About this mapping site

 

The Scarborough to Cleethorpes Rail Trail site provides information on local points of interest for each of the 27 stations.

The service is hosted by Pindar Creative on behalf of Scarborough to Cleethorpes Rail Trail.

Comments should be directed to:

 




Scarborough to Cleethorpes Rail Trail Limited

31 Fleetgate
Barton-Upon-Humber
England
DN18 5QA

Pindar Creative Logo

Mapping and Content Experts

Pindar Creative is a leading expert in promoting active and sustainable travel. We develop innovative solutions to provide the end user of your services with the information they need. From mapping and wayfinding solutions to responsive and intuitive websites to easy-to-implement digital bus stops, we offer smart solutions using your data.


Pindar Creative
2-10 Plantation Road
Amersham, Buckinghamshire
HP6 6HJ
Tel: 01296 390100
www.pindarcreative.co.uk

General information

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.

We'll tell you:

  • why we are able to process your information what purpose we are processing it for whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information whether we intend to transfer it to another country, and whether we do automated decision-making or profiling.

The first part of the notice is information we need to tell everybody

Controller's contact details

Scarborough to Cleethorpes Rail Trail is the controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us.

Our postal address:

Scarborough to Cleethorpes Rail Trail

31 Fleetgate
Barton-Upon-Humber
England
DN18 5QA

For general contact please use this page of our website.

Data Protection Officer's contact details

Our Data Protection Officers is Gill Simpson. You can contact them at gillscrhumber@gmail.com or via the postal address above. Please mark the envelope 'Data Protection Officer'.

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made a complaint or enquiry to us.
  • You have made an information request to us.
  • You wish to attend, or have attended, an event.
  • You are representing your organisation.

We also receive personal information indirectly, in the following scenarios:

  • We have contacted an organisation about a complaint you have made and it gives us your personal information in its response.
  • Your personal information is contained in reports of breaches of data protection law ('breach reports') given to us by organisations.
  • A complainant refers to you in their complaint correspondence. Whistleblowers include information about you in their reporting to us. We have seized personal information as part of an investigation.
  • From other regulators or law enforcement bodies.
  • An employee of ours gives your contact details as an emergency contact or a referee.

If it is not disproportionate or does not prejudice, we'll contact you to let you know we are processing your personal information.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

If we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the relevant section of the notice.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we'll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

In our capacity as UK supervisory authority for data protection, there are some circumstances where we must cooperate with and help other supervisory authorities in the EEA, in handling complaints and investigations. This may lead to sharing personal information if it is relevant to the complaint or investigation.

Links to other websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at gillscrhumber@gmail.com and we'll respond.

Restricted contact

We may impose a restriction on your access to our services if it's necessary to protect our staff from unacceptable behaviour as defined in our 'Managing customer contacts' policy.

The legal basis we rely on to process your personal data is article 6(1)(e) of the General Data Protection Regulation (GDPR), which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

If the information you provide us in relation to your single point of contact contains special category data, such as health, religious or ethnic information the legal basis we rely on to process it is article 9(2)(g) of the GDPR, which also relates to our public task and the safeguarding of your fundamental rights. And Schedule 1 part 2(6) of the DPA 2018 which relates to statutory and government purposes.

If we do this, we'll explain to you the restriction we have applied and why we feel it's necessary. We'll create a record of the restriction for administration purposes, so relevant staff members know the restriction is in place. This will include your name, contact details and a description of why we have imposed a restriction.

The decision to impose a restriction will be taken, and reviewed, by a manager. We'll write to you explaining why we've applied the restriction. We'll review the restriction periodically. We'll remove it if we feel your behaviour has changed or if you no longer communicate with us.

Single point of contact

We may provide a single point of contact if you and we (or both) believe it will help to create a better outcome for all concerned.

The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

A decision will be made by a manager to give you a single point of contact. This may be where you have several complaints and we believe it will be more efficient for us to deal with them in this way. We'll make a record of the fact that you have a single point of contact. All relevant staff will know about using it to manage communications between our office and you. It will include your name, contact details and a description of the need to have a single point of contact. We'll review this requirement from time to time.

How you can contact us

Calling our business

When you call our our business, we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it's not withheld). We hold a log of the phone number, date, time and duration of the call, but do not audio-record the call itself. We hold this information for 90 days.

We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.

We don't audio record any calls, but we might make notes.

We also hold statistical information about the calls we receive for a number of years, but this does not contain any personal data.

Social media

Social Media data will not be shared with any other organisations and remains on the platform of origin.

We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry or a complaint.

