Cabline UK understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits our website(s), cablineuk.com / bookings.cablineuk.com and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
|means an account required to access and/or use certain areas and features of the Cabline UK website;|
|means a small text file placed on your computer or device by the Cabline UK website when you visit certain parts of our website and/or when you use certain features of our website. Details of the Cookies used by our website are set out in the Cabline UK Policy; and|
|means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;|
2. Information About Cabline UK
Cabline UK is a limited company registered in England and Wales under company number 05318399. Registered address: Unit 3 Boulevard Industrial Estate, Bowden Drive, Beeston, Nottingham, NG9 2JY.
VAT number: GB907 3018 46
Data Protection Officer: Cabline UK Limited.
Email address: email@example.com
Telephone number: 0333 009 4000.
Postal address: Unit 3 Boulevard Industrial Estate, Bowden Drive, Beeston, Nottingham, NG9 2JY.
3. What Does This Policy Cover?
4. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
5. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us, using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us firstname.lastname@example.org
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 15.
6. What Data Do You Collect and How?
We collect information from you when you place an order, fill out a form or register to use our services
When contacting us on the phone, we may record your call for training and quality control purposes.
When contacting us from this site you may be asked to enter your name, e-mail address or phone number as appropriate. You may, however, visit our site anonymously.
For placing orders online we require you to use a separate site (bookings.cablineuk.com). We implement a variety of security measures to maintain the safety of your personal information when you place an order:
- Our booking site is a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology. This is then encrypted into our payment gateway provider’s database, it is only to be accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.
- After a transaction, only non-special category data such as name, e-mail, phone number and address is stored and kept on our systems
|Data Collected||How We Collect the Data|
|Identity Information including Name||From your employer, from you completing a registration form|
|Contact information including Address, e-mail, phone number||From you completing a registration form|
|Business information including Business name, staff number, department, job title||From your employer, from you completing a registration form|
|Payment information including Card details, bank account numbers sort codes etc||Via secure PCI/DSS compliant web form via secure payment gateway.|
|Profile information including login details, purchase and journey information, favourite journeys etc||From you or your employer completing a booking form|
|Technical information including IP address, browser type, location data.||Collected if you have authorised use of location services from your device|
7. How Do You Use My Personal Data?
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. Any of the information we collect from you may be used to:
- Improve service. Your information helps us to more effectively respond to your customer service requests and support needs.
- Process transactions.
- Administer a promotion, survey or other site feature.
- Send periodic emails. The email address you provide for order processing, may be used to send you information and updates pertaining to your order. These updates may on occasion also include company news, updates or service information, etc.
Processing of the data we collect is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
If customers do not provide the information required for processing transactions, then we will be unable to provide a service to the customer.
The following table describes how we will use your personal data, and our lawful basis for doing so:
|What We Do||What Data We Use||Our Lawful Basis|
|Registering you on our website.||Name|
E-mailContact phone number
Employee Number or equivalent (if applicable)Employer cost codes / Departments
|Non special category, required to deliver the services (Known as “standard account information”)|
|Providing and managing your Account||Standard Account information||To allow us to provide support for the services we deliver|
|Providing and managing your access to our website.||User specific information||To allow us to manage access to the web services (allowing the use of your booking account)|
|Managing payments for our services.||In addition to the “standard account information” we will take credit card details required to process payment which will include card number, card type, expiry date and CVV (security) code||Minimum data required to accept payment via card. Maintain PCI/DSS standards|
|Communicating with you.||E-mail and phone numbers.||Sending status updates and communicating booking confirmations, providing updates, news or offers|
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us email@example.com
If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
8. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
Accounts related data that is processed via our two database servers are subject to a 90 day non-usage review of the account, followed up by a 6 month review before the erasure or separation of any personal or sensitive data. Also upon request by the authorised account holder data will be deleted from both database servers within 30 days of the request followed up by a privacy notification and confirmation of the deletion. This can be done by contacting us at firstname.lastname@example.org
Data processed via email are subject to the Cabline on board retention policy, this includes the purging of unfiled mail after 30 days.
