Privacy Policy
General Information about Privacy – The Cruising Association (CA)
This section of the website sets out how we process (collect, store, use and share) people's personal information (as defined by UK data protection laws). We have a web privacy policy including cookie policy for users of this site, and an overarching privacy policy for our members and others with whom we have a contractual relationship. The web privacy policy and, if you are logged in, the overarching privacy policy, can be found below.
The Cruising AssociationThis site is owned and managed by the Cruising Association. We have a long history - going back more than 100 years. We are a unique, mutually supportive association dedicated to those who cruise on small boats. Our information is collected and shared by members, backed up by a small team of dedicated staff. We have information of unequalled quality, quantity, breadth and relevance; we share experiences, knowledge, and fun to get the most out of cruising. We share online, at rallies, seminars and social events around the UK and across the world.
Web Privacy/cookie policy
This privacy policy sets out how we use and protect any information that you give us when you use this website. We are committed to ensuring your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.
We may change this policy from time to time by updating this page. You should check this page to ensure you are happy with any changes.
What we collectWe may collect the following information if you choose to provide it:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- Where you have subscribed, we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
We are committed to ensuring your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookiesA cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.
If you interact with any social media buttons on our website, a cookie will be used to remember your actions.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
This website assumes implied consent for cookies and meets the ICO's guidelines on the EU e-Privacy Directive.
Recording of IP addressesIn order to maintain and improve security and data protection connections to this page may have their IP address logged. The data will be shared with our IT providers and legal services. The data will not be transferred outside the United Kingdom. The data is normally deleted after 24 months But could be retained longer if it was in active use.
Links to other websitesOur website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites. These sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal informationYou may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, uncheck any box that requests you to join a mailing list / newsletter or use your details for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to us.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
CA overarching privacy policy
The privacy statement was last updated at 2018-11-16 10:06:40
Personal Information, Data Protection & GDPRWe have an amount of personal information on our members, staff, volunteers and our contacts. This privacy statement is primarily concerned with the personal information we hold; and is designed to inform the individuals most concerned (that is those individuals about whom we have some personal information). It is published to meet our legal duties in the General Data Protection Regulation (GDPR) and the Data Protection Act.
Contact detailsThe Cruising Association (The data controller as defined by the GDPR)
1 Northey Street,
Limehouse Basin,
London, E14 8B
United Kingdom
Tel: +44 (0)207537 2828
Email: office@theca.org.uk
Ms Lucy Gray
For any questions concerning data protection or privacy please contact Ms Lucy Gray email coo@theca.org.uk
Supervisory authority for data protectionThe Information Commissioner’s Office
Water Lane
Wilmslow
Cheshire
SK9 5AF
Legal framework
We comply with data protection legislation: the current laws (as expected at 25/5/2018) are The General Data Protection Regulation (GDPR) and the Data Protection Act, 2018.
Why we collect personal informationWe seek to restrict the personal information that we process to the minimum required to deliver the ‘service’ in question. If we want extra information for any reason, we will explain “what” and “why” when we ask you.
Legal rights for individualsWe process information in accordance with the letter of the law and the essential principles set out in legislation. The GDPR gives individuals the following legal rights:-
1. The right to be informed
We need to tell you what we will do with your personal information. We aim to keep your information safely and to be transparent with you about our activities. The Information Commissioner’s Office has published the detailed table below and we have added our own information to that table.
The table below summarises the information we should supply to individuals and at what stage.
