GDPR and Data Protection Statement
The General Data Protection Regulation (‘the GDPR’) which comes into effect on the 25th May 2018. The GDPR applies across the European Union (EU) and aims to give individuals more rights, control and understanding of how their personal data is processed.
The GDPR will have no impact on the service we provide to you. It does however require Kerry Community Transport CLG t/a Local Link Kerry to keep you informed of the following:
The types of data we hold on you;
The purpose it is used for; and
Your rights in relation to how it is processed.
You will find all this information in the enclosed Data Protection Statement. This Statement is applicable to our service users. A copy it will be available at www.locallinkkerry.ie from the 25th May 2018.
There is no need for you to do anything, we just wanted to update you on the impending GDPR changes.
Kerry Community Transport CLG t/a Local Link Kerry Data Protection Statement
What is the purpose of this notice?
Our aim is to provide you with a Transport service. To fulfill that aim, and to provide you with suitable services, we need to get to know you and what your needs are.
This means that we collect certain information about you during operating our business. This notice sets out details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.
Who controls the use of your personal data?
Kerry Community Transport CLG t/a Local Link Kerry whose registered address is Sliabh Luachra Cultural Centre, Scartaglin, Co. Kerry V93 FKV6 is the company that controls and is responsible for personal data that is collected in relation to our Transport needs.
We are also Joint Controllers on behalf of the National Transport Authority system in relation to your Transport needs under the Local Link program. If you have any queries in relation to the processing of your personal data, we have appointed a data protection officer that you can contact as follows: by post at Data Protection Officer, Sliabh Luachra Cultural Centre, Scartaglin, Co. Kerry V93 FKV6 . or by email at firstname.lastname@example.org
What personal data is collected?
To provide our services to you we need to process certain personal data in relation to you, which includes·:
Biographical data – Transport: We collect the following biographical data: name, assumed names, address, phone number, next of kin if required, email address, gender, date of birth, and any special requirements for your transport.
Payment data – If you pay by direct debit or receive payments through electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society details where relevant.
Interactions with us – If you interact with us we will record details of those interactions (e.g. phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make bookings, etc. or a complaint we will process details in relation to that correspondence.
Online Social media services – When you interact with us online (by computer, tablet or smartphone), you may provide personal data to us, which you will be aware of when using the services or for which you give consent.
Processing Transport bookings – To process a booking, we will need to process personal data in relation to that booking, this may include locations, durations, medical conditions,
Running our business– As we are a non-for-profit company and receive grant funding we have a requirement to report on historic and statistical information to the National Transport Authority and the Department of Transport. To do this, we undertake to record all trips by passenger numbers and types, which we use to identify volume, patterns and utilization of transport services, to show value for money of government grants. This information may be used to help us develop new services. In addition, we also need to process your data to meet certain regulatory and legislative obligations that apply to our business.
We try to do all the above by using aggregated or anonymous data where possible, so you won’t be identifiable from the data, but some of this work involves processing your data without anonymizing it. Where we process driver logs from an operational side to provide the services, this will be on the basis that it is necessary and proportionate for the purposes of providing Transport services.
Marketing – the marketing we partake in would be advertising new or existing services therefore no personal data will be collect in this process, however in the process of development of new services we may collect personal data that would be using to research the need and demand for services. With your permission, this may include processing your health data to identify services that might be particularly relevant to you. We may also use it to ensure that we don’t send you details about a service that isn’t relevant to you.
If we process your personal data for marketing and/or market research, this will be subject to your consent.
Who do we share your personal data with?
We do not share your personal data following third parties. we process your data for several government bodies.
Transport Service providers– as a Transport Co -ordination Unit for Kerry, we rely on trusted third parties to help us to provide this transport. We share operational information only to provide the transport. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.
Service providers – We rely on trusted third parties to help us run the business and to provide us with specialised services. These can include companies that provide IT services (to maintain our IT Systems and keep us up to date with security on our software systems). These can also include legal advisors, auditors and consultants. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.
We process your data for several government bodies.
National Transport Authority – we are Joint Data Controllers of your personal data on the NTA ITMS software system. As outlined above.
Regulators– In certain circumstances is obliged to provide information to a regulator, (e.g. Charity regulator, funders ( NTA , HSE) and Auditors
Retention of personal data.
We will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data.