Privacy notice
Privacy Notice
TravelEssex is a platform run by Essex County Council (Registered in England, UK Registration Number: GB 104 25 28 13) with registered office at Essex County Council, County Hall, 19, Market Road, Chelmsford, Essex CM1 1GG
Essex County Council takes data protection seriously
We keep to a minimum the information we hold about you
We use your data to provide our services to you, respond to your enquiries, manage our relationship with you, meet our legal obligations, and improve our website
We delete your data when it is no longer needed for these things
Generally, we do not give your information to third parties, but there are some exceptions
You have privacy rights as an individual
We are happy to talk to you about how we process and protect your data
This notice sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679), on which we will process any personal data we collect from you, or that you provide to us through your use of the online software Platform.
Tell me more…
To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:
1. Just Looking
Privacy Notice
Details of the technical personal data that we process if you use our website is below:
We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
Unless you have adjusted your web browser settings (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services.
Our website, like many others, uses Google Analytics, a web analytics tool provided by Google, to collect information about how visitors use our site. This tool generates the google-analytics.com cookie/tracker. We use the Google Analytics information to compile reports and to help us improve the site. The cookie collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.
Web pages that use embedded YouTube, Facebook and Twitter widgets generate cookies/trackers for doubleclick.net, facebook.com/facebook.net and twitter.com respectively.
Using your information
Technical data
We automatically collect information to maintain and improve our services and functionality on our website. We measure visitors to our website using tools such as Google Analytics. These tools use analytical cookies to record what pages you view within our site, how you arrived at our site and some basic information about your computer. All of that information is anonymous – so we don’t know who you are; just that somebody visited our site.
The information we collect from analytics helps us understand what parts of our sites are doing well, how people arrive at our site and so on. Like most websites, we use this information to make our website better.
If you are reporting issues with the functionality of our website, we will generally collect your name, and contact details, and other information necessary to investigate the problem and advise of the outcome.
Our Reasons for Processing Your Data
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your organisation’s legitimate interests, including: to enable us to perform our contractual obligations under the organisation Agreement, to improve or optimise our services, to maintain the security of our computer systems, to understand how the Platform is used and to improve the user experience of the Platform, to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please also note:
We will not undertake any analysis via the Platform by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by your organisation. Where this is the case, it is your organisation’s responsibility to ensure they have obtained your explicit consent to such processing. However, you might, in the course of providing comments or feedback, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the captured results and disclosing such data to your organisation.
Data collected from you and other Organisation Users or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes.
Transfers of your data
We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data.
We also have a small number of companies providing services to us. These are our processors and we have confirmed that they all meet the requirements of the GDPR.
Technical and operational security
As an organisation, Essex County Council is committed to protecting personal data. This includes technical security measures (e.g., firewalls), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, and encrypted back-ups.
All of our employees are trained on Data Privacy and work to the highest ethical standards to protect your rights.
We partner with Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve our service. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of our service’s functionality and online activity. Additionally, we use this information for site optimisation and for fraud/security purposes. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Retaining your Information
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
In particular:
For Users: we will retain your personal data for a period of 5 years or until six months after our relationship with your organisation has ended (whichever is sooner). After this period, your personal data will be anonymised or deleted.
For Marketing Contacts: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
Your rights
When we process your data, you have rights as a data subject. The relevant rights are:
Request a copy of your personal data and information about our processing of it
Request that we delete information on you if we do not need to hold it
If you want to exercise any of these rights, please just contact us on <email_address>.
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
Contact us
If you want to talk to us about this, the person in charge of Data Protection is <client_employee>. You can reach them at Passenger.Transport@essex.gov.uk.
User or potential user requiring support
Privacy Notice
What data we hold and what we do with it when you request support
If you make contact by email or through our support site, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received on email for the period of your contract. We delete social media alerts within 1 month.
Technical personal data is also captured if you use the website.
If you visit our website we automatically collect information to maintain and improve our services and functionality on our website. We measure visitors to our website using tools such as Google Analytics. These tools use analytical cookies to record what pages you view within our site, how you arrived at our site and some basic information about your computer. All of that information is anonymous – so we don’t know who you are; just that somebody visited our site.
If you are reporting issues with the functionality of our website, we will generally collect your name, and contact details, and other information necessary to investigate the problem and advise of the outcome.
Our Reasons for Processing Your Data
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your organisation’s legitimate interests, including: to enable us to perform our contractual obligations under the organisation Agreement, to improve or optimise our services, to maintain the security of our computer systems, to understand how the Platform is used and to improve the user experience of the Platform, to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please also note:
We will not undertake any analysis via the Platform by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by your organisation. Where this is the case, it is your organisation’s responsibility to ensure they have obtained your explicit consent to such processing. However, you might, in the course of providing comments or feedback, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the captured results and disclosing such data to your organisation.
Data collected from you and other Organisation Users or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes.
Transfers of your data
We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data.
Third parties
We do have a small number of companies providing services to us, for example, our email sending provision and hosting company, we have confirmed that they adhere to the requirements of the GDPR.
