Seafood Cornwall Training Data Protection Policy
1. SCOPE
This policy applies to SEAFOOD CORNWALL TRAINING LTD (SCT) and those subcontracted by SEAFOOD CORNWALL TRAINING (SCT). SCT provided training for commercial fishermen and seafarers and manages projects for the fishing industry. SCT is an Approved Training Provider for Seafish Industry Authority and Maritime Coastguard Agency.
2. CONTEXT
The General Data Protection Regulation (GDPR) 2018 requires the protection of personal data and all organisations which process personal data must be registered to do so. SEAFOOD CORNWALL TRAINING (SCT) is registered with the Information Commissioners Office.
3. PURPOSE
This policy sets out an understanding of data protection and the requirements of every member of staff and sub contractor in order that there may be full compliance with the GDPR 2018.
4. DEFINITIONS
4.1 SCT currently keeps details for five purposes:
- Accounts, Records and Memberships
- Advertising, Marketing and Public Relations
- Staff Administration and Project Management
- Contact details of course candidates
- Reporting to awarding / certificating bodies
4.2 Data is information which is recorded with the intention that it should be processed on computer or is recorded as part of a relevant filing system (i.e. manual system). There are two categories of data:
(see 4.2.1 & 4.2.2)
4.2.1 Personal data is information relating to a living individual who can be identified:
- from the data
- from the data which includes an expression of opinion about the individual
Example: name and address details
4.2.2 Sensitive personal data is information relating to:
- racial or ethnic origins of the data subject
- political opinions
- religious beliefs or other beliefs of a similar nature
- trade union membership
- physical or mental health
- sexual life
- the commission or alleged commission of any offence
- any proceedings for any offence committed or alleged to have been committed by the data subject.
In order to process these types of data consent from the data subject must be obtained by SCT handling the data. Explicit consent must be given.
5. POLICY
SCT has a data protection policy to ensure that it complies with all aspects of GDPR 2018 by setting out clear policies, responsibilities and codes of practice:
5.1 SCT intends to comply fully with all aspects of data protection legislation.
5.2 SCT will make all reasonable efforts to maintain a comprehensive written notification with the ICO.
5.3 SCT will do its utmost to ensure that all its staff and consultants are conversant with data protection legislation and practice.
5.4 SCT will only hold data for prescribed business purposes.
- These are Accounts, Records and Memberships
- Advertising, Marketing and Public Relations
- Staff Administration and Project Management
- Contact details of course candidates
- Reporting to awarding / certificating bodies
5.5 SCT will use a standard, ‘Privacy Notice’ in all SCT literature in which personal data is collected. The statement for use is:
Seafood Cornwall Training Ltd has a legal obligation to keep a record of your personal details and any basic safety training that you have completed. Details of what information we hold for you are available on request (please email info@seafoodcornwalltraining.co.uk or call 01736 364324).
We may contact you from time to time to check and verify your information. We are obliged to share this information with the Maritime Coastguard Agency and Seafish Industry Authority and other relevant/funding authorities on request.
We may also share your details with:
- Any other training providers you might approach (to enable them to check whether you might be eligible for any funding for training and to inform them what other training you might need to undertake)
- With the owner, managing agent and/or skipper of the vessel you are working on or wanting to work on (to confirm to them what training you have completed)
5.6 SCT provides procedures for access to personal data for all those for whom personal data is held. No charge should be levied on anyone (staff, personal members or other contacts) requesting access to their personal data. This will be reviewed if there is a high level of requests for access.
5.7 All staff may request sight of their personal details provided reasonable notice (at least 14 days in writing) is given.
6. DATA PROTECTION CHECKLIST
- Do you have a record of what personal data you hold? Do you know what you use it for?
- Do people know you have their personal data and understand how you use it?
- Do you only collect the personal data you need?
- Do you only keep personal data for as long as it is needed?
- Do you keep personal data accurate and up to date?
- Do you keep personal data secure?
- Do you have a way for people to exercise their rights regarding the personal data you hold about them?
- Do you and your staff (if you have any) know your data protection responsibilities?
7. COLLECTION OF NEW DATA
- Make sure you include SCT’S Privacy Notice on the form together with a relevant opt out for other communications.
- When collecting data from new contacts by phone, email, or letter, make sure that they know about our Data Protection Statement and Email statement
- When requesting a new page to be put on the website that will result in the collection of data ensure that the page contains a link to SCT’s Data Protection Statement and Email statement as appropriate.
- Check with the Office Manager that SCT has notified the ICO that this type of data is held.
- Delete the data when it is no longer required.
- Don’t take personal data from another organisation without the consent of the individual concerned.
8. USE OF DATA
Are you passing personal data to anyone else:
- Inside SCT
- Outside SCT
- Are you using blind copies when sending email distribution lists?
- Do not pass personal data to any person outside SCT without the permission of the individual to whom the data relates.
9. DISPOSAL OF DATA
- Ensure all paperwork containing personal information is disposed of by an approved confidential contractor or by shredding.
10. QUERIES
If you have questions about data protection, please refer them to the Training Manager.