Corporate Data Protection Policy
Road Safety Analysis is fully committed to transparency in how it handles personal data. The company takes all the essential measures ensure that information it holds remains private and secure and is processed with total confidentiality.
The lawful basis upon which Road Safety Analysis handles personal data is Legitimate Interest as defined under the Data Protection Act 1988 (DPA). The company has completed a Legitimate Interest Assessment to support this basis. We only hold data with minimal privacy impact which is used in the manner our clients and other contacts would reasonably expect. We respect all individual rights with respect to their personal data and offer the right to opt out to everyone whose data we hold.
Road Safety Analysis only holds personal information supplied to it directly by the person concerned, or in the case of organisations with which Road Safety Analysis has an existing commercial relationship by professional colleagues of the person concerned.
Road Safety Analysis’ general purpose in storing personal information is to facilitate professional contact with persons and organisations who use Road Safety Analysis products or otherwise engage in a commercial relationship with the company. We only collect and store information that is necessary and relevant to this purpose. We make every reasonable effort to ensure that it is accurate, correcting or deleting data if necessary.
If Road Safety Analysis ever needs to collect information for any other specific purpose, or if we act as a data processor for another organisation, we will transparently inform the affected individuals.
Road Safety Analysis never has and never will store any sensitive personal data in the meaning of the DPA, except about its own employees for diversity and equality monitoring purposes.
Road Safety Analysis never has and never will store any information about persons under the age of 16.
Road Safety Analysis never has supplied, and never will supply, personal data to any third parties; with the sole exception of Agilysis Ltd. Agilysis Ltd is a company limited by guarantee which is under common control with Road Safety Analysis, and contracts Road Safety Analysis to provide it with certain services. Agilysis Ltd operates to the same strict Data Protection standards as Road Safety Analysis and operates with Road Safety Analysis as a joint data controller.
These principles are enshrined in a series of related procedures which document the flow of personal data and who is responsible for implementing each step.
Road Safety Analysis has no requirement for a Data Protection Officer, as the company does not hold or process substantial volumes of personal data or conduct extensive direct marketing activities.
A Road Safety Analysis Director is designated as the company’s Data Process Auditor. The Data Process Auditor is in overall charge of implementing this code of conduct and related procedures and administers the Data Protection Archive.
Road Safety Analysis uses five systems which may be used for processing personal data:
- Customer Relationship Management (CRM) software (contact information for people who are or have been users of Road Safety Analysis or Agilysis Ltd online services and/or are legitimate business contacts of Road Safety Analysis or Agilysis Ltd Where paper records are also held and referenced in the CRM, including MAST User Licences, these are held securely in the company’s offices)
- Online payment system (contact information for people who have conducted financial transactions with Road Safety Analysis or Agilysis Ltd, including paper records referenced in the payment system such as invoices and POs)
- Personnel data (personal information about persons under contract to Road Safety Analysis only, stored electronically in internal IT infrastructure to which access is restricted to directors, managers and key staff identified by the Executive Team, with hard copies stored under lock and key by the Head of Finance)
- Project folders in internal IT infrastructure (which may contain contractual or project documents which refer to individuals)
- Data provided online to apps accessed via smartphones and websites (personal information about persons who purchase, subscribe to, or use apps published by Road Safety Analysis are maintained on secure servers, protected by industry standard security protocols in accordance with the Security section of the company’s IT Management Policy)
Data Protection Training will be provided for all staff involved in handling personal data for:
- Users of online assets
- Suppliers of services to Road Safety Analysis
- Road Safety Analysis employees
- Clients with whom Road Safety Analysis has a contractual relationship, and/or
- Marketing to existing or potential clients.
This training will be included during induction for new starters. The Data Process Auditor is responsible for ensuring training is delivered.
The training will ensure familiarity with the attached procedures which are relevant to their job roles. The privacy notice procedure is required for all staff; the information request and deletion procedures are only required for designated Data Processors.
The Data Process Auditor will conduct an annual audit of Road Safety Analysis’ Data Protection structures. This audit will:
- Audit the contents of Road Safety Analysis’ data systems and the Data Protection Archive and destroy any information held therein which is no longer required for legal, compliance, statistical or research purposes
- Consider information about projects or clients which have been dormant throughout the previous year, and destroy or archive any personal information held which is no longer required for legal, contractual, compliance, accounting, statistical or research purposes
- Consider financial records in or related to the payment gateway which have been held for more than six years, and destroy or archive any personal information held which is no longer required for legal, contractual, compliance or accounting purposes
- Check personnel data for information held on past employees, and destroy or archive any personal information held which is no longer required for legal, contractual, compliance or accounting purposes
- Review the contents of this code of conduct and related procedures, including any changes to the purposes for which Road Safety Analysis stores personal data and whether they are compatible with the original purpose, and make recommendations to the Board on any revisions which may be necessary
Policy updated: 26th January 2021