Privacy and cookies - Driving Mobility

Privacy and cookies

We are committed to protecting the privacy and security of our site visitors and clients. This policy sets out how we collect, use and store personal and other data for visitors and users of this website.

Who we are

The data controller in respect of our website is Driving Mobility. Driving Mobility is a registered charity number 298178 and a company limited by guarantee registered number 2192584. If you wish to get in touch please see our contact page.

What information we may collect about you and why

Your name and contact details

How we collect itHow we use it
When you fill out a contact form on our website or if you call or email us.To deal with your query.
Lawful basis: legitimate interests
When you complete a registration form on our website.To register you as a user of this website, or to register you for a course we run.
Lawful basis: contract

Information about your device, and how you use our website

How we collect itHow we use it
When you visit this website, information about your device, operating system, browser and your IP address are automatically saved in log files on the web serverThis helps us ensure the security of our site by monitoring normal and malicious use of our site
Lawful basis: legitimate interests
If you login to our site we also collect details of your IP address and the time of your loginThis helps us ensure the security of restricted content for logged-in users or members
Lawful basis: legitimate interests
We collect details of your visits to our site, including which pages you visit and actions you take. This helps us to see what parts of our site are being used and to improve our site for our visitors and users
Lawful basis: legitimate interests

Marketing

We do not currently collect information for marketing purposes on this website.

Special category data

We do not currently collect any special category data on this website.

Minors under 16

This website is intended for visitors and users over the age 16 and as such we do not knowingly collect any information about children.

Data retention

We will only keep your data for as long as necessary. For data that we have identified as being covered under the legitimate interests lawful basis, this will be for no more than two years. For data identified as being covered under the contract lawful basis, this will be kept for a minimum of six years and no longer than ten years. This includes keeping records as required by law for tax and auditing purposes.

Data storage

We store your data on our password protected, encrypted computers and server in our UK office. Your data may also be shared with third parties as detailed below.

Sharing your personal information

We take your privacy seriously and will only use your personal information to respond to your queries, to provide the services you have requested from us, provide administration notices, or for the normal functioning of this website. Your personal information will never be shared with third parties for marketing purposes and will not be used by us for marketing purposes without your explicit consent.

We do use some third party companies who act as data processors, to provide services in order to run our website and in order to run our business. Your data may be shared or stored with them as follows.

ReasonLocation
We use a specialist server company called Layershift to host our website.A secure datacentre in the UK. Data is permanently held unless changed or deleted. Onsite backups are kept for 7 days.
We use a specialist server company called Hetzner to store additional backups of our website.A secure datacentre in Germany. Backup data is encrypted. Data is kept for 30 days.

Cookies

Like most websites we set cookies to enable features on our website. You can find out more about cookies and how to manage them on the All About Cookies website.

We set strictly necessary cookies for security and to enable you to do things like login to our site.

Cookie nameReason
__cfduidSet by Cloudflare and used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
wordpress_[hash]
wordpress_sec_[hash]
wordpress_logged_in_[hash]
Set by WordPress if you login to our site to store your authentication details.
wordpress_test_cookieTests whether or not your browser has cookies enabled.
wp-settings-{time}-[UID] Set by WordPress and used to customize your view of admin area interface (if applicable), and possibly also the main site interface.

We use third parties for some services such as website analytics, embedded maps, embedded videos and web fonts amongst others. Some of these may set performance cookies and some services such as Google Maps, Google Fonts and Youtube may collect IP addresses and/or set cookies. For more information on all of Google’s services please see Google’s privacy policy.

Cookie nameReason
_gidSet by Google Analytics to distinguish users. We have enabled IP masking which ensures IPs are anonymised before being sent to Google.
_gaSet by Google Analytics to distinguish users. We have enabled IP masking which ensures IPs are anonymised before being sent to Google.
SID, SAPISID, APISID, SSID, HSID, NID, PREFSet by Google Maps to measure the number and behaviour of Google Maps users. Google may collect some data including search terms, IP addresses, and latitude/longitude coordinates.
SID, LOGIN_INFO, PREF, SSID, SAPSID, APISID, CONSENT, YSC, HSID, VISITOR_INFO1_LIVESet by Youtube for embedded videos to control playback and to measure the number and behaviour of Youtube users.

Security

We take security very seriously and have taken appropriate measures to secure our website and your data. However please be aware that the internet is a public network and it is not possible to guarantee absolute security.

MeasureWhy
CloudflareA website application firewall that increases security by blocking known hackers, abusive bots and malicious IP addresses.
SSLEncryption to ensure secure transmission of your personal information when you submit a form on our website.
Firewalls and IP banningPrevent unauthorised access to our server and block malicious users or bots.
Activity loggingKeeps records of actions taken on our site to help identify security issues or breaches.
Uptime monitoringWe receive notifications if our website is offline or unreachable for more than 3 minutes. This helps us to ensure our website stays online and to alert us to any potential threats which may take the site down.
Security pluginsWe make use of several security plugins that scan for malware and infected files and block access to suspicious activities and notify us of any unusual activity patterns, or administrator logins.

Breach notifications

The ICO define a data breach as “A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”. We are required under law to tell the data protection regulator of data breaches within 72 hours. We are also required to notify individuals in certain circumstances and we will do so as required.

Your rights

  • Right to confirmation – you have the right to know if we hold personal data that concerns you
  • Right to access – you have the right to view and to obtain a copy of any personal data we hold that concerns you
  • Right to rectification – you have the right to the correction of any inaccuracies within the personal data we hold that concerns you
  • Right to erasure – you have the right to have your personal data removed from our systems
  • Right to complain – you have the right to complain to the data protection regulator (the ICO in the UK) but we would appreciate it if you would contact us in the first instance so that we can help with any issues!

If you wish to exercise any of your rights please contact us and we will be happy to help.

Changes to this policy

We may make changes to this policy from time to time and they will be listed here.