Policy key definitions:
"I", "our", "us", or "we" refer to the business, Minorca Sailing Holidays
"you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a users computer or device.
Key principles of GDPR:
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
Lawful basis: Consent
Where our purpose for processing is: To provide you with more information
Which is necessary because: You have asked for more information
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Sharing your information: We do not share your information with third parties.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO www.ico.org.uk if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Contact & Communication
Users contacting this website and/or it's owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and it's owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if your express permission was granted when submitting any form to email process.
Your details are not passed on to any third parties.
Cookies are small files saved to the users computers hard drive that track, save and store information about the users interactions and usage of the website. This allows the website, through it's server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and it's external serving vendors.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Fair & Transparent Privacy Explained
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter. We only collect certain data about you and any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences. Our EMS provider is; ‘mailchimp’ We hold the following information about you within our EMS system;
Subscription time & date
First Name & Surname
Although this website only looks to include quality, safe and relevant external links users should always adopt a policy of caution before clicking any external web links mentioned throughout this website.
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and it's owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and it's owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor it's owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and it's owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy url's [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgment before clicking any shortened url's published on social media platforms by this website and it's owners. Despite the best efforts to ensure only genuine url's are published many social media platforms are prone to spam and hacking and therefore this website and it's owners cannot be held liable for any damages or implications caused by visiting any shortened links.
You have been directed to read a copy of this privacy notice because you are applying for work. In accordance with the General Data Protection Regulation ((EU) 2016/679) (GDPR), it makes you aware of how and why your personal data will be processed, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. We are required under the GDPR to give you the information contained in this privacy notice. It is important that you read this privacy notice, so you know how and why we are using your personal data.
Data protection principles
We will comply with data protection law and principles, which means that your data will be:
• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes we have told you about
• Kept securely
The kind of data we hold about you
In connection with your application for work with us, we will process the following categories of personal data about you:
The information you have provided to us in your curriculum vitae and covering letter.
The information you have provided on our application form, including name, address, telephone number, personal email address
Any information you provide to us during an interview.
How is your personal data collected?
We collect personal data about you from the following sources:
• Your named referees, from whom we ask for the following categories of personal data about you: Employment dates, job title, reason for leaving, assessment of Responsibility, Maturity, Self Motivation, Motivation of others, Commitment, Energy, Time Keeping, Suitability to work with children.
How we will use personal data about you
We will process the personal data we collect about you to:
• Assess your skills, qualifications, and suitability for the work or position you have applied for
• Carry out background checks
• Communicate with you about the recruitment process
• Keep records related to our hiring processes
• Comply with legal or regulatory requirements
It is necessary to process your personal data for these purposes to ensure that we comply with legal, regulatory and other compliance obligations during the recruitment process and when we make decisions about you; and because it is in our legitimate interests to do so to ensure that decisions are made that are beneficial to our business.
Having received your CV and covering letter, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references if applicable before confirming your appointment. If you choose to accept an appointment we need to process your personal information in order to take steps to enter into the employment or other contractual relationship with you.
If you fail to provide personal data
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
We initially share your information with 'Robert Arnold Jelfs, Escuela De Vela, ESX0048643K' (Our sailing school in Menorca) who may then pass on your information with other 3rd parties relevent to provide you with employment. We only share your personal information with third parties for the purposes of processing your application: All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will retain your personal data for a period of 24 months after we have communicated to you our decision about whether to appoint you. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with applicable laws and regulations.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
• Request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party. If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you have any questions about this privacy notice or how we handle your personal data; if you would like any more information or you have any comments about this privacy notice; or if you would like to make any request to exercise your legal rights, please contact us (with the reference 'Data Protection') at Minorca Sailing, 58 Kew Road, Richmond, Surrey, TW9 2PQ; or email us at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us first.
Resources & further information
Overview of the GDPR - General Data Protection Regulation
Data Protection Act 2018
Privacy and Electronic Communications Regulations 2003
The Guide to the PECR 2003
Privacy Notice Policy Base: v.4.1 Dec 2018 - Made available without liability by Jamie King, Website management services.