Privacy

At Sustrans, we are committed to protecting your privacy and being transparent about how we collect and use your personal information.

We process your personal information in compliance with the Data Protection Act 2018 and other relevant privacy legislation, respecting your individual rights.

How do we collect personal information?

We collect personal information directly from you when you contact us, register with us, enquire about our activities, make a donation, participate in an event, buy from our online shop, apply to work or volunteer with us, visit our website or otherwise provide us with your personal information.

We may also receive personal information indirectly from you, for example through specialist companies carrying out work on our behalf such as surveys or event bookings, partner organisations for our projects or website and social media platforms which you use to engage with us.

What personal information do we collect?

When you choose to interact with us we may collect the following personal information about you, where we have a lawful reason:

  • contact information: Including name, postal address, email address, phone number, place of work and job title
  • financial information: Including bank details, payment details and if you are a tax payer
  • background information: Including employment history, eligibility checks and training records
  • sensitive personal information: Including age, gender, health, and other diversity information
  • your opinions on our services and the routes near you
  • how you interact with our website and track which pages you visit when you follow links from our emails through the use of cookies.

Where possible we use anonymous or aggregated data that does not identify you.

How do we use personal information?

We use the personal information collected from you for a number of purposes, where we have a lawful reason, including:

  • providing you with services, products or information you have requested
  • providing further relevant information about our work, services, activities or products
  • analysing, managing and improving our services, products and information
  • furthering our charitable aims, including for fundraising activities
  • processing donations or payments we have received from you
  • fulfilling sales you place through our online shop
  • processing your application to work or volunteer with us
  • inviting voluntary participation in research or surveys.

We will also process your personal information as required by law or regulation.

Do we share your personal information?

We will never sell your personal information to any third parties.

We will share your personal information with partner organisations, such as local authorities or funders, where mentioned when you provide us with your personal information.

In order to deliver the services we offer, we may share your personal information with carefully selected third parties working with us or on our behalf, for example delivery companies for our online shop.

We will share your personal information when legally required to do so.

How do we keep your personal information secure?

We adopt appropriate technical and organisational measures to make sure your personal information is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage, from the point of collection to the point of destruction.

Access to your personal information is restricted to those people who are required and authorised to process it. Appropriate background checks and training take place for our staff, contractors and volunteers processing personal information.
Your personal information will only be shared with another organisation if they agree to ensure sufficient safeguards are in place to protect your personal information.

We will not transfer personal information to countries outside the European Economic Area unless appropriate safeguards are in place, your individual rights are enforceable with effective legal remedies and you are informed.

How long do we keep your personal information?

While you are actively engaged with our work we will retain your personal information. Beyond that we will generally keep your personal information for up to six years, or as legally required. We will remove your personal information earlier if it is no longer required, we no longer have a lawful basis for processing it, or you ask us to remove it.

Your rights

Your personal information belongs to you. You have rights over how we use your personal information:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in relation to automated decision making and profiling.

For further information about your rights, and when they apply, see the Information Commissioner’s Office website: https://ico.org.uk/your-data-matters/

You may opt-out of any marketing communications at any time, by clicking on the unsubscribe link in marketing emails or responding with an “opt out” email. If you ask to stop receiving marketing communications we will retain minimal personal information on our suppression lists to help ensure that we do not contact you.

Registering with the free Telephone Preference Service gives you the opportunity to opt out of receiving unsolicited calls. The Mailing Preference Service will enable you to register to have your name taken off direct mailing lists.

If you are unhappy with our use of your personal information, you have the right to complain to the Information Commissioner’s Office. We would encourage you to contact us in the first instance so we can attempt to resolve any concerns.

Contact us

If you have any questions, comments or feedback about how we use your personal information, or would like to exercise you rights, then please contact our Data Protection Manager:

Email:   [email protected]

Phone:  0117 926 8893

Postal:  Sustrans, 2 Cathedral Square, College Green, Bristol, BS16 9DA

This privacy information was issued in May 2019, and has a review date of May 2020. This information will still apply beyond the review date, until the next version is issued.

Additional privacy notices