Privacy Policy

 

  1. Introduction

This privacy notice tells you how Haven Dredging Ltd manages your personal information when you either make contact with us to use one of our services, or we make contact with you.

We have outlined:

  • The various ways we collect or process personal information
  • What personal information we collect about you
  • Why we are processing it
  • Why we are allowed to process it
  • How long we keep it
  • Whether we share it with anybody else
  • Whether we intend to transfer it to a country outside of the European Economic Area (EEA)
  • And, details of the rights you have relating to your personal information.
  1. Who we are

Haven Dredging Ltd is a wholly owned subsidiary of Harwich Haven Authority

Haven Dredging Ltd is classed as the ‘Controller’ for the personal information we process.  This means that we are responsible for keeping your personal information safe and secure once we collect it, and to ensure that you can exercise your rights to your personal information.

You can get in touch with us is lots of different ways all of which can be found here https://havendredging.com/contact/.

Our postal address is:

Haven Dredging Ltd

Harbour House

The Quay
Harwich
Essex
CO12 3HH

01255 243 030

  1. How we get your data

The majority of personal information we receive is provided to us directly by you.  There are, however, a few examples where this is not the case which will be detailed below.

There are also times when we collect Special Category data, but we only do this when we have a specific exception as detailed in the GDPR. The types of special category data and which exception we use are detailed below.

  1. The rights you have to your personal information

The Data Protection Act 2018 (DPA 2018) and General Data Protection Regulation (GDPR) states that any personal information that we process belongs to you and you have rights to it.  The rights available to you depend on our reason for processing your information, however, not all of them apply all the time. There are also some exceptions that may be applied in certain circumstances as well.

If we are processing your personal information for law enforcement purposes, your rights are slightly different.  We have another section below the details this.

When you ask us to exercise one of your rights, we have one month to respond to you.  You will not be charged to exercise your right.

If you wish to make a request, please contact us here: https://havendredging.com/contact/.

Your right of access

You have the right to ask us for copies of the personal information we hold.  This right always applies, however, in some circumstances you may not receive all the information we hold about you.

Your right to rectification

If you think the information we hold about you is inaccurate or incomplete, you have the right to ask us to rectify this information.  This right always applies.

Your right to erasure

In certain circumstances you have right to ask us to erase all your personal information.

Your right to restrict processing

In certain circumstances you have right to ask us to restrict processing your information.

Your right to object to process

If we are processing your personal information using Article 6(1)(e) of the GDPR which relates to the duties we carry out in the public interest or Article 6(1)(f) of the GDPR if it is in our legitimate interest, you have the right to object to us processing this information.

Your right to your data portability

You have the right to ask us to transfer the information we hold about you and give it to another organisation or directly to yourself.  This only applies to the information you have given us, and it only applies if we are processing that information based on your consent or as part of a contract.

  1. Sharing your personal data

In the day to day running of our business we use external data processors to provide services to us. This could be things like cloud service providers, such as Microsoft Office 365, auditors, or insurers. As these third parties are classified as data processors it means that they cannot do anything with your personal information unless we had explicitly told them to do so. It also means that they must hold your information securely and retain it for as long as we have instructed them to do so.

Most of our cloud service providers store your personal information in data centres within the European Economic Area which ensures data is treated to the same high standard that it is in the UK. However, some use data centres in the US and where this is the case, we use the EU-US Privacy Shield or Standard Contractual Clauses, which ensure data has the same level of protection.

There are some circumstances where we are legally obliged to share your personal information. For example, where there has been an incident in the harbour or at sea and we are cooperating with the Marine Accident Investigation Branch (MAIB) or the Marine Coastguard Authority (MCA) in an investigation or when we have been instructed to do so by a court of law.

We never share personal information with third parties for the purposes of direct marketing.

If you would like any further information about any of our data processors, there are some links to their websites below, or you can always ask us directly – please contact us here https://havendredging.com/contact/.

External Data Processors:

This is a list of the external data processors we use and links to their privacy policies, notices, statements, or charters. The links in this table take you away from our website. Please take care when browsing.

