Privacy Policy & Cookies

The Mousehole Harbour Commissioners (“We” or “MHC”) are committed to safeguarding the privacy of your personal data.

The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information. This policy applies if you’re a customer, employee, job applicant, tenant or Commissioner of MHC or use of any of our services, visit our website, call or write to us.

It’s likely that we will need to update this privacy policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with the changes. 

This version of our Privacy Policy was last updated in January 2024.

What we may collect

  • Details of payments, including payments made by post, online, by telephone or directly to our bank; (card details are not stored with us, but by 3rd party banking companies Paypal / Barclaycard etc).
  • Vehicle registration details if you rent a car park space from Mousehole Harbour Authority (MHA)
  • Information that you provide by filling in forms that may be, from time to time present on our website.
  • Information you provide when completing forms such as applying to go on a mooring waiting list.
  • Information when you contact us by email, letter or otherwise with an enquiry or in response to a communication from us.
  • Your images may be recorded on CCTV when you visit the Harbour Office, one of our car parks, or other locations within our Harbour Estate or marine limits.
  • Information you provide to us as an employee.
  • Information you provide to us through the recruitment process.
  • Information you provide to us if you are elected as a Harbour Commissioner such as title, name, address, email, telephone numbers, photo ID and declaration of interests.
  • IP addresses, geographic and browser information when you visit our website or sign on to our free Wi-Fi. Please refer to our Cookies Policy.

Children’s personal data

We do not knowingly collect or store any personal information about children under the age of 16 and we do not offer any of our products or services directly to children under the age of 16. 

What we do with the information we gather

We will process the personal data that you provide to us in the following ways:

  • Process the payment of harbour fees.
  • Internal reporting and record keeping.
  • Licensing and regulatory activities.
  • Administrating Debt Recoveries.
  • To prevent and detect fraud.
  • To deliver the information you request.
  • Managing health & safety.
  • Handling complaints and legal claims.
  • To provide your personal details to our insurers from time to time.
  • Any authorised activity in our capacity as Competent Harbour Authority for the MHA estate such as the investigation and recording of incidents and accidents and prosecution of offences committed under harbour legislation.
  • To contact you about an incident or accident in the harbour that you were directly involved in or have witnessed.
  • The use (by MHA) of CCTV footage to support any complaints, incidents, accidents or investigations and if deemed, necessary, the footage can be used in support of a relevant prosecution.
  • To contact you by letter, email or otherwise and provide information in the form of a Notice to Mariners, safety or other general harbour communications.
  • Supporting and managing our employees.
  • Managing archived records for historical and research purposes.
  • To notify you of changes to our services.

Lawful basis for processing your personal information

For processing of personal data to be lawful, it must be carried out in accordance with one or more of the following lawful processing conditions:-

Contractual obligations 

We will process your personal information to carry out our responsibilities resulting from any agreements you have entered into with us and to provide you with the information, products and services you have asked from us. For example, to respond to your enquiries.

Legal compliance 

We may process your personal information to comply with any legal obligation we are subject to (not including contractual obligation). For example, to comply with a common law. 

Legitimate Interests 

To use your personal data for any other purpose described in this privacy policy, we’ll rely on a condition known as “legitimate interests”. It’s in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our services to you more effectively. For example, providing navigational information in the form of a Notice to Mariners.

Vital Interests

Personal data may be processed to protect the ‘vital interests’ of the data subject e.g. in a life-or-death situation it is permissible to use a person’s emergency contact information without their consent. 

Public Interest 

Personal data may be processed if the processing is necessary for the performance of tasks carried out by a public authority or private organisation acting in the public interest.

Sharing your personal data

We do not sell or rent your personal information to third parties, and we will not share your information with third parties for marketing purposes. We will only share your personal data as necessary for one of the lawful purposes for processing data as set out above.

Your data will be shared with colleagues within the organisation where it is necessary for them to undertake their duties. 

Why we share data:-

  • The provision of a harbour management system to record and manage harbour activities.
  • Credit and debit card processing.
  • Email communications
  • Standing Order, Direct Debit or BAC’s processing
  • Legal obligation when a Section 29 request is served.

