TEPR: Privacy, cookies and GDPR
Who we are
We are Transport and Environmental Policy Research (TEPR) – our website address is: https://www.tepr.uk
What personal data we collect and why we collect it
Media: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We collect your name email and IP address when you contact us through our web form. Your personal data is only used in connection with your enquiry and service interest. IP addresses are collected so we can protect our site from malicous attacks. Form entries are also stored on our web server database including an email log to help us troubleshoot any technical issues we might have when sending email via our web server. If you would like to know more about how we use your data, see the data we hold on you, or have it removed at any time please call the number found on this website. Form entries are regularly cleared out from our web database and your data removed.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
What are cookies
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognise you and make your next visit easier and the Service more useful to you.
Cookies can be “persistent” or “session” cookies.
When you use and access the Service, we may place a number of cookies files in your web browser.
We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:
We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on.
What are your choices regarding cookies?
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
More information about cookies
You can learn more about cookies at All About Cookies: http://www.allaboutcookies.org/
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
This website uses Google Analytics to track user interaction. We use this information to determine the number of people using our website, to better understand how you find and use our website, your journey to and from our site but also how you travel through it.
Disabling cookies on your internet browser or opting out of cookies will stop Google Analytics from tracking any part of your visit to any area of our website. Disabling cookies via our pop up reminder may also prevent some areas of our website to operate in the way they are intended.
Who we share your data with
We do not share your personal data with any third party. Your data is only used in connection with the services you have requested.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. However, we do not currently have any form of user registration on our website.
What rights you have over your data
If you have have left comments on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Data protection policy: Personal data
TEPR does not generally handle personal data belonging to members of the public. It is worth noting that any data collected relating to members of the public that are used for the purpose of projects are usually anonymised well before TEPR receives them for the purpose of analysis.
If, for the purpose of a project, TEPR is required to handle personal data, it will do so according to the relevant UK legislation. We will:
- Process the data only having received written instructions from the customer, unless we are required to process the data by other legal requirements. In the latter case, we will inform the customer of this before we begin to process the data.
- Take all reasonable precautions to ensure that personal data is protected from unauthorised or unlawful use and that personal data are protected from accidental loss or damage, to the extent that it is appropriate given the potential harm that unauthorised or unlawful use, or accidental loss or damage, might cause.
- Ensure that all personnel that have access to the data are obliged to keep the data confidential.
- Not transfer the personal data outside of the UK without first: informing the customer; ensuring that the ‘data subject’ has enforceable rights and effective legal remedies in the country to which the data are being transferred; applying any relevant instructions from the customer that we have been notified of in advance; and putting in place appropriate security measures to protect the data.
- Assist the customer in responding to any request from a ‘data subject’ to ensure compliance with the necessary UK legislation.
- Notify the customer, as soon as possible, if we become aware of a data breach.
- Delete or return to the customer personal data, and copies thereof, at the written request of the customer, unless we are required by the relevant UK legislation to store the data.
- Maintain complete and accurate records and information to demonstrate compliance with the above.
Professional contact information
The personal data that TEPR may retain relates to the relevant contact information of professional contacts, who have provided their contact details. Sometimes we also retain information on the professional background and educational qualifications of professional contacts, as a result of personal meetings or engagement over the phone or internet. We assume that this information has been provided, e.g. in the form of a business card, e-contact card or CV, as the respective professional contact wished to share this information with us.
TEPR will retain such information either electronically or in the form of business cards. This information is retained for the purpose of maintaining mutually beneficial contact for the purpose of potential future business opportunities or other activities related to our respect professional interests. We will retain this information for as long as is potentially of mutual benefit, or unless we are requested to delete it by the contact or a relevant authority.
If we are requested, as part of a business opportunity, or a potential business opportunity, to share such information with a third party, we will always ask the permission of the individual concerned before doing so. We will apply the above conditions to this information, as requested, either by an individual or an individual’s current or ex-employer, to the extent that is appropriate.
- We use password-protected PC and laptop.
- Ensure that PC and laptop are protected by highly rated software that protects against viruses, malware and other IT security risks.
- Regular back-ups of data, including processed data, which is kept on an encrypted back-up drive. This drive is only connected to the PC for the purpose of back-up and is not backed up in the cloud, or any other remote system.
- Personal data will only be taken out of the office – either on a laptop or memory stick – if absolutely necessary. Ideally, in the event that personal data need to be transferred externally, this will be undertaken via the internet using an appropriately secure file transfer system.
- Access to the PC and back-up on which the data is kept will be limited.
If you have any concerns regarding any of the above, please contact TEPR using the form here.