GDPR Policy

DATA PROTECTION AND ACCESS TO PERSONAL INFORMATION POLICY

BRT International Limited (BRT) is registered with the Information Commissioner as a Data Controller and data is collected through normal operational activities:

Transport Operations
Recruitment and Employment of Individuals

The type of personal data collected can include:

Names and Addresses
Telephone Numbers
Email Addresses
Date of Birth
National Insurance Number
Driving Licence Details
Individual Training Details
Financial Details
Images captured by CCTV

All of the above data is securely stored electronically and in hardcopy (only when necessary). Access to the data is by authorised company employees and board members only.

All company employees have signed confidentiality agreements that relate directly to information collected by the company.

Information collected by the company is shared with the following:

Transport Operations– External Auditing Bodies, Suppliers, DVSA, Traffic Commissioner, Relevant Authorities directly related to any criminal investigation

Recruitment and Employment of Individuals – HMRC, Company Accountant, Relevant Authorities directly related to any criminal investigation

Retention of information is controlled by nominated employees within the business and the following retention times are considered normal practice for the business:

Transport Operations – Minimum 7 years – Electronic

Recruitment and Employment of Individuals – Length of employment + 4 years

Any information that is no longer required is deleted from all electronic systems owned and operated by the company. Any hardcopy information no longer needed is securely destroyed and records of such destruction retained on file.

BRT do not collect or store any personally identifiable data when you are accessing our website. The website is used to provide information about BRT and does not require the user to login with any personal details.

BRT do not engage in any sharing or sales of personal or any other information with 3rd parties. All personal information is collected only for BRT business and no other reason. If personal information is not needed, it is not collected.

Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to BRT for any personal information we may hold you need to put the request in writing addressing it to the Managing Director at:

BRT International Ltd,
Coaster Place,
Rover Way,
Cardiff,
South Wales UK
CF10 4XZ

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Managing Director at the above address.

You can also get further information on:

  • agreements we have with other organisations for sharing information;
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime;
  • our instructions to staff on how to collect, use and delete personal data; and
  • how we check that the information we hold is accurate and up to date.

All access requests will be acknowledged and a response provided within 30 calendar days from receiving the request. Relevant and reasonable requests for information will be provided free of charge.

Should the request become excessive and require excessive administrative time, a cost may be applied to the request.

Any identified data breaches will be managed internally by BRT and if deemed necessary, reported to the relevant parties and the ICO.

This policy will be reviewed at least annually.

Tony Yeo
Managing Director