Inner Banner 1

Privacy Policy

Privacy Policy & Data Protection

Hamble Point Yacht Charters Ltd
(Including Hamble Point Sailing School & Seafin)

  1. Introduction

Hamble Point Yacht Charters Ltd (HPYC), including Hamble Point Sailing School (HPSS) and Seafin (together referred to as “the Organisation”), are committed to protecting the rights and freedoms of individuals and ensuring that personal data is processed lawfully, fairly and securely in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how personal data is collected, used, stored and protected across all areas of the Organisation’s operations, including yacht charters, sailing school activities, events and associated services.

This policy explains how personal data is handled externally. Internal responsibilities and procedures are set out in the Organisation’s Data Protection Policy.

  1. Scope

This policy applies to all personal data processed by the Organisation, including data relating to:

• Customers and clients

• Students and course participants

• Employees, contractors and instructors

• Job applicants and DBS applicants

• Website users

  1. Data Controller

Hamble Point Yacht Charters Ltd
Hamble Point Marina
School Lane
Hamble
Southampton SO31 4JD

The Organisation acts as the Data Controller.
Karen Potts is responsible for overseeing data protection compliance.

  1. Personal Data Collected

The Organisation collects personal data relevant to its activities, including:

Identity and Contact Information

Name, address, telephone number, email address and date of birth.

Booking and Operational Information

Sailing qualifications, experience, crew lists and emergency contact details.

Health and Welfare Information

Medical conditions, dietary requirements and accessibility needs where relevant to safety.

Payment Information

Payment details processed via secure third-party providers. The Organisation does not store full card details.

DBS and Safeguarding Information

Where required, DBS-related information may be processed to assess suitability for roles involving children or vulnerable individuals. This includes certificate status and reference information.
This data is treated as highly sensitive and handled in accordance with DBS guidance and internal policies.

Website Data

Cookies and analytics data used to improve services.

  1. Lawful Basis for Processing

Personal data is processed under the following lawful bases:

• Contract – to deliver services and bookings

• Legal obligation – compliance with regulatory and insurance requirements

• Legitimate interests – operation and improvement of services

• Consent – marketing communications

Special category data (including health and DBS data) is processed only where necessary and with appropriate safeguards.

  1. How Data is Used

Personal data is used to:

• Manage bookings and deliver services

• Ensure safety during activities

• Verify identity and qualifications

• Communicate with customers and participants

• Manage recruitment and safeguarding

• Meet legal and regulatory obligations

• Improve services

  1. Sharing of Data

Personal data may be shared with:

• Insurance providers

• The Royal Yachting Association

• Payment processors and IT providers

• Regulatory authorities where required

All third parties are required to process data securely.

DBS information is not shared with unauthorised individuals.

  1. Data Security

The Organisation implements appropriate security measures, including:

• Secure storage of physical records

• Password-protected systems

• Restricted access to sensitive data

• Staff training

These measures are supported by the Information Security Policy.

  1. Data Retention

Data is retained only as long as necessary for operational, legal and safety purposes.

DBS information is retained only in accordance with DBS guidance.

  1. Individual Rights

Individuals have the right to:

• Access their data

• Request correction

• Request deletion where appropriate

• Restrict or object to processing

• Withdraw consent for marketing

  1. Marketing

Marketing communications are sent only where consent has been provided.
Individuals may unsubscribe at any time.

  1. Contact

[email protected]
02380 457110

Complaints may be made to the Information Commissioner’s Office (ICO).

  1. Review

This policy will be reviewed annually or in response to changes in legislation or operations.

 

Testimonial

WHAT CLIENTS SAY

Don't just take our word for it - hear from the happy customers who've sailed with us.

View All Reviews