Cookie policy

1. Introduction

This Cookie Policy explains how Bamford Bus Company Limited ("we", "us", or "our") uses cookies and similar tracking technologies on our website www.wrightbus.com. This policy should be read in conjunction with our Privacy Statement.

We are committed to transparency about how we collect and use data while you browse our website. This policy complies with the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulations 2003 (PECR) as amended by the Data (Use and Access) Act 2025 (DUAA), and guidance from the Information Commissioner's Office (ICO).

Data Controller Information:

Company Name: Bamford Bus Company Limited

Registered Office: North Bailey House, 12 New Inn Hall Street, Oxford OX1 2RP

Company Registration Number: 12214576

ICO Registration Number: ZB458594

Contact Email: [email protected]

2. What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

Cookies typically contain:

• The name of the website or domain that created the cookie
• A unique identifier (usually a randomly generated number)
• An expiration date that determines how long the cookie remains on your device
• Additional data specific to the cookie's purpose

3. How We Use Cookies

We use cookies and similar tracking technologies to:

• Ensure our website functions properly and securely
• Remember your preferences and settings
• Understand how you use our website and improve your experience
• Analyse website performance and identify areas for enhancement
• Deliver relevant content and marketing communications
• Detect and prevent fraudulent activity
• Comply with legal and regulatory requirements

4. Types of Cookies We Use

4.1 Strictly Necessary Cookies

These cookies are essential for the operation of our website and cannot be switched off. They enable core functionality such as security, network management, and accessibility. Without these cookies, services you have requested cannot be provided.

Under PECR as amended by the DUAA, strictly necessary cookies include those used for:

• Securityandauthentication: verifying your identity and maintaining secure sessions
• Network and service integrity: load balancing, managing service availability
• Fraud detection and prevention: identifying and blocking malicious activity
• Emergency assistance: enabling critical safety features
• Servicedelivery: remembering items in your shopping basket or form data during your session

Examples of strictly necessary cookies we use:

Table 1: Strictly necessary cookies

Legal basis: These cookies do not require your consent as they are strictly necessary for providing services you have requested.

4.2 Performance and Analytics Cookies

These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users receive error messages. The information collected is aggregated and anonymised[3].

Under amendments introduced by the DUAA, we may use certain performance cookies without consent where they:

• Collect statistical data to improve our website and services
• Are used solely for internal analysis purposes
• Do not identify you personally or track you across other websites
• Present low privacy risk to users

Examples of performance cookies we use:

Table 2: Performance and analytics cookies

Legal basis: Where these cookies meet the low-risk criteria under the DUAA, we rely on our legitimate interest in improving our website.

For other analytics cookies, we obtain your consent. You can opt out at any time through our cookie management tool.

4.3 Functionality Cookies

These cookies allow our website to remember choices you make (such as your username, language preference, or region) and provide enhanced, personalised features. Under the DUAA, certain functionality cookies may be set without consent where they enhance website appearance or performance without significantly impacting privacy.

Examples of functionality cookies we use:

Table 3: Functionality cookies

Legal basis: For low-risk functionality cookies that improve website appearance, we rely on the DUAA exemptions. For cookies that involve more extensive data processing, we obtain your consent.

4.4 Marketing and Targeting Cookies

These cookies track your browsing activity across websites to build a profile of your interests and deliver targeted advertising. They may be set by us or by third-party advertising networks with our permission.

These cookies require your explicit consent before being placed on your device.

Examples of marketing cookies we use:

Table 4: Marketing and targeting cookies

Legal basis: Consent. You can withdraw consent at any time by adjusting your cookie preferences or using our cookie management tool.

5. Third-Party Cookies

Some cookies on our website are set by third-party service providers. We carefully select our third-party partners and require them to comply with UK data protection laws. Third-party cookies we use include:

Table 5: Third-party cookies and providers

We have no control over third-party cookies once they are set. Please review the privacy policies of these third parties for information about their data practices.

6. Similar Tracking Technologies

In addition to cookies, we may use other tracking technologies:

Local Storage

HTML5 local storage allows websites to store data locally on your browser with no expiration date. We use local storage to:

• Cache website resources for faster loading
• Store user preferences persistently
• Maintain application state in web-based tools

Session Storage

Similar to local storage but data is cleared when you close your browser tab or window.

Pixels and Beacons

Small, invisible images embedded in emails or web pages that notify us when you open an email or visit a particular page. We use pixels to:

• Track email open rates and engagement
• Measure effectiveness of marketing campaigns
• Understand user behaviour patterns

Device Fingerprinting

We may collect information about your device configuration (browser version, screen resolution, installed fonts) to help identify returning visitors and detect fraudulent activity. This is used solely for security purposes and falls under strictly necessary processing.

All similar tracking technologies are subject to the same consent requirements as cookies under PECR.

7. Cookie Duration

Cookies can be classified by duration:

Session cookies: Temporary cookies that are deleted when you close your browser. Used for essential website functionality.

Persistent cookies: Remain on your device for a set period (specified in the cookie) or until you delete them. Used for remembering preferences and analysing website usage.

Our cookies typically last from a single session to 24 months, depending on their purpose. The specific duration for each cookie is listed in the tables above.