Employee and mobile users including sub-processors who process data on behalf of our company are subject to a systematic 30 days deletion policy after the completion of a contractual obligation. This is achieved via our Freedom software which is downloaded onto mobile devices. On board encryption is also enabled on all our mobile devices which are set to delete all information on the device after multiple failed password attempts.
Exceptions where data may be held longer
Financial data stored on our accounts server or stored as hard copies are held for up to 7 years before disposal due to TAX and VAT legalities.
Ranks of sensitive data – Different retention periods
Security criticality of sensitive or personal data which we process will be described and provided for in section 8.1 below, this policy contains requirements for the deletion of any data we process either personal or sensitive ranked ‘low’, ‘medium’ and ‘high’.
8.1 System data ranking
- 1 – High – For the requirement of our business and the completion of contractual obligations with our clients it is very important to us that any financial data we store or process for or on behalf of our clients is subject to immediate tokenisation/masking of card details which include CVV/CVV2 information, card number and expiration date. However if data is to be processed as a one off request this data will be deleted after processing with immediate effect unless contractual consent is gained.
- 2 – Medium – Account data which may include but not limited to personal data and goods or services provided will be subject to regular review of the data stored for the purpose of maintaining account records. This data allows us to complete our contractual agreements and can include but not limited to the client’s name, address and contact details. Upon request by the authorised account holder this data can be deleted from our systems within 30 days of the request.
- 3 – Low – Sensitive classes of information that may include physical or mental health issues, racial or ethnic origin, religious or other beliefs of a similar nature and trade union memberships (and are not usually collected or required by Cabline) but if stored for legalities, are not processed. We do not use profiling nor automated decision making systems as a part of our company policies. Deletion of this data is subject to but not limited to either upon request or legal obligations.
- Where is my personal data held?
Cabline holds personal data in a few different locations, these can include: Our own database servers, email accounts, desktops, employee owned devices, paper files and backup storage.
9. How and Where Do You Store or Transfer My Personal Data?
We will only store or transfer your personal data within the UK. This means that it will be fully protected under the Data Protection Legislation.
We will only store or transfer some of your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
The security of your personal data is essential to Cabline UK, and to protect your data, we take a number of important measures, including the following:
- limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
- procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;
10. Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
11. How Can I Control My Personal Data?
In addition to your rights under the Data Protection Legislation, set out in Part 5, when you submit personal data via the Cabline UK website, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes.
12. Can I Withhold Information?
You may access certain areas of the Cabline UK website without providing any personal data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow). This enables the sites or service providers systems to recognize your browser and capture and remember certain information.
By using the Cabline UK website, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on our website for Google Analytics. These Cookies are not integral to the functioning of our website and your use and experience of our website will not be impaired by refusing consent to them.
All Cookies used by and on our website are used in accordance with current Cookie Law.
Before Cookies are placed on your computer or device, you will be shown a requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; You will be given the opportunity to allow only first-party Cookies and block third-party Cookies.
The Cabline UK website uses analytics services provided by Google Analytics and is administered with by our website partner Fifteen. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our website is used. This, in turn, enables us to improve our website and the services offered through it.
The analytics services used by the Cabline UK website uses the following
In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
14. Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
Our third party partners are:
- Fifteen (Website Support) – Media House, Padge Road, Beeston, Nottingham, NG9 2RS
- Catalina-Software (Software Support) – AX Building, 3 Ryston End, Downham Market, Norfolk, PE38 9AX
- Affirm IT (IT Support) – Bradgate House, Derby Rd, Heanor DE75 7QL
We may also release your information when we believe release is appropriate. For example, this may be to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
15. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown by following the link here. email@example.com
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within two weeks and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
16. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of the “Cabline information control officer”
Email address: firstname.lastname@example.org
Telephone number: 0333 009 4000
Postal Address: Unit 3 Boulevard Industrial Estate, Bowden Drive, Beeston, Nottingham, NG9 2JY.
Cabline UK may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.