The Society of Offshore Marine Warranty Surveyors (hereinafter “SOMWS” “we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for the purposes described in this privacy statement or as made clear before collecting personal data.
Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data and to ensure it is done in accordance with the Data Protection Legislation. Data Protection Legislation means (i) the Regulation (EU) 2016/679 of the European Parliament (“GDPR”) and any national implementing laws, regulations and secondary legislation as amended from time for so long as GDPR remains directly applicable in the UK, and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 and other applicable laws.
We process personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.
The personal data that is provided to us is either provided directly from the individual concerned or from third parties.
Where we receive personal data that relates to an individual from a third party, we request that this third party inform the individual of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy statement.
- WHO WE ARE
Under the GDPR we confirm the following information as a data controller:
Our website address: https://www.somws.org/
Our registered name is: The Society of Offshore Marine Warranty Surveyors
Our registered address is: Pelmark House, 11 Amwell End, Ware, Hertfordshire, SG12 9HP
Our nominated representative is: Mervyn Pilley and they can be contacted at email@example.com
We take the security of all the data we hold seriously.
We have a framework of policies and procedures which ensure we regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
All information you provide to us is stored on our secure servers. These are held via a secure cloud based system with very restricted, password protected access.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- DATA THAT WE HOLD
PURPOSE AND LEGAL BASIS
We provide services to individuals as well as organisations. The exact data held will depend on the services to be provided but under GDPR we will only process your personal data if at least one of the following basis applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller; and/or
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our payment provider, except where such interests are overridden by the fundamental rights and freedoms of the data subject, in particular where the data subject is a child.
Where we engage with individuals, we may collect and process personal data in order to satisfy a contractual or operational obligation. We request that individuals only provide the personal data that is required for us to fulfil our contractual or operational obligation.
Why do we process data?
Where data is collected for professional services, it is used for a number of purposes, as follows;
- Providing services to you. Data is processed in accordance with the purpose which we have collected it, and may sometimes be further clarified in written documentation supplied before any data processing may occur. We provide a range of services and this includes but is not limited to: holding examinations leading to professional qualifications, membership services and running events.
- Individual needs. When communicating with and assessing the needs of clients, personal data may be processed in order to ensure that their needs are appropriately satisfied. This may include assessing whether the services provided to our clients are appropriate.
- In order to manage and administer our business and services, we may collect and process personal data. This may include (but is not limited to) maintaining internal business records, managing client relationships, hosting events, and maintaining internal operating processes.
- In order for the SOMWS to do what it does, we may from time-to-time be required to collect and process personal data in order to fulfil regulatory, legal or ethical requirements. This may include (but is not limited to) the verification of identity of individuals.
What data is processed?
The data that is processed is dependent on the service that is being provided and on the recipient of this service.
- Services to individuals. Personal data may include name, contact details, ID documents to identify who you are (passport / driving licence), qualification and certificates, membership data, bank details, photographs, videos and any other specifically relevant data.
How long do we hold data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. For example, where an individual is a member of SOMWS, we will retain their personal data which is needed for membership purposes. If they cease to be a member we will delete their data except where required for legal, tax or regulatory purposes.
Personal data will be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. We will periodically review this data every 12 months, to ensure that it is still relevant and necessary in accordance with our data retention policy
Personal data from our contacts, which covers both potential and prior relationships, journalists and media contacts, as well as potential and prior office bearers and volunteers are held in our systems.
This information may be entered into the system after contact is made between an office bearer of the SOMWS and an individual or a business contact individual and there is a lawful basis for processing the data.
Why do we process data?
Where personal data on business contacts is held, it is used for a number of purposes, as follows;
- Promote and develop our services.
- Hosting and facilitating of events.
- Relationship management.
- Administration and management.
We collect personal data for our people as part of the administration, management and promotion of our business activities. Our people are the volunteers who hold positions within the SOMWS as office bearers or committee members.
Where an individual is applying to volunteer, personal data is collected through the application process.
There are a number of purposes that personal data for applicants are collected.
- We process an applicant’s personal data in order to assess their potential to act as an office bearer or committee member at the SOMWS.
- Administration and management. We may also use this personal data in order to make informed management decisions and for administration purposes.
Personal data collected for applicants is held for as long as necessary in order to fulfil the purpose for which it was collected, or for a maximum of one year where those purposes no longer become necessary.
We collect and process personal data about our suppliers, subcontractors, and individuals associated with them. The data is held to manage our relationship, to contract and receive services from them.
Why do we process data?
- Receiving goods and services. We process personal data in relation to our suppliers and their staff as necessary to receive the services.
- Providing services to our clients. Where a supplier is helping us to deliver professional services to our members and students, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our members and students.
