- Case Studies
- Traffic Order FAQs
Privacy and data protection statement
The Buchanan Order Management website does not gather or track any personal information about you, except where you are explicitly invited to register or log in so that you can obtain detailed information or downloads from our site. In such cases we keep email addresses or other information that you voluntarily provide, but we will never pass that data on to third parties or use it for inappropriate marketing. You may apply at any time to have your details removed from our database. Simply email us at email@example.com, or write to us at The Barn, Enborne Gate, Newbury, Berkshire, RG14 6AL.
Cookies are tiny text files that many web sites automatically place on users’ computers to manage interaction with the site. What they can contain is strictly controlled by web technology and the law.
By default, our website employs Google Analytics to evaluate site performance and visitor behaviour, but you can override this by selecting “Decline” in the cookie bar at the top of our pages. Just click on the ‘Cookies’ link at the top of the window, or (if it is not visible) click ‘Reset cookies’ in the footer panel and follow the instructions.
2. Session management
Session cookies are considered “essential” cookies under the current UK interpretation of the Electronic Communications Regulations. Such cookies are not monitored or analysed, even by us, and are there purely to make your visit to the site more seamless. Whilst we are not required to offer an option to suppress these, we wanted to advise you that they are used, so that if you have any qualms you can override them by updating the settings of your web browser.
However, if you do reject these cookies, some parts of our web site may not work properly or at all. Session cookies are now almost universally used by modern interactive web sites, and have come to be regarded as part of the essential functioning of the internet.
To amend cookie preferences for this site
Please click the Reset cookies link in the footer of this page, and follow the instructions in the popup panel that will open.
Personal data and GDPR
We take utmost care to ensure that personal data we hold is secure, correct, deleted when no longer necessary, and used only in ways that people find positive and acceptable.
We store very little information about individuals, because our products and services are generally only of interest to local authorities and companies. Most of the personal data we hold comprises just names and work email addresses. We very rarely hold home addresses, personal phone numbers or any other information about an individual, and only then for people who have specifically asked us to use their personal contact details instead of their work ones. Under previous legislation, an email address such as Joe.Bloggs@Centralshire.gov.uk was not treated as personal data, simply as a label for a particular mailbox within an organisation to which a certain type of correspondence should be sent.
Under GDPR, some advisors now consider work email addresses to be personal data, along with those of sole traders and unincorporated partnerships. We only obtain these directly from the individuals and organisations concerned – never from third parties. We do not ever pass them on to be used by anyone else. The legal basis under which we hold and use them is ‘legitimate interests’, with ‘contract’ as an additional basis where there is an active supply of software or services, and ‘consent’ where people have specifically opted in to one of our mailing lists. Legitimate interests covers our customers’ expectation of receiving updates on products and services they have enquired about in the past, and our interest in publicising developments, events and new products to people for whom that is relevant. Our use of this basis is justified by the fact that this information is used only in ways that people would expect and which are not intrusive. We would only hold a personal email address or phone number if we had been asked to use it by the person concerned, so the ‘consent’ basis would then apply.
We take trouble to ensure that we only send emails that are relevant and likely to be of interest to the recipients. All email newsletters contain an unsubscribe link at the bottom that will remove that address from all future mailings. Alternatively, recipients are invited to contact us if they wish to be removed from some future mailings, but included in others. Our electronic mailings comply fully with the Privacy and Electronic Communication Regulations, which sit alongside GDPR. We never share data with any other organisation, apart from the email partner via whom our electronic communications are sent and with whom we have an agreement preventing the data being used for any other purpose.
Customers occasionally wish us to store or process personal data on their behalf. In these cases, we are a ‘data processor’, responsible for the security of the data and its deletion when no longer required, but not its content or accuracy. There would always be a written agreement in place to cover these aspects. Our UK-based ISO 27001 certified facilities and the staff involved have been approved by several police forces for this purpose. Buchanan Order Management also processes personal data on behalf of a local authority when instructed to undertake public consultation. Such data is kept secure, not used for any other purpose, and all copies of it are deleted or returned to the client at the end of the project.
If you have any concerns about how we use your personal data, want a copy of what we have recorded about you, wish to change how we contact your organisation, or request that your details are removed from our records, please email: firstname.lastname@example.org for your request to be swiftly actioned.
This statement will be updated from time to time. 24 May 2018
A separate statement is available to current and former employees relating to information we hold about them for payroll, tax and HR purposes.