raise your concerns with us at the earliest opportunity. We take all complaints as genuine and seriously. We will do everything we reasonably can to resolve issues to your satisfaction.
You also have the right to complain to The Information Commissioners’ Office (ICO) which is the UK supervisory authority for data protection issues, they can be contacted via their website www.ico.org.uk.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in section 2 above.
- The right to access the personal data we hold about you. Part ten will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part two above to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part two above to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. we do not use your personal data in this way
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part two above.
5 What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part six below.
6 What information we collect and process
“Personally Identifiable Information” (PII) means any data which can identify a living person.
We may collect some or all of the following personal data which we categorise as follows (this may vary according to your relationship with us):
- Identity data which could include your name, title, address, date of birth, marital status, gender, business name, job title, profession, Passport number, National insurance Number, driving license number etc...
- Contact details which could include your billing address, delivery address(es), email address, telephone number and instant message IDs.
- Financial data which could include your payment information, bank account number and card payment details.
- Transaction data which could include purchase history and payment details, invoice numbers, order or job tracking numbers.
- Technical data which could include your login data, date and time of access, IP address, web browser type and version number, web browser plug-ins and type, time zone and location, your devices operating system and platform (Windows, Mac OS, Android).
- Profile data which could include your username, email address, access password, purchase history, travel history, your interests and preferences, feedback and responses to surveys.
- Usage data which could include information on how you use our services, how frequent you use our services, the services you have expressed an interest in and how you use our website(s) and which web pages you have visited.
- Marketing and communications data which could include your preferences on how we can communicate with you including sending marketing information from us or a third party and product update notifications.
- Sensitive data which could include card payment details, date of birth.
- Special category data - We do not collect special category data. Special category data could include information about your sex life, sexual orientation, political opinions, trade union membership, race or ethnicity, religious or philosophical beliefs, information about your health and genetic and biometric data.
Some of this information is essential for us to perform certain duties, If you refuse to supply us with the information we request we may not be able to perform a contract or may have to limit certain features of our web sites(s) or services that we offer.
7 How is your personal data collected?
We may collect and process your information when you interact with us for example in one or more of the following ways:-
- In person.
- Telephone – We may keep a record of your contact.
- Phone text message - We may keep a record of your contact.
- By visiting our website(s).
- By email us - We may keep a record of your contact.
- By submitting a “contact us form” from our website(s).
- By contacting us via social media - We may keep a record of your contact.
- Registering on our web site.
- Subscribing to one of our services, posting material or requesting further services.
- When entering competitions or promotions.
- Reporting a problem with our website or services.
- Supplied by a third party i.e. from a prospective client or employee giving us your details for a reference.
8 How we use (process) your personal data
Under GDPR, we must always have a lawful basis for using your personal data. This maybe because the data is necessary for our performance of a contract with you, our legal obligation, because you have consented to our use of your personal data or because it is in our legitimate interest to use it.
Your personal data may be used for one or more of the following purposes:
- Providing and managing your account.
- Provide employment.
- Supplying our products and or services to you.
- Supplying you with an estimate or quotation.
- To enter into a contract with you.
- Personalising and tailoring our products and or services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email and or post that you have opted-in to receive.
- Credit searches with credit reference agencies to allow us to offer you a credit account.
- Trade references.
- Employee references.
- Debt recovery.
You will not be sent any unlawful marketing or “spam”. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
Where Consent is our lawful basis of processing you have the right to stop us from processing your information. You can also unsubscribe or opt-out at any time from our marketing by contact us via our web site contact form or clicking on an unsubscribe link in our emails or by replying to text messages with the word unsubscribe or by telephoning us.
We do not use any systems for automated decision-making.
We may disclose your personal information to third parties who will need to process your information for example:-
- Debt recovery – to recover any money owed to us.
- Couriers – To deliver goods to you or your customers.
- Licensing – To forward licences to you or your customers.
- Leasing – To facilitate finance deals for goods or services.
- Data centres – Secure server hosting facilities for emails, web sites and data storage.
- Service providers - who provide IT and administrative services on our behalf
- Professional advisors – Lawyers, bankers, accountants, auditors and insurers.
