The Dorset Council interactive cycle map site shows cycle routes in and around Bridport, as well as providing information on local points of interest. Other areas will be added to the map over time.
The service is hosted by Pindar Creative on behalf of Dorset Council.
Comments should be directed to:
Pindar Creative is a leading expert in promoting active and sustainable travel. We develop innovative solutions to provide the end user of your services with the information they need. From mapping and wayfinding solutions to responsive and intuitive websites to easy-to-implement digital bus stops, we offer smart solutions using your data.
Pindar Creative
2-10 Plantation Road
Amersham, Buckinghamshire
HP6 6HJ
Tel: 01296 390100
www.pindarcreative.co.uk
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.
This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.
We'll tell you:
The first part of the notice is information we need to tell everybody
Dorset Council is the controller for the personal information we process, unless otherwise stated.
There are many ways you can contact us.
Our postal address:
Dorset Council
For general contact please use this page of our website.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
We also receive personal information indirectly, in the following scenarios:
If it is not disproportionate or does not prejudice, we'll contact you to let you know we are processing your personal information.
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
You have the right to ask us to erase your personal information in certain circumstances.
You have the right to ask us to restrict the processing of your information in certain circumstances.
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
If we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the relevant section of the notice.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we'll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
In our capacity as UK supervisory authority for data protection, there are some circumstances where we must cooperate with and help other supervisory authorities in the EEA, in handling complaints and investigations. This may lead to sharing personal information if it is relevant to the complaint or investigation.
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at travelchoice@dorsetcouncil.gov.uk and we'll respond.
We may impose a restriction on your access to our services if it's necessary to protect our staff from unacceptable behaviour as defined in our 'Managing customer contacts' policy.
The legal basis we rely on to process your personal data is article 6(1)(e) of the General Data Protection Regulation (GDPR), which allows us to process personal data when this is necessary to perform our public tasks as a regulator.
If the information you provide us in relation to your single point of contact contains special category data, such as health, religious or ethnic information the legal basis we rely on to process it is article 9(2)(g) of the GDPR, which also relates to our public task and the safeguarding of your fundamental rights. And Schedule 1 part 2(6) of the DPA 2018 which relates to statutory and government purposes.
If we do this, we'll explain to you the restriction we have applied and why we feel it's necessary. We'll create a record of the restriction for administration purposes, so relevant staff members know the restriction is in place. This will include your name, contact details and a description of why we have imposed a restriction.
The decision to impose a restriction will be taken, and reviewed, by a manager. We'll write to you explaining why we've applied the restriction. We'll review the restriction periodically. We'll remove it if we feel your behaviour has changed or if you no longer communicate with us.
We may provide a single point of contact if you and we (or both) believe it will help to create a better outcome for all concerned.
The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.
A decision will be made by a manager to give you a single point of contact. This may be where you have several complaints and we believe it will be more efficient for us to deal with them in this way. We'll make a record of the fact that you have a single point of contact. All relevant staff will know about using it to manage communications between our office and you. It will include your name, contact details and a description of the need to have a single point of contact. We'll review this requirement from time to time.
When you call our business, we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it's not withheld). We hold a log of the phone number, date, time and duration of the call, but do not audio-record the call itself. We hold this information for 90 days.
We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.
We don't audio record any calls, but we might make notes.
We also hold statistical information about the calls we receive for a number of years, but this does not contain any personal data.
Social Media data will not be shared with any other organisations and remains on the platform of origin.
We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system as an enquiry or a complaint.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.
We'll also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.
When you visit dorset.activemap.co.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we'll be upfront about this. We'll make it clear when we collect personal information and we'll explain what we intend to do with it.
You can read more about how we use cookies on Cookies page. We use a cookies tool on our website which relies on implied consent of users. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.
This means that we are in the process of updating the tool which, by default, requires explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.
We use a third-party web application firewall from WatchGuard to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected.
The service will block traffic that is not using the site as expected. To provide this service, WatchGuard processes site visitors' IP addresses.
We also log IP addresses and query strings that the servers generates to allow us to monitor these against attacks. No personal data is captured.
Selcom hosts our website in the UK and does not hold traffic information unless requested (normally during an attack).
The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when it's necessary for the purposes of our legitimate interests.
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
For more information on your rights, please see 'Your rights as an individual'.
Our purpose is to investigate and take action in line with our ISO policies.
The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our tasks as a business.
We need information from you to investigate your complaint properly, so our complaint forms are designed to prompt you to give us everything we need to understand what's happened.
When we receive a complaint from you, we'll set up a case file. This normally includes your contact details and any other information you have given us about the other parties in your complaint.
We need to know the details of your complaint so we can investigate it and fulfil our regulatory function.
We will use your personal information to investigate your complaint and check on our level of service. We compile and publish statistics showing information like the number of complaints we receive, but not in a form that identifies anyone.
No third parties have access to your personal information unless the law allows them to do so. However, if you have made a complaint about an organisation, we usually have to disclose your identity to them. This is so we can clearly explain to them what you think has gone wrong and if necessary advise them how to put it right. This also means we may receive information about you from them.
If you don't want information that identifies you to be shared with the organisation you want to complain about, we'll try to respect that. However, it is not always possible to handle a complaint on an anonymous basis so we'll contact you to discuss this.
If you are acting on behalf of someone making a complaint, we'll ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else's behalf.
We are acting in our capacity to investigate your complaint, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it and fulfil our regulatory responsibilities.
The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.
We need enough information from you to answer your enquiry. If you call the helpline, we won't make an audio recording of it and we won't usually need to take any personal information from you. But in certain circumstances we may make notes to provide you with a further service as required.
If you contact us via email or post, we'll need a return address for response.
We'll set up a case file on our case management system to record your enquiry and so we can get it to the correct area of the business to be dealt with. We'll also keep a record of our response. We use the information supplied to us to deal with the enquiry and any subsequent issues that may arise, and to check on the level of service we provide.
We are acting in our official capacity to respond to your enquiry, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
Our purpose for processing your personal data is so we can fulfil your information request to us.
The legal basis for this is article 6(1)(C) of the GDPR, which relates to processing necessary to comply with a legal obligation to which we are subject.
We need information from you to respond to you and to locate the information you are looking for. This enables us to comply with our legal obligations under the legislation we are subject to:
When we receive a request from you, we'll set up an electronic case file containing the details of your request. This normally includes your contact details and any other information you have given us. We'll also store on this case file a copy of the information that falls within the scope of your request.
If you are making a request about your personal data, or are acting on behalf of someone making such a request, then we'll ask for information to satisfy us of your identity. If it's relevant, we'll also ask for information to show you have authority to act on someone else's behalf.
We'll use the information supplied to us to process your information request and check on the level of service we provide.
If the request is about information we have received from another organisation – regarding a complaint, for example – we'll routinely consult the organisation/s concerned to seek their view on disclosure of the material.
We compile and publish statistics showing information such as the number of requests we receive, but not in a form that identifies anyone.
We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business. If this relates to interactions regarding our regulatory functions, the legal basis is article 6(1)(e) of the GDPR. If the interactions relate to suppliers, contracts, buildings management, IT services etc., the legal basis is article 6(1)(c) of the GDPR for any legal obligation or article 6(1)(f) because the processing is within our legitimate interests as a business.
We keep our privacy notice under regular review to make sure it is up to date and accurate.
This policy was last reviewed and update on 09 August 2018.