Who is the Data Controller?
The Honourable Company of Master Mariners.
Data Controller’s contact details
The Honourable Company of Master Mariners, No 1, The Rubicon, 51 Norman Road, London, SE10 9QB.
The Clerk - email@example.com
0207 836 8179
What is personal data?
Personal data means any information which relates to a living individual who can be identified, directly or indirectly, by reference to an identifier such as their name, email address and other personal details.
What categories of personal data may we process and retain?
- Your name, postal address, email, and telephone numbers.
- Your titles and post nominals
- Your Membership status or your status and relationship with The Company
- Your gender
- Your dates of birth and marriage or partnership status
- The date of death of a past Member
- Your education history
- Your qualifying occupation at date of application
- Your employment history
- Your reasons for applying for Membership
- Your areas of interest in The Company
- Your possible contribution to The Company
- Your interest in serving on committees
- Your service on committees
- Your qualifications, skills, and experience
- Your Membership of other organisations
- Your civic appointments
- Your attendance at events
- Any photographs taken
- Your interest in sponsorship
- Your Membership fees, quarterage, events and other invoices issued and paid
- Any Standing Orders or Direct Debits
- Your IP address and communications preferences
- Other information which you freely give to us from time to time.
Why do we process and how do we use your personal data?
We process personal data for the following purposes:
- To process any receipts or payments between you and The Company
- To process your application to become a Member of The Company or other classifications of your relationship with the Company currently, or that we may devise in the future
- To process your information as it relates to committees or other business of The Company
- To process your information for the Court or other positions in The Company
- To invite you to events - in person or online
- To include your information in the online Membership Directory – available to Members only.
- To facilitate your ability to network with other Members of The Company
- To include your information on our website by password for Members only
- To respond to enquiries or requests that you send us
- To inform you about our work and mission
- To send you marketing and other information where we have lawful grounds
- To include your data, including photographs, on our social media platforms, on our website or in our Journal
- To process your personal information when you are acting on behalf of corporate supporters or sponsors
- Staff and member administration including payroll administration, tax calculations and payments
- Sickness, parental, training, volunteering, and other types of leave
- To monitor compliance with our policies and procedures
- Other processes related to the above
Your rights under the Data Protection Act 2018 and the UK GDPR
Data Subject Access Requests. You have the right to access the personal information we may hold about you. On receipt of such a request we will endeavour to respond to you as soon as possible but at least within one calendar month. You must provide us with 2 forms of personal identity to ensure that we disclose to you only the information which is relevant to you personally. You will not have to pay a fee to access your information, however, should your requests be clearly unfounded, repetitive, or excessive, we may refuse to comply with your request in these circumstances.
- Rectification. You have the right to request that we amend any personal information that may be incorrect or require updating.
- Erasure. You have the right to request that we delete any personal information pertaining to you.
- Data Portability. You have the right to data portability, primarily designed to make it easier for you to switch between service providers. This is unlikely to be relevant to your relationship with The Company.
- The right to restrict processing. Individuals have the right to ‘block’ or suppress processing of personal data. If you decide to do this, we will continue to store the data, but not further process it until we have agreed a solution to the issue you have raised.
Do we collect any special categories of data?
We do not collect any special categories of personal data as defined by the Data Protection Act 2018 and the UK GDPR except potentially if you are a staff member.
Special categories of data are defined in the regulations as:
“racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union Membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.”
Is data collected from third party or public domain sources?
We may collect your personal data from you, a member of staff, a member of The Company, face-to-face, or from a public source where we believe that you will be interested in what we do. Where we collect personal data from a third party or public domain source, we provide a means for you to opt-out or unsubscribe on every message we send you.
What are our grounds for lawful processing?
We will use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances.
- Where we need to perform a contract, we are about to or have entered into with you, such as your admission as a Member of The Company or the supply of services to The Company.
