Privacy policy - Humber Bridge
Unpaid toll notification Concessions Log in / Register Pay your toll
Privacy policy - Humber Bridge
Unpaid toll notification Concessions Log in / Register Pay your toll

Privacy policy - Humber Bridge

General Privacy Notice

For the purpose of the Data Protection Act (“DPA”) and the UK General Data Protection Regulation (“UK GDPR”) (together the “Data Protection Laws”), the data controller is the Humber Bridge Board a statutory body created under the Humber Bridge Act 1959 (and references to “we”, “our” and “us” shall be construed accordingly).

The Humber Bridge Board is fully committed to compliance with the Data Protection Laws. This privacy notice is designed to explain what personal information we collect about you and how it will be processed by us.

What personal information do we collect?

We collect and handle a variety of information so that we can deliver services to our customers and anyone using the Humber Bridge Infrastructure and Estate.

We may collect personal information such as:

  • Name and contact details (for example, address, email address and telephone number)
  • Video footage including CCTV, Automated Number Plate Recognition (ANPR), dashcams and body worn video cameras with audio
  • Vehicle and crossing data including vehicle registration number (VRN), photos and videos of your vehicle
  • Payment history
  • Call recordings, live chat transcripts
  • Queries, complaints or appeals sent via our Contact Us page or by post
  • Website or App data (for example, log-in details, browser type, and operating systems)
  • Health information included on your PIP or Motability entitlement documentation

How do we collect this information?

Most of this information is collected from you directly when you open an account, interact with our services or visit the Humber Bridge Estate.

Occasionally we may collect information from other sources for example the police or DVLA.

Why do we collect this information?

We collect and handle information about you to:

  • provide the service you have asked for – for example, if you have a query or want to set up an account
  • process payments for crossings and charge the correct tolls
  • manage and maintain the bridge crossing, surrounding estate and road network infrastructure
  • keep you updated – for example, about tolls or maintenance works
  • meet our statutory obligations including those related to equality, health and safety
  • help us manage our services and plan improvements
  • protect individuals from the risk of harm or injury
  • manage our contractual relationships
  • provide information to central government, when we are required to do so by law;
  • provide customer satisfaction and resolve your issues
  • remotely monitor our property and infrastructure
  • manage incidents and traffic
  • support the safety of our team and individuals using the estate
  • help to monitor crime and anti-social behaviour in public spaces
  • establish, exercise or defend legal claims, where necessary.

Wherever possible we will be open and transparent with you about how we use your
personal information and who it is shared with.

Who do we share your information with?

We ask a number of service providers to maintain our systems and help us to deliver our services. This includes our toll system where we store your vehicle crossing and account information. Our third-party service providers are required to take appropriate security measures to protect your data in line with our policies and data protection requirements. We permit them to process your data only for specified purposes and strictly in accordance with our instructions.

We will not sell your personal information to third parties or direct marketing companies. Our website may contain links to other websites of interest. Once you have used these links we have no control over the third party site or how information provided by you on these sites is handled.

We may share your personal data with third parties if we are under a duty to disclose or
share your personal data in order to comply with any legal obligation.

There may be exceptional cases where we feel compelled to share your information for a
reason that outweighs your right to privacy.

Before sharing we aim to ensure that –

  • Technical safeguards such as encryption and access controls are in place
  • Risks are assessed through Data Protection Impact Assessments
  • Privacy Notices are up to date
  • Information Sharing Agreements are in place where appropriate
  • We have relevant contract clauses with suppliers

This list is not exhaustive, but we will never share your information if its sharing is not
permitted by law, and where your data is shared with third parties, we’ll seek to share the
minimum amount necessary.

What legally allows us to collect and handle information about you?

We must always have a lawful basis for processing your personal data.

There are six options available to us to legally process your personal data. These are set out in Article 6 of the UK GDPR.

For us the lawful basis will most often be ‘public task’ because our focus is delivering services to you that are permitted by statute (The Humber Bridge Acts 1959 – 2013).

Another lawful basis that we use for processing data is ‘contract’. This will apply for example to our account customers including concession accounts and guest crossings.

We may also use the ‘vital interests’ basis for processing information in emergency circumstances.

We may from time to time require your ‘consent’ for us to process your personal data. If that is the case, we will let you know at the point of data collection, and we will remind you that you have the right to withdraw your consent at any time.

For special category data (more sensitive data that requires more protection) we must also meet the conditions in Article 9. For example, for health information required for our concession scheme we may rely on Article 9 (g) reasons of substantial public interest (Schedule 1, para 16 of DPA 2018) support for individuals with a particular disability or medical condition.

A note on other sensitive information: We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others.

How long do we keep your data?

We will only keep your information for as long as is necessary. Once your information is no longer needed it will be securely and confidentially destroyed.

Some of the things we consider when deciding how long to keep data for are:

  • how long we need it to deliver the service to you
  • how long data retention is permissible under the relevant laws
  • whether the record should be archived under the public interest exemption

This means that different departments, and sometimes different activities within the same department, will need to keep records for different lengths of time. Examples include –

Camera System

CCTV is automatically overwritten after 30 days unless an incident has occurred requiring us to keep the information for longer.

