Hansom Airport Taxis needs to gather personal information about individuals in order to
deliver many of its services. Hansom Airport Taxis must comply with the law when
collecting and processing this information. Hansom Airport Taxis is committed to
upholding the principles of data protection and ensuring that all personal data it
processes is handled lawfully, safely and in a manner that protects the rights of
individuals with whom Hansom Airport Taxis works.
Hansom Airport Taxis is a registered Data Controller. This means that Hansom Airport
Taxis makes decisions on what data it processes, how and why. HansomAirportTaxismay on
occasion work with a Data Processor (i.e. a third party who processes data on behalf of a
DataController).
This document describes the policies Hansom Airport Taxis. must follow in order to
lawfully and fairly process data as detailed in the General Data Protection Regulation
(GDPR). Hansom Airport Taxis processes must be transparent and easy to understand for
any individuals whose data we collect.
Failure to follow these policies could result in serious legal, financial and reputational
consequences for Hansom Airport Taxis, and disciplinary action for individuals.
Hansom Airport Taxis is made up of a number of contracts, each of which has different
data protection requirements. This adds some complexity to how Hansom Airport Taxis
approaches data protection. However, as Hansom Airport Taxis is the registered data
controller, Hansom Airport Taxis is ultimately responsible for all data handled by any
projects it manages.
This policy contains basic data protection procedures that every member of Hansom Airport Taxis
staff and contractors must follow.
This policy applies to Hansom Aiport Taxis staff and contractors at every level of the organisation:
• Hansom Airport Taxis Directors
• All full and part-time paidstaff
• Any volunteers or unpaid staff
• Third parties and contractors working on Hansom Airport Taxis behalf as a Data Controller
Hansom Airport Taxis is registered with the Information Commissioner’s Office (ICO) as a
data controller.
The registration number is 00015955443 is registered until 12/02/2025 we expect to meet all
requirements of this and to take out such accrediations.
Hansom Airport Taxis does not consider itself to be a data processor for any third party organisation.
As a data controller, Hansom Airport Taxis is obligated to make efforts to ensure that any
third party organisation who processes data on its behalf is GDPR compliant.
Hansom Airport Taxis uses contractors to perform some of its functions, such as:
• Passenger Transportation
The GDPR is effective from 25 May 2018. The GDPR is an extension of the Data Protection
Act 1998. It is designed to ensure that every individual, or ’data subject’, has control over
how their data is used, processed and stored.
The GDPR applies to both digital and hard copy data (i.e. data stored on paper or other
materials).
It emphasises ‘data protection by design and default’; this means that Hansom Airport
Taxis should build data protection into every task, or contract from the beginning, rather
than seeing it as a legal tickbox exercise.
The GDPR covers six basic principles which Hansom Airport Taxis must take into
account when collecting and processing personal data:
1. Lawfulness, fairness and transparency: data subjects must be able to easily
understand how and why we are processing their data
2. Purpose limitation: we must have a clear and legitimate purpose for processing
data, and we should not process it beyond that purpose
3. Data minimisation: We should collect the minimum amount of data we need in
order to achieve our purpose.
4. Accuracy: We should take every reasonable step to ensure that data we collect is
accurate, that any inaccuracies should be corrected or deleted without delay.
a. Storage limitation: We always take all appropriate measures to
ensure that data is stored safely and securely.
b. Integrity and confidentiality: We should ensure that data is processed securely
so as to avoid unauthorised or unlawful processing, accidental loss, destruction or
damage.
Under the GDPR, every data subject has eight rights in relation tc the collection
and processing uf theit personal data:
1. The right to be informed: the right to know what Hansom Airport Taxis is doing
with their personal data and why.
2. The right of access: the right to see exactly what information Hansom Airport
Taxis has on a data subject.
3. The right to rectification.’ the right to tell us to correct personal data promptly.
4. The right to erasure: the right to ask us to erase any and all data that we hold on
a data subject.
5. The right to restrict processing: the right to tell us not to perform a particular
process on personal data.
6. The right to data portability: the right to have their data provided in a machine-
readable format that other organisations can easily access, e.g. a CSV file.
7. The right to object: the right to object to processing even where we have a
legitimate lawful basis, based on the individual’s specific situation.
8. Rights in relation to automated decision making and profiling: rights around
where you can or cannot use automated systems to process data.
Personal data
This policy applies to the processing of any data which can be described as personal
data. ”fhe GDPR describes personal data as:
any information resulting to an identified or Identifiable natural person (‘data subject’), an
identifiable natural person is one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economies, cultural or social identity of that natural person
Since this definition of personal data is very broad, this policy assumes that the majority of
data collected by Hansom Airport Taxis could be considered personal data.
Examples of non-personal data
Personal data only applies to data which refers to a ‘natural person’, i.e. a human being.
Examples of data which would not be considered personal data would include:
• Names of organisations and their addresses and non-named contact details(Hansom
Airport Taxis, for example, is considered a ’legal person’ but not a ‘natural person’).
• Email addresses which do not have a specific person’s name in them.
• Data that has been sufficiently pseudonymised.
• Data that has been sufficiently anonymised.
Pseudonyimisation and anonymisation
Pseudonymisation means to replace a piece of personal information with some other
information (e.g. replacing a name with initials or a numerical code) in order to make it
difficult to identify the data subject.
Pseudonymised data may still be considered personal data if there is other identifiable data,
like a named email address or a physical description, which may help to identify the
pseudonymised person.
Anonymised data has had all personally identifiable data removed and cannot be linked
back to an individual in any way, e.g. asking individuals about ethnicity (a special category
of personal data), but only reporting on aggregated statistics without referencing
individuals.
Special categories of data
The GDPR also describes categories of ’special data’, which have additional security. This
is defined as:
‘personal data revealing racial or ethnic origin, political opinions, religious or
philosophical beleifs, or trade union membership and the processing of genetic data,
biometric data for the purpose of uniquely identifying a natural person, data concerning
health or data concerning a natural person’s sex life or sexual orientation shall be
prohibited.’
This data can only be lawfully processed if the correct conditions have been met for both personal
data and special data.
Hansom Airport Taxis must keep a record of the processes is applies to special catergories of data.
Hansom Airport Taxis must also keep a record of explicit consent given to process this data.
Processing
The GDPR describes processing as:
‘any operation or set of operations which is performed on personal data or on sets of
personal data, whether or not by automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction’
This means that simply keeping the name of an individual on a server hard drive or on a
piece of paper in a filing cabinet is considered processing.
Personal data can only be lawfully processed once the correct conditions have been
met. The correct conditions are defined by Hansom Airport Taxis lawful bases for
processing data.
Every organisation must have a lawful basis for processing personal data. Without a lawful
basis, Hansom Airport Taxis cannot legally collect personal data.
There can be more than one lawful basis. Organisations must decide on their lawful bases
and record them.
Processing of special categories of data requires additional conditions as well as a
standard lawful basis.
Copyright © 2024 Hansom Airport Taxis - All Rights Reserved.
website Design - Tabitha Say Design