Privacy Policy

one.network is committed to respecting your privacy, and any information provided to one.network will be held securely and will comply with applicable data protection and privacy laws. We have provided this privacy policy (the “Privacy Policy” or the “Policy”) to help you understand how we collect, use and protect your personal data and what your rights are in respect of your personal data. We wish to help you make informed decisions, so please take a few moments to read this and learn how we may use your personal data.

Who are we?                                            

Roadworks Information Limited, trading as one.network is the controller of the personal data you provide to us. Our registered Office is: 20 Farringdon Street, London EC4A 4EN and our company no. is 07589848 / VAT no. 120 2281 73.

How do we collect your information and what is covered by this privacy policy?

We obtain information about you when you contact us directly for example via email, telephone, social media channels, in writing or otherwise; in person, for example, at meetings, trade exhibitions, etc; and when you use our websites, app, products or services. We may also collect information indirectly from a third party. Data we collect in this way is specifically related to the highways and street works industries.

We require you to provide us with personal data when you subscribe to our products and services either via our websites, our app, our platform or other means. If this is withheld, it may not be possible to gain access to the products and services.

This Policy applies to our websites (https://uk.one.network/ and https://us.one.network/) and referred to throughout this Privacy Policy as the Website/Websites), the platform (https://one.network/) through which you may receive our products and services (hereinafter, the “Products and Services”), and the one.network mobile app (known as Live Link and referred to throughout this Privacy Policy as the “App”) .

What information do we collect?

Personal data means any information which relates directly or indirectly to an identified or potentially identifiable person.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

•     Basic contact information such as name, username (if the case), email address and phone number; and

•     Device, usage and behavioural information (such as the IP address of your device, information regarding what features of our services are accessed and when, location data etc.).

 

Location data is processed as follows:

1.     On our Platform:

If you engage with our Platform via mobile browser, we will request your permission to use your device’s location via a pop-up. Location data is requested solely for the purposes of providing you with our services as per our “What are the purposes and legal basis for processing your personal data?” section below. You will still be able to use our services even if you do not give permission for your device’s location data to be shared with us. Permission settings are stored by your device and you can change them whenever you like. We do not collect or store your location data. Location data will always be stored on your device.

If you engage with our Platform via desktop browser, we will request your permission to use your device’s location via a pop-up. Location data is requested solely for the purposes of providing you with our services as per our “What are the purposes and legal basis for processing your personal data?” section below. You will still be able to use our services even if you do not give permission for your device’s location data to be shared with us. Permission settings are stored by your browser and you can change them whenever you like.  We do not collect or store your location data. Location data will always be stored on your device.

2.     On our App:

When engaging with our App, we will request your permission to use your device’s location via an operating system pop-up. Location data is requested solely for the purposes of providing you with our services as per our “What are the purposes and legal basis for processing your personal data?” section below. We do not collect or store your location data. Location data will always be stored on your device.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Cookies

one.network uses cookies to deliver our web-based services and to understand what information our visitors and users find useful. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your computer or mobile device. These include small files known as cookies. Please, refer to our Cookie Policy to learn more about how we use cookies. 

What are the purposes and legal basis for processing your personal data?

Purpose of processing activity

Lawful bases for processing*

Communicating with existing and prospective customers, suppliers and partners for billing, pricing, contracting purposes

•   Necessary for the performance of our contract with you, or to take steps prior to entering into a contract with you. Where personal data is required for entering into a contract, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service.

Carrying out sales and marketing activities with existing and prospective customers and partners

•   Your consent, collected when you get in touch with us through our Website forms, when a user creates an account or when you sign up for a webinar; and

•   Where permitted by applicable data protection laws, we may rely on our legitimate interests instead of consent (where our legitimate interests are to pursue business development initiatives and keep customers/partners informed of relevant offers).

