Privacy Notice
This privacy notice details Ensignbus’s privacy policy relating to personal information that we collect, create, use and share when you are using our services. It explains what personal data we hold, what we do with that data and how long we keep it for. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. We comply with the United Kingdom General Data Protection Regulation (UK-GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations (PECR).
Last updated
This privacy notice was last updated on the 3rd May 2024. We will update this Notice from time to time and you should review it whenever you visit our website or before providing us with any personal data about yourself.
Who we are
We are Ensign Bus Company Limited referred to here as Ensignbus. Ensignbus is a business with 40 years’ experience in Bus Sales, Service Work, Sightseeing Tours, Bus Conversions and Restorations. Ensignbus Bus Company includes the following trading styles: Ensign Bus Hire, Ensignbus Corporate, Southend Jetlink, Gatwick Jetlink, Southends99 and Southend Open Top Bus. Within this Privacy Notice our company and trading names are collectively referred to as “Ensignbus”, “we”, “us” or “our”. Ensignbus is a data controller in respect of any personal data we collect.
How we collect your personal data
We will only collect and use your personal data where we have legitimate business reasons to do so. We may obtain personal data from you to provide you a service or when we provide a service to one of our clients, when you contact us or visit our offices, including when you call us, get in touch with us via our website, or when you or your organisation correspond with us using any means of communication. This includes personal data provided to us:
We may also collect your data when we search websites where you have posted your data to be found in relation to business opportunities. We will of course let you know at the earliest opportunity when we have gathered your data in this manner.
The personal data we collect
We collect personal data in order to provide the best possible service we can, to maintain good relationships or on behalf of our clients in the service of a contract. We only collect the data we need or are contracted to hold and we will ensure we have appropriate physical and technological security measures to protect your personal data.
For clients using our services or suppliers whose services we use, depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the following information: name, title, email address, postal address, telephone numbers and other contact numbers, nationality, country of birth, place of birth, proof of identification, passport details, bank details, and proof of address. We may also hold extra information that someone in your organisation has chosen to tell us, where we have a good reason to hold it.
For employees or candidates applying for a job with Ensignbus, depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the following information: name, title, date of birth, gender, marital status, photograph, email address, postal address, telephone numbers, education details, employment history, emergency contacts and details of any dependants, referee details, immigration/visa status (whether you need a work permit), nationality/citizenship/place of birth, a copy of your driving licence and/or passport/identity card, financial information (where we need to carry out financial background checks), social security number (or equivalent in your country) and any other tax-related information, diversity information possibly including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information, details of any criminal convictions if this is required for a role that you are interested in applying for, details about your current remuneration, pensions and benefits arrangements, information on your interests, needs regarding future employment, and any extra information that you or your referees choose to tell us. We may also hold information about interviews you have attended and any relevant feedback and information gained from appraisals. We may also hold limited health information where you have made us aware or where you have told us to justify an absence.
What we use your information for
Ensignbus collects and processes your personal data for legitimate Business Management and Human Resource purposes including:
We may use your personal data for these purposes if it is necessary for the formation or performance of a contract, for the fulfilment of statutory or other legal obligations, or where we deem it to be necessary for our legitimate interests or for mutually beneficial legitimate interests. Our legitimate interests are explained a little further down this notice.
CCTV
We have CCTV cameras in and around our premises for health and safety and for security reasons.
All our buses are fitted with CCTV cameras which capture images of the road ahead of, behind the bus, and of the interior of the bus. We have these CCTV cameras for reasons of safety and security. We only use the images when investigating accidents or alleged crime or anti-social behaviour on our buses. CCTV footage is recorded and stored in a secure system and only downloaded and viewed when we need to investigate an incident. Images may be shared with the police or insurance companies if they request it.
The CCTV images are not used for monitoring and under normal circumstances the images will never be viewed. CCTV footage is retained for 30 days only unless required to be kept for longer for legal purposes.
