• There are no suggestions because the search field is empty.

Highways Passport Privacy Policy

Cookie-Policy

 

How we get the information and why we have it 

Passport is an access control and competency management system adopted by National Highways for the purpose of helping to monitor and improve the health and safety of maintenance and construction workers on the UK’s roads. All parties to the Passport Scheme will be joint data controllers and the primary controller will be National Highways. The lawful basis for processing the personal information captured by Passport is Article 6 (1) (e) of the General Data Protection Regulation. This processing is carried out because this personal information is needed in order to perform a public task; it is in the public interest to regulate the safety of personnel employed on road projects. 

Passport comprises a database of individual records (“Worker Records”), associated smartcards enrolled on to that database and mobile apps which an individual who is checking the card (“card checker”) may download onto a smartphone or tablet to access key data about cardholders on site to ensure they have the appropriate pre-requisites to work. Card checkers may request to check cards on other highways projects which they are undertaking for local authorities, which are not part of National Highways. Historic data is retained in Passport to enable workers to return to the workforce after a break without losing their historic record as well as provide historic information in the event of an investigation using historic records. More detailed information about how Passport works can be found here.

The primary data processors that currently deliver Passport are Mitie Security Ltd.
If you are a “Worker”/you work on highways projects, your personal data is processed for the purpose of participating in the Passport card scheme and to enable your primary or secondary employer/sponsor and their administrator users, card checkers and, in certain circumstances, parties who are “Associated” to your Worker Record, to view your current competences, training, qualifications and other associated information. This allows the health and safety of maintenance and construction workers on the UK’s roads to be monitored and improved. 


What type of information we have

National Highways sets the rules for how and what data should be processed by the system for National Highways projects. This data falls into two categories:

Essential:
Primary employers create and maintain their eligible worker records including payment of annual subscriptions and requesting a physical smartcard for each worker.

Worker record details include: some personal and contact details; a range of key competencies, qualifications/ training and their expiry dates; smartcard details as well as any card swipe activity.

Approved card checkers may swipe worker cards upon arrival at site level (including at induction) to check and validate worker credentials.

Approved users can issue visitor permits for visitors to site.

Optional:
Primary employers may request a virtual smartcard for any worker with a physical smartcard.

Primary employers award other competencies (in addition to the key competencies) to worker records including employer competencies;

Approved card checkers may award site-based events like toolbox talks and briefings to workers via the system’s mobile apps;

Approved card checkers may swipe workers in and out (not just spot check) which will confirm hours worked and provide baseline fatigue data.

Approved primary employer and sponsor administrators may monitor and manage forthcoming expiries (e.g. competencies, subscriptions etc).

Comprehensive card check and swipe analysis provides full breakdown on site activity.
Run both ad hoc and pre-defined reports (reports also exportable).

Ability to associate with workers employed by other companies and create crews in advance of work start.

What we do with the information we have

Your personal data will be shared with other parties as may reasonably be expected to fulfil the purpose for which it has been collected. For example, it will be shared with:

  • Mitie so that they can deliver the service for which they are the data processors;
  • Any person checking your card using the Passport mobile app when you access site;
  • System administrators working for your primary employer, secondary employer or sponsor so that they can update your record and generate reports about their workforce;
  • Other employers who are “Associated” with your record by your employer so that they can check your qualifications and other information before you undertake work for them.

It may also be shared where otherwise required for legal or safety reasons. Although National Highways sets the rules for what data is to be processed by Passport on National Highways projects, Passport may also be used to help monitor and improve health and safety of maintenance and construction workers on the UK’s other roads – e.g. those managed by local authorities.

Your primary employer is a data controller of your personal information within your Worker Record stored within Passport and should provide you with a separate privacy notice which covers this activity.

When you leave your current primary employer, your Worker Record will be retained in the system thus making it available to be picked up by another employer who will then be able to manage your Worker Record and should provide you with a privacy notice as a data controller with regard to your personal information. Whilst in this state, employers and people checking your card using the app cannot see your record beyond that information which is required for an employer to find and select you for employment within the system you should contact National Highways with any questions in this regard.

You can access a copy of your Passport Worker Record by logging into miValidate. 


How we store your information

Where Your Personal Data is Stored

Your personal data will be stored within the UK and will be processed by staff operating within the UK. Your personal data will not be transferred outside of the UK and the EEA unless there are appropriate safeguards or an adequacy decision in relation to the transfer as set out in the data protection legislation or the transfer otherwise complies with the data protection legislation. Such transfers may involve, for example, use of third party services to send e-mails or automated SMS messages which make use of facilities in third countries to process and store data. 

Security

All reasonable steps are taken to ensure your personal data is treated securely and in accordance with this privacy notice. To ensure data can only be accessed by the Passport mobile app, all cardholder and swipe data is securely encrypted prior to being stored on the device. The cardholder data is encrypted on the device and cannot be read by anything other than the Passport mobile app. All information about you is stored on secure servers. Where you have been given (or where you have chosen) a password which enables you to access certain parts of Passport, you are responsible for keeping this password confidential.

Retention Period

Your personal data will be deleted or anonymised once sufficient time has elapsed to be certain it will no longer be required for those purposes for which it may be used under this notice. This period is three years from the date of your last primary employment end date recorded on Passport. For visitors this period is three years from the date of the last recorded visit. Encrypted back-ups will be retained for a maximum of three years from the deletion or anonymisation of your personal data.

Links to Other Websites

Where links to websites of other organisations are provided, this privacy notice does not cover how that organisation processes personal information. You are encouraged to read the privacy notices on the other websites you visit. 

Your Data Protection Rights

Your Rights

As a data subject, you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information held about you in Passport and to check that it is being lawfully processed.
  • Request correction of the personal information held about you. This enables you to have any incomplete or inaccurate information held about you corrected.
  • Object to processing of your personal information where the reason for processing it is a “legitimate interest” and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object to your personal information being processed for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask for the processing of personal information about you to be suspended, for example while its accuracy or the reason for processing is established.
  • Where data processing is based on your explicit consent to such processing, you have the right to withdraw such consent (this will not affect the lawfulness of processing prior to the withdrawal of your consent).

If you wish to exercise any of these rights please contact the employer who manages your Worker Record, or Mitie, who act on behalf of National Highways, if you are a Worker and your Worker Record is in not currently linked to an employer or sponsor. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

How to Complain

Complaints to the Information Commissioner
You have the right to lodge a complaint about how your data is being processed with the Information Commissioner’s Office whose address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Contact Details

Where you contact any of the above, or when you report a problem with Passport, details of your correspondence including your email address and any other contact information you provide will be stored and processed for the purpose of responding to your communication.

A copy of this policy is available for download - HERE