GDPR Statement

Last updated December 2020

Your personal information and Surrey County Council

  1. Surrey County Council is committed to protecting your privacy when you use our services. Our Privacy Notice explains how we use information about you and how we protect your privacy.
  2. The Safer Travel Team commissioned and uses this bespoke online booking and administration system - https://walkingtraining.online -  developed by an external company ("Weblaunch Ltd"). This is what you use when making a booking and below we explain how we use your personal information.

What personal information we collect from you

As you complete a booking, we request the following information:

  1. Name
  2. Postal address - only for customised one-one training
  3. Email
  4. Phone number
  5. Data concerning health (does trainee need epipen, inhaler or similar; does trainee have other medical needs it would be helpful for us to know)
  6. Name and phone number for emergency contact
  7. Bank card details

Collection of your information

You enter your personal data in order to book training.

IP address, user agent, browser and operating system are collected automatically by the system and are viewable by system administrators.

The basis on which we collect the information

Your personal information enables us to contact you and provide the training requested.

The purposes for which your information is used

  1. Name: to contact you
  2. Postal address,  only for customised one-one training:  to contact you and to locate the area where we need to provide training
  3. Email: to contact you
  4. Phone number: to contact you
  5. Data concerning health: to adjust the training where necessary and for the Instructor to ensure any required medical aids are being carried
  6. Name and phone number for emergency contact: for the Instructor whilst training
  7. Bank card details: to take payment for your  training

Sharing of your information

The web developer has access to all information.

For customised one-one training, your address is submitted to Google to create a location map viewable by Instructors when they are logged in to the system.

Your personal details are viewable by allocated Instructors when logged in to the system. Instructors cannot see any bank card details.

Payments are processed via WorldPay - please see here for more information.

Where your information is stored

The personal information you share with us is stored in a database on a live server. A list of pages you visit are stored on a live server in separate log files.

No credit card, bank details or any other personal financial information is stored on our servers.

Retention of your personal information

Your personal information is automatically deleted 60 days after your training has been completed or, if you did not complete your booking, 60 days from the time you entered information. That period of time allows us to attend to any follow-up queries.

Should you wish to receive further training you will need to provide your details again.

How information is protected against breaches

The servers are protected with two independent firewalls. All ports excepting those required for operation of a website are closed or access regulated by IP address.

All communications with the servers are encrypted to prevent man-in-the-middle attacks.

The hosting is cloud-based so there is no single physical presence, however data centres are protected by 24 hour security. The data centres are located in the UK.

How information is protected against losses

Data are backed up daily and stored securely off-site for 1 month. After one month data are destroyed.

Cloud-base hosting ensures there is no single point of hardware failure.