Privacy & Cookies

This Privacy Policy governs the way Commodore Marine Services T/A Commodore Yachting collects, uses, maintains, and discloses information collected from users (each, a “User”) of the https://www.commodore-yachting.com/ website (“Site”).

This privacy policy applies to the Site and all products and services offered by Commodore Marine Services T/A Commodore Yachting.

 

Summary:

We are Commodore Marine Services, Trading as Commodore Yachting, and you can contact us at:

info@commodore-yachting.com

We process your data to provide our services to you, or for our legitimate business interests.

We only process your data for as long as we need to, and then we delete it.

We do not sell or share your data with others unless they are providing a service to us (such as payment service providers), or unless you ask us to share your data.

Our services include several places where you can send data to third parties. If you want to use these, you should check you are happy with the way they use your data.

We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time.

We do not share your data outside the EEA.

You have got lots of rights, including the right to complain to the Information Commissioner’s Office. If you need a hand in exercising your rights, feel free to contact us info@commodore-yachting.com

 

Who We Are:

Commodore Marine Services T/A Commodore Yachting (“we”, “us”, “our”) is a Limited company registered in England & Wales (company number: 12227454) with a registered address at 25 Maple Rise, Whiteley, Fareham, Hampshire, PO15 7GT. We operate several services including physical sailing training courses, theoretical training sailing courses and others. This privacy policy covers how we will use, collect, and process any data provided to us.

 

Personal identification information:

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site related activities.

 

Non-personal identification information:

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

 

How We Process Your Data:

Throughout your interactions with us we will collect only the data that we require to provide you with the service that you are requesting. The key information that we process is shown below for your information:

 

IP Addresses:

When you access any of our services, we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our system to ensure the integrity of our services.

Retention: This information is stored in rotating logs, which are kept for a minimum of 6 months.

 

Authorisation & Session Data:

Whenever you login to one of our services we will use at least two cookies that will identify your session to our services. This is necessary to provide our service to you.
The browser_id cookie is a permanent cookie that uniquely identifies your browser to us and allows us to ensure that previous sessions from that browser are invalidated when logging in again. This is only used for the purposes of invalidating these sessions as well as allowing us to notify you when new sessions are created in new browsers.
The user_session cookie is, initially, a session-only cookie that contains a unique token that identifies your specific session. This data is not stored on our end and is only stored in a hashed form. If you choose to persist your login session, this cookie will be converted to a more permanent cookie with an expiry time at some point in the future. The actual time will depend on the service you are using.
In addition to these cookies, we also store IP addresses & user agents with your session. This allows us to look for anomalies in its use to help us protect your account and our systems.

Retention: This data is stored until such time as the associated user account is deleted.

 

Your Name:

When you sign up, we need to know your first & last name so that you can be identified. We will use your name to address you and it may be stored in various systems that you use. This is necessary to provide our service to you.
Your name may be shared with other people that share access to an account you are part of. For example, if you have a Commodore Marine Services T/A Commodore Yachting account, your name will be shared with other members of that account.

Retention: Your name will be retained until your user account is deleted. In some cases, your name may be kept with your billing records where we have a legal obligation to store this information.

 

E-mail Address:

We will store your e-mail address for the purposes of managing your account with us. This will be used for transactional e-mails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations.
We may also use your e-mail address to send you messages about our services which may include notifications about newly launched features, improvements to the service, upcoming maintenance as well as ways to help you make the most of your service. If you would rather not receive these messages, please let us know or click the unsubscribe link in these e-mails.
We will not send you any other marketing messages unless you subscribe to our newsletter which you can do through our website when signing up or through one of our applications. When you do this, you will be consenting with us to use your email address for this purpose. You may withdraw this consent at any time by unsubscribing from the messages or contacting us.
If you are using a service that allows multiple users to have access to the same account, your e-mail address may be shared with the other users on this account.
Our applications may share a cryptographic hash (MD5) of your e-mail address with the Gravatar service to allow us to display an appropriate profile image with your images. If you do not have an account with Gravatar, they will not be able to determine your actual e-mail address.

Retention: Your email address will be kept until such time as all accounts associated with it are deleted from our systems.

 

Outgoing E-mails:

If we send you transactional e-mails, these will be passed through our internal mail server and stored for a period to assist with debugging delivery problems and ensuring messages are appropriately delivered to their destinations. This is necessary to provide our service to you.
The information stored includes the contents of the message sent, the e-mail addresses of the recipients and any other headers.

Retention: The contents of messages are stored for a minimum period of 30 days from the date the message is received by our mail system.

 

Incoming E-mails:

If you send us e-mails, these may be passed through our mail servers. If some cases, these messages will be consumed by one of our services or applications. This is necessary to provide our service to you.

Retention: The contents of messages are stored for a minimum period of 30 days from the date the message is received by our mail system.

 

Passwords:

We never store your own passwords on our services in plain text. Passwords are hashed using an industry standard hashing algorithm. As a good security practice, we recommend the following with regards to choosing your password:

Use a unique password with our services that is not shared with any others.

Choose a long secure password containing either multiple random words, or a good combination of letters, numbers & symbols.

Exercise good password hygiene and change your password on a regular basis.

 

Your Postal Address:

We require your postal address to provide you with an invoice for your services. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years. We may need to send you items by post. To do this, you will need to provide your address to us again and consent to us using it for the purposes of sending you items by post. We may store your address on file to allow us to send you items in the future. You may opt to have this address removed from our records at any time by contacting us.

 

Payment Cards:

We do not store full payment card details on our own servers. We work with external PCI-compliant payment processors who store these details.
We store the last 4 digits of your card and the card type on our systems so that you can identify which card will be used for future payments.
We also store the country that the card was registered in and the IP address country that the card was added from as a legal obligation to ensure that the correct VAT rate is charged for your payments.

