 |
DATA PROTECTION NOTICE |
|
In this notice Celtic
Roads Group explain how we collect information about you, how we use it and
how you can interact with Celtic Roads Group or our operator about it.
In this notice Celtic
Roads Group or CRG refers to any of three companies depending on the
particular project;
·
Celtic Roads Group (Dundalk) DAC is
the PPP on M1 Dundalk Western By-pass
·
Celtic Roads Group (Portlaoise) DAC is
the PPP on M7/M8 Portlaoise By-pass
·
Celtic Roads Group (Waterford) DAC is
the PPP on N25 Waterford By-pass
CRG are part of
Public Private Partnership (PPP) contracts with Transport Infrastructure
Ireland (TII) which permit CRG and our operator contractors to operate,
collect tolls and maintain the motorway, dual carriageway and toll plazas on
each of our projects. Our operator contractors are as follows for each of
our projects and a reference to our operator in this notice refers to any of
them;
·
NorthLink M1 Ltd is our operator on
the M1 Dundalk Western By-pass
·
Midlink M7/M8 Ltd is our operator on
the M7/M8 Portlaoise By-pass
·
SouthLink N25 Ltd is our operator on
the N25 Waterford By-pass
In order for CRG to
successfully operate and maintain a safe and secure motorway and toll plazas
and to enable CRG to establish and manage the relationship with road users
on our projects and at toll plazas, CRG have a legitimate business reason to
control and process personal data.
CRG and our operator
process personal information, for example, when you use the projects and the
toll plazas, when you contact the plaza to make a query in respect of a toll
transit, when you use a card to make payments, when you contact CRG or our
operator to make a Subject Access Request.
CRG use vehicle plate
recognition software and take still images of your vehicle at the toll
plazas as a method of identification of the motor vehicles using the toll
plazas. CRG also process CCTV to improve security, health and safety and for
enforcement and to resolve any issues, incidents or accidents at some later
stage. Please note that neither CRG nor our operator guarantee the quality
of CCTV or images and therefore it might not be possible to identify
personal data or data subjects. Facial recognition software is not used by
our security systems.
CRG and our operator
also process information from other PPPs, toll concessionaries, operators or
tag providers that you may have a tag account with to allow road users
uninterrupted use of all toll plazas in Ireland with one tag and so to
perform the contract you have in place with your tag provider.
CRG do not have a
database of all registered owners of motor vehicles but in the event that
you cause damage to the motorway and do not stop to report the incident to
our employees or you do not pay the toll fee as required by law, CRG or our
operator may collect personal data from local and national authorities, the
MIBI and An Garda Síochána in respect of ownership of motor vehicles and
motor insurance details in order to assist CRG with enforcement.
Sensitive Personal
Data
In order to avail of
exemptions from toll charges for certain categories of drivers contained in
the relevant Tolling Bye Laws, road users may be required to provide
sensitive personal data. CRG and our
operator will only process sensitive personal data where absolutely required
and only with your written consent.
HOW WE KEEP YOUR INFORMATION SAFE
We know that you care
about how information about you is processed. We appreciate your trust in
CRG to do that. To protect your information, our IT Department work very
hard to ensure that CRG and our operator use security measures that comply
with Irish law and meet international standards. This includes computer
safeguards, secure files and secure buildings.
WHAT WE USE YOUR INFORMATION FOR
Data Analytics- Using
Information in our business to improve our business
CRG analyse the
information that we collect through your usage of the toll plazas. This
helps us understand patterns of usage of the toll plazas. Our analysis helps
CRG ensure that you are afforded a fast and uninterrupted journey through
the toll plazas. CRG also provide TII with reports on the performance of the
tolling and road operations.
Claims and Litigation
If you make a claim
against CRG or our operator, the use of personal data may be necessary to
investigate the matter and to resolve the claim.
If a claim is made
against you for non-payment of a toll journey or for damage caused to the
project or at the toll plazas, your personal data may be used to investigate
the matter and to form the basis of the claim, to seek judgment and for
enforcement purposes.
Payment
If you use a card to
make payment and the payment is
declined, for example, due to insufficient funds or due to being blocked
because the card was stolen and therefore the use is unauthorised, CRG
process the information so that the next time the card is used at the toll
plazas that it will be immediately rejected.