Customer Service Enquiries

Information is stored for two years from the date of resolution unless an incident has occurred requiring us to keep the information for longer.

Crossing data

The system stores crossings for 365 days after which it is automatically overwritten unless saved for investigation or debt recovery. Crossing data includes date and time of bridge crossing and an image of the vehicle registration number.

Humber Bridge Toll Accounts

Account information is managed by you and on closure of the account will be stored for a short period of time as an inactive account, unless a debt remains unpaid in which case it is stored until the debt is resolved.

Disability Concession Accounts

Documents such as PIP or Motability provided by you to prove your eligibility for a concession account are stored until your application has been reviewed. Once your Concession Account has been approved your documents are stored for up to 12 months, after which they will be deleted from our system.

How do we ensure that your data is safe?

We will treat your information with care and endeavour to take all reasonable steps to keep your information secure once it has been transferred to our systems. We use a range of systems to store and process data including secure on-site servers, cloud-based services, databases and networks that require secure log-in. We follow cyber security training and protocols. All payments go through direct payment gateways, in adherence with Payment Card Industry Data Security Standards (PCI-DSS).

Systems are only available through strictly controlled security processes and we ensure that only the right people have access to such systems.

Where is your personal data processed?

Your information is processed on site at the Humber Bridge or on secure servers within the UK. If any of your information needs to be processed outside of the UK, for example, if we use cloud-based platforms or software as a service where host servers are located in another country, where data protection regulation is not comparable to the UK, any processing will be carried out with appropriate safeguards to ensure you do not lose the level of protection afforded by the UK Data Protection Laws.

Organisational Use of Artificial Intelligence

We are committed to the responsible use of Artificial Intelligence (AI)and ensuring that our AI implementations are ethical and transparent.

At no point will AI be used as a purely automated decision-making tool. If we use AI to facilitate or enhance our services we will ensure that individuals are informed of its use before their user journey begins.

Where AI is used as a tool by a member of our team for productivity or accessibility benefits, no specific notification will be provided.

What are your rights?

Data Protection Laws give you several rights relating to the way that we use your data and the way that you can access it. Not all rights are absolute and certain exemptions may apply.

The right to know what happens with your data

You have the right to be informed about:

  • what data we process about you
  • for what reasons we process the data
  • who we share it with
  • how long we will do this for
  • your rights
  • how to complain

The right to access your data

You have a right to access information we hold about you, through a subject access request subject to certain conditions and exemptions.

For more information see our website.

The right to correct inaccurate data

You have the right to have information corrected or completed if it is inaccurate or incomplete.

The right to restrict processing

You have the right to ask us to restrict the processing of your data in certain circumstances, for example while we check the accuracy of it.

The right to object

You have the right to object to us processing your data in certain circumstances

Rights relating to automated decision making and profiling

Despite use of ANPR in the initial stage of processing, the Humber Bridge Board does not use automated decision making or profiling systems that result in enforcement or other significant action. This means that any decision that will significantly affect you is made by a human.

Changes to our Privacy Policy

We keep our privacy policy and notices under review. We will put updates on our website and would advise you to check periodically for changes

Contact us

Humber Bridge Board is a data controller, registered with the Information Commissioner’s Office (ICO) [Registration Number Z6024905].

You can contact our Data Protection Officer via the Contact Us page on our website if you have any queries or wish to make a complaint about how your data is processed.
You are not required to pay a fee for exercising your rights. If you make a request, we have one month to respond to you.

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Or you can visit the Information Commissioner’s Office website.

Visitors

This privacy notice should be read alongside the General Privacy Notice and provides information about how personal data is used with regards to guests of the Humber Bridge Board who are invited to visit the Humber Bridge or surrounding estate infrastructure.

Please see the General Privacy Notice for details about your rights and who to contact about the use of your personal data.

What personal data do we collect and handle?

Information we may collect includes:

  • personal information e.g. name, address, postcode, date of birth, telephone number, email address
  • medical conditions and dietary requirements

What do we use the data for and what legally allows us to collect and handle this information about you?

We use your personal information to organise the visit and comply with our safety and security procedures. We are under a legal obligation to keep you safe during your visit and will only collect the information necessary to do this.

Where a tour participant is under 18 – consent of a parent or guardian will be required.

How long do we keep your information for?

We retain your personal information for 6 months following the visit.

Who do we share your data with?

In most circumstances this data will not be shared except in the event of an emergency where we may be required to disclose information to emergency services.

Any data sharing will be in line with the applicable Data Protection Laws.

Contractors and Suppliers

This privacy notice should be read alongside the General Privacy Notice and provides information about how personal data is used with regards to contractors and suppliers to the Humber Bridge Board.

Please see the General Privacy Notice for details about your rights and who to contact about the use of your personal data.

What personal data do we collect and handle?

