Itravelsmart Mobile Application Privacy Notice
Who is the Data Controller for this processing?
We are the Data Controller for this processing and Google process the information on behalf of us.
What services are covered by this privacy notice?
Itravelsmart is our official journey planning app. With up to date travel information, interactive maps, public transport timetables, plan a cycle ride and many more features such as using the quickest route or find out what buses serve the stops nearest your location.
Itravelsmart is simple and easy to use from a customer perspective and supports iOS and Android platforms and is free to download from the App Store or Google Play.
Firebase cloud messaging
Firebase cloud messaging uses instance IDs to determine which devices to deliver messages to.
Crashlytics provides information on why a crash occurred and what happened leading up to it. With this insight, you can uncover the root cause of crashes more quickly.
Firebase in-app messaging
In-app messaging helps you engage users who are actively using your app by sending them targeted and contextual messages.
Performance monitoring uses instance IDs to calculate the number of unique app instances that access network resources, to ensure that access patterns are sufficiently anonymous. It also uses instance IDs with Firebase remote config to manage the rate of performance event reporting. Additionally, it uses IP addresses to map performance events to the countries they originate from.
Firebase remote config
Remote config uses instance IDs to select configuration values to return to end-user devices.
Google analytics for Firebase
Google analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment.
What personal information do we hold?
We only collect and use the minimum amount of personal information required when delivering a service to you. Wherever possible we use non-identifiable personal information.
The service will use all of the personal information provided:
- the IP address and instance ID’s
- location that you accessed any of our online services from
- current location to effectively offer you the itravelsmart services.*
*If you chose not to share location, we will be unable to offer you the full level of intended service which relies on this data.
How do we use your personal information?
We use your information to:
- deliver the service, or handle your query
- plan and improve the services we offer
- research, however this would be in anonymised form unless we ask for your consent to use your personal information for this purpose
- personalise our services such as the nearest stops and services operating near your location
- ensure that itravelsmart app can effectively communicate with users in providing data rich information which is relevant to your requests/searches
- allow us to access meaningful statistics in relation to the most popular/less popular features within the travel app
Who else might we share your personal information with?
We do not share your information.
What is the legal basis for our use of your personal information?
Most of the personal information we process is provided to us directly by you, under the General Data Protection Regulation (GDPR), the lawful bases we rely on for using your personal information are:
- you gave us your consent (GDPR Article 6 (a) - you are able to remove your consent at any time by simply deleting the application from your device
Where will we store your information?
Your information will be securely stored on Google Firebased products (analytical data). Analytic data is received when you interact with the itrvalesmart app and website, which is referred to as “analytic data,” even if you have not created an account. For example, when you open the app, this is recorded as a session and through google analytics it provides an overview of which features within the app are more popular than others. If the app crashes the supplier can identify the cause of such crashes and fix them.
How long will we keep your personal information?
We will only use your personal information whilst delivering the service to you and to deal with any questions or complaints that we may receive about this, unless the law requires us to keep it for a longer period. In practice, this means that your information will be kept for maximum of 12 months then deleted.
If we need to use your information for research or reports, your information will be anonymised and any information taken from notes (hand written or typed) during any consultation sessions will be securely destroyed. The information will continue to be used in a summarised and anonymised form in any research reports or papers that are published. The anonymised information in the papers may be of historic interest and may be held in public archives indefinitely
Under data protection law, you have rights including:
- your right of access - you have the right to ask us for copies of your personal information
- your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- your right to erasure - you have the right to ask us to erase your personal information in certain circumstances
- your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances
- your right to data portability - you have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
To make a request follow the instructions on our Data protection for you page.
How to complain if you are unhappy about how your data is used
You can complain directly to our Data Protection team online or by post:
- Contact the DPO
- By post: Data Protection Officer, 4 Civic Way, Ellesmere Port, CH65 0BE
You also have the right to complain to the Information Commissioner’s Office using the following details:
Will my personal information be accessible outside the UK?
Should the transfer of personal information outside of the UK become necessary, it will only take place if permitted by law, and then only where there are appropriate safeguards in place to protect the personal information.
In order to safeguard your personal information and ensure you have the same rights as you would if your personal information was processed in the UK we have ensured that the parent company is registered with the US/UK Privacy Shield.