This information is intended to detail the key responsibilities of Myrivercruising as an operator and as a data controller. It is not intended to be a comprehensive set of procedures but rather a declaration of the principles applied in fulfilling our responsibilities as a data controller in accordance with the requirements set out in the GDPR Regulations.
In addition to the above declaration, Myrivercruising will always endeavour to give the highest priority to the secure collection, processing and storage of all client data including the secure disposal of any data that is no longer relevant or necessary where such data is held directly by Myrivercruising.
Collection of Data
Myrivercruising only collects client data that is essential for the purpose of processing a boating holiday booking or for processing a boat training course. The data collected by myrivercruising is solely used for the purpose of providing a boating holiday or boat training session to the client. this data specifically includes:
- Title, Full name and address of lead name
- Telephone number(s) of lead name
- Email address of lead name
- Dates of birth and /or ages of lead crew
- Relevant boating experience of lead name
- Titles and names of other party members attending the holiday
- Other notes relevant for the provision of a boating holiday including any medical conditions we need to be aware about which may affect the boating holiday /training
- Holiday / boat training payment details (Please note for security, we do not hold card details, these are securely processed and we do not have access in retaining any card details)
Myrivercruising does not use this data for any purpose other than booking a boating holiday or RYA boat training course. Nor do we share this data for any purpose other than booking a boating holiday or boat training course with the exception of processing the data for the RYA training certificates which is on the RYA processing secure site.
How data is collected by Myrivercruising
Data is only ever collected from clients by the directors of myrivercruising.
Myrivercruising always endeavour to collect this data in a legal, fair and transparent manner. Relevant client data is collected using the following means:
- Website enquiry and booking forms
- Social Media
How data is processed by myrivercruising
Client data is received by Myrivercruising in the form of a secure web booking (SSL encrypted) form from our website or any other of the data methods listed above.
All data is controlled using the Holray booking system software. In this capacity, Holray acts as the Data processor on behalf of Myrivercruising (The operator). Access to the booking system is restricted to a secure username and password and can only be accessed by the directors for the purposes of booking a holiday or boat training course.
Data entered in to the system can not automatically be used for future marketing purposes unless separate permission has been agreed by the data subject (client).
On line security Measures
Myrivercruising places the highest priority on the security of data. This includes but is not limited to the following stringent methods:
- Myrivercruising is fully PCI Compliant
- Full Firewall protection
- Mail Server based anti-spam and anti virus software
- Up-to-date anti virus checks on every desktop PC and mobile phone connected to myrivercruising
- Access to all PCs is password protected
- Initial and on going staff training about GDPR and data protection