Retention: We will instruct our payment processors to delete any stored card details when you cancel your account.

 

Any Data Added by You and Stored in Your Accounts:

When you use our services, you might upload or generate personal information relating to your own customers and users. You will remain the data controller for all such data that is stored within our systems and are responsible for ensuring you have an appropriate lawful basis & notices in place to allow us to store this data on your behalf.
If you use a Commodore Yachting service which allows you to upload, store or process any personal data, you are responsible for ensuring that you are compliant with appropriate laws & regulations (for example the General Data Protection Regulation) for this data.
We do not recommend customers store any personal data in areas of our systems that are not designed for the purposes of storing this information.

Retention: Data stored in the services you have with us will be kept until such time as you delete the data yourselves or you cancel your account. Upon cancellation of an account, we may keep the data for up to 7 days at which point it will be purged from our databases.

 

Analytics:

We use Google Analytics to help us track the details of visitors browsing our public websites. We do not use Google Analytics on any URLs once you have been authenticated. We do not send any personal data to Google’s services through Google Analytics and we configure our tracking codes to anonymise any IP addresses.

 

Support by E-mail:

If you contact us by e-mail or through one of our websites, you will be sharing your contact details (e-mail address and/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you.

Retention: We retain all support requests (including name & contact details) that we receive for the purposes of auditing and training of staff.

 

Support by Live Chat:

If you chat with us on our live chat service, you will be sharing your e-mail address with us for the purposes of sending you a transcript as well as identifying yourself to our support team. This is necessary to provide our service to you.
In addition to this information, our live chat system will place a cookie in your browser which will persist until you quit your browser. This is required to ensure that your live chat can continue between separate page requests to our website.
We also use records of live chats for staff training, to make sure we can offer you the best possible service.

Retention: We retain all support requests (including name & contact details) that we receive for the purposes of auditing and training of staff.

 

E-mail Directly To/From Our Employees:

If you communicate with our employees directly by e-mail (i.e. not using our normal support channels), we may retain your name & e-mail address in the mailboxes of the employee(s) that you communicate with. This is necessary to provide our service to you.

Retention: Employee e-mails are kept indefinitely. Any e-mails that contain sensitive data that are delivered by accident will be removed immediately.

 

Backups:

We store backups of website data stored by us for use in disaster recovery. Backup data is encrypted and stored off site in a secure data centre. This is necessary to provide our service to you.

Retention: Database backup data is stored for a minimum period of 20 days, whereas full backup data is stored for a minimum period of 4 months.

 

Our Servers:

We use a United Kingdom based hosting company. All their data centres have several physical security precautions in place including 3m perimeter fencing, full CCTV coverage, 24/7 security personnel and electronic access control systems.

 

Transfer of Data to Group Companies:

We may share and/or transfer your data with other companies within our group for the purposes of administration and company structuring.

 

Transfer of Data on Product or Service Acquisition:

If one of our services is acquired by another company or entity, we may share your information with the acquiring company so that they may continue to provide you with the services that you have elected to receive. You will be notified by e-mail if such an acquisition occurs.

 

Third Party Processors:

In some cases, we may use third parties to provide storage or computing services. We maintain a list of third parties that process data on our behalf.

 

Professional Services:

We may share your details with processional service companies such as accountants or accounting software.

 

Payment Service Providers:

We may share your details with company who provide us with payment services for taking payments from credit/debit cards.

 

Technical Service Providers:

We may share your details with providers we use to provide computing services.

 

E-mail Marketing Software:

We may share your details with e-mail marketing software providers to allow us to send e-mails to customers.

 

Communication Services:

We may share your details with companies who provide us with communication services such as a live chat or e-mail providers.

We will not share your data with third parties for the purposes of any marketing without your consent unless otherwise specified in this privacy notice.
Some of our applications allow users to configure integrations with third party services. When using any of these integrations, you share your data with the organisations who operate these services. You should review their own privacy information about how they will treat this information once it has been provided.

 

Correcting Your Personal Data:

It is important to us that the information we store is up to date and accurate. You may update your details at any time through our various websites & applications.

 

Removal of Your Personal Data:

In some cases, you may be able to request that we remove your personal data from our systems. As with correcting your data, you can often delete your data yourselves through our websites & applications. In other cases, though, please feel free to contact us using the information below.

 

Your Rights:

You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.

 

Notification of Data Breaches:

Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main e-mail address we store with your account.

 

Electronic Storage of Data:

No method of electronic storage can be 100% secure, however, we have sophisticated and detailed security & development policies that govern our systems & applications to help ensure your data is as secure as it can be.

 

Use of Our Services by Persons Under the Age Of 18:

We do not provide any of our services to anyone under the age of 18. If we are made aware of anyone under the age of 18 using our services, we will immediately delete all data from our systems.

 

Changes to Our Privacy Policy:

We may need to make changes to this privacy policy from time to time. All changes will be published to our websites and we recommend reviewing it to stay up to date. If we make any changes that we feel may affect your privacy rights, we will notify you by e-mail or by displaying the information within our services or applications.

 

Our Lawful Basis for Data Processing:

Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.
Where our processing is based on consent, you may withdraw consent at any time.
Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our services to you if you do not give us the data in question.

 

Disclosure of Information to Law Enforcement Agencies:

We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.

 

Data Protection Authority:

You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner’s Office (ICO) in the United Kingdom (our authority).
The ICO can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.gov.uk.

 

Contacting us:

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

Commodore Marine Services T/A Commodore Yachting
Premier Gosport Marina

Mumby Road

Gosport

Hampshire

PO12 1AH

Tel: 02392 504443
Email: info@commodore-yachting.com