Privacy Policy

General Data Protection Regulations (GDPR) Privacy Notice  

 

Introduction

National Highways have fully committed to adherence of the General Data Protection Regulations (GDPR) following implementation on the 25th May 2018. In relation to our collection and processing of personal data, please see the below information. 

Section 1 – Collection of Data 

  1. National Highways will be the data controller and the contact details for the company are:
    1. Data Protection Officer: Graham Woodhouse
    2. E-mail: DataProtectionAdvice@highwaysengland.co.uk   
  2. The data is being collected for
    1. Technical Standards Enterprise System (TSES) login information. 
    2. TSES application notifications 
    3. TSES application-specific workflow audit;
      1. Departures Appraisal System (DAS 3.0): authoring, review, comment, appraisal and approval of Departures 
      2. Collaborative Authoring Review System (CARS): authoring, review and comment of drafted technical standards 
      3. TSES Index: Creation and management of technical standards publications 
  3. The data processors, working on behalf of National Highways in relation to this will be: 
    CACI UK Ltd 
  4. Collected data will be stored within secure electronic systems, with the system being dependant on the nature of information. The systems used by National Highways for the storage of the user account data are:  
    PostgreSQL databases hosted within the National Highways Microsoft Azure subscription with access restricted to a pre-defined list of allowed inbound systems and named systems administrators. 
  5. Information stored by third parties will be held on the following systems: 
    The e-mail (SMTP) server for the TSES is provided by SendGrid (https://sendgrid.com/solutions/smtp-service).  E-mail addresses are temporarily stored in an activity log for a maximum of 7 days for the purposes of tracking mail delivery 
Back to top

Section 2 – Processing of data  

In addition to the information referred to in section 1, at the point of collection we will, at the time when personal data are obtained, provide you with the following further information necessary to ensure fair and transparent processing:   

  1. The personal data will be stored until your claim to compensation has been resolved. 
  2. Under GDPR you have rights to request information from the company
    1. Right of access to the data (Subject Access Request) 
    2. Right for the rectification of errors 
    3. Right to erasure of personal data – not an absolute right 
    4. Right to restrict of processing or to object to processing 
    5. the right to data portability;   
  3. As the processing is based on receiving the consent of the data subject then we have to inform the data subject that they have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. 
  4. You have the right to lodge a complaint with a supervisory authority (in the UK that is the Information Commissioners Office) 
  5. If we are to process the personal data we hold for a purpose other than that for which it was originally collected then we will provide the you with information on what that other purpose is prior to that further processing taking place.  The extra information will include any relevant further information as referred to above including the right to object to that further processing.  
Back to top