GDPR Statement
Last updated 7th June 2018
Your personal information
In your role as a cycling Instructor, Surrey County Council collects, processes and stores your information in two ways:
- As part of its general corporate processes. The County Council has published the following privacy notices:
- General public corporate privacy notice
- Payroll and employee services privacy notice
- HR privacy notice (to follow)
- Pensions privacy notice (pdf)
- In addition to this, we (the Cycle Training Team in Environment and Infrastructure Directorate) have the service-specific online administration system. The rest of this privacy notice refers to this system.
Your information on https://surreycycletraining.online
The Cycle Training Team commissioned and uses a bespoke online booking and administration system developed by an external company ("Weblaunch Ltd").
What personal information we collect from you
- Address
- Phone numbers (landline, private mobile, SCC mobile)
- Email address
- IP address, User agent, Browser, operating system
- Name
- Payroll number
- Car registration
- DBS number
- National Standard Instructor accreditation number
- Time, date and location of courses allocated
Collection of your information
Cycle Training Team office staff collect your information. You can amend your own personal contact details.
IP address, user agent, browser and operating system are collected automatically by the system and are viewable by system administrators.
The site uses cookies to keep track of your logged-in session, so you don’t have to log in for every page. They only last as long as your session and contain no personal information.
The basis on which we collect the information
The information is necessary to fulfil the County Council's contract with you - the online system enables you to indicate when you can work and enables work to be allocated to you.
The purposes for which your information is used
- Communications with office staff: name, phone, address, email.
- Population of fields for generating expense claims: name, address, payroll number, car registration.
- Calculate distance to work location: address.
- Enable Instructor login: email.
- Help the developers diagnose browser specific issues: IP address, user agent, operating system, browser.
- Creating a work schedule: name, time, date and location of courses allocated.
- Satisfy school safeguarding requirements: DBS number.
- Record Instructor National Standard accreditation: National Standard Instructor accreditation number.
Sharing of your information
The developer has access to all information.
Instructor addresses are submitted to Google to calculate road distances to place of work, which helps us make decisions on where your training will take place. The Google Maps API is also used to populate fields in your expense claim form.
Your name and DBS number are viewable by school staff - when they log in to the system - to satisfy safeguarding requirements. Your name and DBS number can be seen by staff at those schools on your schedule.
Your name, contact details and work locations for selected dates are shared with the Instructor Training Organisation, Kingston Council, to arrange mentoring visits.
If you gained your accreditation through Surrey County Council then your contacts details will have been provided to the Instructor Training Organisation running your accreditation course to enable them to provide you with course materials and venue details.
Where your information is stored
The personal information you share with us is stored in a database on a live server. A list of pages you visit are stored on a live server in separate log files.
For how long is your information retained?
Your personal information on the website is retained whilst you are employed by Surrey County Council. After you leave, your name will still be recorded against courses you taught and will also be on the copies of the course register for their retention period.
How information is protected against breaches
The servers are protected with two independent firewalls. All ports excepting those required for operation of a website are closed or access regulated by IP address.
All communications with the servers are encrypted to prevent man-in-the-middle attacks.
The hosting is cloud-based so there is no single physical presence, however data centres are protected by 24 hour security. Data Centres are located in the UK.
How information is protected against losses
Data are backed up daily and stored securely off-site for 1 month. After one month data are destroyed.
Cloud-base hosting ensures there is no single point of hardware failure.