Who we are
The data controller in respect of our website is Driving Mobility. Driving Mobility is a registered charity number 298178 and a company limited by guarantee registered number 2192584. If you wish to get in touch please see our contact page.
What information we may collect about you and why
Your name and contact details
| How we collect it | How we use it |
|---|---|
| When you fill out a contact form on our website or if you call or email us. | To deal with your query. |
| Lawful basis: legitimate interests | |
| When you complete a registration form on our website. | To register you as a user of this website, or to register you for a course we run. |
| Lawful basis: contract | |
| When you submit your response to a survey on our website | To study how individuals use our services or the services of our partners |
| Lawful basis: legitimate interests | |
Information about your device, and how you use our website
| How we collect it | How we use it |
|---|---|
| When you visit this website, information about your device, operating system, browser and your IP address are automatically saved in log files on the web server | This helps us ensure the security of our site by monitoring normal and malicious use of our site |
| Lawful basis: legitimate interests | |
| If you login to our site we also collect details of your IP address and the time of your login | This helps us ensure the security of restricted content for logged-in users or members |
| Lawful basis: legitimate interests | |
| We collect details of your visits to our site, including which pages you visit and actions you take. | This helps us to see what parts of our site are being used and to improve our site for our visitors and users |
| Lawful basis: legitimate interests | |
Aggregated Data
We also collect, use and share Aggregated Data such as statistical or demographic data you provide in response to a survey. Aggregated Data could be derived from your personal data but is not considered personal data in law because this data will not directly or indirectly reveal your identity. For example, we may aggregate your responses to a survey to calculate the percentage of individuals accessing a specific service offered by us or our partners. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Marketing
We do not currently collect information for marketing purposes on this website.
Special category data
We do not currently collect any special category data on this website.
Minors under 16
This website is intended for visitors and users over the age 16 and as such we do not knowingly collect any information about children.
Data retention
We will only keep your data for as long as necessary. For data that we have identified as being covered under the legitimate interests lawful basis, this will be for no more than two years. For data identified as being covered under the contract lawful basis, this will be kept for a minimum of six years and no longer than ten years. This includes keeping records as required by law for tax and auditing purposes.
Data storage
We store your data on our password protected, encrypted computers and server in our UK office. Your data may also be shared with third parties as detailed below.
Sharing your personal information
We take your privacy seriously and will only use your personal information to respond to your queries, to provide the services you have requested from us, provide administration notices, or for the normal functioning of this website. Your personal information will never be shared with third parties for marketing purposes and will not be used by us for marketing purposes without your explicit consent.
We do use some third party companies who act as data processors, to provide services in order to run our website and in order to run our business. Your data may be shared or stored with them as follows.
| Reason | Location |
|---|---|
| We use a specialist server company called Layershift to host our website. | A secure datacentre in the UK. Data is permanently held unless changed or deleted. Onsite backups are kept for 7 days. |
| We use a specialist server company called Hetzner to store additional backups of our website. | A secure datacentre in Germany. Backup data is encrypted. Data is kept for 30 days. |
Cookies
Like most websites we set cookies to enable features on our website. You can find out more about cookies and how to manage them on the All About Cookies website.
We set strictly necessary cookies for security and to enable you to do things like login to our site.
| Cookie name | Reason |
|---|---|
| __cfduid | Set by Cloudflare and used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. |
| wordpress_[hash] wordpress_sec_[hash] wordpress_logged_in_[hash] | Set by WordPress if you login to our site to store your authentication details. |
| wordpress_test_cookie | Tests whether or not your browser has cookies enabled. |
| wp-settings-{time}-[UID] | Set by WordPress and used to customize your view of admin area interface (if applicable), and possibly also the main site interface. |
We use third parties for some services such as website analytics, embedded maps, embedded videos and web fonts amongst others. Some of these may set performance cookies and some services such as Google Maps, Google Fonts and Youtube may collect IP addresses and/or set cookies. For more information on all of Google’s services please see Google’s privacy policy.
| Cookie name | Reason |
|---|---|
| _gid | Set by Google Analytics to distinguish users. We have enabled IP masking which ensures IPs are anonymised before being sent to Google. |
| _ga | Set by Google Analytics to distinguish users. We have enabled IP masking which ensures IPs are anonymised before being sent to Google. |
| SID, SAPISID, APISID, SSID, HSID, NID, PREF | Set by Google Maps to measure the number and behaviour of Google Maps users. Google may collect some data including search terms, IP addresses, and latitude/longitude coordinates. |
| SID, LOGIN_INFO, PREF, SSID, SAPSID, APISID, CONSENT, YSC, HSID, VISITOR_INFO1_LIVE | Set by Youtube for embedded videos to control playback and to measure the number and behaviour of Youtube users. |
Security
We take security very seriously and have taken appropriate measures to secure our website and your data. However please be aware that the internet is a public network and it is not possible to guarantee absolute security.
| Measure | Why |
|---|---|
| Cloudflare | A website application firewall that increases security by blocking known hackers, abusive bots and malicious IP addresses. |
| SSL | Encryption to ensure secure transmission of your personal information when you submit a form on our website. |
| Firewalls and IP banning | Prevent unauthorised access to our server and block malicious users or bots. |
| Activity logging | Keeps records of actions taken on our site to help identify security issues or breaches. |
| Uptime monitoring | We receive notifications if our website is offline or unreachable for more than 3 minutes. This helps us to ensure our website stays online and to alert us to any potential threats which may take the site down. |
| Security plugins | We make use of several security plugins that scan for malware and infected files and block access to suspicious activities and notify us of any unusual activity patterns, or administrator logins. |
Breach notifications
The ICO define a data breach as “A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”. We are required under law to tell the data protection regulator of data breaches within 72 hours. We are also required to notify individuals in certain circumstances and we will do so as required.
Your rights
- Right to confirmation – you have the right to know if we hold personal data that concerns you
- Right to access – you have the right to view and to obtain a copy of any personal data we hold that concerns you
- Right to rectification – you have the right to the correction of any inaccuracies within the personal data we hold that concerns you
- Right to erasure – you have the right to have your personal data removed from our systems
- Right to complain – you have the right to complain to the data protection regulator (the ICO in the UK) but we would appreciate it if you would contact us in the first instance so that we can help with any issues!
If you wish to exercise any of your rights please contact us and we will be happy to help.
Changes to this policy
We may make changes to this policy from time to time and they will be listed here.