8. Your Cookie Choices and Controls

8.1 Managing Cookie Preferences

When you first visit our website, you will see a cookie banner that allows you to:

• Accept all cookies
• Reject non-essential cookies
• Customise your cookie preferences by category

You can change your cookie preferences at any time by:

• Clicking the "Cookie Settings" link in our website footer
• Contacting us using the details in Section 12

In compliance with ICO requirements, we ensure that[6]:

• Rejecting cookies is as easy as accepting them (equal prominence)
• Non-essential cookies are not set before you make a choice
• Your cookie preferences are respected across your browsing session
• You can easily withdraw consent at any time

8.2 Browser Controls

You can also control cookies through your browser settings. Most browsers allow you to:

• Block all cookies
• Block third-party cookies only
• Delete cookies after closing the browser
• View and delete individual cookies
• Receive notifications when cookies are set

Browser-specific cookie management:

• Google Chrome: Settings > Privacy and security > Cookies and other site data

• Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
• Microsoft Edge: Settings > Cookies and site permissions > Cookies and site data
• Safari: Preferences > Privacy > Manage Website Data

For detailed instructions, visit: https://www.aboutcookies.org/how-to-control-cookies

Pleasenote: Blocking or deleting cookies may impact your experience on our website. Some features may not function properly without certain cookies enabled.

8.3 Opting Out of Third-Party Advertising

You can opt out of interest-based advertising from participating companies through:

• Your Online Choices (Europe): https://www.youronlinechoices.com
• DigitalAdvertisingAlliance(US):https://optout.aboutads.info
• Network Advertising Initiative: https://optout.networkadvertising.org

You can also adjust privacy settings on social media platforms:

• Facebook: Settings > Ads > Ad Preferences
• Google: Ad Settings at https://adssettings.google.com
• LinkedIn: Settings > Account preferences > Advertising data

9. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal that requests websites not to track your browsing. Currently, there is no industry-wide standard for responding to DNT signals. We do not currently respond to DNT signals, but we provide you with comprehensive cookie controls as described in Section 8.

10. Updates to Cookie Technology and Legislation

The DUAA introduced significant changes to UK cookie law in 2025, providing greater flexibility for certain low-risk cookies while maintaining strong protections for user privacy[7].

Key changes include:

• New exemptions for statistical and analytical cookies that meet low-risk criteria
• Expanded definition of strictly necessary cookies to include security and fraud prevention
• Clarification that consent requirements apply to those who "instigate" cookie placement, not just direct placement
• Enhanced ICO enforcement powers with increased maximum fines
• Requirement for equal prominence of accept/reject options in cookie banners

We continuously monitor regulatory developments and ICO guidance to ensure our cookie practices remain compliant. The ICO's ongoing cookie compliance initiatives have resulted in over 95% of the UK's top 1,000 websites meeting compliance standards as of December 2025[8].

11. International Data Transfers

Some of our third-party service providers may process cookie data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including:

• Transferring data only to countries with adequate data protection standards recognised by the UK government
• Using International Data Transfer Agreements (IDTAs) approved by the ICO
• Implementing additional technical and organisational security measures

You can request further information about international transfers by contacting us using the details in Section 12.

12. ContactUs

If you have any questions or concerns about our use of cookies, please contact us:

Data Protection Officer

Richard Solomon

201 Galgorm Road, Ballymena BT41 1SA

Email: [email protected]

Phone: 02825641212

We will respond to your enquiry within 5 working days.

13. Your Rights

Under UK data protection law, you have rights regarding the personal data collected through cookies, including:

• Right of access: request information about cookie data we hold about you
• Right to rectification: correct inaccurate cookie data
• Right to erasure: request deletion of cookie data in certain circumstances
• Right to object: object to processing based on legitimate interests (including marketing cookies)
• Right to withdraw consent: withdraw consent for non-essential cookies at any time

For more information about your rights and how to exercise them, please refer to our Privacy Statement or contact our Data Protection Officer.

14. Complaints

If you are unhappy with how we use cookies, you can:

1. Contact our Data Protection Officer using the details in Section 12
2. Lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House

Water Lane Wilmslow Cheshire SK9 5AF

Helpline: 0303 123 1113 Website: www.ico.org.uk

15. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in:

• Our use of cookies and tracking technologies
• Legal and regulatory requirements
• ICO guidance and best practices
• Technology standards and industry developments

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Display a prominent notice on our website
• Re-request your consent for cookies where legally required

We encourage you to review this Cookie Policy periodically to stay informed about our cookie practices.

16. Definitions

Consent: Freely given, specific, informed, and unambiguous indication of your wishes by which you signify agreement to cookies being placed on your device.

Data Controller: The organisation that determines the purposes and means of processing personal data (in this case, Bamford Bus Company Limited).

DUAA: Data (Use and Access) Act 2025 - UK legislation that amended data protection and electronic communications laws.

ICO: Information Commissioner's Office - the UK's independent supervisory authority for data protection.

PECR: Privacy and Electronic Communications Regulations 2003 - UK legislation governing cookies, electronic marketing, and electronic communications.

Personal Data: Information relating to an identified or identifiable individual.

UK GDPR: UK General Data Protection Regulation - the UK's primary data protection legislation following Brexit.