1. General Data Protection Regulation (GDPR)

Ocean Crest Marine (OCM) takes the security and privacy of data seriously. We need to gather and use information or ‘data’ about our personnel and customers as part of our business and to manage the relationship which exists between us.

OCM comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.

OCM has measures in place to protect the security of data in accordance with our data
security obligations. OCM only holds data in accordance with our Documented Information procedure, and only for as long as necessary. The OCM Managing Director is a ‘data controller’ for the purposes of data.

Data Protection Principles

Data is processed in accordance with six Data Protection Principles:

• be processed fairly, lawfully and transparently;
• be collected and processed only for specified, explicit and legitimate purposes;
• be adequate, relevant and limited to what is necessary for the purposes for which
it is processed;
• be accurate and kept up to date. Any inaccurate data must be deleted or rectified
without delay;
• not be kept for longer than is necessary for the purposes for which it is processed;
and
• be processed securely.

Individuals have the right to access their personal data and any such requests made to the OCM shall be dealt with in a timely manner.

OCM shall ensure that personal data is stored securely. Access to personal data shall be limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information.