Identifying, tracking and advertising to website visitors

•   Your consent, collected when you visit our Websites; and

•   Where permitted by applicable data protection laws, we may rely on our legitimate interests instead of consent (where our legitimate interests are to pursue business development initiatives and keep you informed of relevant offers, and to improve our Services, offerings and the user experience).

 

Please see our Cookie Policy for further information.

Enabling access to and use of the Platform

•   Necessary to fulfil contractual obligations and provide you with our services. Where personal data is required for entering into a contract, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service.

 

Enabling the submission of product feedback

•   Necessary for our legitimate interests in assessing and improving performance, managing compliance, monitoring trends and developing new products.

Providing technical support and training

•   Necessary to fulfil contractual obligations and provide you with our services. Where personal data is required for entering into a contract, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service; and

•   Necessary for our legitimate interests in running effective services.

Sending email and SMS alerts relating to traffic disruptions**

•   Your consent, collected when the alerts are set up.

•   Every 6 months after consent is collected you will receive an email warning that the email alert will expire unless you select to continue receiving the alerts.

 

Enabling access to and use of the App

•   Necessary to fulfil contractual obligations and provide you with our services. Where personal data is required for entering into a contract, we will identify to you where information is mandatory. The consequences of not providing this information may include being unable to proceed with the requested service; and

 

To ensure the security and ongoing functioning of our Services, including through troubleshooting, activity monitoring, and system maintenance

•   Necessary for our legitimate interests in ensuring the security and ongoing functioning of our services and to comply with our legal obligations.

To allow us to detect, prevent, investigate and prosecute illegal activity, suspected fraud or other wrongdoing

•   Necessary for our legitimate interests in detecting, preventing, investigating and prosecuting illegal activity, suspected fraud or other wrongdoing, and to comply with our legal obligations.

To allow us to exercise or perform any right or obligation with is conferred or imposed on us by applicable law

•   Necessary to comply with an applicable legal obligation.

 

 

To allow us to establish, exercise or defend legal claims in potential or actual legal proceedings

•   Necessary to comply with an applicable legal obligation.

 

 

To allow us to comply with any applicable legal obligation, including obligations to retain your data for a certain period of time

•   Necessary to comply with an applicable legal obligation.

 

*Where we are relying on consent to process your personal data, you will have the right to withdraw your consent at any time in accordance with the “Your Privacy Rights” section below.

**There may be instances where a user requests and sets up alerts for other persons in their organisation and/or other interested stakeholders. In such cases, the persons in the user’s organisation and the interested stakeholders will always have the option to opt out of any SMS alerts set up on their behalf by the original user.

Who do we share your personal data with?

We may share your personal data with third-party recipients in the following circumstances: 

  • We may share your data with those third parties who need to process it so we can provide to you the products, services you have signed up to or requested or to further our research and development initiatives, to provide marketing and advertising support services and for optimised website services and products (for example we may share your data with some of these key services providers: AWS (cloud storage), Salesforce (CRM), Atlassian (repository), Aha! (feedback portal), Google (cookies), LinkedIn (cookies) etc.);
  • one.network may share personal data with professional advisors such as lawyers, tax advisors, auditors and insurers in the course of obtaining professional advice, and with agencies such as Companies House as required by legal obligations;
  • one.network may also share personal data relating to partners with its customers, and may share personal data relating to customers with prospective customers for providing references.
  • Personal data relating to platform users may be shared with others within the user’s organisation for purposes of using the platform and providing technical support and training.
  • one.network is also legally required to publicly disseminate information relating to Temporary Traffic Regulation Orders (TTRO), which may include contact information.
  • one.network group companies in line with the data uses set out in this Privacy Policy.
  • We may share your data if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests, or in order to enforce these terms or to investigate actual or suspected breaches.

 

We have safeguards in place with our service providers to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy. Please contact us via the contact details at the beginning of this Privacy Policy or at DPO@one.network if you would like to know more about the safeguards that we have in place.

Links to other websites

Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites ‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness.

