Norfolk Heritage Fleet Trust - Data Policy

  1. Data Held & Retention

The Norfolk Heritage Fleet Trust which includes Hunter’s Fleet Limited and the Friends of the Hunter Fleet (hereinafter referred to as “the Trust”) has a policy of only holding data which is relevant to its activities, and to be able to contact clients.  As such held is typically limited to:

honorific, name, address, e-mail address, telephone numbers
details of bookings and payments
if declared for Gift Aid
if paying subscription by standing order
date of birth, medical information and next of kin details are held for those on RYA instruction courses

Payment card security information is destroyed once payment has been processed.  If it is necessary to hold this information while bookings/orders are confirmed/checked, it will be held securely in the safe and will be destroyed immediately the payment has been taken.

The Trust has a policy to hold data for no longer than is necessary.  This has been determined as being 7 years longer than the client’s last contact.  The rationale being that as a company, the Trust is required to keep records for 7 years and in addition there is a 6 year period (under the statute of limitations) in which its customers have a legal right to bring a claim against the Trust following a personal injury.

  1. Data Security

The Trust believes that all personal data held on its customers must be stored securely.  This applies to both physical and electronic forms of documentation.

Electronic data is held:

  • In Farmplan.  This requires access to the Trust’s system (which is password protected) and needs a separate password to log on to Farmplan.
  • In Holray.  This requires access online needs two separate passwords to log on.  Holray is a system which has the cyber essentials accreditation and has been ‘pen tested’ for vulnerabilities.  The Trust will annually assess the security of the Holray system.
  • On spreadsheets.  All spreadsheets containing personal data are password protected.  Any passwords being passed to other accredited users, must be done so verbally (by phone or in person) and never by email.
  1. Consent

The Trust believes that legitimate interest is the most relevant method of obtaining consent from its customers.  All of its hire customers have contacted the Trust about arranging a hire of a Trust vessel or to become a ‘Friend of The Hunter Fleet’ and as such they would reasonably expect the Trust to hold the data mentioned under Section 1 of this document, to fulfil its obligations to them.

In addition to the above, all new hirers will be asked to formally provide explicit consent when they arrive at the Yard to take a boat out on hire and the application form to become a ‘Friend’ will include explicit consent.

The Trust also acknowledges that certain data is held on children if they are part of a family or youth group crew.

The Trust will never sell personal data it holds to any other business.

  1. Marketing

The Trust believes that direct marketing is a legitimate use of personal information that is held on its customers.

The Trust also believes in the ‘soft opt in’ term for marketing, whereby:

  • if a customer has contacted the Trust in the past and provided relevant personal details to be added to the mailing list or has taken out a boat hire, and has not opted out of marketing messages and.
  • and the Trust only sends relevant marketing material to the service signed up for, or were provided with in the first instance (i.e., activities related to boat hire), and.
  • and the Trust gives the customers a clear opportunity to be removed from its marketing lists, then.

explicit consent for marketing is not required.

The Trust does not engage in e-mail or phone marketing at present:  a monthly newsletter is under consideration for the future.

  1. Individuals Rights

The Trust respect the rights of individuals over the data held on them.  In particular:

  • The right to be informed of the data which is held on them.
  • The right to have access to the data held on them.  Customers will be able to obtain the data held on them by requesting this from the Trust.
  • The right to rectify data by request to the Trust.
  • The right to erase data – the Trust will erase all data held by a client, unless it is known that there is a claim against the Trust for personal injury
  • The right to port data – the Trust respects this right, but it is felt that the data held on a customer is so minimal that no client will ever request it to be ported to another organisation.  Should such a request be made, the Chairman of the Trust will deal with it.
  • The right to object to processing data.
  1. Employees

The Trust respects the rights its employees have over their personal data held.

More personal data is held about Trust employees than its customers.  In particular ‘sensitive personal data’ can in some instances be held.  The Trust will rely on ‘legitimate interest’ for the lawful basis of holding employee data.

All other policies listed under this document will apply to employees, with the exception of the right to erase data.  Each request will be reviewed by the Chairman of the Trust before a decision is made.  The Chairman will consider other factors such as insurance requirements and Companies Act requirements before deleting an employee’s data.

Enquire about our RYA Courses

Volunteer for Skippered Sailing