STA
PRIVACY POLICY
Last Updated: 27 August 2025
1. INTRODUCTION
Swanage Traffic Alliance ("STA", "we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy applies to all personal data we process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users, or any other data subject.
We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.
2. DATA CONTROLLER
For the purposes of the UK GDPR and Data Protection Act 2018, the data controller is:
Organization: Swanage Traffic Alliance
Email: johnsilver@swanagetraffic.org.uk
Address: Swanage, Dorset, United Kingdom
If you have any questions about this Privacy Policy or our privacy practices, please contact us using the details above.
3. INFORMATION WE COLLECT
3.1 Personal Data
We may collect and process the following personal data:
- Names (when provided via forms)
- Email addresses (for newsletters and updates)
- Phone numbers (if voluntarily provided)
- Postal addresses (for campaign materials)
- Photographs or videos (in evidence submissions)
- Location data (related to traffic incidents)
3.2 Usage Data
We automatically collect certain information when you visit our website:
- IP addresses
- Browser types and versions
- Operating system information
- Pages visited and time spent
- Referring websites
- Click-through rates
- Date and time of visits
3.3 Submitted Content
When you interact with our website, you may provide:
- Evidence of traffic violations
- Community feed posts
- Campaign testimonials
- Comments and feedback
- Survey responses
3.4 Special Category Data
We do not intentionally collect special category data (such as data concerning health, religious beliefs, political opinions, or sexual orientation). If such data is inadvertently submitted, we will delete it unless we have explicit consent to process it.
4. HOW WE COLLECT INFORMATION
4.1 Direct Collection
We collect information directly from you when you:
- Contact us through email or contact forms
- Post to our community feed
- Register as a supporter
4.2 Automatic Collection
We collect information automatically through:
- Server logs
- Analytics tools
- Cookies and similar technologies
- Pixel tags and web beacons
4.3 Third-Party Sources
We may receive information about you from:
- Social media platforms (when you interact with our social media presence)
- Other supporters who refer you to our campaign
- Public sources and databases
5. HOW WE USE YOUR INFORMATION
We process your personal data for the following purposes:
- Campaign Communications: Sending updates, newsletters, and important announcements about our traffic safety initiatives
- Community Engagement: Facilitating community discussions and sharing supporter stories
- Inquiry Response: Responding to your questions, comments, and requests
- Website Improvement: Analyzing usage patterns to improve website functionality and user experience
- Statistical Analysis: Creating aggregated reports on traffic patterns and safety concerns
- Legal Compliance: Meeting our legal and regulatory obligations
- Safety and Security: Protecting our website, users, and organization from fraud and security threats
- Advocacy: Using evidence and testimonials to advocate for traffic safety improvements with local authorities
6. LEGAL BASIS FOR PROCESSING
We process your personal data based on one or more of the following legal grounds:
6.1 Consent
Where you have given clear consent for us to process your personal data for specific purposes, such as:
- Newsletter subscriptions
- Marketing communications
- Use of non-essential cookies
6.2 Legitimate Interests
Where necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes:
- Operating our website and ensuring its security
- Conducting our traffic safety campaign activities
- Analyzing website usage to improve our services
- Preventing fraud and ensuring network security
6.3 Legal Obligations
Where processing is necessary to comply with legal obligations, such as:
- Responding to lawful requests from law enforcement
- Complying with court orders
- Meeting regulatory requirements
8. DATA RETENTION
We retain personal data for no longer than necessary for the purposes for which it was collected:
- Newsletter subscribers: Until you unsubscribe or request deletion
- Evidence submissions: 7 years from submission date (for legal purposes)
- Website analytics: 26 months
- Contact form inquiries: 2 years from last contact
- Community posts: Indefinitely unless deletion is requested
- Server logs: 1 year
After the retention period, data is securely deleted or anonymized. We regularly review our data retention practices to ensure compliance.
9. YOUR RIGHTS
Under UK GDPR, you have the following rights regarding your personal data:
9.1 Right of Access
You have the right to request copies of your personal data we hold, including information about how we use it.
9.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure ('Right to be Forgotten')
You can request deletion of your personal data, subject to certain legal exceptions.
9.4 Right to Restriction
You can request that we limit how we process your personal data in certain circumstances.
9.5 Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
9.6 Right to Object
You can object to processing based on legitimate interests, direct marketing, or research purposes.
9.7 Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affects you.
9.8 How to Exercise Your Rights
To exercise any of these rights, contact us at: privacy@swanagetraffic.org
We will respond to your request within one month. We may need to verify your identity before processing your request.
11. SECURITY
We implement appropriate technical and organizational measures to protect your personal data:
11.1 Technical Measures
- Encryption of data in transit using HTTPS/TLS
- Secure password policies and authentication systems
- Regular security updates and patches
- Firewall protection
11.2 Organizational Measures
- Limited access to personal data on a need-to-know basis
- Confidentiality agreements with staff and volunteers
- Regular data protection training
- Data protection impact assessments for new processes
- Incident response procedures
11.3 Data Breach Procedures
In the event of a data breach, we will:
- Notify the ICO within 72 hours where required
- Notify affected individuals if there is a high risk to their rights
- Document the breach and our response
- Review and improve our security measures
12. CHILDREN'S PRIVACY
Our website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age.
If we discover that we have inadvertently collected personal data from a child under 16 without parental consent, we will promptly delete such information from our systems.
If you believe we have collected information from a child under 16, please contact us immediately at privacy@swanagetraffic.org.
13. INTERNATIONAL TRANSFERS
Your personal data is primarily stored and processed within the United Kingdom.
If we need to transfer data outside the UK, we ensure appropriate safeguards are in place:
- Adequacy decisions by the UK government
- Standard contractual clauses approved by the ICO
- Binding corporate rules where applicable
- Your explicit consent for specific transfers
Some of our third-party service providers may process data outside the UK. We ensure they provide appropriate security measures and comply with UK GDPR requirements.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors.
When we make significant changes, we will:
- Update the "Last Updated" date at the top of this policy
- Post a notice on our website homepage
- Email subscribers about significant changes where appropriate
- Obtain new consent where required by law
We encourage you to review this policy periodically to stay informed about how we protect your information.
15. COMPLAINTS
If you have concerns about how we handle your personal data:
15.1 Contact Us First
We aim to resolve any concerns quickly and fairly. Please contact us at:
Email: privacy@swanagetraffic.org
Post: Data Protection Officer
Swanage Traffic Alliance
Swanage, Dorset
United Kingdom
15.2 Information Commissioner's Office
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Helpline: Available on ICO website3
Live chat: Available on ICO website
Post: Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
16. CONTACT INFORMATION
For any questions, requests, or concerns regarding this Privacy Policy or our data protection practices:
Data Protection Contact:
Email: johnsilver@swanagetraffic.org.uk
We aim to respond to all privacy-related inquiries within 5 business days and to formal data subject requests within one month as required by UK GDPR.
This document was last updated on 27 August 2025. For the most current version, please visit our website at swanagetraffic.org/privacy