PrivacyPolicy

KEY DETAILS

Company Details

Condor Limited
White Rock
St. Peter Port
Guernsey
GY1 2LL
01202 207207

Data Protection Officer

C/O Data Protection Officer
Condor House
New Harbour Road South
Hamworthy 
Poole 
Dorset, BH15 4AJ
dataprotection@condorferries.co.uk
01202 207207

 

Purpose for Processing

Condor Ltd, henceforth known as Condor, require your personal data to fulfil its contractual and legal obligations when you make a booking with us.

We use your personal data for the following purposes:

  • Fulfilment of contractual obligations relating to your travel, as stated in our Terms and Conditions, and can also relate to any manifesting or internal processing of data to fulfil operational needs for your travel;
  • Fulfilment of payment of our services to you
  • Fulfilment of legal and binding obligations relating to your travel with us, specifically relating to immigration and custom controls;
  • Fulfilment of legal and binding obligations relating to maritime law including manifesting
  • If provided by you, your special category data (notably health data) will be used to fulfil any assistance that is required for your travel
  • Fulfilment of other contractual obligations including contact in the event of disruption and cancellations of our ships, contacting our customers for any pre-departure needs and any other operational requirements relating to your travel.
  • Fulfilment of any marketing campaigns if you have given us your consent to do so.
  • Maintaining an accurate database of customers who have travelled with us, which is retained for the period stated in this privacy notice.
  • If you contact us at any point with any questions, queries, claims or complaints, your personal data will be processed accordingly with your request by our Customer Relations team.

Condor upholds very high standards for the protection of your personal data. Without your personal data, Condor will not be able to fulfil any of our legal or contractual obligations to which we are bound when you travel with us.  

Lawful Basis for Processing

Under the GDPR, Condor relies on the following lawful basis’ for processing your personal data for the purposes set out above:

Where stated and you submit your details for this purpose, we will process your personal and special category data under:

Article 6 (a) – Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

To fulfil our legal and contractual obligations with you, we will process your personal data and special category data in the event of requiring to do so under:

Article 6 (b) – Contract: the processing is necessary for a contract we have with the individual; or
Article 6 (c) – Legal Obligation: the processing is necessary to comply with the law relating to any activities Condor undertakes

Recipients of the Personal Data

All personal data you provide to us is held with very high regards to data privacy. Condor will only share your data with third party recipients of whom have met our stringent criteria for data protection in line with the General Data Protection Regulation and Data Protection Act 2018 and will not be shared outside of what is stated below.

The data you supply to us is shared with and in the following circumstances:

  • When making a booking, your personal data is entered into our reservation system. This reservation system is provided by a third-party company who has met GDPR standards for processing of data and the system holds all the data you provide on the booking form.
  • If we need to contact you for operational purposes, your details will be accessed via our reservation system.
  • For operational purposes, your personal data is shared with areas of the business, including our port staff and ship staff. Your special category data is shared with both ports and ships to help them assist you when travelling with us.
  • For legal and maritime law obligations, your data is shared with immigration and customs controls depending on the destination you are visiting.
  • In certain circumstances, we are bound by legal obligation to provide your details when requested by a government agency.
  • Post travel, your contact details may be shared with a third-party company who will provide you with a questionnaire relating to your journey.
  • Any contractors that may be working for us in relation to the processing of personal data.

Transfers to Countries Outside of the EEA

Condor is a company that has its primary functions based in Guernsey – Channel Islands, and has operations in Jersey. Guernsey and Jersey are British Crown Dependencies, but do not share EU status. However, Guernsey and Jersey have an adequate status rating for data protection from the European Economic Area making them an adequate country for Data transfers. Your personal data is accessed by both our employees in each Island for the fulfilment of our contractual and legal obligations and are bound by the contractual and legal obligations.

Your details will be submitted to Jersey and Guernsey Customs and Immigration systems, if required, and is done so under a legal obligation.

