ITAL Group Limited is committed to compliance with all relevant UK and EU laws in respect of personal data, and to protecting the "rights and freedoms" of individuals whose information ITAL Group Limited collects in accordance with the General Data Protection Regulation (GDPR).
The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the "rights and freedoms" of living individuals, and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.
This section of the website explains what information we collect about our customers and the procedures we have in place to safeguard their privacy.
Who are we?
We are ITAL Group Limited; we provide support services to the transport industry and in particular the railway industry.
ITAL Group consists of two operating divisions: Independent Revenue Protection and Support (IRCAS), and the Appeals Service (AS).
Data Processors and Data Controllers
We are data processors, and in some cases the data Controllers, as defined under the GDPR. We are only allowed to process your personal data in accordance with the GDPR and for the purposes notified to the Information Commissioner. You can find more information at the Information Commissioner's website at www.ico.org.uk. The transport operating company that took your details are also the Data Controllers.
What personal information do we collect?
We collect the information that you give to a transport operating company when issued with a Penalty Fare or Unpaid Fare Notice, when you complete one of our forms, provide information via the website or answer our questions over the phone. We may collect information when you use our services e.g. make payments online. In addition, we may also obtain information about you from other lawful sources e.g. ITAL Group partners.
The legal basis for processing your data
At least one of the conditions set out in Article 6 (1) of the GDPR must be met in the case of processing your personal data. The conditions we satisfy are Legal Obligation, Public Interest and Legitimate Interest.
Do we collect sensitive personal data?
On occasion, we may need to collect what is called sensitive personal data. When required by law we will obtain your explicit consent to do this at the time when we collect the information.
What do we use the personal data for?
The personal information that we collect is used for the following purposes,
To ensure that we follow your instructions correctly and to improve our customer service, we may monitor and/or record any communication between you and us. By using this website and its services you consent to the collection and use of the information you provide for the purposes set out above.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under GDPR you are entitled to see the personal information we hold about you and you may ask to make any necessary changes to ensure that it is accurate and kept up to date. To make such a request either contact the train operating company or IRCAS in writing at PO Box 212, Petersfield GU32 9QB or firstname.lastname@example.org. Please clearly mark the envelope, or subject heading in the email, Subject Access Request.
Do we use your information for marketing purposes?
How we will contact you
This may be by post, e-mail, telephone or text messaging to SMS enabled devices depending on the information you have provided to us. If you are under the age of 18 contact will be sent to your Parent/Guardian.
How long do we keep your personal data?
We will retain your information for as long as necessary to fulfill the purpose(s) above, and in accordance with the law.
In general, this will be:
If you require your data to be deleted please contact the train operating company, after the appropriate period of time shown above, with your request.
When do we disclose your information to third parties, and why?
We will only disclose your information to other parties in the following limited circumstances
Data Protection Officer
ITAL Group Limited
PO BOX 212
What are cookies?
A cookie (web cookie, or browser cookie) is a small file which is stored on your computer when you visit a website. These files are used by the website for a number of things but mainly to track or trace where you have been on the website and what you are searching for.
Cookies are also used to enable you to submit payments and appeals online. With cookies disabled you would otherwise need to do this by contacting our support teams by phone or letter.
For a more details, you can read about cookies on Wikipedia.
In order to achieve this we use the popular Google Analytics system.
How to Disable Cookies
This website works best with cookies enabled, however if you wish to disable cookies, you can do this in your browser. Here are instructions on disabling cookies. This links to an instructional document maintained by a website which has no connection to ITAL Group.