Privacy

This page displays our current Privacy and Cookie Policy. Last updated December 2019.

GDPR – General Data Protection Regulations

On the 25th May 2018 new legislation came into force. GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. In the UK GDPR will replace the Data Protection Act 1998 and seek to give people more control over how organisations use their data.

With regards to DISC and our customers there are certain aspects of GDPR noted below that may be applicable.

Information we may require

DISC may act as a “Data Controller” in that on some occasions we may collect some personnel data regarding yourself. This may include details such as your name, address, phone contact details, bank details or e-mail address. If you are applying for a role with DISC, the information that you provide on the application form and that obtained from other relevant sources will be used to process your application for employment. The personal information that you give us will also be used in a confidential manner to help us monitor our recruitment process.

Once received how may it be used

We may use this type of information in the process of providing yourself with customer information, replying to a specific query or issue that may have been raised and to which you require a suitable response. If your query has a commercial aspect to it, we may require your bank details to allow for settlement via the banking system if applicable. Any personnel details obtained during any of our processes will not be disclosed to any third parties unless deemed for a lawful purpose.

For personal data received when applying for a role with DISC, if successful in your application and employed by us, the information will be used in the administration of your employment and to provide you with information about us or a third party via your payslip. We may also use the information if there is a complaint or legal challenge relevant to this recruitment process.We may check the information collected, with third parties or with any other information held by us. We may also use or pass to third parties, information to prevent or detect crime, to protect public funds, or in other ways as permitted by law.

How long will we retain such information in file

We will only retain your information for the minimal period we deemed duly required, if you have applied for a job with us, your details will be kept on file for up to two years thereafter we will ensure any data is securely deleted from our system. Hard copy evidence received which securely destroyed using a reputable specialist company.

We only use your personal information for marketing where you have given us appropriate consent to do so or you have provided permission to other organisations to allow us to market to you.

By using the personal information you provide we are able to contact you with marketing messages about ticket offers, competitions and promotions, planned disruption information and latest news.

If you have given us your consent to use your personal information for direct marketing, you have the right to withdraw your consent at any time by contacting our Data Protection Officer using the details given in the ‘Identity and contact details of data controller section’ of our Privacy Policy or by clicking the “unsubscribe” link in our marketing emails.

Your rights

Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data.

• You have the right to request from us access to and rectification or erasure of your personal data,
• Right to restrict processing,
• Object to processing as well as in certain circumstances the right to data portability
• You can also make a SAR (Subject Access Request) which means requesting information on the information that is held about you

If you believe we may have incorrect information regarding your personal data you can contact us via the DPO and have necessary corrections amended on our system. If you have a complaint about how we have handled your personal data you should contact our DPO who will investigate and respond accordingly.

You also have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.

Identity and contact details of data controller

Edinburgh Trams Limited is the data controller of your personal data while employed for the purposes of GDPR.

To make a subject access request, please complete this form and send to the Data Protection Officer at dpofficer@edinburghtrams.com

For alternative ways to contact us, please click here.

Cookies

‘Cookies’ are small pieces of information that are stored by your browser on your computer’s hard drive. They are primarily used to store information about your preferences and other information which you may need when you visit a website.

Edinburgh Trams Ltd and our agents may use cookies to count the total number of unique users who are accessing the site over a particular period of time. This information will never be shared with a third party, and is only used to make our systems more efficient. Some content on the Website and/or Services might be served by third parties who may serve cookies on your browser as well, for instance to gauge the effectiveness of a particular piece of content. Please note that this will not enable third parties to access your personal details.

We use Remarketing cookies to serve more relevant adverts to users who have previously visited our website, as they browse other websites. To opt-out from Google’s remarketing program, please edit your Google Ad Settings.

If you are concerned about cookies, you can turn them off in your browser by following the links below. However, if you do this please note that some areas of the site may not work properly.

The following links explain how to block cookies in your browser