Your data may be shared with a third-party company for the purposes of post travel questionnaires. This company is based in the United States and is covered by the US Privacy Shield for data protection and data transfers.

No other personal data you provide to us is transferred or processed outside of the European Economic Area (EU).

Retention Period of the Personal Data Provided

Condor is legally required to keep certain sets of personal data for a specific retention periods.

We will process your personal data provided for the period in which you have a valid booking with Condor.

If your booking has travelled, cancelled or passed without travelling, Condor will hold your Personal data relating to the booking for a 6-year period (+1 year) post the last travel date as to comply with relevant jurisdictional laws. Once this period has elapsed, this data will be anonymised or deleted.

Your special category data, in this case your health data if provided to us for legal operational reasons, will be processed in line with booking data (6 years +1 year).

If you contact our Customer Relations team to make a query or complaint (excluding any communications relating to a claim for any reason) will be retained for 12 months post closure of the

If you contact out Customer Relations team to make a claim and the claim exceeds the retention period as stated above, relevant details will be retained for the duration of the incident.

Your Rights Regarding Your Personal Data

Condor processes your data under the lawful basis stated in this Privacy Notice.

You have rights over how we use your personal data, in relation to the lawful basis in which we collected it, these include the following:

Right to Access: You have the right to request copies of the personal data we process about you.

Right to be informed: You have the right to be informed about what we do with your personal data. This is presented in this Privacy Notice.

Right to rectification: You have the right to request rectification of your personal data if you believe it to be incorrect or if it has changed since you provided the personal data.

Right to restrict processing: You have the right to request restriction of processing of personal data if you feel that we are not processing this lawfully or you may request to cease the nature of processing under the same circumstances.

Right to forget: You have the right to request to be forgotten, however, Condor has certain retention periods for personal data in accordance with legal and contractual obligations and may be required to refuse your request due to these circumstances.

Condor can, if necessary, refuse any of the above in certain circumstances.

Requests made in relation to the above rights will have a retention period of 12 months post closure of a request, after which time all information included in the request will be deleted or anonymised.

If you have a concern or complaint about our processing of personal data, you can contact our Data Protection Officer whose details are listed at the top of this notice. If, after raising your concern or complaint with our Data Protection Officer you are not satisfied and still have concerns about the processing of personal data, or you believe we are unlawfully processing your data, you have the right to complain to the relevant Data Protection Authority (namely the Information Commissioners Office) by calling +44 (0)303 123 1113 or by visiting their website www.ICO.org.uk

Right to Withdraw Consent

If, at any point, Condor requests your consent for the processing of your personal data, you may withdraw this consent at any time.

Processing of CCTV (Closed Circuit Television 

Condor operates CCTV on all vessels in public passenger areas for crime prevention and detection. This is operated internally by Condor Ferries.

CCTV recordings are retained for a total of 7 days post capture and are removed permanently after this period.

In certain circumstances, CCTV recordings may be required for any legal proceedings in the event of any claims against the company. Government agencies may also request copies of recordings for certain purposes. Condor are under no obligation to notify any persons that may be included in the recordings when used for any claims or when requested by a Government Agency.

If a Subject Access Request is made by an individual, all imagery that can identify another person that does not belong to the individual will be redacted to ensure privacy of all other individuals.

Processing of CCTV (Closed Circuit Television 

Condor operates CCTV on all vessels in public passenger areas for crime prevention and detection. This is operated internally by Condor Ferries.

CCTV recordings are retained for a total of 7 days post capture and are removed permanently after this period.

In certain circumstances, CCTV recordings may be required for any legal proceedings in the event of any claims against the company. Government agencies may also request copies of recordings for certain purposes. Condor are under no obligation to notify any persons that may be included in the recordings when used for any claims or when requested by a Government Agency.

If a Subject Access Request is made by an individual, all imagery that can identify another person that does not belong to the individual will be redacted to ensure privacy of all other individuals.

Changes to this Policy

This Policy was last updated on 7th September 2018.