Rose Narrowboats Ltd
Security and Privacy Notice for Hire Boat Transactions
Those customers who choose to pay by credit or debit card are protected by our use of a secure payment system.
General Data Protection Regulation (GDPR) 2018 Compliance
Rose Narrowboats Ltd seeks at at all times to comply with English law, and to this end has produced a Privacy Notice and accompanying company policy relating to the processing and controlling of customers’ personal data which it needs to hold in order to enable business transactions to be completed.
Rose Narrowboats Ltd has to collect and process personal data in order to be able to make hire boat bookings in a manner which is compliant with relevant legislation. This privacy notice explains what personal data is and what personal data we collect, why we process that data and who controls the data. Should you wish us to alter information we hold, or to object or complain about the personal data we hold, or to make a formal complaint, this notice contains information to assist you in doing so, including the name of the person you need to contact and their postal address and e-mail address. We are responsible for keeping your data safe and secure and for complying with the principles of data protection as laid down in the GDPR.
The GDPR define personal data is ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Examples of personal data include: name; address; date of birth or any other information from which the individual can be identified.
Personal Data We Collect and Control
When you decide you wish to book a boat with Rose Narrowboats Ltd, in order to complete the booking contract
- we will need your contact details ( address, telephone number, email address etc) and payment details
- when you book a boat with us we will need to know personal information about all members of your party and any information for specific requirements. (You must ask them to give their consent for you to pass on this information)
- for reasons related to safety and insurance we will need details of any minors in the party
Sensitive Personal Data
We do not collect sensitive personal data from you or members of your booking party unless it is necessary for us to know additional information to make it possible for you to use our boats, for example whether the use of necessary electrically powered medical equipment is possible.
Personal Data We Process
Personal data we collect will be processed solely to create a booking for a hire boat. The data will be controlled and processed in-house by Rose Narrowboats Ltd using software designed for the purpose. We are the controller of this data. We do not engage in direct marketing and we never sell or disclose information about our customers to third parties. We may have to share your data with credit/debit card companies and our insurers if necessary in connection with your booking.
Lawful Basis for Processing
Rose Narrowboats’ Ltd’s lawful basis for processing your data is set out below:
- you consent to giving the data to us
- you enter into a contract with us for the hire of a boat
- the data may be used to protect or comply with your or your party members’ lawful interests and our own
Managing Your Information
Rose Narrowboats Ltd may use operating systems operated by third parties to help meet the business’s needs. If such systems are based outside the United Kingdom they will be fully compliant with relevant privacy laws within the Eueopean Economic Area or within those countries which are deemed to have approved privacy protection for such systems.
Updating Your Information
Should any of your information change before your hire contract with Rose Narrowboats Ltd has been completed, please let us know by contacting the Data Controller at the address shown at the end of this document.
Time Scales for Data Rentention
As a limited liability company Rose Narrowboats Ltd has to retain certain information for varying lengths of time to comply with English company law. We will keep your information for only as long as is necessary for us to comply with this legislation, and will dispose of your data thereafter in a safe and secure manner, in accordance with the requirements of the GDPR.
You have rights in relation to your personal data. Those rights are summarised below as the right :
- to be informed about the collection and use of your personal data
- to know our reasons for processing that data and our retention periods of that data;
- to know if your data is shared by us, and if so, with whom;
- for our information to be presented to you in an accessible and easy to understand manner
- to access your personal data and supplementary information held by us
- to have inaccurate personal data rectified or completed if it is incomplete
- to have personal data erased in certain circumstances
- the right to request the restrictiction or suppression of your personal data
- the right to data portability, so that you can obtain and reuse your data for your own purposes across different services
- the right to object to your data being processed for certain public interest, profiling, direct marketing and some scientific /historical research and statistics
Alterations, Objections, Complaints Procedure, Contact Details
Requests for the alteration of personal information we hold about you, or any requests for copies of personal information we hold about you, should be made to the Data Controller, Mr A W Grantham -Jackson, Rose Narrowboats Ltd, Stretton under Fosse, Nr. Rugby, Warwickshire, CV23 0PU. The information will be supplied free of charge and within the required timescale. Any objections relating to personal information held may also be addressed to him, or may also be referred to the Information Commissioner, whose e-mail address is: https://ico.org/concerns and whose telephone number is 0303 123 1113.
Privacy Notice Updating
This Privacy Notice and its accompanying policies will be reviwed annually (or earlier if cicumstances change) in accordance with Rose Narrowboats Ltd’s annual review and audit of all its operating systems and policies.
For additional information on our GDPR policy please see our full GDPR Policy on our website.
Further information relating to GDPR may be found on the website of the Office of the Information Commissioner UK, at https//ico.org.uk.
AKB May 2018