Privacy Policy

© INSIGNIA CREW 2021

OUR PRIVACY POLICY

Introduction

Our commitment to your privacy.

Insignia Crew Ltd is committed to ensuring that your privacy is protected. This Privacy Policy explains in detail the types of personal data we may collect about you when you access our website and interact with us (including when you provide us with personal information by telephone (including SMS), in written correspondence (including letters, emails, by completing any forms such as Registration Forms and Terms of Business) and in person).  It covers information we collect about users of our website, contacts at our suppliers, job candidates and prospective candidates ( “Candidates” in this Privacy Policy) and personal data about our clients who use us to find suitable Candidates (referred to as “Clients” in this Privacy Policy).  It is also covers information we collect from commercial partners we work with who we may make introductions to in return for a commission (“Commercial Partners”).  It also explains how we’ll process that data and keep it safe.  Our services and our website are not intended for children under the age of 18 and we do not intentionally collect data relating to children.

Whenever you provide personal data, we are legally obliged to use your information in line with all applicable laws concerning the protection of such information; including the Data Protection Act 1998 and 2018 (DPA) and The General Data Protection Regulation 2016 (GDPR) to the extent to which it is applied by UK GDPR as defined by the Data Protection Act 2018 together with other subsequent laws (“Data Protection Laws”).

This Privacy Policy also forms part of our terms of business and is not intended to override them.  We may need to amend or update this Privacy Policy from time to time and any revisions will be posted to this page, so please check back regularly.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

Who we are and how to contact us

For the purpose of Data Protection Laws Insignia Crew Ltd is the data controller and is responsible for your personal data, (collectively referred to as ‘we’, ‘us’ or ‘our’ in this Privacy Policy).  If you want to request more information about our Privacy Policy or require further information about how we process your personal data you can contact us using the details provided below:

Our Data Protection Officer is Annalise Holme.

Contact details

C/O Zest Accountants, Temple Chambers, 12 Clytha Park Road, Newport, NP20 4PB, UK.

info@insigniacrew.com

www.insigniacrew.com

Telephone:  +44 (0)7879 638 908

What sort of personal data do we collect?

We collect and process personal data. Typically, the personal data we collect and process will include Identity, Contact, Transaction, Financial, Recruitment Data, Client Data, Technical, Profile, Usage and Marketing and Communications Data such as:

Identity Data includes first name, last name, title or other identifier (such as job title), marital status, date of birth, gender, nationality.

Contact Data includes correspondence address, billing address, email addresses and telephone numbers.

Transaction Data includes details about services you have used us for.

Financial Data includes bank account and payment card details.

Recruitment Data includes information included on a Candidate’s CV including qualifications, work experience, current work details and experience including job title and previous roles,  other information relevant to job applications and experience e.g. information taken from certificates which provide proof of qualifications,  demographic information such as preferences and interests, next of kin details  (name / contact details / relationship to you) and Special Categories of Data (see further below).

Client Data includes data specific to Clients and includes MLC2006 certification details (if applicable), insurance details (yachts only, under MLC2006) and emergency 24/7 contact numbers.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

Profile Data includes your username and password, purchases of services made by you, your interests, preferences, feedback and survey responses, your social media username if you interact with us through social media channels.

Usage Data includes information about how you use our website, products and services.  Website usage information is collected using cookies (see below).

Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Please note that we may collect and/or process other personal data from time to time.

We also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data, but is not considered to be personal data in law as it will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate a percentage of users accessing a specific feature of our services. However, if we combine or connect your aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used solely in accordance with this policy.

Special Categories of Data

Where permitted by law, we may collect Special Categories of Personal Data about you.  This includes details you may provide us with voluntarily about your race or ethnicity, religious or trade union membership, information about your health (for example information stated on medical certifications such as ENG1). Your passport may also reveal Special Categories of Personal Data about you.

We only collect data from you directly or via third parties who may provide us with personal data and they should only do so where the law allows them to.

How do we collect Personal Data about you?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact, Profile and Financial Data or Recruitment Data by filling in forms or by corresponding with us by post, phone, messaging service, email or otherwise. This includes personal data you provide when you:

  • contact us with an enquiry;
  • become a Client, Commercial Partner or Candidate with us;
  • receive services from us;
  • request marketing and other information to be sent to you;
  • complete a survey we have sent you about our services; or
  • give us feedback or contact us.

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy here for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from the following parties:
    • analytics providers;
    • advertising networks; and
    • search information providers.
  • Contact, Financial and Transaction Data from providers of technical, or payment services.
  • Identity and Contact Data from publicly available sources such as Companies House, various yacht registers and social media sites such as LinkedIn.

We also received Personal Data about you from Clients we have provided your CV to who have interacted with you as part of a job application or who have given feedback on you following receipt of your CV or an interview.   We may also receive Personal Data from your previous employers, training providers when we check your qualifications and from referees when you are offered a job.

If you fail to provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data  when requested or refuse certain contact permissions, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel all or part of a service you have with us but we will notify you if this is the case at the time.

