This policy explains how we may collect information about you and then use it to help us provide you with a better experience. It also explains some of the security measures we take to protect your data.
For the purpose of the Data Protection Act 2018 (the Act) and the General Data Protection Regulation 2018 (the Data Protection Legislation), the data controller is Yacht Havens Group Limited of King’s Saltern Road, Lymington, SO41 3QD (company registration 00723135). Our nominated representative for the purpose of the Legislation is Jill Hawkins, Data Protection Administrator.
Explaining the legal bases we rely on
There are a number of different legal bases that we rely on to use your personal information, including:
Performance of a contract
In certain circumstances, where you agree to enter into an agreement or contract with us or take a product or service from us, such as, an annual or seasonal berth, a visitor berth, use of our hoist or slipway, or leasing of buildings or property and miscellaneous services, then the use of your personal information may be necessary to perform the agreement or contract you have with us. This legal ground only applies if you are a private individual, not if you are a corporate client.
For instance, to administer your contract and contact you regarding your boat or tenancy.
In other situations, we may use your personal information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business.
For instance, if you are an existing customer we will communicate with you regarding your berthing arrangements and to update you on news and events being held at your marina. We will also keep you informed about our other similar products and services and any special offers we may have that we think you may find interesting.
You have the right to refuse and you can opt-out at any time by emailing firstname.lastname@example.org with the subject header “unsubscribe” or via the unsubscribe link in the footer of our email.
In specific situations, we can collect and process your data with your consent.
For instance, when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service. You have the right to refuse and you can opt-out at any time by emailing email@example.com with the subject header “unsubscribe” or via the unsubscribe link in the footer of our email.
If the law requires us to, we may need to collect and process your data.
For instance, we may pass on details of people involved in fraud or other criminal activity affecting Yacht Havens to law enforcement.
What we collect & how we use it
We collect data to operate effectively and provide you the best experiences with our service. We may collect and process the following data about you:
If you sign up for services such as berthing, yard storage, tenancy or rental agreement, you will become a customer and we will ask you for your name, address, contact details and vessel details in the case of boat services. If you apply to pay for your service by Direct Debit then we will ask you for your bank details.
If you contact us either online or by telephone, we may keep a record of that communication and we may ask for your name and contact details. We may use this information to send you a quote regarding your query.
We may also ask you to complete surveys that we use for research purposes, although, you do not have to respond to them.
If you use our free Wi-Fi networks we will collect the IP Address, browser type, language, venue location, MAC Address and device name that you use. Some of this data is not personal data under GDPR and we only use this information where it is strictly necessary and proportionate for the legitimate purposes of ensuring network and information security, in accordance with our WiFi Terms of Usage.
If you connect to our Wi-Fi networks via a captive portal then we may ask you if you would like to receive news and offers from us. We will store this information and with your consent, we will contact you via email about other related products and services we provide which we think may be of interest to you. You have the right to refuse and you can opt-out at any time by emailing firstname.lastname@example.org with the subject header “unsubscribe” or via the unsubscribe link in the footer of our email.
If you visit any of our websites we may use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We may collect details of your visits to our website including, but not limited to, traffic data, location data, web logs and other communication data, and the resources that you access. This is statistical data about our users' browsing actions and patterns; it does not identify you as an individual. For the same reason, we may obtain information about your general internet usage by using cookies. Please refer to our Cookie Statement for further information.
If you complete a form on one of our websites, for example, a yard booking form, we will collect data from you. With your consent, we will contact you via email about other related products and services we provide which we think may be of interest to you. You have the right to refuse and you can opt-out at any time by emailing email@example.com with the subject header “unsubscribe” or via the unsubscribe link in the footer of our email.
We monitor and track our email communications, including where emails are undelivered and whether or not they appear to have been read. You have the right to refuse and you can opt-out at any time by emailing firstname.lastname@example.org with the subject header “unsubscribe” or via the unsubscribe link in the footer of our email.
We have CCTV installed at our premises in public areas and our CCTV processing is registered with the Information Commissioner's Office (ICO). This information is recorded for the purposes of prevention and detection of crime.
We have web cams installed at our premises. This is for the purpose of showing a live feed on our websites; footage from our webcams is not recorded.
Where we store your data
Information you provide to us may be stored in one or more of the following locations:
- Secure on-site servers.
- Secure servers hosted by Databarracks. For further information on Databarracks compliance please visit https://www.databarracks.com/company/certifications/
- Secure servers hosted by Twinfield, part of the Wolters Kluwer Tax & Accounting division. For further information on Twinfield compliance please visit https://www.twinfield.co.uk/twinfield-the-most-secure-solution-for-your-accounts/
- Secure servers hosted by M12 Solutions. For further information on M12 Solutions compliance please visit https://www.m12solutions.co.uk/privacy-policy/
- Secure servers hosted by Splash Access Ltd. For further information on Splash compliance please visit https://www.splashaccess.com/GDPR-ready
- Secure servers hosted by ITGL Ltd. For further information on ITGL compliance please visit http://www.itgl.com/
- Secure servers hosted by Lloyds Bank. For further information on Lloyds Bank compliance please visit http://commercialbanking.lloydsbank.com/privacy/
- Umbraco. For further information on Umbraco compliance please visit https://umbraco.com/about-us/privacy/gdpr/
Non European Economic Area (“EEA”) Hosted Information
We utilise the services of the following companies who may store your information outside the EEA.
