Data protection legislation gives individuals rights to understand how their personal data is used. Personal data is information that identifies an individual – it may be factual information, images or other recorded information.
This Privacy Notice provides detailed information about how and why we use (or “process”) personal data and what we do with that information. It also explains the decisions that you can make about your own information. Please read it carefully, and if you have any questions regarding your personal data or its use, please contact us at: firstname.lastname@example.org ; or by telephone on: 020 7090 1460 and ask for the Data Protection Representative.
ICS, Marisec and Marisec Publications
ICS is a trade association representing national shipowner associations in various regulatory and policy fora to promote and advance the interests of the international shipping industry and provide other services to the industry, for example, ICS participates in discussions concerning maritime/ship safety and through Marisec, helps to produce Industry Guidance for a range of maritime operations.
Marisec provides professional secretariat services primarily to ICS and also other associations or organisations. Marisec produces and sells a number of publications through its publications trading arm, Marisec Publications. Marisec also organises events on behalf of ICS.
In order to carry out the core functions of ICS and Marisec, i.e., to operate effectively as a trade association and a professional secretariat and meet legislative, contractual and statutory obligations, we need to process personal data relating to various categories of individuals.
Types of personal data we process
ICS is a membership organisation, with national associations as its members which in turn have shipping companies as their members. Our national associations provide personal data on individuals within their association and from their member companies who are nominated to represent them in ICS activity. This data will include name, role and contact details. This data is used when providing member services, for example, names and company affiliations form part of a record of activity, such as attendance notes, minutes of committee, sub-committee, panel and working group meetings. We also liaise, consult and cooperate with other associations, organisations and individuals connected with the shipping industry in order to provide effective representation to our members. This entails use of personal data of individuals in those other organisations or operating independently. This personal data is usually limited to business contact details and includes name, role and contact details.
Marisec provides secretariat services to ICS and other associations. This entails provision of staff to carry out ICS representation activity, and publishing Industry Guidance, Guidelines and other publications. Marisec organises a range of seminars and meetings and workshops for ICS, to which ICS members and others are invited. As part of this activity, personal data is collected and used for the purposes of arranging the event, and contacting attendees and speakers and providing reports.
Marisec Publications sells printed books, electronic guidance documents and other products. We collect data which is necessary to identify the customer, take financial payment details, deliver the goods, and complete all necessary financial and other records where you have provided a contact email address, we may use this to tell you about events, publications and other ICS activities that you may be interested in. You can update your preferences in regard to receiving such information at any time.
- images, audio and video recordings; we may take photographs or videos of individuals at company events, to use in printed material, on social media and on our website. This is to showcase the range of activities that we engage in and to publicise our objectives for our members and others. Although we endeavour to use only the most recent footage, we may continue to use these photographs and videos after the event in which they were taken.
- Special category personal data (for example, where you give us information on dietary preferences for an event this may reveal health information about you). We do so in accordance with applicable law (including with respect to health and safety and safeguarding) or by explicit consent.
- Other information relevant to maintaining our website and web servers such as IP address, Operating System, Browser.
We maintain email, other electronic and physical records of business activities, which may contain personal data provided by individuals as part of normal business communications.
Collecting, handling and sharing personal data
We are committed to ensuring that when collecting personal data, we do this in accordance with the principles set out in the data protection legislation contained in the EU General Data Protection Regulation (“GDPR”), namely, that the data is:
- collected lawfully and fairly and with transparency; and
collected for a specific purpose; and
- limited to what is necessary in relation to the purposes for which it is processed; and
- accurate and kept up to date; and
- kept in a form which permits identification of data subjects for no longer than necessary; and
- handled with appropriate security including protection against unlawful processing or accidental loss, destruction or damage.
Applying these principles: we collect most of the personal data we process directly from the individual concerned. Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the secretariat of any significant changes to important information, such as contact details, held about them.
We do not otherwise share or sell personal data to other organisations for their own purposes.
Transferring personal data
Personal data may be stored and processed in the United Kingdom or any other country in which we or associated third parties maintain facilities. Should we need to transfer personal data, we will take all reasonable measures to ensure that it is transferred only to third parties that also comply with the GDPR.
The lawful basis on which we use personal data information
This section outlines the legal basis that we are relying on when handling personal data.
We rely on legitimate interests for most of the ways in which we use personal data. Specifically, we expect that the following uses will fall within our legitimate interests:
- Providing Secretariat services to ICS and other associations;
- Representing and promoting the objects and interests of ICS, and ICA national association members;
- To give and receive information;
Ensuring that all relevant legal obligations are complied with and to obtain appropriate professional advice and insurance.
Necessary for a contract
We will need to use personal data in order to perform our obligations under a contract, for example, a sale and purchase of a product from Marisec publications.
We collect data to comply with the registration and reporting requirements of UK company law. We will also process special category personal data or criminal records information in accordance with rights or duties imposed on us by law, including in connection with employment of staff, for example reference checks, welfare, insurance or pension plans; for legal and regulatory purposes (for example diversity monitoring and health and safety).
How long we keep personal data
We will retain your personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.
Your rights over your personal data given to us
Under the GDPR you have the following rights over personal data given to us that we respect:
- Right of Access
You are entitled to be informed when we are processing your personal data and if we are to receive a copy of the personal information which we hold.You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals or information which is subject to legal privilege (for example legal advice given to or sought by us, or documents prepared in connection with a legal action).
- Right to Rectification
You are entitled to request that any incorrect data which we hold about you is corrected.
- Right to Erasure
You have the right to request the deletion of personal data which we hold about you, in certain circumstances for example where personal data is no longer necessary for the purpose which we collected it.
- Right to object
You have the right to object, under certain circumstances to us processing your personal data.
- Right to object to direct marketing
You have the right to object at any time to us processing your personal data for direct marketing purposes. If you object to such processing, we must discontinue all direct marketing without undue delay.
- Right to restrict the processing of your personal data
Under certain circumstances, for example, while a request to correct personal data is being processed.
- Right to data portability
In some circumstances you have the right to request that we transfer the personal information we hold on you to another organisation in a machine readable format. This applies only to information you have provided to us and which we process on the basis of your consent or for the performance of a contract.
- Right to withdraw consent
If our processing is based on your consent, you have the right to withdraw your consent to our processing of your personal data at any time. Such withdrawal does not affect the lawfulness of processing that took place prior to withdrawal. Please be aware however that we may have another lawful reason to process the personal data in question even without your consent. That reason will usually have been set out under this Privacy Notice (or elsewhere in data protection legislation), or may exist under some form of contract or agreement with the individual (e.g. an employment or personal contract, or because of membership of one of our associations).
You have the right to complain to the data protection authorities (for example, in the UK, the Information Commissioner’s Office) regarding our processing of your personal data.
Please note that we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.
If you would like to access or amend your personal data, or have some objection to how your personal data is used, please make your request in writing to: email@example.com. We will respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is 30 days in the case of straightforward requests for access to information.
Our website uses first and third party cookies, please see
http://www.ics-shipping.org/cookies for more information.
Links to other websites
ICS also operates a twitter account @shippingics. If you choose to interact with us on twitter, we will have access to any posts or messages directed to us. We ask that you do not post any sensitive personal information on our social media platforms and if you do so we reserve the right to delete it.
Automated profiling using personal data
We do not under any circumstances carry out any automated profiling of personal data.
We may update this privacy notice from time to time and where we do so we will amend the version date at the bottom of this notice.
If you do have any questions about our data protection policy or what we do with your information, you can contact us at firstname.lastname@example.org or +44 207 090 1460.
Version date: 29 July 2019