1.4 We take the issue of security and data protection very seriously and strictly adhere to applicable data protection legislation. We are data controller of any personal data that you provide us.
1.5 Any questions relating to this policy and our privacy practices should be sent to Data Protection Officer, Sea Fish Industry Authority, 18 Logie Mill, Logie Green Road, Edinburgh EH7 4HS firstname.lastname@example.org.
2 How we collect information from you
2.1 We collect and process your personal information in the following ways:
- you may give us information about you via our Website. This may include information you provide when you contact us via the Website, or indicate your interest in any of our projects, campaigns or competitions;
- you may give us information by corresponding with us by mail, text, e-mail, (or other form of electronic communication), telephone or in person including by way of providing responses to our periodic stakeholder surveys;
- by visiting our Website we may automatically collect technical information which may form personal information; and
- we may receive personal data about you from various third parties and public sources (including Google Analytics);
2.2 We may supplement the information you provide with data from the public domain, such as Companies House and other public databases
2.3 This Website is not intended for children and we do not knowingly collect data relating to children.Live: 44758408 v 1 2
3 What information we collect
3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data from which an individual can no longer be identified (anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
- Contact Data: includes address, email address and telephone numbers;
- Financial Data: may include bank account and payment card details for levy payments;
- Technical Data: includes IP address, geographical location, browser type and version, operating system, referral source;
- Usage Data: includes information about how you use our Website such as length of visit, page views and website navigation paths, as well as information about the timing,frequency and pattern of your service use;
- Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preference.
4 Why we need this information about you
4.1 We use the information we collect about you:
- for statutory levy collection, verification and audit purposes;
- to enable us to carry out research on behalf of the industry;
- to contact our stakeholders to inform about ways in which they can engage with and benefit from research, knowledge exchange, skills development, benchmarking, statistics, sustainability and market development activity;
- to contact our stakeholders to explain how the levy is being spent;
- to provide you with information and services you have requested;
- to help us with understanding more about how our Website is used;
- to be able to send you communications that may be of interest to you, either electronically, by email or otherwise;
- contacting you in relation to our stakeholder surveys and to assess your responses to these surveys in order to assess how well you understand our remit, your perception of the work as an industry authority and the value of the statutory levy;
- to be able to respond to your query; and
- for all other purposes consistent with the proper performance of our operations. Live: 44758408 v 1 3
4.2 We will only use your personal data when we have legal grounds to do so. Most commonly, we will rely on one of the following legal bases:
- if necessary for the performance of a task carried out in the public interest or in the exercise of our official authority as set out in Fisheries Act 1981;
- to enable us to perform the contract we have entered with you, including provision of the services;
- if required to comply with a legal or regulatory obligation;
- if necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- if needed to protect your interests (or someone else's interests).
4.3 We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
4.4 We usually do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
5.1 It is your choice whether you receive information such as marketing from us. If you indicated that you are interested in receiving regular information about our activities, we may send you communications electronically or by post. We will not contact you for marketing purposes unless you have given your prior consent. If, at any time, you no longer wish to receive this information, please send a written request to email@example.com.
5.2 We use a third party provider, currently Click Dimensions, to manage and deliver our enewsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.
5.3 All of our email marketing correspondence gives you the option to opt-out of receiving further marketing emails. Please note that you will still receive emails directly related to an enquiry you raised with us.
7 Data Security
7.1 Please be aware that the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the complete security of your data transmitted to us electronically; any transmission is at your own risk. Live: 44758408 v 1 4
7.2 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
7.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8 Sharing of your information
8.1 The information you provide to us will be treated by us as confidential. However, we may also disclose your information to our suppliers and service providers for the purposes set out in this policy or for purposes approved by you. This will include providing your information to our third party provider(s) for the purposes of them contacting you and carrying out our stakeholder surveys mentioned above.
8.2 We require all third parties to respect the security of your personal data and to treat it in accordance with data protection legislation.
8.3 If our organisation is merged with another entity, your information may be disclosed to the other or new entity.
9 How long we will keep your information
9.1 We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you.
9.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10 Your rights
10.1 Under Data Protection legislation, you have the following rights in connection with your personal data, which can be exercised in certain circumstances:
- Right of access: you can request a copy of the personal information we hold about you and check we are processing it lawfully;
- Right to rectification: you can request that any incomplete or inaccurate information we hold about you is corrected;
- Right to erasure: you can request that we delete your personal information where there is no good reason for us to continue to process it. You must provide valid reasoning for your request. This can be exercised in conjunction with the right to object (see below); Live: 44758408 v 1 5
- Right to object: you can object to our processing of your personal information where we are processing on the basis of our 'legitimate interest' or that of a third party. We shall cease processing your personal data unless there are compelling and legitimate grounds for processing which override your interests;
- Right to restrict processing: you can request that we restrict our processing of your personal information. Information will be retained but not further processed;
- Right to data portability: where processing of personal data is carried out by automated means, you can request the transfer of your personal information to another party;
- Right to withdraw consent: where we are processing your personal data on the basis of consent, you have the right to withdraw your consent where we rely upon it as the lawful basis for processing; and
- Right to not be subject to decision making based on automated processing: you shall have the right to not be subject to decision making based solely on automated means including profiling.
10.2 If you would like to exercise any of your rights above, please contact us at firstname.lastname@example.org
10.3 You also have the right to complain to the Information Commissioner's Office in relation to our use of your information. In the United Kingdom, the Information Commissioner's Office can be contacted via their website - www.ico.gov.uk.
11 Third Party Websites
13 Your duty to inform us
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
14 CONTACT US