Technical and operational security
As an organisation, Essex County Council is committed to protecting personal data. This includes technical security measures (e.g., firewalls), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, and encrypted backups.
All of our employees are trained on Data Privacy and work to the highest ethical standards to protect your rights.
We partner with Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve our service. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of our service’s functionality and online activity. Additionally, we use this information for site optimisation and for fraud/security purposes. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Retaining your Information
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
In particular:
For Users: we will retain your personal data for a period of 5 years or until six months after our relationship with your organisation has ended (whichever is sooner). After this period, your personal data will be anonymised or deleted.
For Marketing Contacts: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
Your rights
You have a lot of rights in respect to our processing of your personal data. The relevant rights are:
Request a copy of your personal data and information about our processing of it
Request that we delete information on you if we do not need to hold it
Request that we correct any personal data that we hold on you
Request that we stop processing your data, for certain things, e.g. marketing although we can still hold it
Request that we move your data to another organisation’s IT system electronically
If you want to exercise any of these rights, please just contact us on <email_address>.
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
Contact Us
If you want to talk to us about this, the person in charge of Data Protection is <client_employee>. You can reach them at <email_address>.
Transport Provider
Privacy Notice
What data we hold
We may hold the following information about you, for as long as you have a subscription in our system. During the period of your active subscription we will retain the data indefinitely for providence purposes.
Your personal name, email address and password
Your Service details which include Service name, start date, Service type, Service details, contact phone number and a contact email address.
Your Organisation details which include Organisation type, Contact details, Address, CI number.
Your comments and opinions.
Details of the technical personal data that we process if you use our website is below:
We generate log files from various servers when you visit our website: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
Unless you have adjusted your web browser (if and where possible) to refuse cookies, our system will issue cookies as soon as you visit our website or related online services.
Our website, like many others, uses Google Analytics, a web analytics tool provided by Google, to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google can provide more details about their cookies.
Using your information
Managing your Account
We will use your data to help you set up and manage your own account. We use the data to help manage the relationship between ourselves and our users.
Technical data
We automatically collect information to maintain and improve our services and functionality on our Platform. We measure visitors to our Platform using tools such as Google Analytics. These tools use analytical cookies to record what pages you view within our site, how you arrived at our site and some basic information about your computer. All of that information is anonymous – so we don’t know who you are; just that somebody visited our site.
The information we collect from analytics helps us understand what parts of our sites are doing well, how people arrive at our site and so on. Like most websites and applications, we use this information to make our Platform better.
If you are reporting issues with the functionality of our Platform, we will generally collect your name, and contact details, and other information necessary to investigate the problem and advise of the outcome.
Our Reasons for Processing Your Data
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your organisation’s legitimate interests, including: to enable us to perform our contractual obligations under the organisation Agreement, to improve or optimise our services, to maintain the security of our computer systems, to understand how the Platform is used and to improve the user experience of the Platform, to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please also note:
We will not undertake any analysis via the Platform by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by your organisation. Where this is the case, it is your organisation’s responsibility to ensure they have obtained your explicit consent to such processing. However, you might, in the course of providing comments or feedback, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the captured results and disclosing such data to your organisation.
Data collected from you and other Organisation Users or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes.
Transfers of your data
We only transfer data outside of the EEA if it is to a country or organisation that is deemed by the EU to have adequate protection of data.
Third parties
We do have a small number of companies providing services to us, for example, our email sending provision and hosting company, we have confirmed that they adhere to the requirements of the GDPR.
Anonymised Reporting
We may at times share reports with interested parties for the purpose of improving the services and systems available to our users. These reports are anonymised and all identifiable information is removed and therefore does not fall within the scope of GDPR.
Technical and operational security
As an organisation, Essex County Council is committed to protecting personal data. This includes technical security measures (e.g., firewalls), encryption of personal data, restricted access to personal data, protection of our physical premises and hard assets, and encrypted backups.
All of our employees are trained on Data Privacy and work to the highest ethical standards to protect your rights.
We partner with Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve our service. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of our service’s functionality and online activity. Additionally, we use this information for site optimisation and for fraud/security purposes. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Retaining your Information
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
In particular:
For Users: we will retain your personal data for a period of 5 years or until six months after our relationship with your organisation has ended (whichever is sooner). After this period, your personal data will be anonymised or deleted.
For Marketing Contacts: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
Your rights
You have lots of rights in respect to our processing of your personal data. The relevant rights are:
Request a copy of your personal data and information about our processing of it
Request that we delete information on you if we do not need to hold it
Request that we correct any personal data that we hold on you
Request that we stop processing your data, for certain things, e.g. marketing although we can still hold it
Request that we move your data to another organisation’s IT system electronically
If you want to exercise any of these rights, please just contact us on Passenger.Transport@essex.gov.uk.
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
Contact Us
If you want to talk to us about this, the person in charge of Data Protection is <client_employee>. You can reach them at Passenger.Transport@essex.gov.uk.