Privacy Policy

Stakeholder Privacy Notice

Teddington and Alstone Advisory Group is committed to protecting your privacy and ensuring that your personal information is collected and used appropriately, lawfully and transparently.

This Privacy Notice explains:

  • Who we are
  • The information we collect
  • Personal information
  • Special category information
  • Cookies
  • Data retention
  • On what basis we collect data
  • How we use your personal information
  • Who we share your information with and why
  • How we keep your information secure
  • Your rights
  • Communications (instead of “Marketing”)
  • How to contact us

 Who We Are

Teddington and Alstone Advisory Group has been set up “to prevent any enhancement, expansion or redirection of the A46 which would have a negative impact on our villages.”

We achieve this by:

  • Gaining knowledge and understanding of all relevant initiatives, studies, modelling, surveys etc. of the A46
  • Raising awareness of these with residents
  • Getting involved in any consultations
  • Influencing decisions about any changes to the A46
  • Lobbying local politicians and government bodies
  • Commissioning our own studies such as pollution monitoring to give us leverage with our lobbying
  • Identifying potential partners we could work with to strengthen our ability to influence such as businesses or other affected villages

Currently, Teddington and Alstone Advisory Group determines the purposes and means of processing personal client data relating to the services we provide. We are therefore the data controller for these core services and are solely responsible for managing this stakeholder data and ensuring compliance.

What Personal Information Do We Collect?

The personal information we collect includes your name, address, email address and telephone number.

Types of personal information collected

  • Name
  • Address
  • Email
  • Telephone Number (optional)

We collect personal information when you:

  • Contact us about the services we offer
  • Visit our website
  • Register to receive a downloadable article or newsletter

Team members’ personal information we collect includes the same details (name, address, email, telephone) to enable effective communication.

Cookies

Cookies are small digital files that your computer holds about the websites you have visited. They store a modest amount of personal data such as your surname and first name and are specific to your usage. Cookies enable websites to work more efficiently and provide information to webmasters about how you use their site.

Our website uses only essential session cookies that enable the site to function. No tracking or profiling cookies are set.

You can modify your cookie settings so that your browser does not accept them, but this may disable some website features. More information is available at www.aboutcookies.org or www.allaboutcookies.org.

Data Retention

We keep personal information only as long as required for the original purpose. When it is no longer required, we dispose of it securely. Because our activities are limited to campaigning and communication, personal data is retained for the duration of the campaign plus a maximum of 24 months after the campaign ends, after which it is securely deleted unless you have requested longer storage. Retention periods for any high‑risk processing activities are documented in the Record of Processing Activities (RoPA) (see Schedule A).

On What Basis Do We Collect Data

We process personal data on the lawful bases set out in the UK GDPR and the Data Protection Act 2018.

  • Legitimate interest is used for the purpose of keeping supporters informed about the campaign.
  • Consent is relied upon where required (e.g., when you voluntarily subscribe to a newsletter).

If a processing activity is classified as high‑risk (see Schedule A), we must maintain a RoPA and appoint a Senior Responsible Individual (SRI).

How We Use Your Personal Information

Your personal information is processed and stored to enable us to:

  • Perform and maintain our contracted obligations and comply with regulatory legislation
  • Provide the information and services you have requested (e.g., campaign updates, meeting invitations)
  • Improve, modify and personalise the communications we send you
  • Share publications and statistical analysis that may be of interest to you
  • Audit the personal information we have gathered
  • Increase the security of our network and data systems

You may withdraw consent at any time; doing so may affect our ability to keep you informed about the campaign.

Who We Share Your Information With & Why

We generally do not share your personal information with commercial third parties. The only disclosures are:

  1. Information Commissioner’s Office (ICO) – when a data audit is requested.
  2. Police and fraud‑prevention agencies – when we receive a lawful request.

How We Keep Your Information Secure

We use market‑leading technology throughout our service to ensure compliance with security standards and legislation. We continually review our IT security policies and procedures to safeguard against breaches.

Governance – New Requirements

Senior Responsible Individual (SRI)

The SRI is a senior‑management member responsible for overseeing high‑risk data‑processing programmes, ensuring compliance with the data‑protection test, and reporting to the Board. The SRI works alongside the Data Protection Officer (DPO) but has authority over strategic decisions, budgeting for privacy controls, and incident‑response escalation.

High‑Risk Processing & Record of Processing Activities (RoPA) – Schedule A

Schedule A – Determining High‑Risk Processing

High‑risk processing includes any of the following (non‑exhaustive):

  • Large‑scale profiling or automated decision‑making that produces legal effects or similarly significant impacts.
  • Processing of special‑category data on a large scale.
  • Systematic monitoring of a publicly accessible area.
  • Processing that involves a novel technology with uncertain privacy implications.

If any of the above apply, the organisation must:

  1. Maintain a detailed RoPA.
  2. Appoint an SRI (see Governance).
  3. Conduct a Data Protection Impact Assessment (DPIA).

International Transfers – Data‑Protection Test

When transferring personal data outside the UK, we rely on the data‑protection test (the successor to the EU‑UK adequacy decision). A transfer is permitted only if the destination passes this test or we use an approved safeguard (standard contractual clauses, binding corporate rules, or the new public‑authority mechanisms for entities performing public‑nature functions).

Automated Decision‑Making

We may employ automated processes for service personalisation. Under the new Bill, the threshold for “significant” automated decision‑making has been liberalised; nevertheless we will:

  1. Conduct a DPIA whenever the decision‑making has a legal effect or a similarly high impact on individuals.
  2. Provide a clear explanation of the logic involved upon request.

Communications

All communications from the group are purely informational (updates on the campaign, invitations to public meetings, newsletters about progress, etc.). They are sent on the basis of legitimate interest in keeping supporters informed.

We have carried out a legitimate‑interest balancing test and concluded that our interest in informing campaign participants outweighs any impact on your privacy.

You may opt‑out at any time by contacting us using the details below.

Your Rights

Under the UK GDPR you have the following rights:

  • Right to be informed – we communicate how we use your data, why we store it, how long we keep it, and who we share it with.
  • Right of access – you may request a copy of the data we hold about you.
  • Right to rectification – you may ask us to correct inaccurate data.
  • Right to erasure – you may request deletion of data that is no longer needed.
  • Right to restriction of processing – you may ask us to limit processing of your data.
  • Right to data portability – you may obtain your data in a structured, commonly used format.
  • Right to object – you may object to processing, including direct communications.

Requests can be made using the contact details in the “How to Contact Us” section. We will respond within one calendar month.

How to Contact Us

Christopher White
Hillview House
Walnut Court
Teddington
Gloucestershire
GL20 8WB

Telephone: +44 (0)793 375 271
Email:admin@taagroup.co.uk

How to Complain

If you are unhappy with how we handle your personal data, we will investigate and seek to rectify the issue. If you remain unsatisfied, you may raise your concerns with the ICO:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF

Telephone: +44 (0)303 123 1113

Note – GDPR vs. UK GDPR

The EU GDPR is an EU regulation and no longer applies to the UK. If you operate inside the UK, you must comply with the Data Protection Act 2018 (DPA 2018).

The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. In practice, there is little change to the core data‑protection principles, rights and obligations. GDPR recitals add depth and help to explain the binding articles. Recitals continue to have the same status as before—they are not legally binding; they are useful for understanding the meaning of the articles.

A cookie is a small text file containing information that a website transfers to your computer’s hard disk/smartphone for record-keeping purposes and allows us to analyse our site traffic patterns. Full details in our Privacy Policy

Teddington & Alstone A46 Advisory Group