DÖHLE GROUP OF COMPANIES – GROUP PRIVACY POLICY

Welcome to the Döhle Group of Companies (“Döhle Group”) privacy policy which covers all Döhle Group entities, including the Döhle Yacht Group.

Döhle respects the privacy of all of its clients, employees and associated parties, including visitors to this website and is committed to protecting all personal data that we collect and process.

This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy policy was updated: June 2018.

PURPOSE OF THIS PRIVACY NOTICE

This privacy policy covers:

  • The data we collect including data collected via this website
  • How we use personal data
  • Sharing personal data with the Döhle Group
  • Sharing personal data with external parties
  • International transfers
  • Data Security
  • Change of purpose
  • Data retention – How long we keep your data for
  • Marketing
  • Data Breaches
  • Sale of Data
  • Minors / Children -16
  • Your legal rights under the Data Protection Regulation
  • Data subject access requests
  • Döhle Group data controllers
  • Data Protection Officer contact details
  • Complaints to the Information Commissioner

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

If you have any further questions about the protection of your personal data, please contact the Döhle Group Data Protection Officer, whose contact details are set out below.

THE DATA WE COLLECT INCLUDING DATA COLLECTED VIA THIS WEBSITE

From this website we may collect, use, store and transfer information in relation to the frequency of page visits, return visits, browser types and platform. We also obtain anonymised IP’s which is collected by region and therefore cannot be used to identify you.

If you use the contact form we collect and hold your name and email address in order to be able to respond to your query.

We do not collect any special category data about you via this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

HOW WE USE PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use hold and process your personal data in the following circumstances, depending on the Döhle Group entity you are engaged with:

  • Providing ship management, payroll, technical or compliance services;
  • Providing yacht management, payroll, technical or compliance services;
  • Crew management services;
  • Providing fiduciary services;
  • Providing insurance services;
  • Providing chartering and broker services;
  • Providing accounting and bookkeeping services; and
  • Buying, selling and financing of ships/yachts/aircraft or other luxury assets.

You are not obliged to provide any of the information we ask you for, but if you choose not to we may be unable to provide you with services or respond to your enquiries.

There are times when we are under a legal obligation to collect your personal information, including for:

  • Preventing financial crime, money laundering and the funding of terrorism;
  • Identifying politically or commercially exposed persons, or those with a significant exposure to the media;
  • FATCA/CRS (“AEOI”) reporting; and
  • Obtaining certificates of competency, qualification certificates and health records for ship, yacht and aircraft crew.

Generally we do not rely on consent as a legal basis for processing your personal data. In some circumstances we cannot process your data without your explicit consent, such as when your physical or mental capacity for decision making needs to be assessed. If we ask you to provide sensitive information we will fully explain your options before we ask you to provide it.

SHARING PERSONAL DATA WITH THE DÖHLE GROUP

In order to service the diverse needs of our clients, we are often required to share your personal data with other Döhle Group companies, specifically in relation to the provision of crew management and employment services for our ship, yacht and aircraft crew. All of your personal data is stored on centralised management systems under the control and oversight of Döhle Yachts and access is only granted to employees who need it in order to provide those services and the amount of information shared is limited to the minimum that will allow them to fulfil their functions. Access is restricted for staff members who are not directly involved in providing the services and our centralised IT function ensures robust and sophisticated electronic safety measures are employed to ensure the integrity and safety of all data held on our IT systems.

For details of our physical security measures, please see the Data Security section below.

SHARING PERSONAL DATA WITH EXTERNAL PARTIES

Throughout the course of business, we may utilise the services of third-party agents or service providers to ensure that we are able to fully service you as a client or meet certain regulatory and legal requirements. In those instances the Döhle Group will remain ultimately responsible for the safety and security of your personal data and we use specific contracts approved by the European Commission which gives personal data the same protection it has within the Döhle Group. Furthermore all third parties are regularly reviewed and assessed to ensure they are meeting the agreed upon criteria set out in these specific contracts and agreements.

These third parties are bound to abide by the same principles and requirements as the Döhle Group.

As well as third-party services providers, the Döhle Group has an obligation to share information with certain public authorities, such as:

  • Tax and VAT authorities;
  • Regulatory authorities;
  • Law enforcement agencies;
  • Ship, yacht and aircraft registries;
  • Company registries; and
  • Port authorities

In some cases, your personal information will be shared with organisations outside of the Döhle Group in order to obtain specialist or professional services that are necessary for the services we provide.  These include:

  • Professional advisers, such as accountants, lawyers, agents and brokers;
  • Banks or other financial institutions;
  • Due diligence screening agencies; and
  • Services provided by our external cyber security partner company

These external organisations have a legal obligation to comply with privacy and data protection legislation and may also operate under a professional duty of confidentiality due to the type of service they provide. They have their own privacy policies that provide information about how they use your information.

