Data Governance and Protection Policy

Last Updated: 20 Jan 2026

This policy describes what data we collect, how we use and protect it, and how to contact us regarding data-related enquiries.

1. Introduction

This Data Governance and Protection Policy explains how the Transport Manager Hub collects, uses, stores, shares, and protects personal data. It applies to all visitors to our website, members, event attendees, and any other individuals whose personal data we process.

We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and related legislation.

2. Data Controller

The Transport Manager Hub is the data controller for the personal data processed through this website, our membership systems, events, and communications.

If you have any questions about this policy or how your data is handled, you may contact us using the contact details published on our website.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data (such as name, job title, employer or organisation)

  • Contact data (such as email address, postal address, telephone number)

  • Account and membership data (such as membership status, login details, renewal dates)

  • Payment and transaction data (processed securely by our payment providers)

  • Event and training data (such as webinar registrations, attendance records, and participation)

  • Communications data (such as emails sent to or received from us)

  • Technical data (such as IP address, browser type, device information, and usage data)

  • Marketing and preferences data (such as communication preferences and consent records)

We do not intentionally collect special category personal data.

4. How We Use Personal Data

We process personal data for the following purposes:

  • Managing memberships, accounts, and renewals

  • Processing payments and administering subscription plans

  • Delivering member services, events, webinars, and training

  • Communicating with members and subscribers, including service updates

  • Providing access to recorded content and resources

  • Administering and improving our website and digital services

  • Monitoring usage, performance, and engagement

  • Complying with legal and regulatory obligations

  • Conducting marketing and promotional activities where permitted

5. Lawful Bases for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

  • Performance of a contract (for membership and service delivery)

  • Legitimate interests (for administration, service improvement, and analytics)

  • Consent (for marketing communications and certain cookies)

  • Legal obligation (for accounting, taxation, and regulatory compliance)

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure proper functionality, analyse usage, and support marketing activities. A cookie banner is in place to allow users to manage their preferences.

Further information about cookies used on the site is provided in our Cookie Policy.

7. Sharing and Disclosure of Personal Data

We may share personal data with third parties where necessary for operational, legal, or commercial purposes. This may include:

  • Website hosting, membership management, and email services (Squarespace)

  • Payment processing and subscription management (Stripe)

  • Webinar hosting and online events (Microsoft Teams)

  • Video hosting platforms for recorded content (YouTube)

  • Analytics and performance monitoring providers (such as Google Analytics)

  • Advertising and social media platforms for campaign measurement

  • Professional advisers, regulators, or authorities where required by law

We may also share personal data with partners, sponsors, or supporting members. This may include sharing contact details for marketing or lead-generation purposes.

Where personal data is shared with partners or sponsors:

  • It may occur in connection with sponsored campaigns, offers, or collaborations

  • Data may be shared on the basis of consent, legitimate interests, or contractual arrangements

  • Data shared may include contact details and professional information

While we aim to limit sharing to relevant and proportionate circumstances, this policy allows for broader data sharing where lawful and appropriate, including changes in operational practices over time.

We do not control how third parties use personal data once shared, and their processing will be subject to their own privacy policies.

8. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as adequacy regulations or contractual protections.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.

Retention periods may vary depending on the nature of the data and operational requirements. Data may be retained after membership ends where required or permitted by law.

10. Data Security

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration.

However, no system is completely secure, and we cannot guarantee absolute security of personal data transmitted or stored electronically.

11. Individual Rights

Under UK GDPR, individuals have rights including:

  • The right to access personal data

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object to processing

  • The right to withdraw consent at any time

Requests may be made using the contact details provided on our website. We may require verification of identity before responding.

12. Changes to This Policy

We may update this Data Governance and Protection Policy from time to time to reflect changes in legal requirements, technology, or our operations.

The latest version will always be published on our website, and continued use of our services constitutes acceptance of the updated policy.

13. Complaints

If you have concerns about how your personal data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).