Good Journey may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 22nd January 2021.
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or purposefully make public your personal information – that’s a promise
2.0 RELEVANT LEGISLATION
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site's compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences' specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 9.0) for clarification.
3.0 PERSONAL INFORMATION DATA WE COLLECT AND WHY WE COLLECT IT
We only collect personal information data that is relevant to the purpose of our website. This information allows us to provide you with a customised and efficient experience. We collect the following types of information from our users:
3.1 Site Visitation Tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We do this to determine the number of people using our site, to better understand how they find and use our web pages and help us to build a better service.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider GA to be a third party data processor (see section 6.0 below).
5.0 SECURING DATA TRANSFER & THIS WEBSITE'S SERVER
The connection your web browser has to our site is secured with an SSL certificate from Let’s Encrypt meaning any data transferred from our server to your browser (or from you to us) is encrypted and secure. The website is hosted by Siteground within a UK data centre located just outside London.
6.0 OUR DATA PROCESSORS
6.1 Personal Data Processors
We use 2 main third parties to process personal data on our behalf, Google and Mailchimp. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. All 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
6.2 Other Data Processors
We use an API connection to our journey data partner, Traveline, to provide you with journey planning information. Requests you make to this service, by planning a journey yourself, will collect tracking data in the same way our own site visitation tracking (3.1) does, using a unique GA ID. The data is sent securely and none of this information personally identifies you to us.
7.0 DATA BREACHES
Any unlawful data breach of this website's database or the database(s) of any of our third party data processors will be reported to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 CONTROLLING YOUR PERSONAL DATA
8.1 Data Handling
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information which we hold about you, if you would like a copy of the information held on you please contact us. You may also request that we delete or anonymise any data we hold about you, if you would like us to do this, please contact us.
8.2 Data Controller
The data controller of this website is: Good Journey
Whose operating office is:
Hill House, 37 Innox Hill Frome BA11 2LN
8.3 Data Protection Officer
9.1 Change Log
25th May 2018 - policy instigated
22nd January 2021 - updated