International Support Vessel Owners’ Association (ISOA)
Data protection legislation gives individuals rights to understand how their data is used. Personal data is information that identifies an individual – it may be factual information, images or other recorded information.
ISOA is a trade association representing the interests of offshore support vessel owners and operators. It exists to promote and protect the interests of its member companies by co-ordinating and representing the opinions of offshore support vessel operators in respect of any matters affecting the offshore support vessel industry.
In order to carry out its core functions, ISOA needs to process data relating to its members and other individuals with which it interacts in its representative capacity.
ISOA and Marisec
For the purposes of the European Union General Data Protection Regulation (EU GDPR) ISOA is a Data Controller for your information and Marisec is a Data Processor.
Types of personal data that we process
ISOA is a membership organisation, and its members are offshore support vessel owners and operators. Our member companies provide personal data on those employees or individuals who are nominated to represent them in ISOA activity. This data will include: name, role or job title, email address, telephone number and other contact details. Data is also used to provide a variety of member services; for example names and company affiliations form part of a record of activity, such as notes of attendance at ISOA meetings and events and minutes of these meetings. Business contact details may be shared with committee and workgroup members for the purposes of furthering ISOA’s objectives.
Collecting, handling and sharing personal data
We are committed to ensuring that when collecting personal data, we do this in accordance with the principles set out in the data protection legislation contained in the EU GDPR, namely, that the data:
is collected lawfully and fairly and with transparency;
is collected for a specific purpose; and
it is limited to what is necessary in relation to the purposes for which it is processed; and
it is accurate and kept up to date; and
it is kept in a form which permits identification of data subjects for no longer than necessary; and
it is handled with appropriate security including protection against unlawful processing or accidental loss, destruction or damage.
Applying these principles: we collect most of the personal data we process directly from the individual concerned. Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the secretariat of any significant changes to important information, such as contact details, held about them.
Recipients of your personal data
Your data is shared with and stored by Marisec which provides Secretariat services to ISOA.
Transferring your data
Data collected by ISOA and shared with Marisec may be stored and processed in the United Kingdom or any other country in which Marisec or associated third parties maintain facilities. Should ISOA or Marisec need to transfer your personal data, ISOA and Marisec will take all reasonable measures to ensure that such transfers only go to third parties that also comply with the GDPR.
The lawful basis on which we use personal data information
This section outlines the legal basis that we are relying on when handling personal data.
We rely on legitimate interests for most of the ways in which we use your information. Specifically, we expect that the following uses will fall within our legitimate interests:
Representing and promoting the objects and interests of ISOA members;
Organising ISOA events;
To give and receive information;
Ensuring that all relevant legal obligations are complied with and to obtain appropriate professional advice and insurance.
Necessary for a contract
Where relevant we may also rely on the need to use your information in order to perform our obligations under a contract with you as the lawful basis for processing.
We collect data to comply with the registration and reporting requirements of UK company law. We will process special category personal data or criminal records information in accordance with rights or duties imposed on us by law, including as regards employment, or in connection with employment of staff, for example reference checks, welfare, insurance or pension plans; for legal and regulatory purposes (for example diversity monitoring and health and safety).
How long we keep personal data
We will retain your personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.
Your rights over your personal data given to us
Under the GDPR you have the following rights over personal data given to us that we respect:
Right of Access you are entitled to be informed when we are processing your personal data and if we are to receive a copy of the personal information which we hold. You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals or information which is subject to legal privilege (for example legal advice given to or sought by us, or documents prepared in connection with a legal action).
Right to Rectification you are entitled to request that any incorrect data which we hold about you is corrected.
Right to Erasure You have the right to request the deletion of personal data which we hold about you, in certain circumstances for example where personal data is no longer necessary for the purpose which we collected it.
Right to object you have the right to object, under certain circumstances to us processing your personal data.
Right to object to direct marketing you have the right to object at any time to us processing your personal data for direct marketing purposes. If you object to such processing, we must discontinue all direct marketing without undue delay.
Right to restrict the processing of your personal data under certain circumstances, for example, while a request to correct personal data is being processed.
Right to data portability in some circumstances you have the right to request that we transfer the personal information we hold on you to another organisation in a machine readable format. This applies only to information you have provided to us and which we process on the basis of your consent or for the performance of a contract.
Right to withdraw consent if our processing is based on your consent, you have the right to withdraw your consent to our processing of your personal data at any time. Such withdrawal does not affect the lawfulness of processing that took place prior to withdrawal. Please be aware however that we may have another lawful reason to process the personal data in question even without your consent. That reason will usually have been set out under this Privacy Notice (or elsewhere in data protection legislation), or may exist under some form of contract or agreement with the individual (e.g. an employment or personal contract, or because of membership of one of our associations).
Complaints you have the right to complain to the data protection authorities (for example, in the UK, the Information Commissioner’s Office) regarding our processing of your personal data.
Please note that we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.
If you would like to access or amend your personal data, or have some other objection to how your personal data is used, please make your request in writing to: firstname.lastname@example.org. We will respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is 30 days in the case of simple requests for access to information.
Links to other websites
Automated profiling using personal data
We do not under any circumstances carry out any automated profiling of personal data.
We may update this privacy notice from time to time and where we do so we will amend the version date at the bottom of this notice.
If you do have any questions about our data protection policy or what we do with your information, please contact the ISOA Secretary.
Version date: 24 May 2018