Privacy Policy

Contents 1. Introduction

1.1 The need for a Data Protection Policy

1.2 Scope of the Policy

2. Data Protection Principles

2.1 Objective

2.2 Data Protection Principles

3. Organisational Management

3.1 Objective

3.2 Management Responsibilities

3.3 Staff Responsibilities

4. Access Requests

4.1 Objective

5. Cookie Policy

1. Introduction

1.1 The need for a Data Protection policy

Express Travel needs to collect and use information about people to carry out its business activities and fulfil statutory obligations.

The information is held on past, current, and prospective, employees, clients/customers, suppliers, and others with whom we communicate. Some information may have to be collected to satisfy our legal obligations.

Personal information must be handled properly no matter how it is collected, recorded, used, or disseminated: on paper, in a computer, or recorded in other ways.

Express Travel is required to comply with all relevant UK and European Union legislation. This obligation extends to employees contractors who may also be personally liable for any breaches.

1.2 Scope of a Data Protection Policy

This policy aims to ensure that:

  • there is a nominated person with specific responsibility for data protection
  • everyone managing and handling personal information: understands s/he is contractually responsible for following good data protection practice;
  • anyone wanting to make enquiries about handling personal information knows what to do;


  • clear procedures on handling personal information: are in place; and are regularly assessed and evaluated;


  • Performance with handling personal information is regularly assessed and evaluated

2. Data Protection Principles

2.1 Objective

To ensure anyone processing Personal Data Ambulance Service NHS Foundation Trust complies with data protection principles.

2.2 Data Protection Principles

The Act requires that personal data:

  1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met and, in the case of sensitive personal data, an additional condition is also met;
  1. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
  1. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  1. Shall be accurate and, where necessary, kept up to date;
  1. Shall not be kept for longer than is necessary for that purpose or those purposes;
  1. Processed in accordance with the rights of data subjects under the Act; and that:
  1. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
  1. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

3. Organisational Management

3.1 Objective

To establish the management structure for good practice to manage data effectively and respect personal privacy.

3.2 Management Responsibilities

Express Travel will:

  • fully observe conditions for the fair collection and use

of information;

  • meet its legal obligations to specify the purposes for which information is used;
  • collect and process relevant information, and only to the extent it is needed to fulfil operational needs or to comply with legal requirements;
  • ensure the quality of information used;
  • apply strict checks to determine how long information is


  • ensure people whose information is held can fully exercise

their rights under the DPA 1998;

  • take appropriate technical and organisational security measures to safeguard personal information;
  • ensure personal information is not transferred outside the

EEC without suitable safeguards.

  • there is a nominated person, the Data Protection Officer, with specific responsibility for data protection
  • everyone managing and handling personal information is

aware of their responsibilities;

  • anyone wanting to make enquiries about handling personal information knows what to do;
  • clear procedures on handling personal information; are in place;
    • are regularly assessed and evaluated; and
    • the performance of these procedures is regularly monitored and evaluated

3.3 Staff Responsibilities

Everyone managing and handling personal information:

  • understands s/he is contractually responsible for following good data protection practice;
  • is aware of her/his responsibilities and obligations to respect patient confidentiality
  • is appropriately trained to do so; and
  • is appropriately supervised;

Staff are also legally liable if they breach legislation relating to gathering, storage or processing of data at all times.

4.0Access Requests

4.1Subject Access request

In general, an individual has the right to gain access to her/his personal data however it is held and whenever it was made. This normally involves providing an individual with copies of her/his records when asked to do so.

You must also give the data subject:

  • a description of the data;
  • a description of the purpose/s for which the data are being or are to be processed;
  • a description of those to whom the data are disclosed.
  • In addition, you must give the data subject:
  • any information available to the controller about the source of the data;
  • an explanation of any automated decision taken about the data subject.

5. Cookie Policy

What’s a cookie?
A ‘cookie’ is a piece of information that is stored on your computer’s hard drive and which records how you move your way around a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.

Cookies are used by nearly all websites and do not harm your system.
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. You can block cookies at any time by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

How do we use cookies?
We use cookies to track your use of our website. This enables us to understand how you use the site and track any patterns with regards how you are using our website. This helps us to develop and improve our website as well as products and / or services in response to what you might need or want.

Cookies are either:
– Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page but they do not collect any personal data from your computer; or

– Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies for Google Analytics.

Cookies can also be categorised as follows:
– Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.