What is Western Isles Cruises Ltd doing about GDPR?
We take our responsibilities under GDPR seriously. That’s why we’ve embarked on a programme to identify which measures we need to implement to be compliant with GDPR, and are working to implement them in time for 25 May this year. Here is a quick summary of what we’ve done to date:
- We conducted a comprehensive GDPR audit and gap assessment. Following the gap assessment, we created an internal roadmap to work towards compliance with GDPR by 25 May 2018
- Our product and security teams have identified necessary changes/improvements to our product and are working to implement those
- We are well underway with engaging all key third-party vendors to make sure we have the appropriate contractual protections in place that satisfy GDPR requirements
- We’re refining procedures to deal with some key data subject rights, the right to request deletion
- We’ve updated our privacy notice to be GDPR compliant as well as more clear, concise and transparent about how we process personal data
- We’ve updated our incident response procedures to bring them into line with GDPR
How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you place a booking with us, join us on social media, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
Information we collect automatically: We collect some information about you automatically when you visit our website or use our services, like your IP address and device type. We also collect information when you navigate through our website and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our website and services so that we can continue to provide the best experience possible.
Some of this information is collected using cookies and similar tracking technologies.
We also operate a 24h CCTV system in our ticket office, on the MV Western Isles and Larven vessels for your personal safety whilst traveling with us and for security.
How we use your data
First and foremost, we use your personal data to operate our website and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like changes to sailing times or sailing cancellations) or information we are required to send to you to carry out the task of fulfilling the booking.
- operational communications, like changes to our websites and services, security updates, or assistance with using our website and services
- asking you for feedback
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the website or services, whether by email, in-app support or otherwise.
To enhance our website and services and develop new ones: For example, by tracking and monitoring your use of our website and services so we can keep improving, or by carrying out technical analysis of our website and services so that we can optimise your user experience and provide you with more efficient tools.
How we can share your data
We do not share your data with any marketing companies.
We will only disclose your personal data to:
- third party service providers and partners who assist and enable us to use the personal data to, for example, online booking system and credit card transactions.
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
We do not hold any credit card information, this is all done through Stripe who are fully compliant with GDRP.
The only data we hold is what you give us when you book at the ticket office i.e. phone and email so that we can contact you in the event of cancelation or change to the service.
All our computers are encrypted, fire walled and password protected.
We only share this information with the credit card and booking system third parties to enable us to provide the service you have requested when purchasing a ticket.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
It’s your personal data and you have certain rights relating to it.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to [email protected].
If you’re not happy with how we are processing your personal data, please let us know by sending an email to [email protected]. We will review and investigate your complaint, and try to get back to you within a reasonable time frame.
How to contact us
We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our website or services, please get in touch.
As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory time frames.
Our email is [email protected].