- Government bodies. For example, HMRC.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
- If we or its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of web site use or terms and conditions of supply of products and other agreements; or to protect the rights, property, or safety of our company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
When we use third parties we enter into a legally binding contract; under this contract our third-party supplier has a legal obligation of confidentiality and to protect your information in accordance with GDPR and will only process your information in accordance with our instructions.
9 Our lawful basis for processing your information
When you interact with our company we will process certain types of data which is categorised in section 6 above. We process this category of information as follows:
|Category of data||Legal basis for processing|
|Identity data||Contract, Legal obligation, Legitimate interest|
|Contact details||Contract, Legal obligation, Legitimate interest|
|Financial data||Contract, Legal obligation, Legitimate interest|
|Transaction data||Legal obligation, Legitimate interest|
|Technical data||Legitimate interest|
|Profile data||Legitimate interest|
|Usage data||Legitimate interest|
|Marketing Data and Communication data||Consent, Legitimate interest|
|Special category data||Consent, Legitimate interest|
Contract – For example, we need this information to fulfil a contractual or obligation or you have asked us to send you a quotation or information before entering into a contract.
Legal Obligations - We process this category of data to comply with accounting or reporting obligations, for example disclosing employee salary details to HMRC, submitting accounting information to HMRC.
Legitimate Interest - Is where we may process your data to improve our services to you. To develop, improve and grow our business. For the provisions of administration and IT services. Security and fraud prevention. Determine how effective is or to improve our marketing. To keep our website and services relevant and updated. To deal with you and respond to any requests you may have. Fraud prevention.
Consent – is where you have given us permission to use your information, you can withdraw your consent at any time.
We may also aggregate your information for statistical and analytical purposes, where we do so you will not be identified in the aggregated data set.
10 How we protect your data.
We work hard to keep all of your data safe and use a combination of technical, administrative and physical controls to maintain the security of your data. However, no method of processing data is completely secure. If you have a security concern or would like a more in-depth explanation of our security policies please use our contact us form.
We have various measure in place to protect your personal data.
For card payments in person or over the phone we are certified to the Payment Card Data Security Standards (PCI-DSS).
Our websites are accessed using HTTPS meaning that any information send or received is encrypted.
We may disclose your personal data to third parties. Where we do, we require that the recipient have in place appropriate technical and organisational measures to protect your data. We may also be compelled by law to disclose your personal data to third parties.
Your personal data may also be processed outside of the European Economic Area (EEA) by third parties who work for us which could include digital marketing and social media agencies for the purpose of marketing and advertising. Where your data is processed outside of the EEA we require that appropriate safeguards are in place to the same standard as expected within the EEA.
11 How long we keep your personal data
We will process your personal data for as long as our relationship lasts or inline with our legal obligations.
Contract - We will keep this type of information for a minimum of seven years after any contract or relationship has ended. We also need this information to protect our company from legal claims.
Legal Obligations - We will keep this type of information for a minimum of seven years to allow us to fulfil our legal obligations for example record keeping for HMRC.
Legitimate Interest – We will only keep your information for as long as necessary. For example:
- Identity data - Minimum of seven years
- Contact details - Minimum of seven years
- Financial data - Minimum of seven years
- Transaction data - Minimum of seven years
- Technical data - From forty-five days to seven years
- Profile data - Minimum of seven years
- Usage data- from forty-five days to seven years
- Marketing and Communication data - Minimum of seven years
- Special category data - Minimum of seven years
Sensitive data - If you request us to keep your information for future use we will destroy your data at your request or on completion of a contract.
12 The right to access your personal data.
You have the right to obtain the following from us:-
- Confirmation that we are processing your personal data
- Obtain a copy of your personal data
In most cases we can not charge a fee for providing you with the information we hold about you, we can charge a reasonable fee if you request further copies or your request is unfounded or excessive.
We will normally supply your data within 28 days, but if your request is complex we may extend this timescale by a further two months. You will be informed within 28 days if this is the case.
We can refuse to comply with your request if it is unfounded or excessive in which case we will inform you within 28 days.
We may require proof of identity before releasing your data to you.