Type of processorNameLink to privacy document
Business Productivity ServicesMicrosoft Office 365Privacy Statement
PR AgencyADPRPrivacy Policy
Survey toolSurveyMonkeyPrivacy Policy
Customer Relationship ManagementMailChimpPrivacy Policy
Recruitment AgencyBristow HollandPrivacy Policy
Occupational Health ProviderGipping Occupational HealthPrivacy Policy
Pre-employment AssessorSHLPrivacy Notice
Photographic and video productionBruizerPrivacy Policy
Board member appointmentsDepartment for TransportPersonal Information Charter
Website hostAscender Creative ElevationPrivacy Policy
Intranet hostFocus IntegratedPrivacy Policy
Distribution CompanyMutual MediaPrivacy Policy
Marine Regulatory BodyMarine Management OrganisationPersonal Information Charter

 

  1. Your right to complain

We work within the DPA 2018 and GDPR and your data and privacy are very important to us.  We strive to work to the highest standards when handling your personal information and we are looking to improve our practices every day.  If you have any queries or concerns regarding how we are processing your personal data please let us know at https://havendredging.com/contact/ and we’ll get back to you as soon as we can.

If, after we have responded, you remain dissatisfied, you have the right to complain to the UK’s supervisory authority, The Information Commissioners Office (ICO) using this link: https://ico.org.uk/make-a-complaint/

  1. Children’s Information

Typically, we don’t offer services directly to children or proactively collect their personal information.

  1. How long we keep your personal information

The length of time we keep your personal information for will depend on what that information is and why we are processing it.  We will only keep hold of your personal information for as long as it is absolutely necessary to fulfil the purpose we collected it for.  At this point, and according to our retention schedule, we will either anonymise your personal information or delete it.

  1. How we keep your personal information safe

To keep your personal information safe, we have put in place numerous technical, procedural, and organisational measures.  We have sophisticated cyber security systems to protect your personal information from malicious attacks. These include two factor authentication and user accounts with specific permissions to ensure that your personal information is only seen by those that need to see it.  Internally, we have procedures, policies, and regular training takes place to ensure our staff know the importance of data protection and how best to deliver it.

In the event that your personal information is involved in a breach, where there is a risk to your rights and freedoms, we will contact the appropriate supervisory authority, normally the ICO. Where there is a high risk to your rights and freedoms, we will also contact you.

  1. Reasons for contacting us

This section of the privacy notice provides information that is specific to your reason for contacting us.

Applying for a job

Our application process requires us to collect your personal information, whether you apply directly to us or through an external recruitment agency we have engaged.

Purpose and lawful basis for processing

Our purpose of processing your personal information is to assess your suitability for the role that you have applied for.

The lawful basis we rely on for processing your personal information is Article 6(1)(b) of the GDPR, which relates to processing necessary for the performance of a contract or to take steps, at your request, before entering a contract.

What we do with your information

Whether you send us your application directly or we receive it from an agency (or some other third party), your personal information will be stored securely and viewed only by those involved in the recruitment process.

The information we collect

The information we collect will differ depending on which stage of the application process you are at. Although, at any given stage, we will not collect more information than we need to fulfil that purpose and we will not keep it for any longer than is necessary.

The application stage – we will ask for your personal details as well as details about your previous work experience, relevant qualifications, and references.

The interview and assessment stage – we will capture your responses to the interview questions and your assessment and interview scores. At this stage we may also look for your social media presence, if you have one, to gauge whether this matches up with what we have seen.

Additionally, we may ask you to carry out a psychometric assessment. This assessment includes an element of automated profiling and, as such, you have the right to request human intervention in the process. For more information on this, please contact https://havendredging.com/contact/.

Making you an offer of employment – we will ask for more detailed information about you to carry out any pre-employment checks. This will include, but not be limited to, proof of your right to work in the UK, proof of your qualifications, contact details for your referees, bank details, emergency contact details, National Insurance Number, etc.

Special category information

We will ask you to provide us with details about your gender, race, religion, and any disabilities you have. We require this information so we can accurately report the diversity of our organisation and it enables us to make reasonable adjustments within the workplace to accommodate any disability. We understand that you may see some of the answers to these questions as sensitive so we will always provide the option – “I’d prefer not to say”.

Once you have accepted our offer of employment, we will send you for a medical examination. This is carried out by an external occupational health provider (for details see External Data Processors table). The precise results are not shared with us, they remain confidential between you and the provider. We only receive a report about your suitability for work and any recommendation for workplace adjustment.

We can process this ‘Special Category’ information because Article 9(2)(b) of the GDPR applies and fits with our obligations in the field of employment.

Who we share your personal information with

For some Board vacancies, the decision as to who to appoint is made by the Secretary of State for Transport. As part of these applications your personal information will be securely shared with the Department for Transport (for details see Section 5 – External Data Processors table).

The data processors we use

In addition to the cloud service providers mentioned in Section 5 – Sharing your personal information, we also use an external provider to carry out pre-employment assessments (for details see Section 5 – External Data Processors table).

