Who are “We”?
1. In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘the company’ or Grant Palmer’, we are referring to “Grant Palmer Limited”.

2. Grant Palmer Limited is a limited company, Company Number 07813222 and as our website explains we specialise in the provision of passenger travel services; in particular local bus services.

This Policy
3. The privacy and security of the personal information that we hold is very important to us. This privacy policy explains how and why we obtain, use and store your personal data and we ask you to read this policy carefully to make sure that you stay informed and so that you can be confident about giving us your information.

4. If you have any questions about this policy or about the data that we hold (or may hold) for you, please get in touch with us.

We may need to change this policy
5. If we need to update this policy (for example because a change in the law requires us to do so) we will publish the new version on our website, so we recommend that you check our website periodically to see if we have needed to make any changes that might affect you.

Does this policy apply to you?
6. This policy applies to you if we obtain your personal data. This may occur if you contact us, if you visit us, if make a booking with us, if someone else provides us with information about you (for example if they make a booking for you), if you work with us or for us, or if you travel on any of our vehicles or happen to be filmed on our vehicle’s CCTV/’dash-cam’ systems.

7. If you contact us to make a booking on someone else’s behalf we ask you to note that when you provide us with the personal data of anyone other than yourself we rely on you to ensure that you have all the necessary consents, authorities and permissions to do so.

Our promise to you
8. We will never sell your personal data and we will only share it with people or organisations that we work with when it is necessary. In common with many businesses we have relationships with third parties who help us with our work: for example our accountants, IT support professionals and independent auditors.

9. No privacy and security system can be guaranteed to be perfectly secure at all times, but we have put in place procedures and systems designed to keep your personal data secure.

Who should you contact about this policy or your personal data?
10. If you have any questions in relation to this privacy policy or how we use your personal data you should write to us at Grant Palmer Limited, 2C West House, Commerce Way, Flitwick, MK45 5BP. Please address your letter for the attention of our Managing Director.

What personal data do we collect?
11. Your personal data (by which we mean information relating to you, for example, your name, address, date of birth, photograph, national insurance number, telephone number, and/or your email address) may be collected and used by us.

12. We ask that you let us know if ever any of the personal data that you provide to us changes or if you become aware that data that we may hold for you is inaccurate or has become obsolete.

13. We collect personal data in connection with specific activities concerning the work that we do with you or for you, and/or work which you do for us.

14. The personal data that you provide to us may include identification information, and if you visit us or travel with us you may be recorded on our CCTV systems.

Personal data provided by you
15. The data that you may provide to us or which we may obtain in the course of working with you or for you may include your personal details, financial information and/or medical information.

We may automatically collect the information from you or about you
16. When you make contact with us including if you make a payment to us using the company’s website, our systems may collect personal data from you or about you.

Personal data created by your involvement with us.
17. Your activities and involvement with us may result in personal data being created, used or stored by us.

Information we generate.
18. As part of our business we make use of data that we obtain and store, including identifying services that we offer which may be of interest to you.

Information from third parties
19. We do not buy anonymous external data from third parties (for example census data, or data held by credit reference agencies).

Sensitive Personal Data
20. At times we may collect sensitive personal data from you or about you. This is most likely to arise if you share this information with us, for example as part of your employment with us or if you enquire about or make a booking with us (or if someone does so on your behalf and in doing so provides us with your personal data).

21. Sensitive personal data could include confidential financial and/or medical information about you, and there may be occasions where it will be appropriate for us to pass this information on to third parties. For example, we may need to pass on details of a disability to a third party hotel if you are travelling with us on a holiday and will need special facilities to make sure that you are kept safe and looked after properly.

Children’s Personal Data
22. We do not employ anyone under the age of 18 years but we do carry people under the age of 18 years on our vehicles, and to do so we require personal data about them so that we know who we are being asked to carry, and when.

Marketing to young people
23. We will not send marketing emails, letters or make calls to people under the age of 17. We will not send any marketing communications to young people aged between 13 and 17 and we will not profile anyone under the age of 18.