- Administering, managing and developing our businesses and services. We process personal data in order to run our business, including:
- managing our relationship with suppliers;
- developing our businesses and services (such as identifying members and students needs and improvements in service delivery);
- hosting or facilitating the hosting of events; and
- administering and managing our website and systems and applications.
- Security, quality and risk management activities. We have security measures in place to protect our and our members and students information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to our suppliers. We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data.
- Complying with any requirement of law or regulation. We are subject to legal, regulatory and professional obligations. We need to keep certain records to show we comply with those obligations and those records may contain personal data.
What data do we hold?
We will hold supplier’s names, contacts names, and contact details of suppliers.
How long do we hold data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). For example, where a supplier is under contract with SOMWS, we will retain relevant individual’s personal data which is needed for the ongoing management of the contract. If they cease to be a supplier we will delete the relevant individual’s personal data except where required for legal, tax or regulatory purposes or to exercise our legal rights.
- PEOPLE WHO USE OUR WEBSITE
We may request from you your e-mail address and/or your postal address to communicate with you through several different channels, including post and electronic newsletters. We ask that you confirm that we can subscribe you to our mailing lists as part of any such request. You can also proactively elect to subscribe to receive selected communications. Our aim is to keep you up-to-date with all the latest news from the SOMWS. However if you no longer wish to receive direct mail or e-mail communications from us, you are able to unsubscribe from them individually at any time at your discretion, or you can edit or completely remove your e-mail details.
Data about you provided to the SOMWS will be used for the purposes described at the time of collection. It may also be used for the other purposes described in this privacy statement. For instance, data may be used by the SOMWS to record your use of SOMWS services, events and other facilities. This helps us to administer these effectively, provide the highest possible level of service and also helps us better understand your needs and interests.
The SOMWS compiles statistics from visitors’ (both SOMWS members and non-members) use of this website. Membership of the SOMWS is required to access certain specific secured pages (Members’ Area). However, other than this specific area of the website, visitors are not required to be SOMWS members to gain access to the general pages of website. The reason we collect and use this data is for our legitimate legal interests, namely monitoring and improving our website and services.
Any information collected as a result of your visit to the website will remain anonymous. The statistics collated will not include domain or IP addresses. Further, temporary cookies and sessions will only be used for the duration of your visit to the SOMWS website to enhance usability as you move from one page to another and will expire when you leave the site, or if your session is idle for approximately 20 minutes. No personal data is retained relating to such website visits.
The SOMWS website contains links to other sites that reflect the interests and/or share the values and objectives of the SOMWS.
The SOMWS does not control, and is not responsible for, the accuracy, timeliness, security, or the continued availability or existence of such outside information. Opinions expressed on other sites linked from the SOMWS website are not necessarily those of the SOMWS. Neither is the SOMWS responsible for the contents of any websites that choose to link to the SOMWS website, with or without the SOMWS’s consent.
- SHARING PERSONAL DATA
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards and the Data Protection Laws
Personal data held by us may be transferred to:
- Third party organisations that provide applications/functionality, data processing or IT services to us.
- Third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, identity management, website hosting and management, data analysis, data back-up, security and storage services. [Can you be specific about the identity of any such third parties and provide link to their privacy policies?]
- Third party organisations that otherwise assist us in providing goods, services or information. [Can you be specific about the identity of any such third parties and provide link to their privacy policies?]
- Third party organisations in order to hold events or examinations on behalf of the SOMWS. [Can you be specific about the identity of any such third parties and provide link to their privacy policies?]
- Law enforcement or regulatory agencies or those required by law or regulations.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with the Data Protection Laws.
- LOCATIONS OF PROCESSING
Where possible, personal data resides within the UK territory but may be transferred to, and stored at, a destination inside the European Economic Area (EEA).
We will not transfer your Personal data outside the European Economic Area (EEA) unless the recipient country ensures an adequate level of protection for the rights and freedoms of data subjects.
- INDIVIDUAL’S RIGHTS
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
- Individuals may request access to their personal data held by us as a data controller.
- Individuals may request us to rectify personal data submitted to us.
- Individuals may request that we erase their personal data.
- Individuals may be informed of what data processing is taking place.
- Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
- Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
- Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
If you wish to exercise any of these rights, please send an email to: firstname.lastname@example.org.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to: email@example.com. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website: https://ico.org.uk/concerns.
DATA CONTROLLER, CONTACT INFORMATION AND CHANGES
For the purposes of GDPR, the SOMWS is the ‘data controller’.
If we change this privacy statement, we will post the changes on our website. We may also email you with the updated privacy statement. If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
Society of Offshore Marine Warranty Surveyors
11 Amwell End
Or by email at: firstname.lastname@example.org