Privacy Policy

 

DPO contact
Data Protection Officer : Morrisons School of Motoring
Contact : Andy Morrison
07815 613436, email: andymorrison.a@gmail.com

Nature of Data Held
In order to respond to enquiries from this site, I ask for your name plus email address and / or phone number. This gives me the opportunity to personalise your reply and contact you using your preferred contact method.

This information is kept solely for the purpose of answering your original enquiry. Once the enquiry has been satisfactorily dealt with, your personal data is deleted permanently from the online database.

If I am unable to contact you and your enquiry remains incomplete for 180 days, the information is deleted, regardless of there having been no satisfactory conclusion to the enquiry.
Additional Data Held for Pupils

In order to book your driving test, it is necessary to retain your driving licence number. This, along with any other contact data that you have provided will be deleted on successful completion of your driving test or at the end of our specified data retention period.
Successful Candidate Photographs

When candidates pass their driving test, they will be asked for a photograph for promotional purposes. If verbal or written permission is given, the image will be displayed on our web site and in other promotional material until such permission is withdrawn.
Data held relating to customers

Contact information is held for the purpose of:

• Responding to your enquiry
• Reminding of lessons
• Advising of any changes or cancellations
• Informing of test dates etc.

Consent
Making the reasonable assumption that having asked a question via our web site enquiry page, that you are entitled to and expect an answer, we claim your consent to reply by your chosen means, e.g. email or phone. Once your enquiry has been dealt with, we assume no further consent to use your personal data, which are then removed from the online database.

Invoice details will be retained in accordance with our legal obligation in respect of tax regulations.
Scope

This section defines the policy for managing data throughout Morrisons School of Motoring

Risks

Data held by the organisation for the purposes of carrying on its day to day business may be at risk of leakage or loss through the following means:

• Data Theft through hacking (Cyber Crime)
• Data Theft from the Cloud
• Data Theft through embezzlement
• Data Theft through hardware loss
• Fire
• Flood
• Physical damage to equipment
• End of equipment life risks

General Considerations
In order to minimise risks, the number of copies of data held is minimised, commensurate with protection against data loss.

My database is held on servers which are all protected by firewalls, and all security patches or updates are applied as soon as they become available by the one person responsible for security.

Data Theft Through Hacking

All personally identifiable data is held on a handheld device which is protected by a password and backed up regularly to a password protected icloud account.

Access to the database that holds such data is restricted to the DPO only.

For disaster recovery purposes, the contents of the handheld device are backed up regularly to a password protected icloud account. The backup is a snapshot of only the latest data and only the most recent backup file is retained in between weekly backup sessions, so that no obsolete data can be accessed or restored once removed from the main database.

Data Access Policy
Under the provision of the General Data Protection Regulation, you have the right to request to view, or have removed any data held relating to you as a natural person.

This can be requested direct to the DPO.

Right to be Forgotten Policy
Under the provisions of the General Data Protection Regulation, you have the right for all data held relating to yourself to be completely and permanently erased.

Note : Removal of all data may impact on my ability to provide a service to you.

The Regulation also provides for this information being removed from all backup copies and other repositories in the organisation. To ensure that this requirement is followed, Morrisons School of Motoring adopts the following practices:

• Only one copy of the database exists for each day over the past 7 days. This is held on a remote server in a secure data centre
• For disaster recovery
• The backup is a snapshot of the most recent data for each day of the week.
• Every week that backup file is overwritten with the latest data
• In case of a backup being restored, the responsible individual is required to manually reconcile any RTBF requests that may have been overridden by the restoration

Please note that the database is backed up daily with each days backup held for one week so there will be a latency of seven days between removal from the active database and removal from all backup copies.

Data Retention Policy
Your data is held until satisfactory conclusion of your enquiry or until you are no longer using our services.
Automated Processes

Enquiry info is held in the database for no more than 3 days. This is to ensure we can respond to them even if there is an issue with email delivery. No automated processing of data is carried out on the database holding your information, other than a regular check for expired data. To ensure compliance with our policies, every day, the database is queried for entries that are greater in age than the number of days laid out in our Data Retention Terms Policy.

If found, the record and all associated data are automatically deleted from the active database. The active database is backed up daily, overwriting the previous copy from the same day the week before, so there will be a latency between deleting from the active database and the backup version. This will mean a possible delay of a maximum of seven days before final eradication of over-age data.