Privacy policy

Who we are

Our website address is: https://www.westnautical.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Our contact form collects your name, email address and telephone number so we can add you to our mailing list to keep you updated with our latest fleet updates, news and offers.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

We do not share our data with any third parties.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Privacy Impact Assessment (PIAs) Policy & Procedure for West Nautical

Privacy Impact Assessments (PIA’s) are an integral part of taking a ‘privacy by design’ approach. PIA’s are a tool that West Nautical uses to identify and reduce the privacy risks of a project or service. A PIA can reduce the risk of harm to individuals through misuse of their personal information and helps West Nautical to design a more efficient and effective process for handling personal data.

The core principals of the PIA process are integrated within our existing project and risk management policies with the aim of reducing the resources necessary to conduct the assessment and spreading awareness of privacy throughout the Company.

An effective PIA will allow West Nautical to identify and fix problems at an early stage. PIAs must be applied to new projects or services as well as processes that involve changes to an existing project or service.

West Nautical has a process that outlines how we will approach PIAs.

Privacy Risk

PIA’s assist West Nautical in identifying privacy risk, which is the risk of harm through an intrusion into privacy. This is the risk of harm through use or misuse of personal information. Some ways that this risk can arise are through personal information being:

Inaccurate, insufficient or out of date;

• Excessive or irrelevant;

• Kept for too long;

• Disclosed to those who the person it is about does not want to have it;

• Used in ways that are unacceptable to or unexpected by the person it is about; or

• Not kept securely.

The outcome of a PIA is to minimise privacy risk. The aim of this policy is to enable West Nautical to develop an understanding of how it will approach the broad topics of privacy and privacy risk.

Benefits

PIAs allow individuals to be reassured that we follow best practice when using their information. A project or service which has been subject to a PIA should be less privacy intrusive and therefore less likely to affect individuals in a negative way. A PIA should also improve transparency and make it easier for an individual to understand why their information is being used.

The process of conducting the assessment will also improve how the Company uses information which impacts on individual privacy. This should in turn reduce the likelihood that the Company will fail to meet its legal obligations.

Conducting a PIA will help the Company build trust with our staff and the people using our services. The actions taken during and after the PIA process can improve the Company’s understanding of its stakeholders.

Consistent use of PIA’s will increase the awareness of privacy and data protection within the Company and ensure that all staff involved in designing projects think about privacy at the early stages.

When should we use PIAs?

The core principals of PIA can be applied to any project that involves the use of personal data, or any other activity which could have an impact on the privacy of individuals.

A PIA should be used on new projects or services, or when making an amendment to a current project or service. The PIA should be built into the project management structure.

Who should carry out the PIA?

The Company will decide who is best placed to carry out a PIA. The Data Protection Officer (DPO) is well placed to have a significant role in a PIA. However, the PIA is designed to be used by anyone within the Company. For the PIA to be effective it should include some input from various people within the Company who are involved in a project or a service and who will each be able to identify different privacy risks and solutions.

What should the PIA do?

The PIA should be flexible so that it can be integrated with the Company’s existing approach to managing projects. The PIA should incorporate the following:

• Identify the need for a PIA.

• Describe the information flows.

• Identify the privacy and related risks.

• Identify and evaluate the privacy solutions.

• Sign off and record the PIA outcomes.

• Integrate the outcomes into the project plan.

• Consult with internal and external stakeholders as needed throughout the process.

PIA Procedure within West Nautical

Screening questions to assess if a PIA is required

If the answer is yes to any of the questions below, then using a PIA may be useful.

Will the project or service involve the collection of new information about individuals?

• Will the project or service compel individuals to provide information about themselves?

• Will information about individuals be disclosed to organisations or people who have not previously had routine access to this information?

• Are you using the information about individuals for a purpose it is not currently used for, or in a way it is not currently used?

• Does the project involve using new technology which might be perceived as being potentially privacy intrusive?

• Will the project result in the Company making decisions or taking action against individuals in ways which can have a significant impact on them?

• Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations?

• Will the project require you to contact individuals in ways which they may find intrusive?

Step One

Identify the need for a PIA – Explain what the project aims to achieve, what the benefits will be to the organisation, to individuals and to other parties.

You may find it helpful to link to other relevant documents related to the project, for example a project proposal.

Also summarise why the need for a PIA was identified (this can draw on your answers to the screening questions).

Data Flow

• How is the information collected?

• How is the information stored?

• How is the information used?

• How is the information deleted?

Step Two

Describe the information flows.

The collection, use and deletion of personal data should be described here, and it may also be useful to refer to a flow diagram or another way of explaining data flows. You should also say how many individuals are likely to be affected by the project or service.

Privacy Risks

• Are there any privacy risks to individuals?

• Are there any compliance risks to the Company, such as fines for non-compliance?

• Are there any Company level risks?

Explain what practical steps you will take to ensure that you identify and address privacy risks. Who should be consulted, internally and externally? How will you carry out the consultation? You should link this to the relevant stages of your project management process.

Consultation can be used at any stage of the PIA process.

Step Three

identify the privacy related risks.

Identify the key privacy risks and the associated compliance and corporate risks. Larger-scale PIAs might record this information on a more formal risk register.

Step Four

Identify privacy solutions.

Describe the actions you could take to reduce the risks, and any future steps which would be necessary (e.g. the production of new guidance or future security testing for systems).

Step Five

Sign off and record the PIA outcomes.

Who has approved the privacy risks involved in the project? What solutions need to be implemented?

Step Six

Integrate the PIA outcomes back into the project plan.

Who is responsible for integrating the PIA outcomes back into the project plan and updating any project management paperwork? Who is responsible for implementing the solutions that have been approved? Who is the contact for any privacy concerns which may arise in the future?

Changes to our Privacy Policy

We may update this policy from time to time so we suggest you review this page occasionally. If you have any questions or concerns regarding the policy or the way in which we use our data please email privacy@westnautical.com. This policy was last updated in May 2018.

Complaints

In the event that something went wrong we would always try our best to resolve things. Please do speak to our Privacy Team first as we may be able to quickly and easily resolve the problem. In the event that you wish to make a complaint about how your personal data is being processed, or how your complaint has been handled, you have the right to lodge a complaint directly with the Information Commissioners’ Office who’s website is http://www.ico.org.uk/ or calling 0330 123 1113.

Contact Us

Please contact us if you have any questions about our privacy policy or the information we hold about you. You can email us using privacy@westnautical.com, write to us at Privacy Team, 18a Osborne Road, Jesmond ne22ad or telephone on 0191 478 9920.