DRAG

Rapidiously myocardinate cross-platform intellectual capital model. Appropriately create interactive infrastructures.

Recent Posts

Blog Image
24 Jun , 2025

Where Vision Meets Concrete Reality

Blog Image
22 Jun , 2025

Raising the Bar in Construction.

Get In Touch

Phone Icon

+01 234 567 890

+09 876 543 210

Envelope Icon

mailinfo00@tourm.com

support24@tourm.com

Location Icon

789 Inner Lane, Holy Park, California, USA

Book Now

Data Protection Policy for Edinburgh Taxi Tours

  • Home
  • Data Protection Policy for Edinburgh Taxi Tours

1. Introduction

Edinburgh Taxi Tours Ltd ("the Company") gathers and uses certain information about individuals—including customers, suppliers, business contacts, and other persons with whom we interact. This policy sets out how such personal data is collected, handled, and stored, ensuring we comply with data protection laws and maintain the highest standards of data security.

2. Purpose of This Policy

This policy exists to ensure that the Company:

  • Complies with all applicable data protection laws and follows best practices.
  • Protects the rights and privacy of our customers, partners, and associates.
  • Maintains transparency regarding our data collection, storage, and processing practices.
  • Mitigates risks associated with data breaches and unauthorized disclosures.

3. Data Protection Law and Principles

Under the General Data Protection Regulation (GDPR), personal data must be:

  • Processed fairly and lawfully.
  • Collected only for specified, legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and kept up to date.
  • Retained only for as long as necessary.
  • Processed in a manner that respects the rights of data subjects.
  • Securely protected from unauthorized access.
  • Not transferred outside the European Economic Area (EEA) unless an adequate level of protection is in place.

4. Scope of the Policy

This policy applies to:

  • The head office and all branches of Edinburgh Taxi Tours.
  • All staff, volunteers, contractors, and suppliers working on behalf of the Company.
  • All data held by the Company relating to identifiable individuals, such as names, postal addresses, email addresses, telephone numbers, and any other related information.

5. Data Protection Risks

This policy is designed to safeguard the Company against:

  • Breaches of Confidentiality: Preventing the unauthorized disclosure of sensitive information.
  • Inadequate Consent and Choice: Ensuring individuals maintain control over how their data is used.
  • Reputational Damage: Minimizing the risk and impact of data breaches.

6. Responsibilities

6.1 Data Protection Officer

Rafal Kolary is ultimately responsible for ensuring the Company meets its data protection obligations. His responsibilities include:

  • Keeping up to date with data protection legislation, risks, and issues.
  • Regularly reviewing data protection procedures and policies.
  • Organizing data protection training and advising all covered individuals.
  • Handling data protection inquiries and subject access requests.
  • Verifying the identity of any individual making a subject access request before disclosing any data.
  • Reviewing and approving contracts with third parties that process sensitive data.
  • Overseeing the IT systems used for storing personal data to ensure security measures are in place.

6.2 IT and Security Management

Nadin Thomson is responsible for:

  • Ensuring that all systems, services, and equipment used for data storage meet high-security standards.
  • Performing regular security audits and checks on hardware and software.
  • Evaluating third-party services (such as cloud providers) for compliance with our data protection standards.

6.3 Marketing and Communications

Rafal Kolary also oversees data protection in all marketing-related activities:

  • Approving data protection statements on all communications.
  • Responding to data protection queries from media or external parties.
  • Collaborating with staff to ensure all marketing initiatives comply with data protection principles.

7. Guidelines for Data Usage

  • Access: Only individuals whose work requires access may view personal data.
  • Sharing: Confidential information should not be shared informally. Access may only be granted by authorized personnel.
  • Supplier Responsibility: All suppliers handling our data must understand and adhere to our data protection standards.
  • Regular Reviews: Data should be regularly reviewed and updated; any information that is no longer needed must be securely deleted.

8. Data Storage

Paper Records

  • Store all paper-based data in secure, locked locations.
  • Do not leave printouts in unsecured areas; shred and dispose of them securely when no longer required.

Electronic Data

  • Protect electronic data with strong, regularly updated passwords.
  • Store data only on designated drives and secure servers.
  • Keep removable media (e.g., USB drives) securely locked when not in use.
  • Ensure data is backed up frequently and test backups regularly.
  • Avoid saving personal data directly on mobile devices.
  • Use approved security software and firewalls on all devices containing personal data.

9. Data Usage and Accuracy

  • Always lock computer screens when unattended.
  • Avoid sending personal data via unencrypted email.
  • Encrypt personal data before any electronic transfer.
  • Ensure that only a single, central copy of any personal data is maintained to prevent redundancy.
  • Regularly update customer data—removing or correcting inaccuracies as needed.
  • Marketing databases should be checked against industry suppression lists at least every six months.

10. Subject Access Requests

Individuals have the right to:

  • Inquire about the personal data held about them.
  • Request access to, update, or deletion of their personal data.
  • Receive information on how the Company meets its data protection obligations.

Subject access requests should be made by email using our designated contact form or by contacting Rafal Kolary directly. No fee will be charged, and we aim to respond within 30 days after verifying the requester's identity.

11. Disclosures to Third Parties

In certain circumstances, such as requests from law enforcement agencies, personal data may be disclosed without the data subject’s consent. In such cases, the Company will ensure the request is legitimate and consult with our board and legal advisers as required.

12. Providing Information and Privacy Statement

We are committed to ensuring that individuals are fully informed about:

  • How their personal data is being used.
  • Their rights in relation to their data.
  • How to exercise these rights.

For further details on our data collection, use, and protection practices, please review our full Privacy Policy available on our website.

13. Website Use and Cookies

  • Website Operations: The Edinburgh Taxi Tours website is managed with a strong commitment to protecting your personal data.
  • Cookies and Analytics: We use cookies and third-party analytics (e.g., Google Analytics) to understand visitor behaviour. All data is processed anonymously, and measures are in place to ensure IP anonymisation. For further details, please refer to our Cookies Policy.

This Data Protection Policy reflects our commitment to protecting your personal information in full compliance with current data protection laws. Should you have any questions or require further information, please contact Rafal Kolary using the details provided on our website.