- Secure servers hosted by Rackspace. For further information on Rackspace compliance please visit https://www.rackspace.com/en-gb/compliance
- Secure servers hosted by Cisco Meraki. For further information on Meraki compliance please visit https://meraki.cisco.com/gdpr
- Microsoft Azure. For further information on Microsoft Azure compliance please visit https://www.microsoft.com/en-us/TrustCenter/Security/default.aspx
- SendGrid. For further information on SendGrid compliance please visit https://sendgrid.com/policies/privacy/
- WordPress. For further information on WordPress compliance please visit
- ResDiary. For further information on ResDiary compliance please visit https://sales.resdiary.com/privacy-statement/
- BoatCloud. For further information on BoatCloud, please visit http://www.boatcloud.com/privacy
- HOP Software. For further information on HOP, please visit https://www.hopsoftware.com/privacy-policy
All of these companies are signed up to the EU/US Privacy Shield. Any payment transactions will be encrypted using SSL technology.
Unfortunately, the transmission of information via the internet is not entirely secure.
Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
Disclosure of your information
We may disclose your personal information to any member of our group where we have a legitimate reason to do so which does not outweigh the rights and freedoms you have as a data subject. Any member of our group means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006. As at January 2018, Yacht Havens Group Limited includes the following subsidiaries: Largs Yacht Haven Ltd, Troon Yacht Haven Ltd (including The Salt Lodge), Neyland Yacht Haven Ltd, Fambridge Yacht Haven Ltd, Lymington Yacht Haven Ltd, Haven Restaurant (Lymington) Ltd, Haven Quay, Plymouth Yacht Haven Ltd, Yacht Haven Quay Ltd, Turnchapel Wharf Ltd, Blagdons Business Park, The Ferry Boat Inn (Fambridge) Ltd, and Jachthaven Biesbosch B.V. This also includes Lymington Boat Club and Plymouth Boat Club.
We may disclose your personal information to third parties:
- Where we have a legitimate reason to do so which does not outweigh the rights and freedoms you have as a data subject. This will be, for example, in respect of any outsourced services, hosting of our website and server, where you have asked a broker to deal with us on your behalf.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Yacht Havens Group Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for 6 years after they cease being customers for tax purposes. We retain the right to keep enough data to identify you indefinitely if you have been banned from one of our sites. If you are a user of the public Wi-Fi we will keep your data for 30 days.
If you have signed up to receive our Newsletter we will keep your email address active until you unsubscribe or if our emails remain unopened for a period of 2 years or otherwise bounce back as being 'not delivered'. At this point you will be added to the unsubscribe list and we will cease to contact you unless you change your mind and re-subscribe.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you.
How to access & control your personal data
If you have agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us at: Yacht Havens Group Ltd, King's Saltern Road, Lymington, Hampshire SO41 3QD or by emailing email@example.com with the subject header “unsubscribe” or via the unsubscribe link in the footer of our email.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Your data subject rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal information processed by automated means which you have provided to us yourself and you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, you can use any of the following methods:
- Ask for a form at any of our sites
- Email firstname.lastname@example.org
- Write to us at: Data Protection Administrator, Yacht Havens Ltd, King's Saltern Road, Lymington, Hampshire SO41 3QD
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to this privacy notice and your duty to inform us of changes
We reserve the right to make changes to this privacy notice at any time and suggest that you regularly check to see whether anything has changed.
This policy was last updated on 20 February 2020 and the following changes were made:
- Addition to disclosure of your information
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
The ICO has categorized all cookies into the following four types:
Category 1 - Strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for, like shopping baskets or e-billing, cannot be provided.
Category 2 - Performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
|Category 3 - Functionality cookies||
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located.
These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog, or sharing via a social network. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Category 4 - Tracking/advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator's permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
On our website we never use category 4 cookies, which are the only cookies that are likely to track your behaviour across multiple websites. The majority of our cookies are category 2 cookies, although other websites that use them, such as Facebook or Twitter, may store category 3 cookies on your computer when you visit our website.
Using our site may result in the following cookies being stored on your computer:
These cookies are set by our analytics software (Google analytics) and are used to monitor how many people visit our site, which search engine they used to find our site, and how they navigated around the site (i.e. which pages were viewed). These cookies do not store any information that is able to identify you personally and are immensely useful to us as business owners or service providers. Cookie _ga has an expiration date of 2 years, and Cookie _gid has an expiration date of 24 hours. These cookies are classed as Category 2 cookies.
This cookie is set by our performance monitoring software and is used purely to tell us how quickly each page loads each time a page is accessed by a visitor. We use this to ensure that our website runs at an acceptable speed.These cookies are classed as Category 2 cookies.
These cookies are all set by the Social Sharing plugin we use to allow visitors to 'like' different news stories that we post to our site. The actual cookies that are set by Facebook will depend on whether you are logged in to Facebook, and how you have configured your privacy settings within Facebook.These cookies are classed as Category 3 cookies.
How do I change my Cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout