The General Data Protection Regulation (GDPR) is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data and becomes effective on May 25, 2018.
The GDPR not only applies to organisations located within the EU, but it will also apply to organisations located outside of the EU, if they offer goods or services to, or monitor the behavior of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The Data Protection laws require us to process your personal information fairly, lawfully and in a transparent manner. This means you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide a product or service that you require.
GDPR also requires companies to report data breaches which must be reported to the Information Commissioners Office in the UK within 72 hours and, to individuals affected without delay.
The Data Protection Officer (DPO) is responsible for monitoring internal compliance, informing and advising the organization on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the supervisory authority.
JAMAICA CRUISING has appointed a DPO in Jamaica.
Personal information (data) means all information that can be used to directly or indirectly identify a person. Examples would be names, dates of birth, addresses, tax reference number and also online identifiers such as IP addresses, types of website cookies and other device identifiers.
The lawful basis on which data is processed is as follows:
a) Consent: the individual has given clear consent for processing of personal data for a specific purpose.
(b) Contract: the processing is necessary to fulfill a contract with an individual.
(c) Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
You have rights over your personal information. This includes the right to access a copy of personal information or have some elements of it transmitted to you or another company in an electronic format. In certain circumstances you can have your personal information corrected or erased or you can restrict the use of it.
You have the following rights:
Access – You have a right to ask if we have your personal information. If we do, you have a right to know why we have it, what type of information we possess, whether we have or will send it to others, especially outside the European Economic Area, how long we will keep it, where we got it from, details of any automated decision-making.
Rectification – Where any of your information is incorrect, you have a right to tell us to correct it promptly. Please tell us as quickly as possible if you change your address or other contact details. If your information is incomplete, you can ask us to correct this too.
Right to object – Depending on the legal basis for which we are using your information, you may be entitled to object. For example, where we’re using your information connected with marketing, we will stop if you object. However, if we’re using your information to meet certain legal obligations, we may continue to do so even if you object.
Erasure (right to be forgotten) – You may have a right to have some or all of the information we hold about you deleted. However you should be aware that, as a financial institution, we are required to retain many records even after you close your account.
Portability – In certain circumstances, you would be entitled to receive some of your information from us electronically. We can either pass the information to you or to another person or business if you want.
Restriction – You might also be entitled to ask us to restrict our use of your information — for example if you think the information we hold on you is incorrect.
Automated decision-making – We may use automated systems to make decisions about whether you’re eligible for a particular account or products, and to carry out credit and fraud prevention checks. If we make an automated decision on something important to you, we’ll always allow you to contest the decision, give your views and make sure there’s proper human involvement. The logic and outcomes of this decision-making are tested regularly to make sure they’re fair, effective and unbiased.
Consent – If you consent to us using your information, you have the right to withdraw that consent at any time.
We aim to work with you on any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you have the right to complain to the Information Commissioner’s Officer (the ‘ICO’). As an independent UK authority, it upholds information rights in the public interest, promotes openness by public bodies and data privacy for individuals. You can visit their website at https://ico.org.uk
Consent is defined as any freely given, specific, informed and unambiguous indication of your wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data.
We treat your personal information as private and confidential but may disclose same to meet our contractual and legal obligations in accordance with the terms and conditions of your account(s) with JAMAICA CRUISING and our service providers in the normal process of providing a service and managing your business with us.
We will also disclose information where necessary to comply with all obligations include where:
The law, a regulatory body or public interest requires it
It is required as part of our duty to protect your accounts
We will keep your information for as long as an account or product application takes and for as long as you have accounts with us. We will also keep your personal information for a certain time after your application has ended.
When determining how long we keep your information, we take into account our legal obligations and the amount of time we may strictly need to hold your personal information to carry on our business, In usual circumstances, your information will be held for seven years.