General Data Protection Regulation
From May 25th 2018, the General Data Protection Regulation (GDPR) comes into effect and this has implications for the way we control and process information. This regulation, which affects all businesses and organisations that deal with personal information, provides individuals with rights and protections for how their information is handled.
At Sewards Coaches we believe that the processing of certain information about our staff and customers is necessary for the legitimate interests of our company.
What forms of personal data do we process
Personal data concerning our customers will include…
- Name of the person or group booking
- Contact details phone number and email address if applicable
- Address if you are not paying before the trip date and wish to be invoiced afterwards
Why we process/store this data
- We have a legal responsibility to withhold accounting information for the business for 7 years which includes invoices, names of persons/organisations who have booked with us.
- Keeping a database of our customers and their contact details helps us contact customers efficiently concerning pricing, destination queries and payment without the need to necessarily collect this information every time a customer wants to book another trip.
Our privately-run school run/service run customers …
- Name of parent
- Name of student
- Year group (so we can gauge how many years the child will be travelling)
- Email address
- Phone number
- Pick up point
Why we process/store this data
- We withhold this information, so we can stay in touch with the parent regarding payment, seat allocation, route variations if need be and any other issues regarding the school run service.
- We ask for the address and pick up point so we can make sure that your child is picked up at the relevant pick up point and so if we are notified of any road works/closures or potential problems which may affect our school run in your area we can make the necessary changes to our route.
Our privately run coach trip customers…
- Name of person booking
- Contact details – in case of cancellation or problems/queries regarding the trip or bookings
- Addresses/telephone numbers of customers who have requested a brochure and wish to be on our regular mailing list – permission will be sought for this.
- Usual pick up point – so we can organise our pickups for the driver.
Who is allowed to view our customer data…
- Owners of the business, management and office administrators.
Nb: on occasion hirees may ask us to pass their mobile phone number to the driver.
- Our accountants (correspondence details on invoices)
- Drivers conducting trips may be given names or persons to be collected at pick up points and in some cases phone numbers with verbal/written permission sought.
How we protect your privacy
- We will not share our staff or customers details with another business or organisation without the express permission of the individuals concerned.
- We will make all reasonable efforts to keep individuals personal information private.All invoices and paperwork containing customers addresses and trip details will be stored securely on our premises until such time that they should go to our accountants for the annual review of our accounts.
- We will store customer information in its simplest form such as group/individuals name (and address if on a customer invoice) for 7 years, after this time documentation will be destroyed and disposed of securely (shredded).For fire risk purposes a back up of our accounting database is backed up regularly and stored in another secure location.
- If a customer has not used our services for 18 months we will delete their correspondence details from our system.
- If an individual asks us to put them in touch with a customer/group, we will take their name and phone number and pass this on to the other party.
- We will not share details about children’s names, pick up points or addresses with anyone other than our own drivers and our transport coordinator at Devon county council if necessary.