What’s in these terms?
Updated January 2020
Who are we?
Data Protection Laws
In this Policy, the ‘Data Protection Laws’ means the General Data Protection Regulation (the GDPR) and any applicable legislation relating to privacy or data protection
Who is the Controller and the Processor?
A Controller is the natural or legal person, public authority, agency or other body that – alone or with others – determines the purposes and means of the processing of personal data. A Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Osprey Shipping Ltd is the Controller for the purposes of the Data Protection Laws. This Policy explains how Osprey uses and protects all personal information it holds about you. Our contact details are at the end of this Policy.
What is personal information?
Personal information is information that identifies (or that could identify) a living individual.
What types of personal information about you might we hold?
We collect and process information that you provide:
- by filling in forms on our website
- by contacting us
- in response to a survey
- through your distribution of any referral or affiliate link
We may hold and process any or all of the following personal information about you:
- Personal details such as your name, gender, age, date of birth, contact details.
- Details of your family, lifestyle and social circumstances.
- Employment details such as your employer and career history.
Other information we may hold about you
Why do we hold this information?
Osprey may hold your personal information in connection with its role as provider of services to clients and or as an employer.
Using your information in accordance with the Data Protection Laws
Data Protection Laws ask us to meet certain conditions before we can use your personal information in the way described in this Policy.
We rely on a condition that lets us use your personal information to comply with our legal obligations. We will keep the amount of personal information collected and the extent of any processing to a minimum. We will only process ‘sensitive’ or ‘special categories’ of personal information under the Data Protection Laws if you have explicitly consented to this or where there is an alternative legal basis for processing this information under the Data Protection Laws (e.g. it is required by law). Once you have given your consent, you can withdraw it at any time by writing to us using the contact details below.
What do we do with the information?
We may use your personal information for a number of purposes including:
- To carry out our obligations arising from any agreement that we have with, or concerning, you and to provide you with the information, benefits and services that you request from us.
- To notify you about services we provide or to enable you to access those services.
- For statistical, financial modelling, funding, accounting and reference purposes.
- For internal record keeping.
- For risk management purposes.
- Complying with our legal obligations, any relevant industry or professional rules and regulations or any applicable voluntary codes.
- Complying with demands or requests made by any relevant regulators, government departments and law enforcement or tax authorities or in connection with any disputes or litigation.
In addition, we may use your information:
- To ensure that our website is as fast and efficient as possible, and compatible with your software and settings.
- To enable our sub-contractors to provide aspects of our services to you.
- To analyse and improve the services we provide.
- To allow you to use different resources and materials on our website.
- To personalise the way information on our website is presented to you.
- To let you share content and materials on our site via social media or other communication means.
- To give you information that you’ve asked for or which we think may be of interest to you.
- To track the use of referral links you have shared.
If we have your consent to do so, we may send you marketing communications. You can stop receiving marketing messages from us at any time.
You can do this by:
- By clicking on the ‘unsubscribe’ link in any email.
- By contacting us at email@example.com
- Once you do this, we’ll make sure you don’t hear marketing messages from us again
- Stopping marketing messages will not stop service communications
How long do we keep your information for?
We will hold your personal information as long as we need to for service purposes. We won’t hold your personal information if we don’t absolutely need to.
Who will we share the information with?
We may share your information with other providers to process your information on our behalf. These third parties will be required to strictly comply with the instructions of Osprey. Some of these entities may also be controllers under the Data Protection Laws. However, in the first instance you should contact if you have any queries about how they use your personal information.
Where we store your personal data
The data that we collect from you may be transferred outside the UK or the EEA where the Scheme’s service providers host data outside the UK or the EEA. This will be governed by the Data Protection Laws.
Further, if you live or work outside of the UK or the EEA, we may need to transfer your personal data outside of the UK or the EEA to respond to any queries that you may have. Where this applies, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.
The following section explains your rights. The various rights are not absolute and each is subject to certain exceptions or qualifications.
- Right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are giving you this information.
- Right of access. You have the right to get a copy of your information (if we’re processing it), and other certain information (similar to that provided in this information notice) about how it is used. This is so you’re aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person’s rights.
- Right to rectification. You can ask us to take reasonable measures to correct your information if it’s inaccurate or incomplete.
- Right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, means you can ask for deletion or removal of your information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where we need to use the information in defence of a legal claim.
- Right to restrict processing. You have rights to ‘block’ or suppress further use of your information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- Right to data portability. You have rights to obtain and reuse certain personal data for your own purposes across different organisations. E.g., if you decide to move services, this enables you to move, copy or transfer your information easily between different service providers (or directly to yourself) safely and securely, without affecting its usability. This only applies to your information that you have provided that is being processed with your consent (if relevant) or to perform a contract that you are a party to, which is being processed by automated means. We do not expect this right to be relevant in the context of the services that we provide.
- Right to object. You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by us or by a third party such as the Trustee. We will can still process the information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims.
We will safeguard against the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. All our employees and any third parties we engage to process data are obliged to respect the confidentiality of such data provided to us and as required under applicable data protection or other legislation.
If you are not happy with the way in which your personal information is held or processed, please contact us using the details below. You also have the right to complain about data protection matters to the ICO. The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website. The ICO can be contacted by calling 0303 123 1113
Changes to this Policy
We keep this Policy under regular review. We may change it at any time. We will tell you about significant changes. Any changes we may make to this Policy in the future will be posted on this page. Please check frequently to see any update or changes to this Policy. This Policy is current as at January 30th 2020.
How to contact us?
If you have any queries about this Policy, or wish to exercise any of the rights above, please contact firstname.lastname@example.org