International transfers of your personal data

We may transfer your personal data outside the United Kingdom and European Economic Area, including to other companies in the one.network group, third-party service providers and partners, and we put adequate safeguards in place when we do so. This includes only transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data, or by otherwise using an appropriate safeguard to ensure the ongoing protection of personal data, such as standard contractual clauses approved by the applicable regulatory authority. You may request further information on the safeguards we use by contacting us via the contact details at the beginning of this Privacy Policy or at DPO@one.network.

How do we secure your personal data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example, with respect to third-party supplier software, we use user authentication restrictions and multi-level permission model (e.g., read only access, or read-write access). Additionally, we take step to choose software solutions supplied by enterprise level providers that can attest to a high standard of security (e.g., through ISO certifications). 

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality (unless they are a third-party controller of your personal data, in which case they are also directly responsible for protecting your personal data). We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long do we retain your personal data?

We only retain your personal data for as long as is reasonably necessary to fulfil the purpose for which it was originally collected, or as otherwise required by applicable legal obligations. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. If we continue to retain your personal data in accordance with a legal obligation, any further processing of your data will be limited to compliance with such legal obligation.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal obligations.

Your privacy rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Depending on the lawful basis we are relying on and subject to some exceptions, you generally have the right to:

  • Access the personal data we hold about you;
  • Request a correction or update to personal data we hold about you;
  • Request erasure of the personal data we hold about you;
  • Object to our processing of your personal data;
  • Request that personal data we hold about you be restricted and only processed for limited purposes;
  • Withdraw your consent to our processing of your personal data at any time, where we are relying on consent as the lawful basis; and
  • Request the transmission of personal data we hold about you in a structured, commonly used, machine-readable format to a third-party service provider.

 

You also have the right to submit a complaint with the applicable data protection regulator. The data protection regulator in the United Kingdom is the Information Commissioner’s Office (ICO). The ICO may be contacted at https://ico.org.uk/make-a-complaint/. We would appreciate the opportunity to handle your concerns before you approach the ICO, so we ask that you contact us first in this instance.

If you would like to exercise any of your rights in relation to your personal data, please contact us via the contact details at the beginning of this Privacy Policy. We respond to all requests in accordance with applicable data protection laws. Please note, we may need to request specific information from you to help us confirm your identity as a security measure.

Your choices

To make things easier, we have an Email Preference Centre (EPC) [INSERT HYPERLINK], where you can review or change your preferences on what we contact you about. You can also opt-out of all communications if you want to. You can visit this and change your options at any time.[GT3]

If you sign up to receive email alerts, we will use your information only to provide the service you have requested. We may occasionally contact email alert subscribers to help us evaluate and improve the service we offer. If you inform us you wish to cancel email alerts, we will remove you from our mailing list and your details will be deleted from our records.

The accuracy of your information is important to us and you have the right to request a copy of your personal details at any time to check the accuracy of the information held.

We keep information until you request otherwise or our reasons for processing the information is no longer relevant. You also have the right to request that your personal information is deleted.

Please contact our Data Protection Officer (details below) if you would like to invoke either of these.

How to contact us about this Privacy Policy or make a complaint?

Our Data Protection Officer

one.network's Data Protection Officer is David McKay. You can contact David on 0207 127 6955 or at DPO@one.network.

ICO

If you have a query or complaint about how your personal data is being used, you can also contact the Information Commissioners Office, the supervisory authority that regulates personal data in the UK, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or by visiting their website: https://ico.org.uk  You can also contact them by telephone: at 0303 123 1113. Further details can be found here.

Updates to this privacy policy

We may update this Privacy Policy from time to time to reflect updates to our data processing activities or to remain compliant with changes in applicable data protection laws. We will make the updated Privacy Policy available here and on our other platforms, and we may contact you directly about updates where appropriate. Please check back regularly to stay informed about updates to this Privacy Policy.

This Privacy Policy was last updated on 25/05/2022.