Privacy Policy

 

Your privacy matters to us

We are a2b Global Media Limited (“a2b Global Media”).  Through our brands, railway-news.comairportindustry-news.combus-news.com and futuretransport-news.com, we keep our readers up to date by publishing the latest news, insights and developments within the transport sector on our websites and via our email newsletters and magazines. a2b Global Media is a private limited company registered in England & Wales 09433960. Our registered address is The Generator, The Gallery, Kings Wharf, Exeter, Devon, England EX2 4AN. Our Data Protection Act registration number is ZB178797.

We have a moral and legal responsibility to respect your privacy and take care of any personal data we hold about you, in compliance with the data protection legislation.

We are the data controller for the personal data we process about our customers, enquirers, customer leads, subscribers, employees, contractors, job applicants and visitors to our website. This privacy notice tells you what to expect when we handle personal data as a data controller.

Contact us

If you have any queries about this privacy notice or the services we offer, please email us at [email protected].

Our privacy promise to you

Transparency

We are committed to protecting and respecting your privacy. We will always tell you what data we’re collecting about you and how we use it and will never ask for more information than we need to. We will not share your data with any third parties, unless you have consented to this; they are a trusted partner working on our behalf; or the law requires us to, and we will never sell your data.

Security

We are committed to following industry best practices to ensure your data is stored safely and securely. We will protect the information we process about you from accidental or unlawful access, disclosure, loss, damage or destruction.

Control

We will always give you control over the communications you receive from us and you can stop or tell us you no longer wish to receive these at any time by unsubscribing or emailing [email protected]

How we obtain your personal data

Personal data means any information that can be used to identify you directly or indirectly, for example by your name, an identification number, your location data, an online identifier or any factors relating to your physical, physiological, genetic, mental, economic, cultural or social identity.

Most of the personal data we process is provided to us directly by you, for example when you:

  • make an enquiry by email, telephone, through our websites or via our social media channels
  • collaborate with us on sending a communication about your company’s products or services
  • sign up to our newsletters or magazines
  • work with us as an employee or contractor
  • visit our website

We also collect personal information about you indirectly, for example through:

  • public sources e.g. websites  professional networking and social media sites
  • via other customers that refer us to you
  • recruitment agencies
  • referees to support your job application (at your request)
  • cookies and tracking technologies operating on our websites and within our marketing emails

Personal data we collect and how we handle it

Enquirers 

When someone contacts us asking about our services through our website, via social media, by email or over the telephone; we collect their name, contact details and the nature of their enquiry. We collect this information for our legitimate interests as a company to be able to respond to their enquiry and keep a record of our communications with them.

Unless they opt-out, we add our enquirers email addresses to our subscribers database so that they may benefit from receiving our newsletters and magazines. For more information about this and our lawful basis for using personal data for this purpose, please read the ‘subscribers’ section below.

Customer representatives

We collect the name and contact details of our customer representatives and information about the service they have purchased. We need this information so we can fulfil our contract with the customer, or take steps at the request of the customer, prior to entering into a contract with them. We also collect this information for our legitimate interests in maintaining records for accounting, legal and insurance purposes.

To contribute to the delivery of our services to our customers and in pursuit of our legitimate business interests, the meetings that we have with our customers are recorded.

We use the meeting recordings to assist us in the creation of materials for our customers. Recording the meetings allows us to revisit the discussions and ensure that the materials we create meet the customer brief and exceed their expectations. We use a range of video and voice recording software to record both in-person and remote meetings. When recording meetings we limit the discussion so as to avoid collecting personal data beyond attendees name, image and voice recording discussing business-related matters. Meeting transcripts are generated via the software that we use and reviewed for accuracy after the meeting has ended.

Subscribers

We collect the name, telephone number, business email address, and company website of people who want to subscribe to our newsletters, resources, blogs and promotions. We collect this information to with the consent of the individual when they opt-in to receive these communications or in fulfilment of our legitimate business interests of growing our marketable database if a person does not opt-out at the time of submitting an enquiry to us.