Sharing your personal data
Where appropriate and in accordance with local laws and requirements, we may share your personal data with:
If Ensignbus acquires, merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the other business or company, subject to appropriate assurances as to the protection of your data privacy.
Processors and Sub-Processors
Ensignbus uses processors and sub-processors to assist in providing some of its services. Ensignbus requires its processors and sub-processors to satisfy equivalent obligations as those required from Ensignbus as detailed in agreements with our clients including:
Your Rights
You have individual rights under the UK GDPR legislation. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have:
The right to be informed - you have the right to be informed of what we do with your data. The detail of what we do is in this privacy notice.
The right of access - you have the right to ask us to confirm what information we hold about you. You can exercise this right by submitting a Data Subject Access Request. We may ask you to verify your identity and for more information about your request. We will respond to any request to access your data within one month.
The right to rectification - you have the right to update your data if you think it’s incorrect. We may ask you to verify your identity and for more information about your request.
The right to erasure - You have the right to have your personal data deleted (right to be forgotten). We will make every reasonable effort to remove your personal data, however, this may not always be possible if we need to retain your data for purposes of billing or if there are legal requirements for us to keep your data. We may ask you to verify your identity and for more information about your request. We will respond to any request to delete your data within one month and let you know the outcome of your request.
The right to restrict processing - you have the right to ask us to stop processing your data. Where consent has been given to process your data, you can withdraw that consent at any time by contacting us using the details at the bottom of this notice. You can raise any concerns to the processing or use of your personal data by us either to us or to the appropriate data protection authority.
The right to data portability - you have the right to have the personal data you have given us transferred to another company and we will make every reasonable effort to comply with your request.
The right to object - you have the right to object to us processing your personal data where we do so under legitimate interests or to enable us to perform a task in the public interest or exercise official authority or to send you direct marketing materials or for scientific, historical, research or statistical purposes. The "legitimate interests" and "direct marketing" categories above are the ones most likely to apply to our Clients, Suppliers, contractors and job candidates. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless we can show that we have compelling legitimate grounds for processing which overrides your interests or we are processing your data for the establishment, exercise or defence of a legal claim.
Rights in relation to automated decision making and profiling - Automated individual decision-making is a decision made by automated means without any human involvement, such as a recruitment aptitude test which uses pre-programmed algorithms and criteria. Ensignbus do not use any automated decision making tools. Profiling is where we use the information we have on you to classify you into different groups or sectors, using algorithms and machine-learning. This analysis identifies links between different behaviours and characteristics to create profiles for individuals. Ensignbus do not use any profiling techniques. However, if you think we are doing so you have the right to ask us to explain and to ask us to stop doing so.
Transfer of data outside the UK
Normally your data will not be transferred to a country or territory outside the UK unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place to guard your rights and freedoms. If for any extraordinary reason we need to transfer your personal data to countries without adequate data protection laws we will seek your consent to do so.
Retention
It is our policy only to keep records of your personal data for as long as required under the legal obligations deemed relevant by our relationship with you or as required by relevant authorities or other legislation, whichever requirement is longer, after which it will be erased from our systems and any paperwork will be destroyed.
Our retention policies are currently as follows:
Legitimate interests
The UK-GDPR states (in Article 6(1)(f)) that we can process your data where it is necessary for the purposes of the legitimate interests pursued by us except where such interests are overridden by your interests or fundamental rights or freedoms.
Our legitimate interests explained - Ensignbus think it's reasonable to expect that if we have had a professional relationship with you or you have contacted us about a job or we find that you are looking for employment or you have posted your professional information on professional networking sites or on a job board, or we have been given your name as an emergency contact or as a referee, you are happy for us to use your personal data to contact you for a relevant reason. If you don’t want any further contact with us you can ask us to stop by contacting us using the details at the end of this Privacy Notice.
Cookies
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We do not collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or other device. You can find more detailed information about how you can manage Cookies at the All About Cookies and Your Online Choices websites.
