The association is a data controller. It can be contacted as follows:
Data protection contact: Kerrie Forster, CEO
The association is a trade association for the owners and operators of workboats. It acts as a liaison for member companies with regulatory bodies, promotes maritime training and safety, and provides a forum for discussion between its members. Data is generally collected and processed to fulfil contractual obligations of membership, for event participation and/or for other relevant activities. We consider that we have a legitimate interest in collecting and processing data for these purposes in order to meet the objectives set out above.
2. Our responsibilities
The association abides by the six GDPR principles relating to the processing of personal data, i.e. that it should be:
3. Data we collect
For most purposes, the data we collect will be limited to your name, the company you work for and your contact details (email address, telephone number and street address), which are needed for us to provide our services – e.g. to contact you, to deliver goods, to filter distribution lists so that you only receive relevant information. A failure to provide required data may mean that we are not able to provide such services to you.
The following is a non-exhaustive list of data we collect. Where other methods are used, an additional data protection/privacy statement will be provided at the collection point and/or this policy updated.
Membership – The association is a membership organisation, with member companies that may provide personal data on those employees who are nominated to represent them. This data may additionally include a role or job title, to help verify the appropriateness of the nomination. We will notify such individuals of their nomination and our processing of their personal data on this basis. Data is used to provide a variety of member services. Member contact lists are maintained in order to send regular industry updates and communications via email to members. Names and company affiliations form part of a record of activity, such as minutes of committee meetings, proceedings of seminars and workshops, and as part of committee election materials. Business contact details may be shared with committee and workgroup members for the sole purpose of furthering the association’s published objectives and work programme. Such data is generally retained indefinitely, subject to the rights of data subjects to restrict processing.
Publication sales – The association occasionally sells printed and electronic guidance documents, and other publications. It collects only that data which is necessary to identify the customer, deliver their goods, apply appropriate taxes and complete required accounting records. This data is retained in accordance with accounting rules.
Events – The association organises forums and an Annual General Meeting, to which its members and selected others are invited. As part of this activity, only that data is collected which is required for contacting delegates about event arrangements and providing reports on event outcomes. Such data is retained in accordance with accounting rules (as needed for paid events, but also for non-paid events for simplicity).
Certification – The association operates the Voluntary Towage Endorsement Scheme on behalf of the MCA. As part of this, it collects and processes personal data relating to candidates, which includes additional identity verification (such as passport or driving licence details), details of relevant certification and work history and a history of the application process, including examinations and resits. Such data is generally retained permanently. This is required to ensure a robust system that ensures the competence of those working in the towage industry.
Other business records – The association maintains email, other electronic and physical records of business activities, which may contain personal data provided by individuals as part of normal business communications.
4. How we protect your data
The association uses industry leading online services and a variety of security software and hardware to ensure personal and other data is suitably protected.
5. Provision of data to/processing by third parties
The association will comply with any legal requirements to provide data to national authorities.
For the purposes of providing services as per contractual agreements and other legitimate business interests, the association may provide personal data to courier and mailing companies to enable delivery of documents and other physical goods. The association reviews the capabilities and policies of such providers before using them.
The association may engage third-party Service Providers to manage and use contact lists as part of regular internal communications with the membership. Where a third-party acts as a ‘data processor’ on behalf of the association, these third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
The association staff may access data while travelling on association business. Such access is controlled by appropriate cybersecurity controls.
6. Further information and contacts
You also have the right to lodge a complaint directly with a supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK (or any other EU supervisory authority you prefer).
The ICO has extensive guidance to your rights and our responsibilities on its website (ico.org.uk).