Parties with who it might be necessary for the following reasons:-

  • When we reasonably believe it to be required by law or in connection with legal proceedings.
  • To prevent harm to MHC or its employees
  • For the prevention and detection of crime or the apprehension or prosecution of offenders.
  • To protect the rights and property of MHA and its commissioners.
  • Providing personal data to others for the purposes of preventing fraud.

Retention of your personal data

We will only retain your personal data for as long as we need to keep it. In considering how long to retain your data we will always take into account factors such as any ongoing obligations we have to you, the nature of our relationship with you, legal requirements (e.g. in relation to HMRC statutory retention periods) and contractual requirements. We will always dispose of your data carefully when it is no longer necessary for us to retain it. We will only keep your personal information after this period if there is a legitimate business reason to do so.

Security of your personal data and storage of information

We know how much data security matters to all our customers. With this in mind we treat your data with the utmost care and take all appropriate steps to protect it.

Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.

Our website www.mouseholeharbour.co.uk is SSL Certified. This provides a secure https: // URL and padlock logo next to the address bar which lets you know you are on a trusted site.

Unfortunately, the transmission of data across the internet is not completely secure. Although we do our best to protect the security of your information we cannot give a guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred. 

All information you provide is processed in the UK and European Economic Area (EEA) on secure servers. We may process your personal information using web services hosted outside the European Economic Area (EEA) but only where a data processing agreement is in place that complies with obligations equivalent to those of the Data Protection Act.

Links with other websites

Our website may contain links to and from third party websites. These websites have their own privacy policies. If you follow a link to any of these websites, please make sure that you read their privacy policies before you submit any information to these websites. We do not accept any responsibility or liability for their policies.

An overview of your rights:-

Access

Please contact us if you would like confirmation that your data is being processed. If you wish to receive a copy of the personal information we hold on you, you may make a Subject Access Request (SAR). There is no charge for us providing you with this data and it will usually be provided within a month of the request (unless the request is unfounded or excessive). However, should we incur charges we reserve the right to pass on an administrative-cost fee.

Rectification

If your personal information is inaccurate or incomplete, you can request that it is corrected. You are responsible for informing us when your personal details have changed. Please note that notification of any change must be in writing. It is then our responsibility to update our records accordingly.

Erasure

You may exercise your right to have your personal data erased in a number of circumstances (e.g. if the data is no longer necessary in relation to the purpose for which it was created, or you withdraw your consent. Where possible we will comply with all such requests if there is not a compelling reason for MHA to continue to have it.

Restrict processing

You can tell us that we can keep your data but must stop processing it, including preventing future mailings and communications.

Data portability

Your data is held across manual records, electronic and a bespoke Harbour Management System. We will do our best to provide information in a portable format, but it is unlikely that we can create systems to do so.

To object

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. 

Not to be subject to automated decision-making including profiling

We do not use any automated decision-making or profiling procedures.

If we choose not to action your request we will explain to you the reasons for our refusal. We reserve the right to judge what information we must continue to hold to be able to fulfil our contract with you or comply with our legal obligations.

Your Rights – you have the right to see the personal data with hold about you. This is called a Subject Access Request (SAR)

To ask for your information, please contact Subject Access Requests, Mousehole Harbour Commissioners, Harbour Office, Fore Street, Mousehole, Penzance Cornwall, TR19 6PG or email mha@mouseholeharbour.co.uk with the subject heading Subject Access Request. To ask for your information to be amended, please email mha@mouseholeharbour.co.uk.

The Mousehole Harbour Authority is not a ‘public authority’ as defined under the Freedom of Information Act and we will not therefore respond to requests for information made under this Act.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Questions or Complaints about how we process your personal information

Should you have any questions regarding this statement, please contact the Harbour Master via harbourmaster@mouseholeharbour.co.uk.

Write to us:-

The Harbour Master
Mousehole Harbour Authority
Harbour Office
Fore Street
Mousehole
Penzance
Cornwall
TR19 6PG

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.