By using this website, you declare that you agree to the processing of data collected about you by Google in the manner described above, and for the purposes described above. You can counteract the saving and collection of data with a plugin for your browser, available here.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our servers are in a secure location in our offices or are hosted from datacentres within the EU which are ISO27001 certified.
Links to other websites and social media
Our website may contain links to other websites of interest. However, once you have used these links to leave our site(s), you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Contact Us
To exercise any relevant rights, queries or complaints please contact us via a method shown on our web page here or by one of the following means:
By Phone:
+44 (0)1708 865656
By Post:
Ensignbus Company
Juliette Close
Purfleet Industrial Park
Purfleet, Essex
RM15 4YF
United Kingdom
Email: [email protected]
Contact the Information Commissioner
If you wish to make a complaint then you can contact the Commissioner at the Information Commissioners Office (ICO) in the following ways:
By Phone:
+44 (0)303 123 1113
By Post:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Other contact options can be found on the ICO website at https://ico.org.uk/global/contact-us/.
Last updated
This privacy notice was last updated on the 3rd May 2024. We will update this Notice from time to time and you should review it whenever you visit our website or before providing us with any personal data about yourself.
Who we are
We are Ensign Bus Company Limited referred to here as Ensignbus. Ensignbus is a business with 40 years’ experience in Bus Sales, Service Work, Sightseeing Tours, Bus Conversions and Restorations. Ensignbus Bus Company includes the following trading styles: Ensign Bus Hire, Ensignbus Corporate, Southend Jetlink, Gatwick Jetlink, Southends99 and Southend Open Top Bus. Within this Privacy Notice our company and trading names are collectively referred to as “Ensignbus”, “we”, “us” or “our”. Ensignbus is a data controller in respect of any personal data we collect.
How we collect your personal data
We will only collect and use your personal data where we have legitimate business reasons to do so. We may obtain personal data from you to provide you a service or when we provide a service to one of our clients, when you contact us or visit our offices, including when you call us, get in touch with us via our website, or when you or your organisation correspond with us using any means of communication. This includes personal data provided to us:
- when you enquire about, or enter into a contract to hire a bus from us;
- when you purchase a bus from us;
- when you or your school/college register your details with our smartcard systems;
- in regard to services we provide directly to you or to one of our clients;
- when you deal with us in order to provide us with goods or services;
- when we receive referrals from other employees, clients or suppliers;
- when you provide our staff with business cards or contact details;
- when you make a complaint;
- when you contact us with a question or enquiry via our website, email or by calling our office;
- when you contact us about employment with Ensignbus;
- during the course of your employment with Ensignbus;
- when staff give us your details as an emergency contact; or
- when job applicants give us your details as a referee.
We may also collect your data when we search websites where you have posted your data to be found in relation to business opportunities. We will of course let you know at the earliest opportunity when we have gathered your data in this manner.
The personal data we collect
We collect personal data in order to provide the best possible service we can, to maintain good relationships or on behalf of our clients in the service of a contract. We only collect the data we need or are contracted to hold and we will ensure we have appropriate physical and technological security measures to protect your personal data.
For clients using our services or suppliers whose services we use, depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the following information: name, title, email address, postal address, telephone numbers and other contact numbers, nationality, country of birth, place of birth, proof of identification, passport details, bank details, and proof of address. We may also hold extra information that someone in your organisation has chosen to tell us, where we have a good reason to hold it.
For employees or candidates applying for a job with Ensignbus, depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the following information: name, title, date of birth, gender, marital status, photograph, email address, postal address, telephone numbers, education details, employment history, emergency contacts and details of any dependants, referee details, immigration/visa status (whether you need a work permit), nationality/citizenship/place of birth, a copy of your driving licence and/or passport/identity card, financial information (where we need to carry out financial background checks), social security number (or equivalent in your country) and any other tax-related information, diversity information possibly including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information, details of any criminal convictions if this is required for a role that you are interested in applying for, details about your current remuneration, pensions and benefits arrangements, information on your interests, needs regarding future employment, and any extra information that you or your referees choose to tell us. We may also hold information about interviews you have attended and any relevant feedback and information gained from appraisals. We may also hold limited health information where you have made us aware or where you have told us to justify an absence.
