The General Data Protection Regulation (GDPR) is a comprehensive update to European Law that goes into effect on 25 May 2018. The GDPR was designed to along data privacy laws across Europe and empower all EU resident’s privacy and change the way organisations approach data privacy. The GDPR applies to all organisations that hold data for EU citizens, regardless of size.
Ensuring that personal data is secure and properly dealt with is of paramount importance to Flint Subsea Limited (“FSL”), and we have made enhancements to processes, products, contracts and documentation to ensure we conform fully to GDPR.
2 What is considered to be Personal data?
Personal data is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can also include IP addresses and mobile device IDs etc.
Sensitive Personal Data is personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health, genetic data or biometric data. Data relating to criminal offences and convictions are addressed separately (as criminal law lies outside the EU's legislative competence). We do not collect or store any sensitive personal information.
3 Whose data is covered?
FSL collect and store data from suppliers; subcontractors, customers and other parties such as prospective customers and persons using our websites.
4 Collecting Data
FSL collect personal from a multitude of sources. These sources include emails, website contact forms, information provided in correspondence with us, information provide via our websites and other information necessary to conclude transactions and fulfil contractual obligations.
The provision of all personal data is voluntary, but we may require this to deliver a product or service, or respond to communications from you.
You may also provide us with other information through a web form, or participation in chats or community discussions.
We only hold and process data absolutely necessary for the completion of our duties, as well as limiting the access to personal data to those who act out the data processing.
FSL do not knowingly sell products or services for purchase by minors. If an approach is made by a minor, we will require consent from someone with parental responsibility, and shall make reasonable efforts to verify that person is indeed a parental figure.
5 What is data processing?
Data processing means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
FSL do not process personal data for one or more specific purposes without your consent.
We process data necessary for the performance of a contract to which the data subject is party to, or to carry out instructions at the request of the data subject prior to entering into a contract.
6 What do we use the data for?
FSL utilise your personal data for activities such as contract fulfilment, responding to requests for information or quotations, providing information on products and services, monitoring customer satisfaction etc.
The GDPR does not specify an expiry on a consent given, however FSL will delete all consents where no business activity has taken place for 10years.
7 How do we protect your personal data?
We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, and information access authorisation controls.
We also ensure that privacy settings are set at a high level by default, and that data protection is designed into the development of business processes for products and services.
8 Data Breaches
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
If a personal data breach results in risk to the rights and freedoms of natural persons, FSL will without undue delay and where feasible, not later than 72 hours after having become aware of the breach, notify the data subject to inform them of the breach.
9 Subject Access Requests
As specified in the Subject Access Request section of the GDPR, an individual is entitled to the information detailed therein, in an electronic format and free of charge. The data subject is entitled to, amongst other things, confirmation as to whether or not the data concerning them is being processed, where and for what purpose.
Any Subject Access Request received by FSL will be actioned within the mandatory response time of 1-month.
10 Sharing Data
FSL do not sell, rent, or otherwise disclose your personal information to third parties without your consent, unless required to operate our business or compelled to do so by law.
Personal data held by us will be accessible by employees of FSL and its affiliated companies.
Our accountants also have access to your data in their capacity as our accountancy company. The accountants cannot do anything with your data unless specifically instructed to do so by FSL, and the data remains within our controllership.
If you have a question or a complaint about this privacy notice, our privacy standards, or our information handling practices, please contact Mr Justin Marshall, CEO.
Stanlaw Abbey Business Centre,Ellesmere Port, CH65 9BF,
Phone: +44 1244 886 090
Company Registration No.