If a person unsubscribes, we remove them from our mailing list but retain their contact details in a separate database. We need to retain this information for our legitimate interests to ensure we do not contact them again in the future.

We operate across a varied sector and recognise that not all subscribers wish to receive information about all of the news, insights and latest developments across the entire transport sector. It’s important to us that our subscribers receive information from us that is relevant to their interests. To provide a more personalised experience, we collect information about which parts of our emails our subscribers choose to engage with. If a subscriber chooses to click on a link within our emails, the topic will be recorded as an interest within their unique subscriber profile so that we may gain a better understanding of their interests and only contact them with relevant information. We do this to fulfil our legitimate business interest of providing a more effective and relevant experience for our subscribers. To understand more about our use of cookies and tracking technologies, please visit our Cookie Policy.

We try where possible to only send our subscribers marketing material that is relevant to their interests, however, subscribers may also receive marketing materials that do not include their specific interests, from time to time.

Due to the nature of our work, our websites and emails often include links to sites and services which we hope our readers find useful. Often these sites and services are not owned by a2b Global Media. We encourage all of our subscribers and visitors to our website to read the privacy notice shown on the relevant website if they choose to follow a link.

Website users

When you visit our website, Cookies and similar tracking technologies are used to help you navigate around our site and tell us how well our website is performing.

When you use our sites we may also use Cookies or similar technologies to collect additional data, including:

  • Your IP address – a numerical code to identify the device you have used to access our website. This may allow us to identify your location and the company that you work for.
  • Information on how you interact with our services.
  • Your browsing history of our sites, including the pages that you have viewed and how long you spent viewing them as well as whether you arrived at our website via a social media platform or search engine.

We collect this information for our legitimate interests to help you use our website and keep us informed about our website’s performance. For more information, please see our Cookie Policy.

Visitors to our offices

When someone visits our offices, we record the visitor’s name, company they work for and the date of their visit. We collect this information for our legitimate interests to maintain a register of who is or has been on our premises for security purposes, and for use in case of a fire or other incident.

Customer leads

We sometimes collect the name, job role and work contact details of employees working for potential customers, who we think would be interested in receiving information about our company’s services; this is known as ‘B2B’ or ‘business to business’ marketing. This information is only collected from public sources, such as company websites or where the employee has published their name, work profile and contact details on a networking site for professionals, (such as LinkedIn) and therefore would have a reasonable expectation that companies like us, may contact them to make introductions and market their services.

We collect this information to pursue our legitimate interests, to be able to promote and market our services to potential new customers. Contact leads can opt-out from receiving communications from us at any time, by emailing [email protected]

Job applicants

We receive Curriculum Vitae (CVs) and application forms from people who apply for jobs with us. This will often include the individual’s name, contact details, experience, education and a personal statement to support their application. We collect this information with the person’s consent, and ongoing processing for our legitimate interests to be able to assess the suitability of the individual and where relevant, invite them to interview.

Employees

We collect information about our employees, such as their name, date of birth, contact details, recruitment information, evidence of their right to work, contract, bank details and other employment information. We collect this information to enable us to fulfil our contract with the employee or to take steps at the request of the employee, prior to entering into a contract with them. For example, to ensure they are paid; make pension and tax contributions on their behalf and provide employee services and benefits to them. We also collect this information to pursue our legitimate interests, for example to recruit employees, maintain a register of our employees (past and present) for insurance, legal, tax and pension purposes and to assist in the prevention or detection of crime (including fraud).

During the course of employment, we collect information about the employee’s performance including training sessions completed, appraisals, one-to-one notes, reasons for absence and information relating to any disciplinaries or grievances. We also publish images of our employees on our website and information about the roles they do to allow prospective clients to understand more about our business and how our employees contribute to our success. It also allows prospective clients to reach out to the individual that they feel best suits their needs.

