GDPR Statement

Last updated 8th June 2018

Your personal information and Surrey County Council 

  1. Surrey County Council is committed to protecting your privacy when you use our services. Our Privacy Notice explains how we use information about you and how we protect your privacy.
  2. The Cycle Training Team commissioned and uses this bespoke online booking and administration system - -  developed by an external company ("Weblaunch Ltd"). This is what you use when making a booking and below we set out how we use your personal information.

What personal information we collect from you

  1. School contact name
  2. School contact phone number
  3. School contact email
  4. IP address, user agent, operating system, browser.

Collection of your information

Cycle Training Team office staff collect your information. You can amend your own personal contact details.

IP address, user agent, browser and operating system are collected automatically by the system and are viewable by system administrators.

The site uses cookies to keep track of your logged-in session, so you don’t have to log in for every page. They only last as long as your session and contain no personal information.

The basis on which we collect the information

The online system enables you to request training, us to offer it to you and you to request amendments to your bookings as well as request support. So for GDRP purposes the basis of the data collection is contractual.

The purposes for which your information is used

  1. Communications with Cycle Training Team staff: name, phone, email.
  2. Enable staff to login: email.
  3. Help the developers diagnose browser specific issues: IP address, user agent, operating system, browser.

Sharing of your information

The developer has access to all information. We do not share your information with anyone else.


Processing of trainee personal information obtained through parental consent

We ask you to process trainee personal information on our behalf. This is the personal information on the consent form, trainee names on the course register and trainee names on the course certificates. We also ask you to email a completed register to us and hand out the certificates.

Using the consent forms, we ask for explicit consent from parents which sets out how the personal information they give is stored and processed. You can see the statements by logging in and downloading the relevant consent form from "resources" on the menu. Here is the Level 2 request extracted from the consent form which we ask parents to sign:

Use of your personal information:

  1. This consent form: the school looks after this consent form. When our Instructors arrive at the school, they will ask to see the consent forms, then check them and hand them back to the school office staff. If you noted that your child needs to carry an epi-pen or similar, then the Instructors may make a note of that on the course register in order to check your child has it before leaving the school premises.
  2. Course register: the school fills in the trainee names on our course register template and provides a copy for the Instructors. Instructors carry the register with them whilst teaching so they can learn the trainees’ names and note progress against the course outcomes. At the end of the training, a register with final outcomes against each child’s name is handed to the school who scan it and email a copy to the cycle training office. We also copy each child’s name and the outcomes they have achieved on to the certificate given to the child. We store completed registers in our office for two years and then dispose of them securely. The reason we store them is so we can respond to any subsequent parental or school enquiries, such as a request for a replacement certificate.
  3. We never pass personal information on to third parties.

Where your information is stored

The personal information you share with us is stored in a database on a live server. A list of pages you visit are stored on a live server in separate log files.

For how long is your information retained?

Your personal information on the website is retained whilst your school remains 'active' on our booking list. You can ask for your school to made 'inactive' if you do not want to participate in cycle training in the future. You can edit your personal information at any time by logging in.

How information is protected against breaches

The servers are protected with two independent firewalls. All ports excepting those required for operation of a website are closed or access regulated by IP address.

All communications with the servers are encrypted to prevent man-in-the-middle attacks.

The hosting is cloud-based so there is no single physical presence, however data centres are protected by 24 hour security. Data centres are located in the UK.

How information is protected against losses

Data are backed up daily and stored securely off-site for 1 month. After one month data are destroyed.

Cloud-base hosting ensures there is no single point of hardware failure.