Visitors to our websites
Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it. Our website uses a CMS (content management system) hosted on our own dedicated servers.
When someone visits our website (https://www.rheaboats.co.uk) we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. We also make use of the Facebook Pixel in order that we can use Facebook as a means of marketing to potential customers.
If you fill out one of our contact forms on our website a notification email is sent to the relevant team within Rhea boats, but the data you supply is stored within a database on the same private server network as our website.
When you place an order via our website we will ask for your name, address, contact information and other information relevant to the order. This information will only be used for the purposes of delivering the services we are providing; however, data may be shared with third party service providers for the purposes of delivering the service (e.g your details will be shared with delivery companies.)
Where your data is stored on our own servers, it is stored on our own dedicated hardware. This hardware is co-located, in the UK, at the ISO27001 RapidSwitch/Iomart data centre in Portsmouth. None of your data is stored or transferred outside the UK and therefore not transferred outside the EEA.
We manage the security of our services and therefore your data ourselves.
All the data we hold on our customers is available via our site https://www.rheaboats.co.uk. Where you have completed a Booking Form and sent this to us physically, this is stored in a looked cabinet is only accessible to the relevant members of staff (e.g for order food for your coure, or for the skipper / instructor on your course).
We use MailChimp or Campaign Monitor for delivering our email newsletters. As noted above we make use of a tracking cookie to track the way our newsletters are read. Only your name and email address are ever shared with these services. Every time you receive our email newsletter we will include a link to enable you to unsubscribe should you wish to stop receiving them. We honour such requests.
Call our office
If you call our support line, we will already have your information stored in our customer database. We may use this information to verify your identity before helping with your enquiry. We will update our records with details of your query and if required note information that was given to you. If you call our us and are a potential customer, we will ask for the minimal information we need to provide any information relating to your call. The details will be stored in our CRM for the purposes of following up with you further to the discussion; if you become a customer your details will be stored in our CRM (Customer Relationship Management) System.
Any emails we receive are stored locally on our computers within our email client. Access to them is protected via Windows User accounts and we also use Windows Encryption. We also scan the email for viruses when it arrives on our servers and again before it is delivered to our local computers. All our email services are provided by Office 365.
We use a third-party provider, Hootsuite, to manage our social media accounts. We primarily use Hootsuite for the purposes of sharing our marketing messages across our social media platforms (the ones supported by Hootsuite). However, from time to time we may make use of additional Hootsuite functionality which allows us to use Hootsuite to collect together certain aspects of your personal data available to us via our connections on social media. More information about this functionality in Hootsuite can be found here: https://hootsuite.com/legal/privacy#customer-content
When someone joins our team, we will only collect and ask for personal information that is required for being an employee. We will keep these records during your employment and for up to 6 years after termination of your employment. We will also keep your payroll records up to 7 years. If we record working time records, we retain these for 2 years and any immigration check information for 2 years. All the information will be stored, within our systems, securely.
If you send us application forms or your CV, we will keep the information for as long as we’re considering your application. If you become an employee, the information will be added to your personnel file and kept in line with our policy on keeping employee records. If your application is unsuccessful we will delete the information after 6 months unless you consent to us retaining them for any longer (for example for any future opportunities). All the information will be stored, within our systems, securely.
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
Third party processors
We use a small number of third party applications in order to manage our business. These include:
CRM (Customer Relationship Management)
Email Marketing (MailChimp and Campaign Monitor)
Email System (via Office 365)
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website: https://ico.org.uk/for-the-public/
If you want to make a complaint about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner’s Office: https://ico.org.uk/concerns
How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom or the email. Otherwise, you can contact us, using the contact details below. If you wish to raise concerns about the way we are processing your data and would like to raise an objection, then please email firstname.lastname@example.org
Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.
Erasure of your data (the “right to be forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If you wish to exercise your right to be forgotten by our services, please contact us via the contact details below.
Your right to portability allows you to request a machine-readable export of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a txt export of your data.
Access to your data
You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request. To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.
Disclosure of information
We do not share any personal data with any third parties unless it is lawful for us to do so or if we are required by law to do so.
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk
How to contact us