This policy (together with our website terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

 

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

 

The rules on processing of personal data are set out in the General Data Protection Regulation 2018 (the “GDPR”).

 

DEFINITIONS & TERMINOLOGY

​

Data controller: A controller determines the purposes and means of processing personal data.

Data processor: A processor is responsible for processing personal data on behalf of a controller.

Data subject: Natural person

​

Categories of data: Personal data and special categories of personal data

Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

 

Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

 

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

​

WHO ARE WE?

 

Tarbert (Loch Fyne) Harbour Authority is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are:

 

 

Tarbert Harbour Authority

Harbour Office

Garval Road

Tarbert, Argyll

PA29 6TR.

Tel: 01880 820344

Email: info@tarbertharbour.co.uk

 

For all data matters contact our Office Manager and Data Representative, Pauline Laycock on the above details.

 

​

WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?

 

1. Performance of a Contract

 

In circumstances where you agree to enter into a contract or agreement with us in order for us to provide you with a product or service, then we may need to collect and use your personal information in order to carry out that agreement or contract. Instances in which this is the case are, for example, annual, seasonal and visitor berthing in the marina; commercial berthing and activity such as loading or landings; leasing of property, storage or miscellaneous services.

 

2. Legitimate Interests

 

In order to run our business and meet the needs of our customers, it is in our legitimate interest to keep those customers informed. To do so, we may use your personal data. For example, necessary notifications regarding your vessel, safety or environmental issues, harbour developments, as well as news, events and special offers.

 

While the former examples are a necessity, you have the right to refuse communications on the latter. You can update your preferences or opt out of marketing communications (news, events, special offers etc) at any time via the “unsubscribe” or “manage my prefernces” links at the bottom of such correspondence or alternatively, by contacting us directly by telephone or email (details above).

 

3. Consent

 

In other instances, we may collect and process personal data with your consent to do so. We will request such consent at the time of data collection, clearly highlighting the purpose for doing so. Of course, you have the right to refuse, and may opt out again at any time by using the “unsubscribe” or “manage my prefernces” links at the bottom of such correspondence or alternatively, by contacting us directly by telephone or email (details above).

 

4. Legal or Regulatory Obligation

 

We may need to collect and process your data to comply with the law. For instance, we might have to pass on details of a person who is suspect or involved in criminal activity to law enforcers such as the police, border control or customs.

​

USE & COLLECTION OF PERSONAL INFORMATION

 

We collect personal data (as defined by the GDPR, outlined in the earlier definition) in order to provide the best possible service to our customers and stakeholders and use different direct methods to do so. You may give us your personal details by filling in forms or by corresponding with us by post, telephone, email or otherwise – including using and engaging on our website (www.tarbertharbour.co.uk). This includes personal data you provide when you apply for our products or services, subscribe to our newsletter online, fill in a form on our website, either for feedback or enquiries, or upon entering a competition. Please note we do not collect or process any special categories personal data.

 

The information we may collect and process as well as how we use that information is detailed below.

 

Upon entering and agreement or contract with us, i.e. becoming a customer by up-taking one of our products or services, such as seasonal, annual or visitor berthing (leisure or commercial), we will request some or all of the following:

 

• Name
• Address
• Company (if applicable)
• Contact telephone number
• Email address
• Vessel details
• Home port (visitors)

 

We require your personal data as it is a contractual requirement. In this instance, we collect customer information in order to provide our service(s) to you, however,  new customers will have the choice to opt in to marketing communications separately, either on the berthing application form (with granular options) or in person at the reception or harbour office.

 

Those who opt to pay for our service via Direct Debit can do so via GoGardless – please note we do not collect or process any financial data such as bank details.

 

If you choose to use our public Wi-Fi service, operated and managed by data processor, WiFiSPARK, you will be asked for the following details:

 

• Name
• Email address
• Country of residence
• Home port
• Gender

 

We gather such information in order to inform ourselves and the wider marine tourism industry on the type of visitors we welcome to Tarbert, and where they come from. These details are reported and shared only on a statistical basis and the personal details (name and email address) will never be linked to these or shared with any third parties.

We also collect such information in order to tailor our special offers and marketing activities to specific demographics. However, we will only contact you with news, events and special offers if you have opted in to receive such marketing correspondence and you may change or opt out again at any time by using the “unsubscribe” or “manage my preferences” links at the bottom of such correspondence or alternatively, by contacting us directly by telephone or email (details above).

 

If you visit our website (www.tarbertharbour.co.uk), we may collect data pertaining to you as a website user via third party service, Google Analytics. However, this is statistical rather than personal data, used to monitor how people utilise and interact with our website, including usage and behavioural patterns. Personal data will only be collected via our website should you choose to fill in an online form to request information, provide feedback or subscribe to our newsletter. Similarly, we may use cookies on our website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information regarding this, please refer to our Cookie Policy.

 

Our website is not intended for children and we do not knowingly collect data relating to children.

​

WHO WE SHARE YOUR PERSONAL DATA WITH

 

Your personal data will be treated as strictly confidential. We will not share your personal data with any person or organisation outside of Tarbert Harbour Authority unless such organisation is acting as a data processor or providing an external third party service to our own organisation.

 

For example, the following GDPR compliant organisations provide services to us, act as data processors and are based within the UK:

 

• WiFiSPARK provide the public Wi-Fi network.
• EPOSNow provide our chandlery and reception till system.
• GoCardless provide the platform for Direct Debits.
• Campaign Monitor provide our email marketing platform.
• Harbour Assist provide our harbour management software.
• ColCom provide IT and System administration services.

 

Additionally, we use professional advisors including lawyers, bankers, auditors and insurers based within the UK who provide consultancy, banking, legal, insurance and accounting services.

 

In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective buyer or seller of such. We are also under obligation to disclose or share your personal data to comply with law enforcement and protect the rights, property or safety of Tarbert Habour Authority, including instances such as theft, fraud protection and border control.

​

DATA SECURITY

 

We have put in place appropriate measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

​

DATA RETENTION

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by emailing: info@tarbertharbour.co.uk.

​

YOUR LEGAL RIGHTS

 

Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:

 

• The right to request a copy of the personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary to retain such data;
• The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data;
• The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable 9i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests (or in performance of a task in the public interest/exercise of official authority); direct marketing or processing for the purposes of scientific/historical research and statistics).

 

If you wish to exercise any of the rights set out above, please contact our Office Manager, Pauline Laycock, on 01880 820344 or info@tarbertharbour.co.uk.

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complicated or you have made a number of requests. In this case, we will notify you and keep you updated.

​

 

CHANGES TO THIS POLICY AND YOUR DUTY TO INFORM US OF CHANGES

 

This privacy policy was created in line with the changes to data protection laws that came in to force on 25th May 2018, and this version was last updated on 20th May 2018.

 

We reserve the right to make updates and changes to this policy at any time and suggest that you check regularly for such changes.

 

Please keep us informed if your personal data changes during your relationship with us.  It is important that the personal data we hold about you is accurate and current.