You can find out more about the organisations your data has been shared with by contacting the Data Protection Officer.

INTERNATIONAL TRANSFERS

We may share your personal data within other companies within the Döhle Group. This may involve transferring your data outside the European Economic Area (“EEA”).

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it than operates in the Isle of Man by ensuring the following safeguards are in place:

  1. We will generally only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
  2. Where we use alternative service providers or send personal data to members of the Döhle Group which operate outside of the EEA, in jurisdictions not deemed to have an adequate level of protection, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe and undertake regular audits of such companies to ensure compliance with the specific contracts and key data protection principles.

Please contact the Data Protection Officer who can provide you details on exactly where your data is being stored and processed. In accordance with the GDPR we are required to maintain records of all processing that involves your personal data.

DATA SECURITY

Data Security is of the upmost importance to the Döhle Group and to that end, we have put in place appropriate security measures to protect and prevent your personal data from being accidentally lost, used or accessed by any unauthorised parties.

Access to your personal data is limited to authorised employees, insurers, service providers and other third parties who require access for the fulfilment of a contract or agreement or are providing services to you or us.

These third parties will only process your personal data on our instructions and they are subject to a duty of confidentiality and we endeavour to ensure that we have legal terms of business in place between the Döhle Group and these third parties.

A full list of our Technical and Organisation Measures (“TOMs”) are available on request from the Data Protection Officer.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the Data Protection Officer.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

DATA RETENTION – HOW LONG WILL WE KEEP YOUR DATA FOR

We retain your personal data for as long as necessary to fulfil the purposes we originally collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the nature, scale and complexity of the personal data we hold and weigh this against the potential risk of harm from unauthorised use or disclosure of your personal data.

In some circumstances you can ask us to delete your data, providing we do not have any legal requirements to hold it.

MARKETING

The Döhle Group does not undertake any form of direct marketing and any correspondence between you and us will be in relation to our engaged services.

We do reserve the right to contact you directly via mass communication in the event of an emergency situation or crisis.

DATA BREACHES

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

SALE OF DATA

The Döhle Group does not sell your distribute your personal data.

MINORS / CHILDREN

This website is not intended for children and we do not knowingly collect data relating to children on this website.

Any personal data held in relation to children will be held with a legal parent or guardians express consent.

Any instances where we hold the personal data for children, a specific privacy policy will be provided to the legal parent / guardian.

YOUR LEGAL RIGHTS UNDER DATA PROTECTION REGULATION

Each data subject has the legal rights set out below.

Request access to your personal data

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

To submit a data subject access request, please contact the Data Protection Officer who can assist and see the data subject access request section below.

Request correction of your personal data

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data

This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.

However we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

Request restriction of processing your personal data

This enables you to ask us to suspend the processing of your personal data in the following scenarios:

(a) if you want us to establish the data’s accuracy;

(b) where our use of the data is unlawful but you do not want us to erase it;

(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal data

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Right to withdraw consent

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

DATA SUBJECT ACCESS REQUESTS

How to make a data subject access request

To make a data subject access request, in the first instance please contact the Data Protection Officer who can assist.

Fees

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

If we believe that your request is clearly unfounded, repetitive or excessive, we may refuse to comply with your request in these circumstances and will report our reasoning as well as the details of your request to the Information Commissioner.

Information we need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Our response

We are required to respond to your request within 30 calendar days of receiving it. We will provide confirmation to you that we have received your request as well as the data we must have responded by. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and provide you with a reasonable time frame for our response.

Follow up

If you are not happy with our response to your data subject access request you have the right to make a complaint to the Information Commissioner of your relevant jurisdiction. The contact details for the Isle of Man Information Commissioner are detailed below.

DÖHLE GROUP DATA CONTROLLERS

A full list of the Döhle Group’s data controllers can be obtained by contacting the Data Protection Officer.

DATA PROTECTION OFFICER CONTACT DETAILS

Data Protection Officer
Döhle Group
Fort Anne
South Quay
Douglas
Isle of Man
IM2 2DN

Email address: dataprotection@doehle-iom.com

COMPLAINTS TO THE INFORMATION COMMISSIONER

If you are unhappy with our treatment of your personal data, you have the right to make a complaint at any time to the Data Protection Officer Information Commissioner’s Office in the jurisdiction in which you live or the data controller responsible for your personal data operates. The Isle of Man Information Commissioner’s contact details are:

First Floor
Prospect House
Prospect Hill
Douglas
Isle of Man
IM1 1ET

Telephone number: +44 1624 693260

Email address: ask@inforights.im

Website: https://www.inforights.im/

Copyright © Döhle Yachts 2018 Website design & development by Scorch Isle of Man