Information we may collect includes:

  • personal information e.g. email address, car registration
  • medical conditions (where relevant to your work on the bridge)

What do we use the data for and what legally allows us to collect and handle this
information about you?

We use your personal information to manage our relationship with you and comply with our safety and security procedures. We are under a legal obligation to keep you safe whilst you remain on our site, and we may have contractual obligations to you. We will only collect the information necessary to manage our relationship with you

How long do we keep your information for?

We retain your personal information in line with our Retention policy.

Who do we share your data with?

Any data sharing will be in line with the applicable Data Protection Laws and any agreement we may have with you.

Surveys

This privacy notice should be read alongside the General Privacy Notice and provides information about how personal data is used when we occasionally ask for feedback and opinions regarding services that we provide.

Please see the General Privacy Notice for details about your rights and who to contact about the use of your personal data

What personal data do we collect and handle?

Information we may collect includes:

  • personal details e.g. name, address, postcode, date of birth, telephone number,
    email address
  • personal views and opinions relating to the survey

This list is not exhaustive; however the information we collect or share will always be proportionate and used only for the specified purpose.

What legally allows us to collect and handle information about you?

We may rely on the lawful basis of legitimate interest however it would depend on the
specific survey and therefore we would inform you about this at the time.

Who do we share your data with?

The information you give us will only be used and shared in the way specified at the outset

Job Candidates

This privacy notice should be read alongside our General Privacy Notice and provides information about how personal data is used in relation to people applying for work with us.

Please see the General Privacy Notice for details about your rights and who to contact about the use of your personal data.

The kind of information we hold about you

In connection with your application for work with us, we will collect, store, and use the
following categories of personal information about you:

  • The information you have provided to us in your CV and covering letter, including
    name, title, address, telephone number, personal email address, date of birth,
    gender, employment history, qualifications

We may also collect, store and use the following types of more sensitive personal information:

  • Information about your race or ethnicity, religious or philosophical beliefs, sexual orientation, age etc
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offences

If you are invited to interview, you will also need to provide original copies of your
entitlement to work in the UK.

How is your personal information collected?

We collect personal information about candidates from the following sources:

  • The candidate themselves
  • Any recruitment agency we may use, from which we collect the following
    categories of data: name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, training and references
  • Disclosure and Barring Service in respect of criminal convictions
  • Your named referees, from whom we may collect the following categories of data: name, job title, reason for leaving, suitability for the role applied for and general attributes
  • Home Office in respect of your right to work (if applicable)
  • DVLA in respect of your driving licence (if applicable to your role)
  • Occupational Health pre-employment screening service

How we will use information about you

We will use the personal information we collect about you to:

  • assess your skills, qualifications, and suitability for the role you have applied for, or any other role that may be suitable
  • carry out background and reference checks
  • communicate with you about the recruitment process
  • keep records related to our recruitment processes
  • comply with legal or regulatory requirements

We also need to process your personal information to decide whether to enter into a
contract of employment with you.

Having received your CV and covering letter we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview.

If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role you have applied for, or any other role that may be suitable.

If we decide to offer you a role, before confirming your appointment, we will request references and carry out an enhanced DBS check (if applicable to your role).

References provided in confidence would likely be exempt from the right of access.

Legal basis for processing

The legal basis for processing your personal data is:

  • To take steps before entering a contract
  • To comply with our legal obligations in relation to employment and equality law
  • Performance of our public task

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to process your application. For example, if we require references for a role and you fail to provide us with relevant details – we will not be able to take your application further.

How we use sensitive personal information

We will use your sensitive personal information (special category data) in the following ways:

  • We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process. For example, whether adjustments need to be made during an interview.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

The legal basis for processing special category data is: reasons of Substantial public interest, specifically

  • Equality of opportunity or treatment
  • Support for individuals with a particular disability or medical condition

Information about criminal convictions

We will process information about criminal convictions.

Depending on a role you have applied for, we may carry out a criminal record check (either a standard or enhanced check) in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for that role.

We have in place appropriate policy documents and safeguards which we are required by law to maintain when processing such data.

Data sharing

We will only share your personal information with the following third parties (if applicable) for the purposes of processing your application:

  • Disclosure and Barring Service for the purposes of carrying out the relevant criminal record check
  • Home Office for the purposes of confirming your right to work status in the United Kingdom
  • DVLA for the purposes of a driving licence check
  • Occupational Health screening service

How long do we keep your information

If your application is unsuccessful, your information will be retained for a period of six months from the date of the last update made to your candidate profile.

If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future for which we may wish to consider you, we will write to you separately seeking your explicit consent to retain your personal information for a fixed period on that basis.

If your application is successful and you commence employment with Humber Bridge. a copy of the information obtained during your recruitment will be transferred to and retained on your HR file in accordance with our data retention policy and applicable laws and regulations. This includes the results of any pre-employment checks.

Contact us

Humber Bridge Board
Ferriby Road
Hessle
HU13 0JG

01482 235500

Useful links

Pay your toll Unpaid toll notification Log in / register Info hub

Connect with us

Are you feeling okay?

Help is here