What we use your information for
Ensignbus collects and processes your personal data for legitimate Business Management and Human Resource purposes including:
- managing the financial relationships with our clients;
- administering our clients’ products and services;
- processing transactions;
- processing instructions from clients;
- in connection with legal and dispute management;
- for compliance with legal, regulatory and tax reporting obligations;
- releasing your personal information to regulatory or law enforcement agencies, if they require us to do so by law for the prevention, detection and investigation of crimes;
- to market our related products and services directly to you, and advise you of any updates to our services. Where we do so you will be able to unsubscribe at any time from receiving any further communications from us;
- to contact you from time to time for market research purposes. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests;
- internal record-keeping;
- to match your skill sets with job vacancies;
- for payroll purposes;
- contacting you in an emergency involving a candidate or member of staff;
- contacting you in order to take up a reference;
- we may use the information to improve our services to you; or
- to fulfil contractual obligations with our clients.
We may use your personal data for these purposes if it is necessary for the formation or performance of a contract, for the fulfilment of statutory or other legal obligations, or where we deem it to be necessary for our legitimate interests or for mutually beneficial legitimate interests. Our legitimate interests are explained a little further down this notice.
CCTV
We have CCTV cameras in and around our premises for health and safety and for security reasons.
All our buses are fitted with CCTV cameras which capture images of the road ahead of, behind the bus, and of the interior of the bus. We have these CCTV cameras for reasons of safety and security. We only use the images when investigating accidents or alleged crime or anti-social behaviour on our buses. CCTV footage is recorded and stored in a secure system and only downloaded and viewed when we need to investigate an incident. Images may be shared with the police or insurance companies if they request it.
The CCTV images are not used for monitoring and under normal circumstances the images will never be viewed. CCTV footage is retained for 30 days only unless required to be kept for longer for legal purposes.
Sharing your personal data
Where appropriate and in accordance with local laws and requirements, we may share your personal data with:
- third party service providers who we engage with on your instruction;
- third party service providers who perform functions on our behalf including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems;
- third party technology and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- tax, audit, or other authorities, when we consider in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- marketing technology platforms and suppliers;
- individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies; and
- in the case of Candidates and potential Ensignbus employees, third parties who we have retained to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate and in accordance with local laws.
If Ensignbus acquires, merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the other business or company, subject to appropriate assurances as to the protection of your data privacy.
Processors and Sub-Processors
Ensignbus uses processors and sub-processors to assist in providing some of its services. Ensignbus requires its processors and sub-processors to satisfy equivalent obligations as those required from Ensignbus as detailed in agreements with our clients including:
- process Personal Data in accordance with data controller’s documented instructions
- implement and maintain appropriate technical and organisational measures to prevent unauthorised access or disclosure
- promptly inform Ensignbus of any actual or potential security/data breach; and
- cooperate with Ensignbus when requests are received from data controllers, data subjects or the Information Commissioner.
Your Rights
You have individual rights under the UK GDPR legislation. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have:
The right to be informed - you have the right to be informed of what we do with your data. The detail of what we do is in this privacy notice.
The right of access - you have the right to ask us to confirm what information we hold about you. You can exercise this right by submitting a Data Subject Access Request. We may ask you to verify your identity and for more information about your request. We will respond to any request to access your data within one month.
The right to rectification - you have the right to update your data if you think it’s incorrect. We may ask you to verify your identity and for more information about your request.
The right to erasure - You have the right to have your personal data deleted (right to be forgotten). We will make every reasonable effort to remove your personal data, however, this may not always be possible if we need to retain your data for purposes of billing or if there are legal requirements for us to keep your data. We may ask you to verify your identity and for more information about your request. We will respond to any request to delete your data within one month and let you know the outcome of your request.
The right to restrict processing - you have the right to ask us to stop processing your data. Where consent has been given to process your data, you can withdraw that consent at any time by contacting us using the details at the bottom of this notice. You can raise any concerns to the processing or use of your personal data by us either to us or to the appropriate data protection authority.