- Where we have your consent
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Where we use Legitimate Interests as a lawful means of processing your personal data, we make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data. We do not knowingly use your personal data for activities where our interests are overridden by the impact on you.
How to stop receiving communications?
We will not send you unsolicited emails as defined in the Privacy and Electronic Communications Regulations 2003, as amended (EU Exit Regulations 2019). You may edit or amend your preferences using your online account or contact the Clerk and make specific requests on how you wish to change the use of your personal data. Clerk@hcmm.org.uk
Surveys or Marketing Research.
We may contact you from time to time to seek your views via a short survey to inform our strategic direction, your thoughts about our work and other matters. You always have the choice about whether to take part in our research.
Is data processed outside of the UK?
Is data shared with third parties and if so, who?
We may have to share your personal data with the parties and for the purposes set out below. External third parties are all based in the United Kingdom.
Service Providers acting as processors who provide IT and system administration services:
1. Website developers and hosting companies
2. Email service providers
3. Secure system advisers
4. Social media broadcasters
Professional advisers acting as processors:
- Pension Actuaries
- PAYE processors
- Other Livery Companies
- The Corporation of London
- HM Revenue & Customs, regulators and other authorities acting as processors who require reporting of processing activities and data in certain circumstances.
- Other professional advisors
Marketing, events, and publishing:
- Research organisations
- PR and Media Agencies
- Data and Direct Marketing Companies.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where we disclose personal data, we have a data processing agreement in place as required by the legislation to ensure the security of any personal data that each processor or sub-processor is processing.
Automated Decision Making and Profiling
The Company does not employ any automated decision-making or conduct profiling.
Our website uses simple cookies that:
- Allow us to measure website traffic volumes and better understand how our visitors use the website via Google Analytics.
- Enable the simple viewing and sharing of our announcements via social media.
- We also use a cookie that itself remembers your cookie preferences – an essential cookie.
Third party cookies are set by someone other than the owner of the website you are visiting. Our website may contain content from other sites who may set their own cookies, i.e., Twitter, Facebook, or Linked In. We have no control over third party cookies, but you can turn them off yourself in your own browser settings. For further information please see www.allaboutcookies.org.
Data security – how we protect your data.
We follow appropriate security procedures in the collection, storage, and use of your information so as to prevent unauthorised access by third parties.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an authorised way, altered, or disclosed. In addition, we limit access to your personal data to those who have a business need to know. They will only process your personal data on instructions from the Clerk, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We process data at our registered office No.1 The Rubicon, 51 Norman Road, Greenwich, London, SE10 9QB with access restrictions in place for our data processors within the UK. Our IT specialist retains our data at a different location equally protected behind the appropriate firewalls and other security devices.
Personal data published on our website is available to Members only by password and is protected behind a firewall.
However, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your information transmitted via the internet. Any such transmission is at your own risk, and you acknowledge and agree that we shall not be responsible for any unauthorised use, distribution, damage or destruction of your information except to the extent that we are required to accept such responsibility by the Data Protection Act 2018 and the UK GDPR, and the Privacy and Electronic Communications Regulations 2003, as amended (EU Exit Regulations 2019). Once we have received your information, we will use security procedures and features to prevent unauthorised access to it.
External links not covered by this policy
Please remember that when you use any link to go from our website to another website or you request a service from a third party, this policy no longer applies.
Your browsing and interaction on any other website or your dealings with any other third party service provider is subject to that website or third party service provider’s own rules and policies. We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices. This policy applies solely to information collected by us through our website or services and does not apply to these third party websites and third party service providers.
Data Retention Policy
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected or for our historical archive, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Details of retention periods for various aspects of your personal data are available in our retention policy and if you need further details, please contact firstname.lastname@example.org
What to do if you have a concern.
Please contact the Clerk first and we will do our best to help you. If you are still not satisfied you may contact the regulator, the Information Commissioner’s Office by clicking here https://ico.org.uk/concerns/
When last updated?