10.2. Attending, or being involved in an event

Throughout the year we run numerous community events and operational exercises. If you attend, or apply to attend, one of these events or exercises we will collect various pieces of your personal information.

Purpose and lawful basis for processing

The reason we collect this information is to enable us to facilitate the event or exercise and provide you with an acceptable service.

The lawful basis we rely on for processing your personal data is either gaining your consent under Article 6(1)(a) of the GDPR or, particularly for operational exercises, Article 6(1)(f) as we would have assessed that it is our legitimate interest.

What we do with the information

For operational exercises we will collate the information gathered during the exercise (potentially including your personal information) to assess, evaluate and learn. When this process is completed, we will anonymise as much personal data as we can.

Activity related to our external events, with your consent, may be publicised via our digital platforms, social media, traditional media outlets and in our internal, employee newsletter.

The information we collect

If you apply to participate in one of our events, we will ask you for your name and contact details.

Closer to the event, if we are providing food, we may ask you about your dietary requirements. We will also ask if you have any other special requirements (e.g. accessibility needs, photo sensitivity, etc.).

At the event, we may also capture video or photographic images to use as publicity for the event or for training purposes. It will be made clear to you at the event, and notices will be clearly displayed, that we are taking photos or videos and what they are going to be used for.

Typically, we don’t offer events aimed at children in the event that we do notices will be clearly displayed and with the explicit consent of their parent or guardians, we may take their photos, record video of them and record their names.

If at any point you wish to withdraw your consent or ask us to stop using your images, please contact https://havendredging.com/contact/. While we will always try to facilitate your requests, when we use the legitimate interest as the lawful basis, we may decline your request, if we have legitimate grounds to do so. We will always be transparent with you about this.

Special category information

When we collect any information about dietary or special (particularly health related) requirements, we also need your consent, under Article 9(2)(a) of the GDPR, as this type of information could be classed as special category data.

Who we share your personal information with

For operational exercises we may share your personal information with other partner agencies taking part in the exercise (e.g. Marine Coastguard Agency, Police, Fire Brigade, RNLI, etc.).

If we are providing food then we will share your dietary requirements with the catering provider, although, where possible, we will anonymise this.

The data processors we use

At most of our events we capture video and photos ourselves but, at some of our events, we use an external filming company (for details see Section 5 – External Data Processors table). We have a data processing agreement with them which ensures that they cannot do anything with your personal information without our permission.

We also use some of the cloud service providers mentioned in Section 5 – Sharing your personal information.

10.3 Using our local or Wi-Fi network

If you are making use of our free Wi-Fi around Ha’penny Pier or you are a visitor and are using our physical IT network, we will need to collect some of your personal information.

Purpose and lawful basis for processing

We need to collect this information to enable us to provide you with this service; it will not work without it.

We can do this because we have assessed that we have a legitimate interest to do so and the GPDR allows this under Article 6(1)(f) of the GDPR.

What we do with the information

The personal information that we collect will be used to identify your device on the network (this is something that is required to access the internet or any IT system).

Our firewalls (protection between our network and the wider internet) monitor all network traffic to block certain types of website and file transfers. This information is recorded, but we only access it if there is reasonable suspicion of activity that breaches our policies.

The information we collect

We will collect your device information, any user account information (physical network only), and your network traffic (as mentioned before, this is in no way monitored and we cannot access it without just cause).

Special category information

We don’t anticipate any special category information will be captured in this process.

Who we share your personal information with

We will never share your personal information with any other parties.

The data processors we use

Apart from the cloud service providers mentioned in Section 5 – Sharing your personal information, no data processors are used.

10.4 Visiting one of our sites

Haven Dredging Ltd is a wholly own subsidiary of Harwich Haven Authority, whether you are visiting us for business related reasons or you are visiting Ha’penny Pier or the surrounding area, we will collect some of your personal information.

Purpose and lawful basis for processing

Depending on why you are visiting us will depend on why we collect your personal information. If you are entering one of our buildings as a visitor or you are a supplier or contractor, we have legal obligations under The Health and Safety at Work Act 1974 to collect your details.

Across Harwich Haven Authority sites, including Ha’penny Pier, there are CCTV cameras which will be collecting your images. These are there to deter, prevent, and detect crime and for the safety and security of our sites and the people in or on them

For those processes where we do not have a legal obligation upon us (and therefore using Article 6(1)(c) of the GDPR), we have assessed that we have a legitimate interest to process your personal information; the GDPR allows for this under Article 6(1)(f) of the GDPR.