The right to data portability - you have the right to have the personal data you have given us transferred to another company and we will make every reasonable effort to comply with your request.
The right to object - you have the right to object to us processing your personal data where we do so under legitimate interests or to enable us to perform a task in the public interest or exercise official authority or to send you direct marketing materials or for scientific, historical, research or statistical purposes. The "legitimate interests" and "direct marketing" categories above are the ones most likely to apply to our Clients, Suppliers, contractors and job candidates. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless we can show that we have compelling legitimate grounds for processing which overrides your interests or we are processing your data for the establishment, exercise or defence of a legal claim.
Rights in relation to automated decision making and profiling - Automated individual decision-making is a decision made by automated means without any human involvement, such as a recruitment aptitude test which uses pre-programmed algorithms and criteria. Ensignbus do not use any automated decision making tools. Profiling is where we use the information we have on you to classify you into different groups or sectors, using algorithms and machine-learning. This analysis identifies links between different behaviours and characteristics to create profiles for individuals. Ensignbus do not use any profiling techniques. However, if you think we are doing so you have the right to ask us to explain and to ask us to stop doing so.
Transfer of data outside the UK
Normally your data will not be transferred to a country or territory outside the UK unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place to guard your rights and freedoms. If for any extraordinary reason we need to transfer your personal data to countries without adequate data protection laws we will seek your consent to do so.
Retention
It is our policy only to keep records of your personal data for as long as required under the legal obligations deemed relevant by our relationship with you or as required by relevant authorities or other legislation, whichever requirement is longer, after which it will be erased from our systems and any paperwork will be destroyed.
Our retention policies are currently as follows:
- if you are a client or a supplier we may, for regulatory reasons or to settle a dispute, keep your data for seven years after the end of the engagement with us;
- if you have contacted us via our website or sent us an email and we do not engage in a professional relationship with you, we will retain your data for two years;
- if you are an employee we will keep your data for seven years after the end of your employment to satisfy regulatory obligations; and
- if we are recruiting and you send us your CV or if we are not currently recruiting but are interested in your profile we may keep your CV and personal details for a period of one year.
Legitimate interests
The UK-GDPR states (in Article 6(1)(f)) that we can process your data where it is necessary for the purposes of the legitimate interests pursued by us except where such interests are overridden by your interests or fundamental rights or freedoms.
Our legitimate interests explained - Ensignbus think it's reasonable to expect that if we have had a professional relationship with you or you have contacted us about a job or we find that you are looking for employment or you have posted your professional information on professional networking sites or on a job board, or we have been given your name as an emergency contact or as a referee, you are happy for us to use your personal data to contact you for a relevant reason. If you don’t want any further contact with us you can ask us to stop by contacting us using the details at the end of this Privacy Notice.
Cookies
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We do not collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or other device. You can find more detailed information about how you can manage Cookies at the All About Cookies and Your Online Choices websites.
By using this website, you declare that you agree to the processing of data collected about you by Google in the manner described above, and for the purposes described above. You can counteract the saving and collection of data with a plugin for your browser, available here.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our servers are in a secure location in our offices or are hosted from datacentres within the EU which are ISO27001 certified.
Links to other websites and social media
Our website may contain links to other websites of interest. However, once you have used these links to leave our site(s), you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Contact Us
To exercise any relevant rights, queries or complaints please contact us via a method shown on our web page here or by one of the following means:
By Phone:
+44 (0)1708 865656
By Post:
Ensignbus Company
Juliette Close
Purfleet Industrial Park
Purfleet, Essex
RM15 4YF
United Kingdom
Email: [email protected]
Contact the Information Commissioner
If you wish to make a complaint then you can contact the Commissioner at the Information Commissioners Office (ICO) in the following ways:
By Phone:
+44 (0)303 123 1113
By Post:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Other contact options can be found on the ICO website at https://ico.org.uk/global/contact-us/.