Who we are
Stansted Express Cars Ltd is committed to protecting and respecting your privacy, and safeguarding your data and individual-level information in a secure, respectful and trustworthy manner.
This notice sets out how we will process any personal data we collect from you, or that you provide to us. Please read the following carefully to understand our views, practices and processes regarding your personal data and how we will treat this information.
For the purposes of the Data Protection Act 2018 and the General Data Protection Regulation, referred to collectively as ‘the Legislation’, the data controller is Stansted Express Cars, Stansted Airport, Endeavour House, 3rd Floor, Coopers End Road, Stansted, CM24 1SJ.
Stansted Express Cars is committed to, and fully compliant with all our statutory and legislative regulations (and our supporting in-house best practice guidelines) to ensure the security and confidentiality of the data relating to that of our customers, our staff and all associated third parties. Our processes and systems, both computer-based and paper-based, adhere to the standards set by the Legislation.
We ensure that our company servers, personal computers (PCs), laptops and company mobile devices are suitably secure for the purposes of our work with our customers and suppliers.
We have rigorous systems and safeguards in place which we underpin with in-house training and regular auditing of our IT systems to ensure that all sensitive commercial data and individual level information is shared only on a need-to-know basis, and to ensure that cyber threats are managed, mitigated, and eliminated.
Stansted Express Cars has proactively sought external guidance in order to ascertain how we as a business can implement the stipulations of the Legislation in order to best serve our customers.
We are further developing our GDPR policy that we will be seeking feedback on in order to inform users how we manage their data. We are also honing and refining our comprehensive set of internal policies and guidance for how we as a business can maximise the opportunities offered by the Legislation.
The information we collect
Collection of personal information
We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:
- To carry out our obligations arising from any agreement entered into between you and us;
- To notify you about changes to our service;
- For the detection and prevention of fraud, crime, or other malpractice;
- To conduct market or customer satisfaction research or for statistical analysis;
- For audit and record keeping purposes;
- In connection with legal proceedings;
- We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law;
- Collect information about the device you are using to view the Stansted Express Cars website, such as your IP address or the type of internet browser or operating system you are using;
- To respond to your queries or comments.
Depending upon the nature of our relationship with you, we may collect different information and these differences are outlined below.
We collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you and for certain other purposes explained below. We do not knowingly set out to collect personal data, it is only provided to us by you by contacting us via our website www.stanstedec.co.uk (“our website”) or through our mobile application (“our app”), by phone or by email. Once collected, this data is only used to deliver the service and to respond to you, answer any questions you have. We do not collect sensitive data – financial, health or information about children. This does however include name, phone number, email etc. We collect and process the following information relating to our customers:
- Information collected includes information provided at the time of making bookings for our services or for any other reason if you need to make a complaint or report a problem with our site or our app. Examples of information we collect from you are names, email address and telephone number and this is done at the point of creating an account with Stansted Express Cars;
- If you contact us, we may keep a record of that correspondence. If you contact us by telephone, your telephone call may be recorded;
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- To confirm and verify your identity or to verify that you are an authorised customer for security and compliance purposes;
- Additionally, we may collect non-personal information such as geographical location. This is collected as part of the services we provide and are not held for any other purpose. You cannot be identified from this information and it is only used to assist us in providing an effective service.
Employees and Drivers
We will collect information relevant to our legal obligations as an employer or as a contracted party for drivers and may include your name, phone number and email, in addition to address, bank account details, licencing information and information relating to criminal convictions, health information and other information as part of our screening and vetting processes.
We will collect information relevant to our status as a customer of yours and may include your name, phone number and email, in addition to address, bank account details, licencing information and information relating to the services and products you provide us
Why we need it
We need to know your personal data in order to reply to you and provide you with services. We will not collect any personal data from you, which we do not need to provide and oversee this service to you. The lawful basis for processing data identified by Stansted Express Cars includes:
- Legal obligations (for example, as an employer or as part of obligations with regards to HMRC);
- Performance of a contract (especially with regards to our customers and our suppliers);
- Legitimate interest (such as when we ask for your feedback or advice on how to continually improve);
- Consent (only used when sensitive information is required to be processed by us).
What we do with it
The personal data we process is processed and hosted in the UK, EEA and on some occasions, in the US. The necessary arrangements for all non-EEA transfers have been reviewed and found to be adequate. Third parties will have access to your personal data only when they are under contract and following the signature of a non-disclosure agreement and only in line with the services these third parties are contracted to do so in order for Stansted Express Cars to function as a business. These third parties include:
|Data subject||What we may do with the personal data|
|Customers (website, phone and app users)||
If there is a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions of supply and/or any other agreements; or to protect the rights, property, or safety of Stansted Express Cars, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
How long we keep it
Service user personal data will be retained for no more than three years following each use of our service, unless you exercise your rights highlighted below.
This relates to details of your visits to our app and website app and the resources that you access will be stored, as will details of transactions you carry out through our app or website and of the fulfilment of your bookings. Under Private Hire Regulations stipulated by Uttlesford Council, we are obliged to retain journey records for a period of 12 months as a condition of our contract. Similarly we are required to keep any complaint, lost property and account query records for the same period of time.
Employee, driver and financial data will be retained for six years from the end of their contract with Stansted Express Cars.
Of course we will look to retain records for no longer than is necessary.
What we would also like to do with it
We do not collect personal data for marketing purposes. We publish articles from time to time and simply post these on our website and/or on social media sites to assist and generate interest in our business. We will not record any personal data that may be used by cookies in order for this website to interact with you.
What are your Data Subject Access Rights?
You have the right for the following:
- The right to be informed – data subjects must be aware of what personal data we have about them and what we are doing with it;
- The right of access – data subjects can request we provide them the personal data we have about them;
- The right to rectification – Data subjects can have their personal data rectified if it is inaccurate or incomplete;
- The right to erasure (or the ‘right to be forgotten’) – Data subjects have the right for their data to be erased where the personal data is no longer necessary in relation to the purpose for which it was collected/processed, if consent is withdrawn or there are no overriding legitimate interest to continue processing;
- The right to restrict processing – Data subjects have the right to restrict the processing of personal data where they have contested its accuracy, where they have objected to the processing and we are considering whether we have a legitimate ground which overrides this and where processing is unlawful;
- The right to data portability – The right to data portability allows data subjects to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability;
- The right to object – Data subjects have the right to object to processing based on legitimate interests including profiling and direct marketing;
- Rights relating to automated decision making and profiling – Data subjects have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on the individual.If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office.
You can contact our Data Protection Officer at firstname.lastname@example.org or by post by writing to them at Stansted Express Cars, Endeavour House, 3rd Floor, Stansted, CM24 1SJ.