We sometimes collect ‘special category data’ about our employees, for example information about their disabilities, health and dietary needs  or religious beliefs.  Our lawful bases to process this type of data falls under contract and employment. We need this information so we can make reasonable adjustments in the workplace and carry out our legal obligations under employment (such as the Equality Act and Health and Safety Act), as well as safeguarding the welfare of the employee and where relevant colleagues.

Contractors

We collect information about our contractors, such as their name, contact details, experience, outcome of their criminal record check (DBS) (where required), service contract and bank details. We collect this information for our legitimate interests to be able to assess the suitability of the individual and to enable us to fulfil our contract with them or to take steps at their request prior to entering into a contract with them.

Who we share information with

We do not share your data with other organisations, unless you have requested us to do so (i.e. you have asked us to pass your details on to a supplier of services or products that you are interested in) or it is necessary for our legitimate interests to share data, or for legal, contractual, regulatory or law enforcement purposes.

Where we use ‘data processors’ to help us manage and store our data (cloud storage providers); promote our services (advertising/marketing companies) or help us deliver our services (contractors or specialist companies), we have Data Processing Agreements in place to protect any personal data they may have access to on our behalf.

Our data processors only act on our instructions and are carefully selected to ensure they have robust security measures in place and comply with the UK data protection legislation when processing personal data.

Where we process your personal data as a ‘data processor’ for our customers, your personal data may be accessible to or shared with that customer, to enable us to fulfil our contract with them.

There may be times when we need to disclose personal data to other ‘data controllers’, for example:

  • In the event that we sell our company or its assets
  • If you provide us with your consent
  • If we are under a duty to disclose your personal data, for example in response to a court order, request from law enforcement agencies or to report safeguarding concerns.
  • To enforce or apply our terms and conditions and other agreements.
  • To protect the rights, property, or safety of our company and its employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

We will never sell your personal data or share it in a way you would not reasonably expect.

Our lawful basis and data retention

When we collect, use and retain personal data, the data protection laws require us to have a valid lawful basis for doing so. These are set out in Article 6 of the UK GDPR and relate to consent; contracts; legal obligations; vital interests; public tasks and legitimate interests. When we process more sensitive information (Special Category Data) such as health information, we are required to have additional lawful bases to handle that information. These are set out in Article 9 of the UK GDPR.

The table below outlines which lawful bases we rely on when we process your personal data and how long we keep your information for:

Data Subject   Lawful bases  Retention period 
Enquirers  Legitimate Interests
(Article 6(1)(f))
2 Years for enquiries made that do not lead to a customer contract.

Where an enquiry leads to a customer contract, the enquiry information will form part of the customer file and will be held in line with customer retention periods.

Customer representatives

 

 

Legitimate Interests
(Article 6(1)(f))
4 years after the contract has ended unless a different retention period is agreed within the customer contract.
Subscribers  Legitimate Interests
(Article 6(1)(f))

 

We keep subscriber data until you unsubscribe; if the email address becomes invalid, or if we no longer believe you want to hear from us.

We retain the contact details of those who have unsubscribed indefinitely, so we know not to contact them again.

Customer leads  Legitimate Interests
(Article 6(1)(f))
2 years after the enquiry.

Where an enquiry leads to a client contract, the enquiry information will form part of your customers file and will be held inline with customer retention periods.

Visitors to our website (Information collected via Cookies and tracking technologies operating on our website)   Legitimate Interests
(Article 6(1)(f))

Consent (where legally required)
(Article 6(1)(a))

Please view our Cookie Policy for specific retention periods.
Visitors to our office Legitimate Interests
(Article 6(1)(f))
2 years after the visit to the office.
Job applicants   Legitimate interest
(Article 6(1)(f))
6 months after the application unless the applicant has given permission for us to retain their details for longer.
Employees  Necessary for the performance of a contract (Article 6(1)(b))

Necessary for compliance with a legal obligation (Article 6(1)(c))

Legitimate interest
(Article 6(1)(f))

Special Category data conditions: 

Necessary for employment obligations
(Article 9(2)(b))

The data subject has given explicit consent
(Article 9(2)(a))

7 years after the employment has ended.
Contractors   Legitimate Interests
(Article 6(1)(f)

Necessary for the performance of a contract
(Article 6(1)(b))

 

7 years after the contract has ended.

