We are committed to taking care your of your privacy in relation to any personal data we collect about you. This includes personal data we collect through our website, survey participation, direct communication with us or through third party providers.
1. Who we are and scope of our policy
1.3 We take security and data protection seriously and follow all relevant data protection legislation. We are the data controller of any personal data that you provide us.
2. How we collect information from you
2.1 We collect and process your personal information in the following ways:
- On the Seafish website. This may include information you provide when you contact us via the website, or indicate your interest in any of our projects or campaigns;
- You may give us information directly through mail, text, email, (or other form of electronic communication), telephone or in person. This includes providing responses to our regular stakeholder surveys;
- By visiting our website we may automatically collect technical information which may form personal information; and
- We may receive personal data about you from third parties and public sources (including Google Analytics).
2.2 We may supplement the information you provide with data from the public domain, such as Companies House and other public databases.
2.3 This website is not intended for children and we do not knowingly collect data relating to children.
3. What information we collect
3.1 Personal data means any information about an individual from which that person can be identified. It does not include data from which an individual can no longer be identified (anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about you. We have grouped this data in the following ways:
- Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
- Contact Data: includes address, email address and telephone numbers;
- Financial Data: may include bank account and payment card details for levy payments;
- Technical Data: includes IP address, geographical location, browser type and version, operating system, referral source;
- Usage Data: includes information about how you use our website such as length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use;
- Marketing Data: includes your preferences in receiving marketing from us and your communication preference.
4. Why we need this information about you
4.1 We use the information we collect about you:
- for statutory levy collection, verification and audit purposes;
- to enable us to carry out research on behalf of the industry;
- to contact you about our work which we think might be of benefit to you;
- to contact our levy payers to explain how the levy is being spent;
- to provide you with information and services you have requested;
- to help us with understanding more about how our website is used;
- to contact you about taking part in our stakeholder surveys and to assess your responses to these surveys so we can improve our services;
- to allow us to respond to your query; and
- for all other purposes consistent with the proper performance of our operations.
4.2 We only use your personal data when we have legal grounds to do so. Most commonly, we rely on one of the following legal bases:
- if necessary for the performance of a task carried out in the public interest or in our role as a statutory authority as set out in the Fisheries Act 1981;
- to let us perform the contract we have entered with you, including any services we provide;
- if required to comply with a legal or regulatory obligation;
- if necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- if needed to protect your interests (or someone else's interests).
4.3 We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
4.4 We usually do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you. You have the right to withdraw consent to marketing at any time by contacting us.
5. Using your data for marketing
5.1 It is your choice whether you receive information such as marketing from us. If you indicate that you would like to receive regular information from us, we may send you communications electronically or by post. We will not contact you for marketing purposes unless you have given your prior consent.
5.2 If you no longer wish to receive information by post, please send an email request to firstname.lastname@example.org.
5.2 We use a third party provider called Click Dimensions to manage and deliver our newsletters via email. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our newsletters.
5.3 All of our email marketing correspondence gives you the option to opt-out of receiving further marketing emails. Please note that you will still receive emails directly related to an enquiry you raised with us.
7. How we keep your data secure
7.1 Please be aware that the sending information via the internet is not always completely secure. We do our best to protect your personal data but we cannot guarantee the complete security of your data sent to us electronically. Any data you provide in this way is at your own risk.
7.2 We have security measures in place to stop your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to any employees, agents, contractors and other third parties who have a business need. They will only process your personal data on our instructions and they have a duty to treat it confidentially.
7.3 We have procedures to deal with any suspected personal data breach. We will notify you and any relevant regulator of a breach where we are legally required to do so.
8. Sharing your information
8.1 The information you provide to us is treated as confidential. However, we may also disclose your information to our suppliers and service providers for the purposes set out in this policy or for purposes approved by you. This will include providing your information to our third parties for the purposes of them contacting you and carrying out work such as our stakeholder surveys.
8.2 We require all third parties to respect the security of your personal data and to treat it in line with Data Protection legislation.
8.3 If our organisation is merged with another entity, your information may be disclosed to the other or new entity.
9. How we store information
9.1 We review our data retention periods regularly and only hold your personal data for as long as we need it.
9.2 The length of time we hold your data depends on:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of harm from unauthorised use or disclosure of your personal data;
- the purposes for which we process your personal data and whether we can achieve those purposes through other means, and;
- any applicable legal requirements.
10. Your rights
10.1 Under Data Protection legislation, you have the following rights in connection with your personal data. In certain circumstances, you have:
- Right of access: you can request a copy of the personal information we hold about you and check we are processing it lawfully;
- Right to rectification: you can request that any incomplete or inaccurate information we hold about you is corrected;
- Right to delete: you can request that we delete your personal information where there is no good reason for us to continue to process it. You must provide valid reasoning for your request. This can be exercised in conjunction with the right to object (see below);
- Right to object: you can object to our processing of your personal information where we are processing on the basis of our 'legitimate interest' or for a Third Party. We shall cease processing your personal data unless there are compelling and legitimate grounds for processing which override your interests;
- Right to restrict processing: you can request that we restrict our processing of your personal information. Information will be retained but not further processed;
- Right to data portability: where processing of personal data is carried out by automated means, you can request the transfer of your personal information to another party;
- Right to withdraw consent: where we are processing your personal data on the basis of consent, you have the right to withdraw your consent where we rely upon it as the lawful basis for processing; and
- Right to not be subject to decision making based on automated processing: you shall have the right to not be subject to decision making based solely on automated means including profiling.
10.2 If you would like to exercise any of your rights above, please contact us at email@example.com
10.3 You also have the right to complain to the Information Commissioner's Office in relation to our use of your information. In the United Kingdom, the Information Commissioner's Office can be contacted via its website www.ico.gov.uk.
11. Third Party Websites
13. Your duty to inform us
13.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Any questions relating to this policy and our privacy practices should be sent to:
Data Protection Officer
Sea Fish Industry Authority
18 Logie Mill
You can also email firstname.lastname@example.org.
This policy notice was last updated on 2 September 2020