Seafood Cornwall Training Data Protection Policy

1. SCOPE

This policy applies to SEAFOOD CORNWALL TRAINING (SCT) and those subcontracted by SEAFOOD CORNWALL TRAINING (SCT). SCT provides training for commercial fishermen and seafarers and manages projects for the fishing industry. SCT is an Approved Training Provider for Seafish Industry Authority, Royal Yachting Association (RYA) and Maritime Coastguard Agency (MCA).

2. CONTEXT

The Data Protection Act (2018) requires the protection of personal data and all organisations which process personal data must be registered to do so. SEAFOOD CORNWALL TRAINING (SCT) is registered with the Information Commissioners Office.

3. PURPOSE

This policy sets out an understanding of data protection and the requirements of every member of staff and sub-contractor in order that there may be full compliance with the Data Protection Act 2018.

4. DEFINITIONS

4.1 SCT currently keeps details for five purposes:

• Accounts, Records and Memberships
• Advertising, Marketing and Public Relations
• Staff Administration and Project Management
• Contact details of course candidates
• Reporting to awarding / certificating bodies

4.2 Data is information which is recorded with the intention that it should be processed on computer or is recorded as part of a relevant filing system (i.e. manual system). There are two categories of data:
(see 4.2.1 & 4.2.2)

4.2.1 Personal data is information relating to a living individual who can be identified:

• from the data
• from the data which includes an expression of opinion about the individual

               Example: name and address details

4.2.2 Sensitive personal data is information relating to:

• racial or ethnic origins of the data subject
• political opinions
• religious beliefs or other beliefs of a similar nature
• trade union membership
• physical or mental health
• sexual life
• the commission or alleged commission of any offence
• any proceedings for any offence committed or alleged to have been committed by the data subject.

In order to process these types of data, consent from the data subject must be obtained by SCT and explicit consent must be given.

5. POLICY

SCT has a Data Protection and Privacy Policy to ensure that it complies with all aspects of the Data Protection Act 2018 by setting out clear guidelines, responsibilities and codes of practice:

5.1 SCT intends to comply fully with all aspects of data protection legislation.

5.2 SCT will make all reasonable efforts to maintain a comprehensive written notification with the ICO.

5.3 SCT will do its utmost to ensure that all its staff and consultants are conversant with data protection legislation and practice.

5.4 SCT will only hold data for prescribed business purposes.

• These are Accounts, Records and Memberships
• Advertising, Marketing and Public Relations
• Staff Administration and Project Management
• Contact details of course candidates
• Reporting to awarding / certificating bodies

5.5 SCT will use a standard, ‘Privacy Notice’ in all SCT literature in which personal data is collected. The statement for use is:

Seafood Cornwall Training has a legal obligation to keep a record of your personal details and training that you have completed. Details of what information we hold for you are available on request (please email info@seafoodcornwalltraining.co.uk or call 0173 364324). We may contact you from time to time to check and verify your information. We are obliged  to share this information with the Maritime Coastguard Agency, RYA and Seafish Industry Authority and other relevant/funding authorities on request.

We may also share your details with:

• Any other training providers you might approach (to enable them to check whether you might be eligible for any funding for training and to inform them what other training you might need to undertake)
• With the owner, managing agent and/or skipper of the vessel you are working on or wanting to work on (to confirm to them what training you have completed)

5.6 RYA

In specific circumstances with online RYA courses the following will be added to our registration form and GDPR Policy:

To enable access to your online course we need to share some of your personal data with the RYA via your user profile in www.ryainteractive.org. This learning management website is hosted and maintained by a third party called Rise Up, who will not use your personal information for any reason other than enabling your course.

Your name and email address will be entered on www.ryainteractive.org in order to create your user account. On your first access to the site, you will be asked to enter your address and date of birth. You will have access to the site for one year in order to complete your online course. During this period, your personal information will be held on the website by Rise Up and be available to this training centre and the RYA for the purpose of managing your course.

Instructional support will be provided by this training centre for a period of 12 weeks from the date of your course booking.

On completion of your course, your name, email, date of birth and address will be transferred to the RYA’s central database for the purpose of recording details of the course and any certification you gain as a result of it. This information allows the RYA to record your certification, to update any records they may already hold about you or your qualifications and to verify your certificate if required.

After one year from the date of your enrolment on a course, your user account will be removed from www.ryainteractive.org.

Full details of how the RYA will deal with your personal information will be displayed when you first access www.ryainteractive.org.

For the duration of your access to the site, your data will be held in accordance with the RYA Interactive Data Policy, Terms and Conditions.

If you receive a digital certificate downloaded from the RYA Interactive site on completion of your course, your name, address, date of birth and certificate details will be transferred to the RYA database and held in accordance with the RYA’s Privacy Policy.

5.7 SCT provides procedures for access to personal data for all those for whom personal data is held. No charge should be levied on anyone (staff, personal members or other contacts) requesting access to their personal data. This will be reviewed if there is a high level of requests for access

5.8 All staff may request sight of their personal details provided reasonable notice (at least 14 days in writing) is given.

6. Procedures for handling of data

6.1         COLLECTION OF NEW DATA

• Make sure you include SCT’S Privacy Notice on the form together with a relevant opt out for other communications.
• When collecting data from new contacts by phone, email, or letter, make sure that they know about our Data Protection Statement and Email statement to them
• When requesting a new page to be put on the website that will result in the collection of data ensure that the page contains a link to SCT’s Data Protection Statement and Email statement as appropriate.

• Check with the Office Manager that SCT has notified the ICO that this type of data is held.
• Delete the data when it is no longer required.
• Don’t take personal data from another organisation without the consent of the individual concerned.

6.2         Use of Data

Are you passing personal data to anyone else inside or outside SCT

• Using blind copies when sending email distribution lists
• Do not pass personal data to any person outside SCT without the permission of the individual to whom the data relates.
  
  

6.3         Disposal of hard copy data

• Ensure all paperwork containing personal information is disposed of by an approved confidential contractor or by shredding.

7. QUERIES

               If you have questions about data protection, please refer them to the Training Manager.