What information must be supplied? | Data obtained directly from data subject | Data not obtained directly from data subject | Where to find this | ||||||||||
Identity and contact details of the controller and the data protection officer | This is set out above | ||||||||||||
Purpose of the processing and the lawful basis for the processing | ✔ | ✔ | We specify this when/where we ask for information | ||||||||||
The legitimate interests of the controller or third party, where applicable | ✔ | ✔ | |||||||||||
Categories of personal data | ✔ | We'll tell you if we get information about you from anyone else before we add this to our own records. |
|||||||||||
Any recipient or categories of recipients of the personal data | ✔ | ✔ | This is stated near the place where we ask for the information | ||||||||||
Details of transfers to third country and safeguards | ✔ | ✔ | We are an international organisation and share information outside the UK amongst members and HLR's only. | ||||||||||
Retention period or criteria used to determine the retention period | ✔ | ✔ | This varies with different data. We destroy all information that identifies an individual from our records once the information is no longer needed. | ||||||||||
|
|||||||||||||
The existence of each of data subject's rights | ✔ | ✔ | This advice | ||||||||||
The right to withdraw consent at any time, where relevant | ✔ | ✔ | This advice | ||||||||||
The right to lodge a complaint with a supervisory authority | ✔ | ✔ | This advice | ||||||||||
The source the personal data originates from and whether it came from publicly accessible sources | ✔ | We'll tell you if we get information about you from anyone else before we add this to our own records. | |||||||||||
Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data | ✔ | This is stated near the place where we ask for the information | |||||||||||
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences | ✔ | ✔ | We don't use this |
||||||||||
When should information be provided? | At the time the data are obtained. | Within a reasonable period of having obtained the data (within one month) | |||||||||||
If the data are used to communicate with the individual, at the latest, when the first communication takes place; or | |||||||||||||
If disclosure to another recipient is envisaged, at the latest, before the data are disclosed. |
2. The right of access
You have the right to know that your data is being processed and the right of access to the data, together with information of your rights (as set out in this web page) to enable you to verify the lawfulness of the processing. We will provide you with a copy of any/all information we hold on you, on request.
FeesWe normally provide a copy of your personal information free of charge. However, we may charge a fee:- if a request seems unfounded or excessive, particularly if it is repetitive; or to supply more than a single copy of any information.
Any fees will be based on the administrative cost of providing the information.
Time frameWe will provide Information without delay and normally within one month of receipt, once we have verified the identity of the person making the request. If the request is particularly difficult to meet, we may need up to one month’s extension. If so, we will advise you within one month of the receipt of the request and explain why the extension is necessary.
If your requests are manifestly unfounded or excessive; in particular because they are repetitive, we may refuse to meet the contested request. In those (unusual) circumstances, we will (without undue delay and at the latest within one month) explain why to the individual concerned informing them of their right to complain to the supervisory authority and their right to seek a judicial remedy.
3. The right to rectification
If the information that we have is wrong, then you have the right to demand that we correct it. We undertake to do this within one month of knowing the error. We also undertake to inform anyone whom we had previously misinformed. We may need to verify information that is subject to a rectification request. If that process takes longer than one month you have the right to ask us to suspend processing your data during our verification.
4. The right to erasure
If we have information that we are only lawfully permitted to process with your express permission or information which is redundant (such as might be included in records relating to an old membership) you have the right to tell us to erase the information. We will do this straight away for information which we can only process with your permission and as soon as practical for information which may still be lawfully processed without your consent (such as contact details for a debtor).
5. The right to restrict processing
You have the right to tell us to suspend the processing of your personal information whilst we deal with your rights to erasure/rectification.
6. The right to data portability
If we hold any of your data in electronic format we will – on receipt of your instruction – send this electronically to a third party of your choice. For security reasons, we would need your instructions in writing and we may need time to take steps to verify that the instructions actually come from you.
7. The right to object
You have the right to object to us using your personal information for direct marketing, profiling and or (in some situations) research; although there are circumstances that might allow us to proceed despite objections.
The only direct marketing (or activity which might arguably fall within the definition of direct marketing) we undertake, which may use your contact details, would be on our own account. We will stop sending you any direct marketing as soon as you ask.
We will not share your information with anyone else to enable them to engage in direct marketing.
8. Rights in relation to automated decision making and profiling or research.
We do not use our members’ personal information for such purposes in any way. We do not use automated decision making and any profiling activities are restricted to “higher level” anonymised data which would not allow individuals to be identified.