Encryption is used to
keep your card information safe. In addition to this CRG have Data
Protection Agreements in place with the companies used to process your
payment through your bank to keep your information safe.
Query Resolution
If you make a query
in respect of your transit, it may be necessary to process personal data in
order to resolve the query for you.
Our Legal Obligations
CRG have legal
obligations, for example:
1)
to assist law enforcement agencies
when they are investigating criminal activity;
2)
to operate the motorway and toll
plazas in compliance with the relevant Tolling Bye Laws and with
legislation;
3)
to operate and maintain the projects
in compliance with our contract with TII;
4)
to co-operate with third parties in
respect of interoperability contracts between tag service providers, other
toll concessionaries and operators within Ireland.
CRG may disclose
personal data if under a duty to disclose or share customer data in order to
comply with legal obligations or in order to protect rights, property or the
safety of the staff of CRG, our operator, customers or others.
CRG will also
disclose personal data if the disclosure is required in order to comply with
an applicable law, summon, search warrant, a court or regulatory order, or
other valid legal process which would include in the main but not limited to
Section 8 of the Data Protection Act.
As part of the
interoperable environment whereby those road users who transact using tag,
information with other tag service providers and toll concessionaries within
Ireland may be shared or exchanged through a centralised portal in order to
deal with contractual requirements around payment and to resolve queries of
road users.
Where we suspect
criminal activity CRG will record this and report to the relevant
enforcement agencies, which may be within or outside Ireland because we are
legally obliged to do so.
DATA RETENTION
Personal data shall
only be retained for as long as is required to conduct our business and
satisfy our legal obligations. For CCTV, this is typically 30 days and for
transaction images, this is typically 90 days. Longer times may be necessary
where it is identified the records pertain to an incident, accident, claim
or investigation.
YOUR INFORMATION AND THIRD PARTIES
CRG use other
companies and individuals to work on our behalf in relation to the
operations and maintenance of our projects or to give us advice to help us
make decisions, for example to:
-
Analyse data
-
Collect toll charges at the toll
plazas
-
Collect unpaid toll charges and debts
-
Collect unpaid repairs for damage
caused on the motorway
-
Litigation purposes
CRG ensure suitable
arrangements and agreements are in place with our third party contractors or
specialists who may have access to or process personal data in order to keep
your information confidential and to respect the laws on Data Protection.
CRG might require
technical support from companies outside Ireland. These companies are within
the EEA so this would not involve processing data outside the EEA. In all
such cases this activity is supported by a contract which includes data
protection clauses.
ACCESSING AND MANAGING YOUR INFORMATION
You have a right to
make a request under Data Protection Act in respect of your personal data.
To make a request for
your data, please contact customer service in relation to the relevant
project(s) in order to request and return a completed application Subject
Access Request form;
Once we are satisfied that you are the data subject we will reply to you
within 30 days. This is not to frustrate the application process but CRG do
not want your personal data to end up in the hands of the wrong person.
Please also note that
if you request the reply of communication via your email address, you are
held solely responsible for the security and integrity of your own email
account. Unfortunately, the transmission of information via the internet is
not completely secure. Consequently, while CRG and our operator take all
reasonable security measures, CRG cannot guarantee the privacy or
confidentiality of information relating to you being passed via the internet
and any transmission is entirely at your own risk.
CRG try to make sure
that the information that we have about you is accurate and up to date. If
your information changes or you believe that we may have information that is
not accurate or not up to date, please write to CRG at the following address
and CRG will review your case and amend your information accordingly;
Data Protection Officer,
Celtic Roads Group,
M1 Toll Plaza,
Balgeen,
Co Meath
A92 P785
Email:
info@crg.ie
RIGHT TO COMPLAIN
Any individual has
the right to notify or complain to the Data Protection Commissioner of any
concerns around your data. You can contact the Office of the Data Protection
Commissioner at:
Telephone
076 1104 800 or Lo Call Number 1890 252 231
Fax
057 868 4757
Email
info@dataprotection.ie
Postal Address:
Data Protection Commission,
Canal House,
Station Road,
Portarlington,
Co.
Laois
R32
AP23
UPDATES
CRG review and update
their Data Protection Notice from time to time. Any updates shall be made
available on our website. |
|