1. About this Policy
1.1 This policy explains when and why we collect personal information about our staff, visitors and customers, how we use it and how we keep it secure and
your rights in relation to it.
www.ctomsandson.co.uk or our reception notice board regularly for any amendments.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be
found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data
we hold about you.
1.5 This policy will support and detail C Toms & Son Ltd, along with Polruan and Bodinnick Ferry.
2. Who are we?
2.1 We are C Toms & Son Ltd. We can be contact at East, Street, Polruan, Cornwall, PL23 1PB or on 01726 870232 or firstname.lastname@example.org.
|Type of information
||Legal basis of processing
|Customer’s name, address, telephone numbers, bank details and email addresses
Managing boat store or repairs
|Performing the companies invoice processing
For purposes of our legitimate interests in operating a business
|Staff names, addresses, telephone number, email addresses, emergency contact details, date of birth/age, bank details and gender
||Contacting emergency contacts in the event of an emergency
|Performing the businesses contract with the staff member
|The customers name and boat name
||Managing yacht store or vessel repairs
Registration with the MCA (if applicable)
|For the purposes of our legitimate interests in running a business.
For legal reasons, in line with MCA guidance.
|Radio call signs
||Collected or visiting vessels to ensure contact
||For the purposes of our legitimate interests in ensuring vessel safety
|Suppliers names, addresses, emails, telephone numbers and bank details
||For ordering of stock or specific items
To ensure prompt payment
|For the purposes of our legitimate business needs
|The customers name and car registration and car details
||To apply for a car pass on Bodinnick Ferry
||For the purposes of our legitimate business needs
|Instructors and contractor’s names, address, email address, phone numbers, relevant qualifications, insurance documents and bank details
||To maintain safety and legislative requirements
To ensure prompt payment
|For the purposes of our legitimate interests in ensuring that we can contact and update, as well as meeting health and safety requirements
4. How we protect your personal data
4.1 We will not transfer your personal data outside the EU without your consent
4.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or
unauthorised alteration or destruction
4.3 Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure
4.4 For any payments which we take from you online we will use a recognised online secure payment system
4.5 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
5. Who else has access to the information you provide us?
5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to
withhold) except where required to do so by law or as set out in the table above or paragraph 5.2 below.
5.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and
providing services to you on our behalf (e.g suppliers, contractors or for legal reasons). However, we disclose only the personal data that is
necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use
it for their own purposes.
6. How long do we keep your information?
6.1 We will hold your personal data on our systems for as long as you are a customer, supplier and staff member with C Toms & Son/Polruan Ferry/Bodinnick
Ferry and for as long afterwards as it is in the businesses legitimate interest to do so or for as long as is necessary to comply with our legal
obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are note
entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to
comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
6.2 We securely destroy all financial information once we have used it and no longer need it.
7. Your rights
7.1 You have rights under the GDPR:
(a) To access your personal data
(b) To be provided with information about how your personal data is processed
(c) To have your personal data corrected
(d) To have your personal data erased in certain circumstances
(e) To object to or restrict your personal data is processed
(f) To have your personal data transferred to yourself or to another business in certain circumstances
7.2 You have the right to take any complaints about how we process your personal data to the Information Commissioner:
0303 123 1113
Information Commissioner’s Office
For more details, please address any questions, comments and requests regarding our data processing practices to our Data Protection Manager at email@example.com