GDPR – General Data Protection Regulations
On the 25th May 2018 new legislation came into force. GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. In the UK GDPR will replace the Data Protection Act 1998 and seek to give people more control over how organisations use their data.
With regards to DISC and our customers there are certain aspects of GDPR noted below that may be applicable.
Information we may require
DISC may act as a “Data Controller” in that on some occasions we may collect some personnel data regarding yourself. This may include details such as your name, address, phone contact details, bank details or e-mail address. If you are applying for a role with DISC, the information that you provide on the application form and that obtained from other relevant sources will be used to process your application for employment. The personal information that you give us will also be used in a confidential manner to help us monitor our recruitment process.
Once received how may it be used
We may use this type of information in the process of providing yourself with customer information, replying to a specific query or issue that may have been raised and to which you require a suitable response. If your query has a commercial aspect to it, we may require your bank details to allow for settlement via the banking system if applicable. Any personnel details obtained during any of our processes will not be disclosed to any third parties unless deemed for a lawful purpose.
For personal data received when applying for a role with DISC, if successful in your application and employed by us, the information will be used in the administration of your employment and to provide you with information about us or a third party via your payslip. We may also use the information if there is a complaint or legal challenge relevant to this recruitment process.We may check the information collected, with third parties or with any other information held by us. We may also use or pass to third parties, information to prevent or detect crime, to protect public funds, or in other ways as permitted by law.
How long will we retain such information in file
We will only retain your information for the minimal period we deemed duly required, if you have applied for a job with us, your details will be kept on file for up to two years thereafter we will ensure any data is securely deleted from our system. Hard copy evidence received which securely destroyed using a reputable specialist company.
We only use your personal information for marketing where you have given us appropriate consent to do so or you have provided permission to other organisations to allow us to market to you.
By using the personal information you provide we are able to contact you with marketing messages about ticket offers, competitions and promotions, planned disruption information and latest news.
Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data.
• You have the right to request from us access to and rectification or erasure of your personal data,
• Right to restrict processing,
• Object to processing as well as in certain circumstances the right to data portability
• You can also make a SAR (Subject Access Request) which means requesting information on the information that is held about you
If you believe we may have incorrect information regarding your personal data you can contact us via the DPO and have necessary corrections amended on our system. If you have a complaint about how we have handled your personal data you should contact our DPO who will investigate and respond accordingly.
You also have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
Identity and contact details of data controller
Edinburgh Trams Limited is the data controller of your personal data while employed for the purposes of GDPR.
To make a subject access request, please complete this form and send to the Data Protection Officer at firstname.lastname@example.org
For alternative ways to contact us, please click here.
‘Cookies’ are small pieces of information that are stored by your browser on your computer’s hard drive. They are primarily used to store information about your preferences and other information which you may need when you visit a website.
We use Remarketing cookies to serve more relevant adverts to users who have previously visited our website, as they browse other websites. To opt-out from Google’s remarketing program, please edit your Google Ad Settings.
If you are concerned about cookies, you can turn them off in your browser by following the links below. However, if you do this please note that some areas of the site may not work properly.