At Crew Scotland Ltd (the organisation) we are committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information from people who visit our website which includes the data of our members, sub-contractors, clients and potential clients of our services. This also includes how we use it, the conditions under which we may disclose it to others and how we keep it secure. The policy applies to the personal data of all such persons.
By using our website, you are agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to Crew Scotland Ltd, 82/15 The Shore, Leith, Edinburgh EH6 6RG.
Data Protection Principles
The organisation processes personal data in accordance with the following data protection principals:
- Lawfulness, fairness and transparency - The organisation processes personal data lawfully, fairly and in a transparent manner
- Purpose limitation - The organisation collects personal data only for specified, explicit and legitimate purposes
- Data minimisation – The organisation only processes personal data where it is adequate, relevant and limited to what is necessary for the purposes of processing
- Accuracy – the organisation keeps accurate personal data and takes all responsible steps to ensure that inaccurate date is rectified and deleted if required
- Storage limitation – the organisation keeps personal data only for the period necessary for processing
- Security – the organisation adopts appropriate measures to ensure that personal data is secure and protected against unauthorised or unlawful processing and accidental loss, destruction or damage
- Accountability – the organisation takes responsibility for complying with the principles, and to have appropriate processes and records in place to demonstrate that we comply
How do we collect information?
We obtain information about you when you use our website, for example, when you register as a client or Crew Network member, when you contact us about products and services, or if you register to receive one of our email newsletters.
What type of information is collected from you?
The personal information we collect might include your name, address, email address, and information regarding what pages are accessed and when. If you purchase a product or service from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.
The Legal Basis for which we hold your personal data
We hold data under the following permitted reasons provided by the GDPR of which at least one reason will apply to your data:
- Consent – the individual has given clear consent for you to process their personal data for a specific purpose
- Contract – the processing is necessary for a contract you have with the individual or because they have asked you to take specific steps before entering into a contract
- Legal obligation – the processing is necessary for you to comply with the law (excluding contractual obligations)
- Vital interests -the processing is necessary to protect someone's life
- Public task – the processing is necessary to perform a task that is in the public interest that is set out in law
- Legitimate interests – the processing is necessary for the purpose of your legitimate interests pursued by the controller or by a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests
Under the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, you have the following rights in relation to the information that we hold about you (your 'personal data').
- The right to request access to your data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- The right to request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- The right to request erasure of your data. This enables you to ask us to delete or remove your data in certain circumstances for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- The right to object to the processing of your data, where we are processing it to meet our public tasks or legitimate interests (or the legitimate interests of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- The right to request that the processing of your data is restricted. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your data to another party
To ask the organisation to take any of these steps, the individual should send the request to email@example.com.
Further information on these rights is available from the Information Commissioner's Office.
Third party service providers working on our behalf
The organisation may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send mailers). When the organisation uses third party service providers, we disclose only the personal information that is necessary to deliver the service and have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. The option to unsubscribe from mailers will be given on each piece of communication – see point 3 under Individual Rights above.
The organisation takes the security of personal data seriously. The organisation has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or discloser and to ensure that data access is limited to personnel who require access in the proper performance of their duties.
If the organisation discovers that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, if will report it to the Information Commissioner’s Office (ICO) within 72 hours of discovery. The organisation will record all data breaches regardless of their effect.
Individuals are responsible for helping the organisation keep their personal data up to date. Individuals should let the organisation know of personal date changes, for example if he/she has a new email address or changes his/her bank details.
The individual will have the right to ask for a copy of the personal data undergoing processing by the organisation. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
Use of 'cookies'
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union ("EU"). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, youʼre agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
We keep this Policy under regular review. This Policy was last updated in February 2020.