Privacy & Website Cookies Policy

Our commitment to data protection

ITAL Group Limited is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting the rights and freedoms of individuals whose personal data we process and to handling personal information in a lawful, fair and transparent way.

This Privacy Policy explains how we collect, use, store and share your personal data when you use our services or interact with us.

Who are we?

We are ITAL Group Limited, a company providing support services and SaaS solutions to the transport industry and local authorities.

ITAL Group Limited provides software solution and for service provisions operates through two divisions:

· Independent Revenue Collection and Support (IRCAS)

· Appeals Service (AS)

Data controllers and data processors

Depending on the circumstances, ITAL Group Limited acts, in the main, as a data processor and, in some cases, a data controller under the UK GDPR.

The issuing company or organisation that originally obtained your details is also a data controller.

We process personal data only in accordance with the UK GDPR, the Data Protection Act 2018, and for lawful purposes.

What personal data we collect?

We collect personal data that you provide, or that is provided to us, including when:

• · You are issued with varying types of enforcement notices by our clients that we service
• · You submit an appeal or complete one of our forms
• · You provide information via our website, by post, by email or by telephone
• · You make a payment or request a refund
• · Information is provided to us by transport operators or other lawful partners

This may include name, address, DOB, contact details, journey details, payment information, and correspondence.

Our lawful basis for processing

We process personal data only where at least one lawful basis under the UK GDPR applies. These include:

• · Legal obligation – where processing is required by law
• · Public task / public interest – where processing supports transport regulation and enforcement
• · Legitimate interests – where processing is necessary for the administration, enforcement and resolution of fares and appeals, provided your rights are not overridden

We do not rely on consent as the primary basis for processing in relation to enforcement or appeals activity.

Special category (sensitive) personal data

In some circumstances, we may need to process special category personal data (for example, health information) where relevant to an appeal or prosecution.

Where required by law, we will ensure an appropriate additional condition under the UK GDPR applies, and we will only collect and use this information where it is necessary and proportionate.

How we use your personal data?

We use personal data for the following purposes:

• · to provide and administer our services
• · to process and determine appeals
• · for the ongoing management of enforcement and compliance activity
• · to prevent and detect crime, fare evasion and travel irregularities
• · to comply with legal and regulatory obligations
• · for research, statistical analysis and service improvement

Calls and communications may be monitored or recorded for training, quality and compliance purposes.

Sharing your personal data

We only share personal data where it is necessary and lawful to do so.

This may include sharing information with:

• · Enforcement or travel safety officers, for appeals handling, enforcement action, the safety of the public, refund processing or compliance purposes
• · Watchdog, oversight or regulatory bodies (such as passenger bodies or ombudsman schemes), where you have contacted them to make representations on your behalf
• · Law enforcement or regulatory authorities, where we are legally required to do so
• · Service providers acting on our instructions and subject to confidentiality obligations

Where refunds are required, your personal data may be shared with Wise to facilitate payment. Wise’s Privacy Policy is available at: www.wise.com/gb/legal/privacy-policy

Data security

We have appropriate technical and organisational measures in place to protect your personal data against loss, misuse, unauthorised access, alteration or disclosure.

Access to personal data is limited to staff, agents and contractors who need it to perform their duties and who are subject to confidentiality obligations.

We have procedures in place to deal with personal data breaches and will notify you and the Information Commissioner’s Office where legally required.

Your data protection rights

Under the UK GDPR, you have rights in relation to your personal data, including the right to access your information and request corrections.

To make a subject access request, please contact the relevant train operating company or IRCAS in writing at:

IRCAS
Regus, Building 1000 Lakeside
Western Road
Portsmouth
PO6 3EZ

Email: dpo@ital-uk.com

Please clearly mark your request as “Subject Access Request”.

Marketing

We do not use your personal data for marketing purposes.

How we contact you

We may contact you by post, email, telephone or SMS, depending on the contact details you have provided.

If you are under 18, correspondence will be addressed to your parent or guardian.

How long we keep your personal data?

We retain personal data only for as long as necessary and in accordance with legal requirements. In general:

• · Seven years for varying types of enforcement
• · One year for name and address checking enquiries or warnings
• · One year for successful appeals

Requests for deletion after these periods should be made to the relevant issuing company or organisation.

Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be published on this page.

Data Protection Officer

ITAL Group Limited has appointed a Data Protection Officer (DPO).

If you have any questions, concerns or requests about this policy or our use of personal data, please contact:

Data Protection Officer
ITAL Group Limited
Regus, Building 1000 Lakeside
Western Road
Portsmouth
PO6 3EZ

Email: dpo@ital-uk.com

Cookies

To ensure that our website is as useful as possible we sometimes need to use cookies to help us gather information about how our website visitors use this site.

What are cookies?

A cookie (web cookie, or browser cookie) is a small file which is stored on your computer when you visit a website. These files are used by the website for a number of things but mainly to track or trace where you have been on the website and what you are searching for.

Cookies are also used to enable you to submit payments and appeals online. With cookies disabled you would otherwise need to do this by contacting our support teams by phone or letter.

For a more details, you can read about cookies on Wikipedia.

How does ITAL Group use cookies?

We actively use cookies to record how our visitors use and browse around our website. This helps us determine popular and unpopular pages and lets us know where we need to improve and what services we may need to promote or update.

In order to achieve this we use the popular Google Analytics system.

ITAL Group also use cookies to track information supplied when making a payment or an appeal - this is so that data can be aggregated over several pages before being submitted to our database. This also enables you to go back and change data on a previous page. We do not store your financial details and use a dedicated and accredited payment provider to take payments.

How to Disable Cookies

This website works best with cookies enabled, however if you wish to disable cookies, you can do this in your browser. Here are instructions on disabling cookies. This links to an instructional document maintained by a website which has no connection to AS.