What we do with the information

When you visit one of our buildings, we will capture some of your personal information for our visitor book so that we know who is on site from a health and safety perspective. You will also be issued with a visitor card which will have an ID number that is assigned to you temporarily.

If you are a regular visitor, you may have a personalised card issued to you which will give you access to certain areas of the buildings. The use of your card is recorded.

Our CCTV system covers all of our buildings, sites, and vessels and are recording all of the time but we will only access these recordings in an appropriate situation (see the CCTV Privacy Notice for further details).

There are a few cameras that are classed as ‘operationally important’ that are monitored 24 hours a day by our VTS team. The cameras located on Ha’penny pier are monitored by the Pier Masters while they are on duty. The other cameras are recording all the time,.

The information we collect

Your name and contact details, and, if applicable, the company you work for is captured for our Visitor Book. We will also record your arrival and departure times.

If a visitor card issued to you, we will capture your name and contact details and the company you work for. You will also have a card ID number issued to you which will then become your personal information.

The CCTV system will capture video recordings of you, and, in certain circumstances, we may record audio as well (see the CCTV Privacy Notice for further details).

Special category information

We don’t anticipate any special category information will be captured.

Who we share your personal information with

In the event of an incident involving you that our CCTV cameras capture, we may share your personal information with the Police or an investigatory body, such as the Marine Accident Investigation Board or The Health & Safety Executive.

The data processors we use

Apart from the cloud service providers mentioned in Section 5 – Sharing your personal information, no data other processors are used.

10.5 You have an accident at one of our sites

If you’ve had an accident at one of our sites that required us to administer first aid or fill in an accident report form, we will need to capture some of your personal information.

Purpose and lawful basis for processing

The reason we capture this information is because there is a legal obligation under The Health and Safety at Work Act 1974 to do so, and as such we are permitted to do so under Article 6(1)(c) of the GDPR.

What we do with the information

This information is kept as a record of the incident in case it is needed as part of a subsequent investigation.

The information we collect

Initially, we will collect your name and contact details, address, date of birth, and your involvement in the accident. If we then need more information regarding the accident, we may record other peoples’ opinions about it (if these opinions are relating to you, they then become your personal information too), we will also record your communication with us.

Special category information

In some situations, we may ask to record special category information about you (mostly information about your health). If you are able to consent to this we will seek it explicitly (using Article 9(2)(a)), if you are not able to give your explicit consent (i.e. you are unconscious), and we feel it is in your vital interest to capture this information, we will do so relying on Article 9(2)(c).

Who we share your personal information with

Your personal information will not be shared with any other organisation unless the Police or investigatory body request it and have followed the appropriate guidelines.

The data processors we use

Apart from the cloud service providers mentioned in Section 5 – Sharing your personal information, no data processors are used.

10.6 Raising a query or making a complaint

When you get in touch with us because you have a query or a complaint, we will need to capture some of your personal information in order to respond to you appropriately and efficiently.

Purpose and lawful basis for processing

As a trust port, it is important that we are engaged with our stakeholders and that we respond to your queries and complaints. The lawful basis we rely on for processing your personal information is Article 6(1)(f) of the GDPR, necessary for the purposes of our legitimate interests.

What we do with the information

Depending on how you get in touch with us will depend on how we respond to you. You will be responded to by the appropriate member of staff and complaints may be shared internally in order to improve our services.

The information we collect

We need enough information to answer your enquiry and to enable us to respond to you. Typically, we will collect your name and contact details as well as the various messages that go between us.

Special category information

We don’t foresee any special category information being processed in this process.

Who we share your personal information with

None of your personal information will be shared with any external organisations.

The data processors we use

As well as the cloud service providers mentioned in Section 5 – Sharing your personal information, if you use the Contact Us page on our website, your details will be captured via a MailChimp form. (for details see Section 5 – External Data Processors table).

10.7 Subscribed to our mailing lists

We have several mailing lists at Haven Dredging Ltd across a range of topics, if you receive any of them then we will need some pieces of your personal information.

Purpose and lawful basis for processing

We need to collect your personal information to provide that particular service to you. The lawful basis that we rely on is Article 6(1)(a) of the GDPR which relates to you giving your explicit consent.

What we do with the information

The data is stored within Mailchimp and is collected via a form generated by the Mailchimp system that sits on our website.

The information we collect

We will collect your name and contact details as well as your marketing preferences.

Special category information

We don’t anticipate any special category information being processed.

Who we share your personal information with

Your personal information is only ever used internally.

