ESTA GDPR Data Protection and Confidentiality Policy and Procedures
We will treat all information given by you in confidence and as required by the General Data Protection Regulation (GDPR) that came into force in May 2018.
We do not collect personal information from visitors to the website unless the visitor explicitly intentionally provides it.
- If you attend any taught training courses, we will collect necessary personal information in order to be able to maintain contact with you and to meet the requirements of Seafish who maintain the national database of commercial fishermen training.
- Personal information will be collected if you use our online learning site (estafoodtraining.co.uk) This is stored on a secure server and will not be disclosed to any third parties.
We will not disclose any such information to other third parties unless:
- Required by law.
- Your consent has been given.
The information you have given will be stored on our computer systems and/or hard copies will be kept in secure storage in our offices.
Information may be used in the following ways:
- To ensure you are kept up to date with appropriate legislation in relation to commercial fishermen
- To keep you informed of any mandatory or voluntary training courses you can take along with information regarding any funding that may be available
We have carried out a “Legitimate Interest Assessment” as per ICO suggestion. This shows we have a legitimate interest in collecting and retaining your information.
As a user of the ESTA website you consent to the collection and use of information as outlined in this statement. If this statement is changed, we will post these changes on the ESTA website at this location. The use of your personal information is covered by our registration under GDPR. You can, under this legislation, request a copy of the information we hold about you. If any information we hold about you is incorrect, please let us know and we will correct it.
How to contact us
By writing to the ESTA Data Protection Officer:
Data Protection Officer
Eastern Seafish Training Association, 12 Meadow Close, Shipdham, Thetford, Norfolk, IP25 7NF
Even the best policy cannot protect your online privacy and security in all circumstances. Your best protection is to understand the limits to privacy on the Internet and use common sense in all your online activities. Be aware that email is an inherently insecure form of communication. Remember that in extreme cases third parties are sometimes able to intercept your unencrypted messages.
ESTA is concerned about the security of your personal information. Although we have taken all reasonable security precautions, we cannot guarantee internet security and subsequently cannot guarantee that any information you input on our site is totally secure. In addition to our online security efforts, we have taken steps to protect your personal data offline as well. All of your information is restricted to our offices. Employees are granted access on a need-to-know basis and are kept up-to-date on our security and privacy practices. When you attend courses the information you provide will also be shared with Seafish and any other awarding bodies who are responsible for issuing certificates.
Your control over your personal information
Opt-out / Changing your status:
You can withdraw permission for the use of your personal information. This can be done by contacting our data protection officer by sending an email to firstname.lastname@example.org
Clive Monk, Development Manager has responsibility for GDPR within ESTA and the Chairman (Glen Weston) can act in his absence
Security measures are in place to safeguard personal information.
- All PC’s and laptops require a password to access them.
- All PC’s and laptops have current and up to date Internet security programs running
- All stored written or printed documents are held in either:
- ESTA office which is at the Development Manager’s home.
- Main Instructor Office
- All data transferred by email is encrypted with password protection.
- Development Manager and Main Instructor are responsible for security control of all written records being used during the day to day operation.
- Any documents that contain any personal details and data that are no longer required will be shredded or burnt.
- The policy is available on the website.
- Any unauthorized or unlawful processing of personal data will be dealt with by the ESTA management Committee.