Port Edgar Watersports CIC is the Data Controller. This means it decides how your personal data is processed and for what purposes.
Port Edgar Watersports CIC adheres to the seven principles of the GDPR:
– Process personal data lawfully, fairly and transparently
– Collect personal data for specified, explicit and legitimate purposes, not process for incompatible purposes
– Collect and process only adequate and relevant personal data and limit to minimum necessary
– Ensure all personal data held is accurate and kept up to date
– Not keep personal data in a form which permits identification of data subjects for longer than is necessary for purposes
– Process personal data in a manner that ensures security of personal data using appropriate technical and organisational measures
– Ensure and demonstrate compliance with GDPR accountability
When you buy a product or participate in a course at Port Edgar Watersports CIC we collect data to give you the best customer experience.
We collect data for the purposes of:
– Processing your booking
– Safely and effectively delivering your course
– Providing any relevant certificates / qualification documentation
– Complying with applicable laws, regulations and procedures
– Sharing with partners that support delivery of your course (see the ‘Who is my data shared with’ section for more information)
By buying a product, or booking or participating in a course you agree to Port Edgar Watersports CIC holding and processing, both electronically and manually, personal data about you.
Personal data will only be shared with a Port Edgar Watersports CIC employee or partner (see the ‘Who do you share my data with?’ section for more information) when it is relevant and for your safety or the safety of others taking part in the course.
Anyone under the age of 18 requires and adult to complete a Consent Form on their behalf. In addition to the information requested in the Adult Consent Form, the Young and Vulnerable Persons Consent Form requires the participant’s age to be included. This is to ensure the participant is put on the right course with other suitable learners, and to comply with legal guidance.
Schools – We do not collect and store data from young people coming with a school unless specifically requested to by the school. Schools have their own consent process and this information is retained by the teacher/s accompanying the group for all sessions that take place at Port Edgar Watersports CIC.
If a school asks us to store consent forms that they have collected we store them securely and destroy all information each year during our annual data review.
If a school asks to use our consent process, then we retain data the participant’s details in line with our normal data retention policy.
If a pupil is involved in an accident or an incident while on a course or session at Port Edgar Watersports we will record this event and stored the form for 7 years or until they reach 21 years old (whichever is later). This is to comply with our insurance and legal regulation that allows anyone under the age of 18 to make a personal injury claim against an organisation or an individual for up to three years after their 18th birthday, if they believe they may have been injured through negligence.
Data is collected:
– Through the booking process (online, in person or by phone)
– Through the Consent Forms
– Through an Accident and Incident report form
– Acceptance for inclusion on a mailing list
– By entering in to email, phone or face to face correspondence with an employee of Port Edgar Watersports CIC
We use a number of different systems to help us collect and process data. All of the organisations that supply these systems comply with the most up to date data protection regulation. Port Edgar Watersports CIC retains ownership of your data at all times and it is never shared with any third parties except with your permission or when required to by Law.
Most data is stored electronically, is password protected, and can only be accessed by authorised employees. Occasionally data may be stored in paper format. Paper data is stored in a locked cabinet and the key is stored in the safe, which can only be accessed by authorised employees.
Data is used to:
– Ensure you are booked on to the right course and sent the relevant course information
– Process your course payment
– Ensure your safety and the safety of others on your course
– Sign you up to any relevant online modules that your course may involve
– Issue any certificates / qualifications that are achieved by completing your course
– Compile anonymous statistics about Port Edgar Watersports CIC’s customers
Your data is only ever shared when it is necessary for the purposes of fully participating in your course. All organisations we share your data with adhere to the latest data protection laws.
Royal Yachting Association (RYA) – For some courses it is necessary to share some of your data with the RYA. This may be to enrol you on an online course, to issue a certificate or to register your qualification.
British Canoeing (BC) – For some courses it is necessary to share some of your data with British Canoeing and the Scottish Canoe Association (our British Canoeing Home Nation). This may be to issue a certificate or to register your qualification.
Adventure Activities Licensing Authority (AALA), RYA and British Canoeing are our governing bodies. Every 1-2 years they each inspect the centre to ensure it continues to operate to the high standards set by their organisations. During this process they do spot inspections of many of our systems and may come across personal data in the process. They never record this data or take it away and their staff are bound by the same data protection law which restricts them from sharing any personal data they come across while working for these organisations.
Edinburgh Marine Academy – Powerboat courses are run by Edinburgh Marine Academy (EMA), usually from Port Edgar. When you book a course with EMA they retain and process your data.
On occasion we use Freelancers to support the work we do at Port Edgar Watersports CIC. They are not directly employed by Port Edgar Watersports CIC and instead they are contracted in to do a short piece of work. They are always qualified to run the course they are taking and will adhere to Port Edgar Watersports Standard Operating Procedures. If necessary, we may share data with a freelancer that is involved in your course to ensure your safety and enjoyment on the course. Their contract with Port Edgar Watersports CIC states that they may not share any personal data, before, during or after their contract ends, that they obtained while working for Port Edgar Watersports CIC
Data will be retained by Port Edgar Watersports CIC for 7 years after the end of your course for both the need to adhere to legal compliance under financial regulation, and for the purposes of supporting or defending any potential legal claim. If you are involved in an accident or an incident involving someone under 18 your data will be held until the minor turns 21. This is to comply with our insurance and legal regulation that allows anyone under the age of 18 to make a personal injury claim against an organisation or an individual for up to three years after their 18th birthday, if they believe they may have been injured through negligence. Data will be held securely, only accessed by Port Edgar Watersports CIC’s senior management when absolutely necessary. It will not be shared with any third parties unless explicitly required to do so by Scottish Law.
Port Edgar Watersports CIC retains the data of anyone that is under 18 when they take a course for 7 years or until they reach 21 years old (whichever is later). This is to comply with our insurance and legal regulation that allows anyone under the age of 18 to make a personal injury claim against an organisation or an individual for up to three years after their 18th birthday, if they believe they may have been injured through negligence. complain to the Information Commissioners Office. [/toggle] [/toggles]
Every year we have a data audit to identify information that no longer needs to be retained. Once expired data has been identified we delete all personal data form our online systems and shred any paper data held. None of the systems that we use retain data once we have deleted it. We may keep anonymous data to compile statistics that are useful for business analysis and development, but no personal information will be identifiable.
At any point you can request, free of charge, to know exactly what data the Company holds on you. If this is incorrect you can request an amendment to this data.
Please email firstname.lastname@example.org or call 0131 319 1820 with your request and a member of the senior management team will get back to you as soon as possible.