The data processors we use

Apart from the cloud service providers mentioned in Section 5 – Sharing your personal information, no data processors are used.

10.8 when visiting our website

When you visit our website, havendredging.com we will need to collect some of your personal information via Cookies, some of which are necessary for security or functionality, and some of which are optional.

Purpose and lawful basis for processing

We have these measures in place to monitor, maintain, and hopefully improve the performance, usability, and overall user experience of our website.

We will either use Article 6(1)(a) of the GDPR when we ask for your consent to use optional cookies, or Article 6(1)(f) which allows us to process your personal information when we have assessed it is necessary for our legitimate interests.

What we do with the information

The information we collect will be stored within Google Analytics. It is never shared with third parties and we use what we learn through Google Analytics to provide more focused information to our stakeholders.

The information we collect

We will collect information about the device you use to visit our website like its IP address, country and time zone, operating system, and browser. We also capture your activity while on our website.

Special category information

We don’t anticipate any special category information will be captured.

Who we share your personal information with

None of your personal information we capture is shared outside of our organisation or the data processors we use.

The data processors we use

Our website hosted by Ascender Creative Elevation (for details see Section 5 – External Data Processors table) and we use Google Analytics these are the only data processors we use.

10.9 Attending meetings hosted by Haven Dredging Ltd

We regularly host meetings, either in person or virtually (using Teams) with local stakeholders, keeping them informed about our work and collaborating with them keeping our operations as safe as possible.

Purpose and lawful basis for processing

The reason we collect personal information at these meetings is to record the discussions and decisions that have been made.

We also keep a list of key stakeholders to invite to, and correspond with about, these meetings. These stakeholders are businesses or organisations (ports and harbours or dredging operators etc.), not individuals or members of the public. However, from time to time, some individuals representing these organisations will use their own personal contact details. If you choose to do this, our relationship remains with the organisation that you represent and not you as an individual.

We are doing this because we have assessed that we have a legitimate interest to do so; the GDPR allows for this under Article 6(1)(f) of the GDPR.

At the beginning of the meeting we will ask all participants for their consent (Article 6(1)(a) of the GDPR) for us to create an audio recording. This will be used to facilitate better note taking. If anyone objects, no audio will be recorded.

Once the notes have been taken, the audio recording is deleted.

In some meetings, particularly ones held virtually and to a wider audience, we may continue with recording the meeting. If you do not wish to be recorded, you will not be able to attend the meeting.

What we do with the information

The information captured will be used to keep a record of who said what at the meetings and keep a track of what decisions were made and by whom.

Contact details will be kept up to date in order of us to communicate with you the outputs of the meetings and invite you to subsequent meetings.

The information we collect

If you attend a meeting that we host, you will be asked for your name and contact details. The opinions that you share at the meeting will be captured in the written minutes or recording of the meeting.

Special category information

We don’t anticipate any special category information will be captured.

Who we share your personal information with

The minutes from the meeting may be shared with the attendees of the meeting (the recording will never be shared though) and invited attendees that couldn’t make it.

The data processors we use

Apart from the cloud service providers mentioned in Section 5 – Sharing your personal information, no data processors are used.

10.10 You are one of our customers or suppliers

As one of our customers or suppliers we will need to capture pieces of your personal information, to best manage our relationship.

Purpose and lawful basis for processing

If you are a supplier we will need to process your personal information to make sure that you are kept up to date on the work you are carrying out for us and to make sure that invoices are paid in a timely manner.

If you are one of our customers, we will need to process your personal information so that we can contact you about our services and about any dues that may be owed.

In both cases we are applying Article 6(1)(b) of the GDPR which relates to the performance of a contract or prior to entering into one.

In some cases, it may be necessary to process your personal information while following anti-money laundering regulations. We will do this because we have a legal obligation to do so and we would be using Article 6(1)(c) of the GDPR to do so.

What we do with the information

Your information will be stored in our accounting software which we use to manage our customer/supplier relationship.

The information we collect

We will need to collect your name and contact details and your written communication with us, which could include your personal opinions.

In some cases, it may be necessary to perform a credit rating search for your business. This does not contain any personal information unless your business shares any details with you as an individual.

Special category information

We don’t anticipate any special category information being processed.

Who we share your personal information with

Most of the time your information is only used internally. However, if we need to share your personal information with another external stakeholder, we will always seek your consent first.

Exceptions to this are when we must share your information because of anti-money laundering regulations, in which case, we will not need to seek your consent to do so.

The data processors we use

Apart from the cloud service providers mentioned in Section 5 – Sharing your personal information, no data processors are used.