The purpose of this document
Thank you for taking the time to read our privacy notice.
In this privacy notice and in the data protection statements which you will see and wherever we collect your personal information, ‘Acme Bus Co Ltd, ‘Acme Transport Services’ and ‘we’ refer to Acme Bus Co Ltd.
We respect the privacy of our customers and take our duty to process your data securely very seriously. This privacy notice outlines how we collect information, what we do with it and what controls you have.
This privacy notice explains:
- Who we are
- What personal information we collect and how we use it
- Who we share this information with
- How we use your data in marketing materials
- How we store your information
- Where to direct your questions and concerns about this notice
- What will happen if we make changes to this page
Important Information and who we are
IMPORTANT INFORMATION AND WHO WE ARE
Who we are
Acme Bus Co Ltd is a private limited company (company number: 07368612) registered in England and Wales. Whose registered address is 5 Ducketts Wharf, South Street, Bishops Stortford, Hertfordshire, CM23 3AR.
We operate under the name of ‘Acme Bus Co Ltd’ and ‘Acme Transport Services’. We also have a trading entity, NCS Contract Services Ltd (company number: 02053389). In this notice, we refer to these as “Acme Bus” or “we”, “us” or “our”.
Our Head of Assurance is responsible for any questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your rights, please contact our Head of Assurance using the contact details set out below.
Our full details if you wish to contact us are:
Full name of legal entity: Acme Bus Co Ltd
Name or title: Head of Assurance
Email address: email@example.com
Postal address: The Green Barn, Shipton Bridge Farm, Widdington, CB11 3SU
Telephone number: +44 (0) 1799 542 818
We are responsible for looking after your personal information.
Our website address is: http://www.acme-bus.com.
WHAT PERSONAL DATA WE COLLECT AND WHY WE COLLECT IT
When visitors leave comments on the site, we collect the data shown in the comments form, and the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use a service called Google Analytics, so we can see how visitors find us and use our website and social media channels. We also use tools like Google Analytics to measure traffic to our site and how users interact with our site. At various times, we may use other tools to measure the efficacy of our marketing campaigns. The Google Analytics terms specify that no personally identifiable information may be collected through the Google Analytics software.
Who we share your data with
We do not share your personal information with others except as indicated within this notice or when we inform you and give you an opportunity to opt out of having your personal information shared.
We do not sell or rent any of your personal data to any other third party. We do, however, have to share your data with some other companies in order to ensure we give you the best possible service.
We will share your information in the following ways:
With third-party service providers, agents, or contractors. We use other companies, agents or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services to you. For example, we may engage Service Providers to provide services such as marketing, advertising, communications, infrastructure and IT services, to provide customer service, and to analyse and enhance data (including data about users’ interactions with our service). These Service Providers may have access to your personal or other information in order to provide these functions. In addition, some of the information we request may be collected by third-party providers on our behalf. We do not authorise them to use or disclose your personal information except in connection with providing their services.
Analytics. Specifically, for analytics providers, we use Google Analytics, which is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service. Our web-hosting and cloud storage is set to the London region.
Visitor comments may be checked through an automated spam detection service.
HOW WE PROTECT YOUR DATA
What data breach procedures we have in place
The UK Information Commissioner’s Office (ICO) defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, the unauthorised disclosure of, or access to, personal data”.
They highlight that “personal data breaches” can include:
- Access by an unauthorised third party;
- Deliberate or accidental action (or inaction) by a controller or processor;
- Sending personal data to an unintended recipient;
- Lost or stolen computing devices containing personal data;
- The unauthorised alteration of personal data; and
- Loss of availability of personal data.
Personal data security breaches are managed by the Acme Bus Co Ltd, Data Protection Administrator (DPA).
In the event of a breach of data security occurring within Acme Bus Co Ltd, it is vital to ensure that it is dealt with immediately and appropriately to minimise the impact of the breach and prevent a recurrence. If a personal data breach or potential or suspected personal data breach has been reported to you and/or you otherwise become aware of a personal data breach please report this immediately to the Data Protection Administrator by e-mail to firstname.lastname@example.org with all the relevant details of the incident on a strictly confidential basis to ensure that a prompt and appropriate action is taken to resolve the breach incident.
When managing a personal data breach, the following five steps will be followed:
1. Identification and initial assessment.
2. Containment and recovery.
3. Risk assessment.
5. Evaluation and response.
The ICO has introduced a helpline to answer any queries that persons may have regarding a potential personal data security breach: Tel: 0303 123 1113