How we use your personal data and why we are allowed to do so
24. We will only hold or use your personal data as permitted by law with reference to the obligations that may apply if we act as a data controller or data processor. When you work with us or for us and we have a contract with you it may be necessary for us to hold your personal information to enable us to work with you and to allow us to discharge our contractual obligations.

25. If you make a booking with us or if you travel on one of our services then we will carry out our in accordance with our Terms and Conditions of Business or in accordance with the terms of the contract that we have with you, as appropriate.

26. We may have a legitimate interest in making contact with you or in holding your personal data, for example if you travel with us under a booking made for you by someone else.

27. When you make contact with us and/or when we do work for you it may be legally necessary to obtain, use or store your personal data (one example of this would be if we are required by the police, or any other regulatory or government authority to provide your personal data).

28. Sometimes we will need to share your data with third parties (who should also have their own Privacy Policies). For example, there may be occasions when we are the subject of external audits, or because our accountants require access to our financial records, or because we require assistance to host and operate our data systems (including our computer systems, telephones, website and email facilities). Wherever we can we will limit our use of your data and the access that any third party has to it.

Marketing Communications
29. Your privacy is important to us, so we will always seek to keep your details secure.

30. If you are happy for us to get in touch with you to provide you with details of the services that we offer which may be of interest to you, then with your consent we may get in touch with you from time to time.

31. If you agree to receive marketing information from us you can change your mind at any time thereafter.

32. However, if you tell us you do not want to receive marketing communications, then you may not hear about services that we offer which may be of interest to you. The choice is yours and we will respect your preferences.

Cookies
33. “Cookies” are small pieces of information between a web server and a web browser, which enable the server to collect information from the browser. We may use cookies to enable us to provide the mechanisms for online browsing and to monitor traffic to our website. These cookies do not contain any personally identifiable information.

34. Our website does not automatically capture or store personal data from visitors to the site, other than to log the user’s IP address and session information. This information is used only for the administration of the site and in the compilation of aggregated statistics to measure the use of this site.

35. Our website utilises cookies. Cookies are text files that identify your computer to our server and provide us with non-personal statistical information about what you do on our website. You will probably be offered the opportunity to set your computer to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at any time. If you refuse a cookie it may prevent the proper operation of our site for you. By continuing to use this web site, you accept that cookies will be used.

36. This privacy policy applies only to this web site. It does not cover any links within the site linking to other web sites and Grant Palmer Limited is not responsible for the privacy and security of these sites.

How we protect your information
37. The Internet is not a secure medium. However, we have put in place various security procedures to help ensure that your personal information is secure. We also keep your information confidential. Our internal procedures cover the storage, access and disclosure of your information.

You have the right to ask us for details of the information that we hold about you
38. When we hold your personal information, you are entitled to know what details we hold about you and why we hold it. If there is anything that you would like to know about the information that we hold about you please let us know and we will try to help. If you ask us to provide you with details of the personal data that we hold for you then we will do so in a structured and easy to use format.

39. You have the right to make sure that the data that we hold for you is correct. If you believe that the personal data that we hold for you is inaccurate or obsolete then please let us know. If we have got something wrong we will try to correct it quickly for you.

40. If you need help from us in transferring your data (‘data portability’) please let us know and we will try to help.

You have the right to be forgotten
41. If we are holding your personal data because you have consented to us doing so and, if you withdraw your consent, you are entitled to ask that we delete your data and we promise to do so (provided we do not need to retain the data for some other reason, in which case we will explain our reasons for retaining your data so that you know what we are doing and why).

42. If we have held your data because we have worked with you or for you, or if you have worked for us, we will only hold onto your data after the work between us is completed for as long as is necessary.

43. If you are concerned that we may be holding your personal data when there is no longer any need or proper reason for us to do so and you wish us to delete your data, please let us know.

44. You have the right to object to the processing of your data. If you have any concerns about this please let us know and we will try to help.

The Information Commissioner
45. For more information about your rights in relation to your personal data you can contact the Information Commissioner via the Information Commissioner’s Office website at www.ico.org.uk.

How to contact us
46. We welcome your views about our website and our privacy policy. If you would like to contact us, please do so by clicking here.

This policy was written on 27th November 2019