DATA PROTECTION PROMISE
We take the security of the information you entrust to us extremely seriously and that includes information which is personal to you, and those around you such as your family or next of kin.
This Data Protection Promise describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Who We Are: We are CANAL CRUISING CO LTD trading as Canal Cruising Co Ltd Stone, a company registered in England and Wales. Our company Crown Street, Stone, Staffs. ST15 8QN
How to Contact Us: Telephoning our office team on 01785 813982
Sending us an email to: mail@canalcruising.co.uk
Writing to us at our trading address: AS ABOVE
We will comply with data protection law when it comes to the processing of your data. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
Our Privacy Champions are:DIRECTORS: KAREN AND PETER WYATT, CANAL CRUISING CO LTD,CROWN STREET, STONE, STAFFS. ST15 8QN
01785 813982 email: karen@canalcruising.co.uk
Why we collect your personal data and our legal basis for doing so
We collect and process your personal data for the purposes of:
Performance of a contract: provide you with our services, your boating holiday with the company
Compliance with a legal obligation: comply with our obligations to the HMRC
Necessary to protect vital interests: protect our clients’ vital interests
Legitimate interests of the controller: keep you informed about any changes to our services;
ensure that the quality of the services which we offer is continually enhanced and refined and for purposes which are within legitimate business such as business development purposes;
Sensitive Information:
The personal data which we collect includes information concerning Your Name, Address, Telephone Number, email and members who will be traveling with you. We need to collect and process this information in order to provide our services and our lawful basis for doing so is the fact that such processing is connected with provision of a holiday with us.
Please note that without collecting and processing certain personal data including any required from you, your family or crew members, we will be unable to provide our services. As such, if you would like us to provide the services to you or your family, we will require certain information from you.
How long we keep your data:
we do not receive the required information or the information we receive is incomplete, we would not be able to provide or continue to provide the services.
To comply with our obligations to the HMRC we have to retain: Our financial records and records kept electronically on our accounting system for 7 years from the date of last entry;
Our external secure server electronic records are kept for 24 months. All paper records containing your personal data for 7 years from the date of last entry.
Who has Access to Your Data:
No one has access to your details except ourselves, HMRC and the secure online booking system.
our office personnel involved in the management and administration of the services which you or your family are receiving;
As a condition of us being able to provide you with services, our office administrator.:
– monitors how we provide the services;
– monitor the quality of the services we provide to ensure they meet with Canal Cruising Co Ltd standards;
– ensure that the quality of the services which we offer is continually upheld, enhanced and refined.
We may also be inspected from time to time by, HMRC who may access your information for the purposes of audit/inspection.
We use third parties for data processing purposes only, but this will always be done in a way that continues to protect the confidentiality of your information.
We do not, as a matter of course, transfer your data outside of the European Economic Area and use, as far as possible, UK or European data centres.
Your Rights:
Because the data we hold about you is your data, you have the following rights in respect of the personal data we hold about you:
1. Right to Access – this means that you can ask us for a copy of all personal data we hold about you.
2. Correction Right – if you believe that any of the information we hold about you is incorrect or out of date, you have the right to correct such information by providing us with the correct up to date information. In addition, you can ask us to delete the incorrect or out of date information and we will be happy to do so unless we are prevented from doing so by law or regulation.
3. Right to be Forgotten – you have the right to ask us to delete the personal data we hold about you where such data is used for direct marketing purposes or is processed as a result of you consenting to such processing. Please note that where we are obliged to keep your personal data because of a regulatory or legal requirement, we will not be able to delete the data and must continue to retain it.
4. Right to Restrict Processing – in some limited circumstances you have the right to restrict the processing of your data.
5. Right of Objection to Processing – you have the right to object to us using your data for direct marketing purposes and to profiling.
Right to Complain
6. Right of Data Portability – you have the right to request a copy of the personal data we hold about you in a commonly used and machine-readable format. We can provide your data either to you or to such other third party as you specify in your request.
7. Automated Decision-Making Objection Right – automated decision-making is where a decision is made entirely by technological means without human intervention. We don’t use or rely on automated decision-making.
If you would like to exercise any of the above rights, please contact (preferably in writing) our Privacy Champion using the contact details above.
If you have any concerns about our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) by visiting https://ico.org.uk/concerns/ or telephoning the ICO helpline on 0303 123 1113.