How we use your personal data

We use information held about you to:

  1. carry out our obligations arising from any contracts entered into between you and us and provide our services;
  2. carry out feedback and research on our services; and
  3. notify you about changes to our services.

We never sell your data to third parties or allow third parties to contact you without your permission.

We share your data with third parties where there is a legal obligation for us to do so or we have identified a valid lawful basis as set out in the table below. We may process your personal data without your knowledge or consent where this is required or permitted by law.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.

We have set out below in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new user of our website Identity

Contact

Performance of a contract with you

Necessary for our legitimate interests (Internal record keeping)

To register you as a Candidate, provide services to you and to process related transactions, including:

 

Carrying out security and qualification screening

To help you find suitable roles and opportunities

Identity

Contact

Recruitment Data

Transaction

Usage

Marketing and Communications

Performance of a contract with you to match you with suitable roles and opportunities as part of our service to you.

 

 

 

To register you as a Client, provide our services to you and to process related transactions, including:

Informing you about suitable Candidates

Manage payments, fees and charges

Collect and recover money owed to us

Identity

Contact

Transaction

Usage

Marketing and Communications

Client Data

Performance of a contract with you to contact you with suitable Candidates as part of our service to you

Performance of a contract with you to contact you in order to liaise with you as part of our service to you

To register you as a Commercial Partner to introduce you to our Clients who express an interest in your products and or services (with their consent) and to process related transactions, including:

Making introductions where relevant and requested by our Clients

Manage payments, fees and charges

Collect and recover money owed to us

Identity

Contact

Transaction

Usage

Marketing and Communications

 

 

Performance of a contract with you to make introductions
To manage our relationship with you which will include:

Notifying you about changes to our terms or privacy policy

Asking you to leave a review or take a survey

Identity

Contact

Profile

Marketing and Communications

 

Performance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (to keep our records updated and to study how Candidates, Clients and Commercial Partners use our services and work with us)

To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity

Contact

Technical

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Necessary to comply with a legal obligation

To engage with you on social media Identity

Profile

Necessary for our legitimate interests (to help us respond to your comments, questions or feedback if you engage with us through these channels)
To measure or understand the effectiveness of the advertising we serve to you Identity

Contact

Profile

Usage

Marketing and Communications

Technical

Necessary for our legitimate interests (to study how Candidates, Clients and Commercial Partners use our services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, services, marketing, Candidates, Clients and Commercial Partner relationships and experiences Technical

Usage

Profile

Necessary for our legitimate interests (to define types of Candidates, Clients and Commercial Partners for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about services that may be of interest to you

To contact you by email with details of special offers, news, changes to  legislation relevant to your business (e.g. MLC 2006), details of events, updates about changes to our services

Identity

Contact

Technical

Usage

Profile

Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

 

 

 

Our lawful basis to process your personal data

We only process your data (which may include providing it to a third party) where we have identified a valid lawful basis to do so. These are as follows:

  1. Contractual obligation – means processing that is necessary to comply with our obligations arising out of a contract, for example, where you have bought services from us we will use the personal data you provide to fulfil our contractual obligations .
  2. Legitimate Interest – means in the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process you personal data for our legitimate interests. Where we use legitimate interests we will record our decision on making this decision. We rely on legitimate interest where processing of the data we hold on you does not, in our opinion, affect your rights or freedoms and is proportionate to our interests e.g. keeping you up to date with our latest services or obtaining your feedback on our service.
  3. Consent – We will seek to obtain your consent to process:
    • your data outside our contractual obligations (see above) unless we have identified a Legitimate Interest (see above);
    • any special category data; and
    • your data by sending it to a Client who may be outside the EEA where you wish to apply for a role with them.
  4. Legal obligation – We may process your data where it is necessary for us to do so to comply with the law.

Links to other websites via our website

Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Sharing your personal data with our service providers

We will keep your information within our organisation except where disclosure is required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you.  We have contracts in place with our data processors. This means that they cannot do anything with your personal data unless we have instructed them to do so. They will not share your personal data with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Please see below the list which sets out the categories of recipients of personal data:

  • IT support services
  • Website provider
  • E-signature software provider
  • CRM provider
  • Secure document disposal service
  • Banks
  • Online payment providers
  • Accountants
  • Solicitors
  • Accounting software provider
  • Marketing agencies

Sharing your personal data with our Clients / Commercial Partners

In addition to sharing your personal data with our trusted service providers we may also share your personal data with our Clients and Commercial Partners, for example, we will send Candidate details to our Clients when assisting them to fill a vacancy or share your details with a Commercial Partner where you have asked us to make an introduction.

Here’s the policy we apply to those Clients to keep your data safe and protect your privacy:

  • Our contracts with Clients require that they can only use your data for the exact purposes we specify in our contract with them
  • We work closely with them to help ensure that your privacy is respected and protected at all times

Despite the above steps which we take once we send your personal data to a Client it is outside of our control and the Client will become a data controller of your personal data in their own right and will handle your personal data in accordance with their own privacy policies and procedures.  Where a Client is resident outside of the UK please note that different laws and legislation may apply to their use of personal data.

