General Data Protection Regulations (GDPR) 2018
Bembridge Harbour Authority (BHA) Privacy Statement
In relation to “Personal Data” as defined by the 2018 Regulations, BHA practices compliance with Article 5 of the GDPR, which sets out an organisation's legal responsibility when handling “Personal Data”, meaning:
“any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”
The identifiers that may be referred to within our data systems only include: an individual's name, telephone numbers, vessel details, location data and occasionally online data.
BHA does not retain sensitive, personal or special category data as defined in Article 9 of the Regulations.
Therefore, in compliance with Article 6 (f) of the Regulations, BHA in the processing, retention, use and management of such personal data has a “valid lawful basis” for the use of, and controlled circulation of such data, namely it has as defined by the Regulation, a “legitimate interest” for processing such data as a general practice in the delivery of its internal policies / procedures and customer service plans.
As is defined in Article 6 of the Regulations it is therefore deemed “necessary” for such personal data to be retained within the business. Data is only held in securely managed electronic and paper based systems, as a means of corresponding with our customers and direct secure business-related parties and staff. The data is used solely for this purpose and is not used for onward dissemination to other non-related business parties. If you do not wish your data to be retained please notify us accordingly.
Data of a personal nature will be removed or archieved if there has been no business activity over a period of two years, or if it is no longer necessary for such legitimate purposes.
reviewed & updated - March 2020