At Ember, we're committed to keeping your information private and secure. This notice sets out the personal data we collect and what we will do with it.
We are Ember Core Ltd (“we”, “our”, “us”), operating under the name Ember. We're registered with the Information Commissioner's Office under number ZA575885.
You can email us at firstname.lastname@example.org or write to us at Codebase Argyle House, 3 Lady Lawson Street, Edinburgh, EH3 9DR.
We may collect and process the following personal data about you:
Information you submit through our website or by any other means – e.g. your email address if you subscribe to a mailing list or the details you enter when purchasing a ticket
Information from a concession card when scanned on board the bus – the exact data can vary from card to card but typically includes your name, gender, date of birth and card type
CCTV footage captured from cameras on board our buses – we have cameras pointing both inside and outside the bus which are recording and may also be monitored live. Recordings are kept for up to 90 days. We do not record audio from these camera
Technical information related to your usage of this site – e.g. your IP address, operating system and browser
Records of communications – e.g. call recordings, emails and chat transcripts
The information we collect and process is currently used to:
Sell and verify tickets: Our lawful basis for using the data in this way is your consent when purchasing a ticket and our legitimate interest in verifying the ticket on boarding. We keep the data on expired tickets so that you are able to see details of your previous journeys, we can manage refunds or other issues and we can understand how our service is being used
Verify concessionary status: Our lawful basis for using the data in this way is our legitimate interest in verifying someone's concessionary status. Without this, we are not eligible to participate in the concessions scheme
Ensure safety and security on our vehicles: Our lawful basis for using the data in this way is our legitimate interest in using data from CCTV to ensure the safety of our drivers, vehicles and passengers. This includes outward facing cameras which may help us to investigate traffic accidents or vandalism
Market our products and services by email: Our lawful basis for using the data in this way is consent. We will only send marketing to people who have opted in and you can always unsubscribe (e.g. by clicking an unsubscribe link in an email)
Track, monitor and analyse how you use products and services we provide: Our lawful basis for using the data in this way is our legitimate interest to use this data to improve our product, manage our business and detect fraud
In some instances, we may use your data in ways that are not described above. However, we will update this notice before doing so.
As well as people working for us, we may disclose your personal data to:
We keep most of your data as long as you are using Ember and for up to 6 years after that. In some cases, we may keep the data for longer if it's in our legitimate interest (e.g. for fraud detection) or it's required to comply with the law. CCTV footage is kept for up to 90 days.
In some cases, the data we collect from you may be transferred to and stored by countries or organisations outside the European Economic Area (“EEA”). In these cases, we'll make sure that the European Commission says the country or organisation has adequate data protection, or we’ve agreed to standard data protection clauses approved by the European Commission with the organisation. Contact us if you'd like a copy of the relevant data protection clauses.
Your personal data is protected by legal rights, including your rights to:
For more information or to exercise your data protection rights, please email email@example.com.
If you have a question or want to complain about how we've used your personal data, email us at firstname.lastname@example.org. If you're not happy, you also have a right to complain to the data protection supervisory authority in the EU country where you live or work, or where you think a breach happened. The Information Commissioner's Office (ICO) is the UK regulator.
We may up date this notice from time to time. Any changes will be posted on this page and, if appropriate, sent to you by email.