Sharing your personal data with other third parties

  • When required by law we may disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our Candidates, Clients and Commercial Partners into consideration
  • If another recruitment agent is seeking a Candidate to fill one of their vacancies, we will seek your consent first before sharing your details with them.

We may, from time to time, expand, reduce or sell the Company and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Policy

How do we protect your personal data?

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.  In addition, we limit access to your personal data to those employees, Clients, Commercial Partners and service providers who have a business need to know it.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. How long we retain your data can vary based on context of the service we provide you and our legal obligations.

The following factors influence our retention periods:

  • How long is the personal information needed to provide our services? This includes such things as maintaining and improving the performance of our service, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most of our data retention periods
  • Is the personal information sensitive? If so, a shortened retention time is generally appropriate
  • Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent
  • Are we subject to a legal, contractual, or similar obligation to retain your personal information? Examples can include mandatory data retention laws, government orders to preserve data relevant to an investigation, or personal information retained for the purposes of litigation
  • At the end of a retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning

Where your personal data may be processed – International Transfers

Sometimes we will need to share your personal data with service providers and Clients outside the European Economic Area (EEA) such as the USA, for example:

  • Candidates – we may put your details forward for a vacancy aboard a vessel outside of the EEA or send it to a Client who resides outside the EEA
  • All – we may transfer personal data that we collect from you to non EEA service providers/data processors to store and manage your data e.g. Microsoft

Protecting your data outside the UK / EEA

Where your personal data is transferred outside of the UK or the EEA to our service providers (our processors), we have ensured that:

  1. an adequacy decision has been made by the European Commission permitting the transfer of data to that country; or
  2. standard contractual clauses (SCCs) are in place and we have received assurances that an adequate level of protection of the personal data is achieved (based on a case by case assessment of the circumstances of the transfer), including adequate technical and operational measures in place to protect the personal data.

Where we transfer your data to a Client outside the UK or the EEA we will where possible seek your specific consent before doing so.  Please note that these Client’s may be located in countries which do not have the same stringent Data Protection Laws, there may be no local supervisory authority you can complain to and you may have either none or only limited individual data protection or privacy rights.  We do however request our Client’s keep your personal data confidential in our contracts with them.

What are your rights over your personal data?

Under Data Protection Laws your rights are:

To be informed – We must make this privacy policy (sometimes referred to as a privacy notice) available to you and be transparent over how we process your data.

Access – You are entitled to know what details we hold about you and why. We strive to be as open as we can be in terms of giving people access to their personal data. You can find out if we hold any of their personal data by making a formal request under the Data Protection Laws. Such requests should be made using the contact details provided in this policy. If we do not hold information about you we will confirm this in writing at the earliest opportunity. If we do hold your personal data we will respond in writing. Our response will:

  1. confirm that your data is being processed;
  2. verify the lawfulness and the purpose of the processing;
  3. confirm the categories of personal data being processed;
  4. confirm the type of recipient to whom the personal data have been or will be disclosed; and
  5. let you have a copy of the data in format we deem suitable or as reasonably required by you.

Rectification – We are obliged to correct or update your details. We will correct or update your data without delay provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.

Erasure – This is also known as the right to be forgotten. Under Data Protection Laws you have the right to require us to erase your personal data under specific circumstances. A request for your personal data to be deleted will be decided on a case-by-case basis and should be submitted in writing to the contact details provided in this policy.

Restrict processing – You have the right to ‘block’ or suppress the processing by us of your personal data.

Portability – You have the right to obtain the personal data that you have provided to us in a commonly used machine-readable format and reuse it with a different provider.

Object – You have the right to object to us processing your data in certain circumstances. You have an absolute right to stop your data being used for direct marketing, but in other circumstances we may still be allowed (or required) to process your personal data if we can show you that we have a compelling reason for doing so.

Rights in relation to automated decision making and profiling – We do not use automatic decision making or profiling.

Withdraw consent. Where you have given us consent to process your personal data, you can withdraw that consent at any time either by contacting us using the details set out in this policy, or by following the opt-out links in electronic messages where relevant. We do not penalise individuals who wish to withdraw consent and we act on withdrawals of consent as soon as we can.

You can contact us to request to exercise any of these rights at any time as follows:

please email info@insigniacrew.com

If we choose not to action your request, we will explain to you the reasons for our refusal.

Checking your identity

Please note that to protect the confidentiality of your information, you may need to provide identification in order to prove who you are if you wish to invoke any of your rights as provided by the Data Protection Laws and as summarised above.  If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We will always comply with your request.

Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office or your local regulator so please contact us in the first instance.

Any questions?

We hope this Privacy Policy has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact us and we will be pleased to help you:

Please email info@insigniacrew.com

Or write to us at:

Insignia Crew Ltd

C/O Zest Accountants

Temple Chambers

12 Clytha Park Road

NP20 4PB

UK