Where we store your data

We use the following secure platforms to store our data and our customers’ data.  The data location and security measures of each of our storage providers are below.   Where our service providers are based outside of the UK, we ensure they meet the requirements of the UK extension to the EU-US Privacy Sheild or have the appropriate standard contractual clauses which ensures they process our data securely and in line with our data protection laws.

Product or Service Data Storage Location Privacy Notice / Security Measures
Google Workspace USA   Cloud security and data protection services | Google Workspace
Mailchimp USA Global Privacy Statement | Intuit
Hubspot   HubSpot Trust Center | Powered by SafeBase
pCloud USA (Dallas, Texas) GDPR (pcloud.com)
Slack Technologies USA Privacy policy | Legal | Slack
Jotform USA Jotform Privacy Policy
ZenLeads Inc. (Apollo) USA Privacy Policy | Apollo
Neemb LLC (Distill) USA & Ireland Privacy Policy | Distill
Timetastic UK Privacy policy (timetastic.co.uk)
Astria UK Privacy Policy – Astria Payroll

How we protect your data

We take our security responsibilities very seriously and have put in place robust measures to protect our data and our customers’ personal data from accidental or unlawful access, disclosure, loss, damage or destruction.

Here are some examples of how we achieve this:

  • Where personal data is stored outside the UK or EEA, contracts (International Data Transfer Agreements) will be in place to ensure the data is secure and protected in line with the UK GDPR.
  • Access to our data and systems is on a strict need to know basis and we ensure our employees and contractors are under an obligation of confidentiality.
  • Employees receive mandatory data protection training and sign up to our Data Protection Policy.
  • We have robust procedures in place to manage and report personal data security breaches, in the unlikely event of a breach occurring.
  • Where we use companies who process personal data on our behalf, we carry out due diligence checks on these companies and have written contracts in place (Data Processing Agreements) which require them to handle personal data in line with the UK data protection laws.
  • We use up to date virus and malware protection software and we back up data regularly.

Your data protection rights

You have the following rights under the data protection laws:

Right to know

You have the right to be told how your personal data is being processed. This privacy notice tells you how we handle your personal data.

Right of access

You have the right to ask us for a copy of your personal data.

Right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to erasure

You have the right to ask us to erase your personal data in certain circumstances.

Right to restriction of processing

You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Right to object to processing

You have the right to object to us processing your personal data where we consider this is necessary for us to perform a task in the public interest. You can also object to us using your personal data for direct marketing purposes.

Right to data portability

You have the right to ask that your personal data is transferred (ported) from us to another organisation or given to you.  This applies to information you have given to us where we are processing your information based on your consent or for contractual purposes and the processing is automated.

Right to complain

We work to high standards when it comes to processing your personal data. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office. Further information about your data protection rights, can be found on the Information Commissioner’s Office website at www.ico.org

To exercise these rights, please contact us by emailing [email protected] You are not usually required to pay a fee and can expect to receive a response within one calendar month. Further information about your data protection rights can be found on the Information Commissioner’s Office website at www.ico.org.

International Customers 

Our e-newsletters and magazines are popular globally and we are proud of our global readership base. We also attract a large volume of international customers who feature in our emails and magazines. If you are based outside the United Kingdom (UK), your country may have its own data protection laws. The UK data protection laws provide exceptional rights, control and protection for personal data. This privacy notice explains how we look after your data and the rights you have under the UK data protection laws, however if you have any queries about how we can meet your country’s data protection laws, please get in touch using the contact details below.

Contact us

If you have any queries about this privacy notice or the services we offer, please email us at [email protected]. You may also contact our Data Protection Officer directly by emailing [email protected]

Changes to this privacy notice

We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 09 October 2024.

 
Contact