This policy (together with our website terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The rules on processing of personal data are set out in the General Data Protection Regulation 2018 (the “GDPR”).
Data controller: A controller determines the purposes and means of processing personal data.
Data processor: A processor is responsible for processing personal data on behalf of a controller.
Data subject: Natural person
Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Tarbert (Loch Fyne) Harbour Authority is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are:
Tarbert Harbour Authority
Harbour Office
Garval Road
Tarbert, Argyll
PA29 6TR.
Tel: 01880 820344
Email: info@tarbertharbour.co.uk
For all data matters contact our Office Manager and Data Representative, Pauline Laycock on the above details.
In circumstances where you agree to enter into a contract or agreement with us in order for us to provide you with a product or service, then we may need to collect and use your personal information in order to carry out that agreement or contract. Instances in which this is the case are, for example, annual, seasonal and visitor berthing in the marina; commercial berthing and activity such as loading or landings; leasing of property, storage or miscellaneous services.
In order to run our business and meet the needs of our customers, it is in our legitimate interest to keep those customers informed. To do so, we may use your personal data. For example, necessary notifications regarding your vessel, safety or environmental issues, harbour developments, as well as news, events and special offers.
While the former examples are a necessity, you have the right to refuse communications on the latter. You can update your preferences or opt out of marketing communications (news, events, special offers etc) at any time via the “unsubscribe” or “manage my prefernces” links at the bottom of such correspondence or alternatively, by contacting us directly by telephone or email (details above).
In other instances, we may collect and process personal data with your consent to do so. We will request such consent at the time of data collection, clearly highlighting the purpose for doing so. Of course, you have the right to refuse, and may opt out again at any time by using the “unsubscribe” or “manage my prefernces” links at the bottom of such correspondence or alternatively, by contacting us directly by telephone or email (details above).
We may need to collect and process your data to comply with the law. For instance, we might have to pass on details of a person who is suspect or involved in criminal activity to law enforcers such as the police, border control or customs.
We collect personal data (as defined by the GDPR, outlined in the earlier definition) in order to provide the best possible service to our customers and stakeholders and use different direct methods to do so. You may give us your personal details by filling in forms or by corresponding with us by post, telephone, email or otherwise – including using and engaging on our website (www.tarbertharbour.co.uk). This includes personal data you provide when you apply for our products or services, subscribe to our newsletter online, fill in a form on our website, either for feedback or enquiries, or upon entering a competition. Please note we do not collect or process any special categories personal data.
The information we may collect and process as well as how we use that information is detailed below.
Upon entering and agreement or contract with us, i.e. becoming a customer by up-taking one of our products or services, such as seasonal, annual or visitor berthing (leisure or commercial), we will request some or all of the following:
We require your personal data as it is a contractual requirement. In this instance, we collect customer information in order to provide our service(s) to you, however, new customers will have the choice to opt in to marketing communications separately, either on the berthing application form (with granular options) or in person at the reception or harbour office.
Those who opt to pay for our service via Direct Debit can do so via GoGardless – please note we do not collect or process any financial data such as bank details.
If you choose to use our public Wi-Fi service, operated and managed by data processor, WiFiSPARK, you will be asked for the following details:
We gather such information in order to inform ourselves and the wider marine tourism industry on the type of visitors we welcome to Tarbert, and where they come from. These details are reported and shared only on a statistical basis and the personal details (name and email address) will never be linked to these or shared with any third parties.
We also collect such information in order to tailor our special offers and marketing activities to specific demographics. However, we will only contact you with news, events and special offers if you have opted in to receive such marketing correspondence and you may change or opt out again at any time by using the “unsubscribe” or “manage my preferences” links at the bottom of such correspondence or alternatively, by contacting us directly by telephone or email (details above).
If you visit our website (www.tarbertharbour.co.uk), we may collect data pertaining to you as a website user via third party service, Google Analytics. However, this is statistical rather than personal data, used to monitor how people utilise and interact with our website, including usage and behavioural patterns. Personal data will only be collected via our website should you choose to fill in an online form to request information, provide feedback or subscribe to our newsletter. Similarly, we may use cookies on our website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information regarding this, please refer to our Cookie Policy.
Our website is not intended for children and we do not knowingly collect data relating to children.
Your personal data will be treated as strictly confidential. We will not share your personal data with any person or organisation outside of Tarbert Harbour Authority unless such organisation is acting as a data processor or providing an external third party service to our own organisation.
For example, the following GDPR compliant organisations provide services to us, act as data processors and are based within the UK:
Additionally, we use professional advisors including lawyers, bankers, auditors and insurers based within the UK who provide consultancy, banking, legal, insurance and accounting services.
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective buyer or seller of such. We are also under obligation to disclose or share your personal data to comply with law enforcement and protect the rights, property or safety of Tarbert Habour Authority, including instances such as theft, fraud protection and border control.
We have put in place appropriate measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by emailing: info@tarbertharbour.co.uk.
Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:
If you wish to exercise any of the rights set out above, please contact our Office Manager, Pauline Laycock, on 01880 820344 or info@tarbertharbour.co.uk.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complicated or you have made a number of requests. In this case, we will notify you and keep you updated.
This privacy policy was created in line with the changes to data protection laws that came in to force on 25th May 2018, and this version was last updated on 20th May 2018.
We reserve the right to make updates and changes to this policy at any time and suggest that you check regularly for such changes.
Please keep us informed if your personal data changes during your relationship with us. It is important that the personal data we hold about you is accurate and current.