Emailing us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.

We'll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.

Visitors to our website

Analytics

When you visit scrt.pindarcreative.co.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we'll be upfront about this. We'll make it clear when we collect personal information and we'll explain what we intend to do with it.

Cookies

You can read more about how we use cookies on Cookies page. We use a cookies tool on our website which relies on implied consent of users. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.

This means that we are in the process of updating the tool which, by default, requires explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.

Security and performance

We use a third-party web application firewall from WatchGuard to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected.

The service will block traffic that is not using the site as expected. To provide this service, WatchGuard processes site visitors' IP addresses.

We also log IP addresses and query strings that the servers generates to allow us to monitor these against attacks. No personal data is captured.

Selcom hosts our website in the UK and does not hold traffic information unless requested (normally during an attack).

Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see 'Your rights as an individual'.

Make a complaint

Purpose and legal basis for processing

Our purpose is to investigate and take action in line with our ISO policies.

The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our tasks as a business.

What we need

We need information from you to investigate your complaint properly, so our complaint forms are designed to prompt you to give us everything we need to understand what's happened.

When we receive a complaint from you, we'll set up a case file. This normally includes your contact details and any other information you have given us about the other parties in your complaint.

Why we need it

We need to know the details of your complaint so we can investigate it and fulfil our regulatory function.

What we do with it

We will use your personal information to investigate your complaint and check on our level of service. We compile and publish statistics showing information like the number of complaints we receive, but not in a form that identifies anyone.

No third parties have access to your personal information unless the law allows them to do so. However, if you have made a complaint about an organisation, we usually have to disclose your identity to them. This is so we can clearly explain to them what you think has gone wrong and if necessary advise them how to put it right. This also means we may receive information about you from them.

If you don't want information that identifies you to be shared with the organisation you want to complain about, we'll try to respect that. However, it is not always possible to handle a complaint on an anonymous basis so we'll contact you to discuss this.

If you are acting on behalf of someone making a complaint, we'll ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else's behalf.

What are your rights?

We are acting in our capacity to investigate your complaint, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

Making an enquiry

Purpose and legal basis for processing

When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it and fulfil our regulatory responsibilities.

The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

What we need and why we need it

We need enough information from you to answer your enquiry. If you call the helpline, we won't make an audio recording of it and we won't usually need to take any personal information from you. But in certain circumstances we may make notes to provide you with a further service as required.

If you contact us via email or post, we'll need a return address for response.

What we do with it

We'll set up a case file on our case management system to record your enquiry and so we can get it to the correct area of the business to be dealt with. We'll also keep a record of our response. We use the information supplied to us to deal with the enquiry and any subsequent issues that may arise, and to check on the level of service we provide.

What are your rights?

We are acting in our official capacity to respond to your enquiry, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

Make an information request

Purpose and legal basis for processing

Our purpose for processing your personal data is so we can fulfil your information request to us.

The legal basis for this is article 6(1)(C) of the GDPR, which relates to processing necessary to comply with a legal obligation to which we are subject.

What we need and why we need it

We need information from you to respond to you and to locate the information you are looking for. This enables us to comply with our legal obligations under the legislation we are subject to:

  • General Data Protection Regulations (2016) Data Protection Act (2018)
  • Freedom of Information Act (2000)
  • Environmental Information Regulations (2004)
  • Re-use of Public Sector Information Regulations

What we do with it

When we receive a request from you, we'll set up an electronic case file containing the details of your request. This normally includes your contact details and any other information you have given us. We'll also store on this case file a copy of the information that falls within the scope of your request.

If you are making a request about your personal data, or are acting on behalf of someone making such a request, then we'll ask for information to satisfy us of your identity. If it's relevant, we'll also ask for information to show you have authority to act on someone else's behalf.

We'll use the information supplied to us to process your information request and check on the level of service we provide.

If the request is about information we have received from another organisation – regarding a complaint, for example – we'll routinely consult the organisation/s concerned to seek their view on disclosure of the material.

We compile and publish statistics showing information such as the number of requests we receive, but not in a form that identifies anyone.

Communicate with us as a business

We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business. If this relates to interactions regarding our regulatory functions, the legal basis is article 6(1)(e) of the GDPR. If the interactions relate to suppliers, contracts, buildings management, IT services etc., the legal basis is article 6(1)(c) of the GDPR for any legal obligation or article 6(1)(f) because the processing is within our legitimate interests as a business.

Changes to this privacy notice

We keep our privacy notice under regular review to make sure it is up to date and accurate.

This policy was last reviewed and update on 09 August 2018.