Privacy policy

Who we are

Our website address is: https://www.westnautical.com.

What personal data we collect and why we collect it

Comments

When
visitors leave comments on the site we collect the data shown in the
comments form, and also the visitor’s IP address and browser user agent
string to help spam detection.

An anonymised string created from
your email address (also called a hash) may be provided to the Gravatar
service to see if you are using it. The Gravatar service privacy policy
is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If
you upload images to the website, you should avoid uploading images
with embedded location data (EXIF GPS) included. Visitors to the website
can download and extract any location data from images on the website.

Contact forms

Our
contact form collects your name, email address and telephone number so
we can add you to our mailing list to keep you updated with our latest
fleet updates, news and offers.

Cookies

If you leave a
comment on our site you may opt-in to saving your name, email address
and website in cookies. These are for your convenience so that you do
not have to fill in your details again when you leave another comment.
These cookies will last for one year.

If you have an account and
you log in to this site, we will set a temporary cookie to determine if
your browser accepts cookies. This cookie contains no personal data and
is discarded when you close your browser.

When you log in, we will
also set up several cookies to save your login information and your
screen display choices. Login cookies last for two days, and screen
options cookies last for a year. If you select “Remember Me”, your login
will persist for two weeks. If you log out of your account, the login
cookies will be removed.

If you edit or publish an article, an
additional cookie will be saved in your browser. This cookie includes no
personal data and simply indicates the post ID of the article you just
edited. It expires after 1 day.

Embedded content from other websites

Articles
on this site may include embedded content (e.g. videos, images,
articles, etc.). Embedded content from other websites behaves in the
exact same way as if the visitor has visited the other website.

These
websites may collect data about you, use cookies, embed additional
third-party tracking, and monitor your interaction with that embedded
content, including tracing your interaction with the embedded content if
you have an account and are logged in to that website.

Who we share your data with

We do not share our data with any third parties.

How long we retain your data

If
you leave a comment, the comment and its metadata are retained
indefinitely. This is so we can recognize and approve any follow-up
comments automatically instead of holding them in a moderation queue.

For
users that register on our website (if any), we also store the personal
information they provide in their user profile. All users can see,
edit, or delete their personal information at any time (except they
cannot change their username). Website administrators can also see and
edit that information.

What rights you have over your data

If
you have an account on this site, or have left comments, you can
request to receive an exported file of the personal data we hold about
you, including any data you have provided to us. You can also request
that we erase any personal data we hold about you. This does not include
any data we are obliged to keep for administrative, legal, or security
purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Privacy Impact Assessment (PIAs) Policy & Procedure for West Nautical

Privacy
Impact Assessments (PIA’s) are an integral part of taking a ‘privacy by
design’ approach. PIA’s are a tool that West Nautical uses to identify
and reduce the privacy risks of a project or service. A PIA can reduce
the risk of harm to individuals through misuse of their personal
information and helps West Nautical to design a more efficient and
effective process for handling personal data.

The core principals
of the PIA process are integrated within our existing project and risk
management policies with the aim of reducing the resources necessary to
conduct the assessment and spreading awareness of privacy throughout the
Company.

An effective PIA will allow West Nautical to identify
and fix problems at an early stage. PIAs must be applied to new projects
or services as well as processes that involve changes to an existing
project or service.

West Nautical has a process that outlines how we will approach PIAs.

Privacy Risk

PIA’s
assist West Nautical in identifying privacy risk, which is the risk of
harm through an intrusion into privacy. This is the risk of harm through
use or misuse of personal information. Some ways that this risk can
arise are through personal information being:

  • Inaccurate, insufficient or out of date;
    • Excessive or irrelevant;
    • Kept for too long;
    • Disclosed to those who the person it is about does not want to have it;
    • Used in ways that are unacceptable to or unexpected by the person it is about; or
    • Not kept securely.
  • The
    outcome of a PIA is to minimise privacy risk. The aim of this policy is
    to enable West Nautical to develop an understanding of how it will
    approach the broad topics of privacy and privacy risk.

    Benefits

    PIAs
    allow individuals to be reassured that we follow best practice when
    using their information. A project or service which has been subject to a
    PIA should be less privacy intrusive and therefore less likely to
    affect individuals in a negative way. A PIA should also improve
    transparency and make it easier for an individual to understand why
    their information is being used.
    The process of conducting the
    assessment will also improve how the Company uses information which
    impacts on individual privacy. This should in turn reduce the likelihood
    that the Company will fail to meet its legal obligations.

    Conducting
    a PIA will help the Company build trust with our staff and the people
    using our services. The actions taken during and after the PIA process
    can improve the Company’s understanding of its stakeholders.

