At Ports of Jersey, we are committed to protecting your privacy. This privacy notice explains what information we collect, how we collect it and how that information is then used. This information is referred to as your ‘personal data’ and is managed in accordance with the Data Protection (Jersey) Law 2018.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy notices and is not intended to override them.
Definitions
‘We’, ‘our’ or ‘us’ means Ports of Jersey.
‘You or ‘your’ means any person using the services of Ports of Jersey.
‘Information’ or ‘data’ means all the different forms of information you provide us and which we collect in carrying out our duties and in providing services to you.
Contact details
If you have any questions relating to data protection:
- how we use your information
- information security
- our privacy policy
- wish to have your consent withdrawn, information modified, deleted or to gain access to the information held about you
Please contact our Data Protection Officer via email dataprotection@ports.je or alternatively, write to Data Protection Officer, Ports of Jersey, Jersey Airport, St Peter, Jersey, JE1 1BY.
Lawful basis
To process your personal data, we need to meet one of the following conditions (or legal bases):
- you have freely given your consent – it will be clear to you what you are consenting to and how you can withdraw your consent;
- it is necessary for a contract you have entered into with us, or a contract that you intend to enter into;
- it is necessary to meet a legal obligation;
- it is necessary to protect someone’s ‘vital interests’ (a matter of life or death);
- it is necessary to perform a public task (to carry out a public function or exercise powers set out in law, or to perform a specific task in the public interest that is set out in law);
- it is necessary for our legitimate interests or that of a third party (a condition used where personal data is going to be used in ways that are reasonably expected and are not intrusive, and/or where there are compelling reasons for the processing).
The lawful basis that we rely on to process your personal data will determine which of the following rights are available to you. Much of the processing we do at Ports of Jersey will be necessary to meet our legal obligations or to perform a public task. If we hold personal data about you for different purposes, then the legal basis we rely on in each case may not be the same.
What, how and why we collect personal data
The personal data which we collect and process will depend on the nature of our interaction with you. We collect your personal data to:
- help keep the public, our customers and employees safe and secure;
- comply with our obligations under Tax and Customs and Immigration legislation;
- operate any online applications and services used to promote a better customer experience;
- comply with our operational policies and procedures and the terms of our maritime and aviation operators;
- comply with our legal obligations and responsibilities;
- exercise our statutory powers.
We are the Data Controller of your information. We endeavour to structure our core business activities in a clear and transparent manner, reflecting the different ways we may interact with you.
We often need to collect information so that we can provide you with our full range of services and fulfil our statutory, regulatory and public obligations. Much of the information we hold comes directly from you.
In some cases, we gather data as part of our statutory functions, for example CCTV surveillance (including body-worn cameras) at the Harbour and Airport for security, safety and regulatory purposes. We also act as third party and joint controllers in certain instances. These are documented in Data Sharing Agreements and/or Processor Controller agreements (as required).
Please click on the relevant area to see the data we process, why we process the data, how we collect the data and how long we keep it for.
Keeping the Airport and Harbours open, safe and secure
Fulfilling our contracts with you OR providing our services
What we do with your information
We take the security of your personal information seriously and do not share this unless it is essential to provide you with a service in performing our statutory duties. There may also be occasions when we need to share your information, in the following ways:
- when we have your permission;
- when required by law to disclose it;
- while pursuing tasks for which we have a legitimate interest to remain open, safe and secure.
How we protect your information
We adopt up-to-date, appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information. We have a Data Protection Policy and Information Security Policy and Training Policy to ensure we adhere to the highest standards of governance.
The security measures we have in place include, but are not limited to:
- data is encrypted while at rest and sensitive documents may also be encrypted while in transit.
- destruction process – all personal data is securely removed after it has reached the end of its retention period. Paper waste is disposed of in designated confidential waste bins.
- physical security/access permissions – we implement an electronic access control system to physically restrict access to areas where data is stored. Access to data that is held in electronic format is managed by a username and password and access is restricted to only those users who have a valid business need.
- policies – all staff adhere to the Acceptable Use Policy.
- training – there is mandatory Data Protection training for all new staff and annual updates for existing staff.
Retention periods
We keep information for only as long as necessary to fulfil the purpose for which it was collected. Retention periods are applied according to the classification of the data type and the purpose for which it is held. The relevant retention periods may be disapplied in certain situations, including where evidence is required in civil and criminal matters.
Cookies
Third country transfers and safeguard
We operate in Jersey in the Channel Islands. We do use technology that may transfer data to another jurisdiction, for example use of Microsoft and cloud-based back-up of data. We will ensure that your data is appropriately protected (for example by reference to IT security standards) where such transfers do not offer the same level of protection of personal data.
Updates to this privacy policy and your duty to inform us of changes
We reserve the right to modify this privacy policy at any point. We recommend you review it frequently.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Your legal rights
Under the Data Protection (Jersey) Law 2018, you have the following rights with regards to your personal information:
- Right to be informed about the collection and the use of your personal data.
- Right to access your personal data and supplementary information.
- Right to rectification have inaccurate personal data rectified or completed if it is incomplete.
- Right to erasure (to be forgotten) in certain circumstances.
- Right to restrict processing in certain circumstances.
- Right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services.
- Right to object to processing in certain circumstances, you may withdraw consent at any time (where relevant).
- Right regarding automated individual decision making and profiling.
- Right to raise a complaint with the Information Commissioner (https://jerseyoic.org/).
If you object to processing or withdraw your consent, this may affect our ability to deliver services to you.
Here is information on Data Subject Access Requests.
We endeavour to meet the highest standards when collecting and processing personal information. If you think our collection or use of personal information is unfair, misleading, or inappropriate, we encourage you to bring it to our attention. If you are unhappy with how we have used your personal data, you have the right to make a complaint at any time to the Jersey Office of the Information Commissioner (JOIC), the Jersey supervisory authority for data protection issues (https://jerseyoic.org/).
2nd Floor
5 Castle Street
St. Helier
Jersey
JE2 3BT
enquiries@jerseyoic.org
+44 (0) 1534 716530