Who we are

Our website address is: http://telfords.working-on-it.co.uk/telfords.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Telfords Coaches Data Protection Policy

This is a statement of the Data Protection Policy adopted by Telfords Coaches.

Responsibility for updating and dissemination of this policy rests with the directors of Telfords Coaches. The policy is subject to regular review to reflect changes in legislation. All staff are required to understand, apply and abide by the policy and if in any doubt to seek advice.

All staff, regardless of department, must receive General Data Protection Regulation and Data Protection Act 1998 awareness training as part of a signed induction process. Ignorance of the GDPR and DPA (98) is unacceptable.

Telfords Coaches collects and uses certain types of personally identifiable information about clients, customers, employee and suppliers in order to operate. This includes current, past and prospective individuals and entities with whom we conduct business. Personal information, or data, must be dealt with properly however it is collected, recorded and used – whether on paper, electronically, or other means.

The success of our operation and achievement of our objectives depends upon maintaining confidence of those we do business with. Therefore, we need to ensure we treat personal information lawfully and correctly. In doing so, we fully endorse and adhere to the GDPR and the principles set out in the DPA (98).

The eight principles of the DPA (98) are:
1. Data shall be processed fairly and lawfully and not processed unless specific conditions are met
2. Data shall be obtained for specified and lawful purpose/s, and not further processed in any other manner
3. Data shall be adequate, relevant and not excessive in relation to the purpose processed
4. Data shall be accurate and, where necessary, kept up to date
5. Data shall not be kept for longer than is necessary for the specified purpose
6. Data shall be processed in accordance with the rights of the data subjects under the Act
7. Data should be subject to technical and organisational measures to prevent damage, destruction or loss
8. Data shall not be transferred outside the EEA unless the country has an adequate level of data protection

In relation to the GDPR, there are 7 Principles and 8 Rights that have to be observed:

Principles Rights
1. Legality, Transparency and Fairness 1. The right to be informed
2. Purpose Limitation 2. The right of access
3. Minimisation 3. The right to rectification
4. Accuracy 4. The right to erasure
5. Storage Limitation 5. The right to restrict processing
6. Integrity and Confidentiality 6. The right to data portability
7. Accountability 7. The right to object
8. Rights in relation to automated decision making and profiling

We ensure that:
• We complete and regularly update a personal data risk register
• We attend and review a personal data training and awareness programme
• We appoint a senior manager with overall accountability and responsibility for personal data
• We review and update our data protection policy as new legislation emerges
• We understand what personal data we hold, where it’s held and where it goes
• We have a legal basis for our data processing activities
• We understand and properly define our processing activities
• We have enforceable written personal data handling agreements with all third party suppliers
• We carry out appropriate due diligence on all third party suppliers
• We attend to any subject access requests (SAR) in a timely manner (less than one month)
• We rectify, restrict and allow portability of data via safe means
• We review and update our information security policy on a regular basis
• We update our annual registration with the ICO