    Consistent
    use of PIA’s will increase the awareness of privacy and data protection
    within the Company and ensure that all staff involved in designing
    projects think about privacy at the early stages.

    When should we use PIAs?
    The
    core principals of PIA can be applied to any project that involves the
    use of personal data, or any other activity which could have an impact
    on the privacy of individuals.

    A PIA should be used on new
    projects or services, or when making an amendment to a current project
    or service. The PIA should be built into the project management
    structure.

    Who should carry out the PIA?

    The Company will
    decide who is best placed to carry out a PIA. The Data Protection
    Officer (DPO) is well placed to have a significant role in a PIA.
    However, the PIA is designed to be used by anyone within the Company.
    For the PIA to be effective it should include some input from various
    people within the Company who are involved in a project or a service and
    who will each be able to identify different privacy risks and
    solutions.

    What should the PIA do?

    The PIA should be
    flexible so that it can be integrated with the Company’s existing
    approach to managing projects. The PIA should incorporate the following:
    • Identify the need for a PIA.
    • Describe the information flows.
    • Identify the privacy and related risks.
    • Identify and evaluate the privacy solutions.
    • Sign off and record the PIA outcomes.
    • Integrate the outcomes into the project plan.
    • Consult with internal and external stakeholders as needed throughout the process.

    PIA Procedure within West Nautical

    Screening questions to assess if a PIA is required

    If the answer is yes to any of the questions below, then using a PIA may be useful.

  • Will the project or service involve the collection of new information about individuals?
    • Will the project or service compel individuals to provide information about themselves?
    • Will information about individuals be disclosed to organisations or people who have not previously had routine access to this information?
    • Are you using the information about individuals for a purpose it is not currently used for, or in a way it is not currently used?
    • Does the project involve using new technology which might be perceived as being potentially privacy intrusive?
    • Will the project result in the Company making decisions or taking action against individuals in ways which can have a significant impact on them?
    • Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations?
    • Will the project require you to contact individuals in ways which they may find intrusive?
  • Step One

    Identify
    the need for a PIA – Explain what the project aims to achieve, what the
    benefits will be to the organisation, to individuals and to other
    parties.

    You may find it helpful to link to other relevant documents related to the project, for example a project proposal.

    Also summarise why the need for a PIA was identified (this can draw on your answers to the screening questions).

    Data Flow
    • How is the information collected?
    • How is the information stored?
    • How is the information used?
    • How is the information deleted?

    Step Two

    Describe the information flows.

    The
    collection, use and deletion of personal data should be described here,
    and it may also be useful to refer to a flow diagram or another way of
    explaining data flows. You should also say how many individuals are
    likely to be affected by the project or service.

    Privacy Risks
    • Are there any privacy risks to individuals?
    • Are there any compliance risks to the Company, such as fines for non-compliance?
    • Are there any Company level risks?

    Explain
    what practical steps you will take to ensure that you identify and
    address privacy risks. Who should be consulted, internally and
    externally? How will you carry out the consultation? You should link
    this to the relevant stages of your project management process.

    Consultation can be used at any stage of the PIA process.

    Step Three

    identify the privacy related risks.

    Identify
    the key privacy risks and the associated compliance and corporate
    risks. Larger-scale PIAs might record this information on a more formal
    risk register.

    Step Four

    Identify privacy solutions.

    Describe
    the actions you could take to reduce the risks, and any future steps
    which would be necessary (e.g. the production of new guidance or future
    security testing for systems).

    Step Five

    Sign off and record the PIA outcomes.

    Who has approved the privacy risks involved in the project? What solutions need to be implemented?

    Step Six

    Integrate the PIA outcomes back into the project plan.

    Who
    is responsible for integrating the PIA outcomes back into the project
    plan and updating any project management paperwork? Who is responsible
    for implementing the solutions that have been approved? Who is the
    contact for any privacy concerns which may arise in the future?

    Changes to our Privacy Policy

    We
    may update this policy from time to time so we suggest you review this
    page occasionally. If you have any questions or concerns regarding the
    policy or the way in which we use our data please email
    privacy@westnautical.com. This policy was last updated in May 2018.

    Complaints

    In
    the event that something went wrong we would always try our best to
    resolve things. Please do speak to our Privacy Team first as we may be
    able to quickly and easily resolve the problem. In the event that you
    wish to make a complaint about how your personal data is being
    processed, or how your complaint has been handled, you have the right to
    lodge a complaint directly with the Information Commissioners’ Office
    who’s website is http://www.ico.org.uk/ or calling 0330 123 1113.

    Contact Us

    Please
    contact us if you have any questions about our privacy policy or the
    information we hold about you. You can email us using privacy@westnautical.com, write to us at Privacy Team, Baltic Place, South Shore Road, NE8 3AE or telephone on 0191 478 9920.