Data Privacy Notice
1. Introduction
Corporate Risk Solutions LTD respects your rights to privacy and we are committed to protecting your personal information. The purpose of this privacy notice is to explain how we collect and use personal information.

2. Data Controller
“corporate risk solutions ltd” (referred to as “we”, “us”, “our” or “crs” in this policy) primarily refers to the website business of Corporate Risk Solutions LTD Limited, a wholly owned by Corporate Risk Solutions LTD Limited is the “data controller” of all personal information that is collected and used about our customers for the purposes of European Union data protection law. Corporate Risk Solutions LTD is registered in UK, registration number 09966599 and registered offices at 1st floor, Foregate street, Worcester. WR1 1DB.

3. How to get in touch
A Data Protection Officer (“DPO”) has been appointed to co-ordinate the collection, use and retention of personal data at Corporate Risk Solutions LTD to ensure compliance with the Data Protection Acts, this Policy and related procedures
If you have any questions about this policy or a data subject access request, please contact the DPO at dpo@crsworcester.co.uk

4. The information we process
To provide you with our services, we collect and process various categories of personal information throughout your relationship with us. These include:
• Customer information such as your name, address, card and payment information, contact details, booking location and Internet address, and services provided
• Passenger information relating to you and your travel companions, such as names, date of birth, age group (adult, child 4-15, infant 0-3), gender, nationality, passport information and vehicle details.
• Correspondence through emails, text, webchat and social media that you have exchanged with us about our services
• Video footage at our port locations and aboard our vessels

5. Special Categories of personal information
In some circumstances we may collect information about your health, where you have advised us of particular needs you have including medical, mobility or dietary requirements.

6. How we obtain your personal information
Purpose for processing Legal basis
To enter into our contract of carriage with you so we can provide you with the ferry services you request. This includes setting up your account, processing and allow you to securely pay for your booking and associated transactions, to make changes to your booking requested by you or to inform you of any changes we make to your booking This use is necessary in order for us to enter into and perform our contract with you
To prevent fraud and to fulfil our legal and regulatory obligations, for example to maintain and share passenger records necessary for maritime safety, security immigration or customs regulations and laws In order to comply with our legal obligations
To send you marketing emails with special offers and news from Corporate Risk Solutions LTD or about related services to ones you have previously purchased We will only send you marketing emails where you have given us your explicit consent to do so or where appropriate on the basis of our legitimate interests.
You are entitled to withdraw your consent at any time.
To personalise and improve our services and related products and ask for feedback On the basis of our legitimate interest in operating our business.

Special categories of data Legal basis
We may process information about your health, where you have advised us of particular needs you have including medical, mobility or dietary requirements. We will only do this with your explicit consent.
You are entitled to withdraw your consent at any time.

Corporate Risk Solutions LTD obtains personal information when you explicitly provide it to us, or information that we gather from your use of our website, your use of our services and the technology you use to access our booking services (for example your booking location, Internet Protocol (IP) address, or telephone number). In circumstances where you are unable to provide personal information which we require for statutory or contractual reasons, we may be unable to process your transaction.
In certain circumstances you may provide us with personal information relating to other people Please ensure that you provide a copy of this Notice to any third party whose personal data you provide to us or have provided to us previously.

7. How we use your personal information
We use your personal information for the following purposes and on the following legal grounds.
Please note that you have a right to object to processing of your personal information where that processing is carried on for our legitimate interests.

8. How long we keep your personal information
Corporate Risk Solutions LTD will not retain your data for longer than is necessary to fulfil the purpose for which it was originally collected. We will also consider the nature and sensitivity of the data, the volume or size of the data collected as well as our legal obligations, in determining the appropriate retention period for the relevant data set. We anonymise and or delete data that is no longer required.
More information on our data retention policies is available on request by contacting our data protection officer at dpo@crsworcester.co.uk

9. Security
Your privacy and the security of your data is of critical importance at crsworcester.co.uk
When you book online or access your account at crsworcester.co.uk you do so through secure servers. The use of Secure Socket Layer (SSL) technology means that all personal information, such as your credit/debit card and address details, will be encrypted as it travels from your computer to the Irishferries.com booking system. SSL is an industry-standard method that is used to transmit personal information securely over the Internet. Our use of SSL and digital certificates ensures you are actually sending data to Irish Ferries, rather than a third party, so you can be confident of safely and confidentially completing your reservation.
To maintain the accuracy of your data, as well as preventing unauthorized access and correct use of all data, Irishferries.com uses the appropriate physical, electronic, and governance measures to secure the data we collect online.
Please ensure that you keep your irishferries.com account details confidential and set a password that is difficult for others to guess.

10. Transferring information overseas
Although we are based in UK, we do not send any information oversea, we required by law, to law enforcement agencies, judicial bodies, government entities or regulatory bodies. And there policy may send information over sea and if so we will contact you by email if this is the case on you.
11. Sharing information with third parties
At present, we disclose your personal information to some or all of the following:
a) Service providers such as sub-contractors acting on our behalf to provide system administration services.
b) Where required by law, to law enforcement agencies, judicial bodies, government entities or regulatory bodies.

12. Your rights
Right of Access You can request a copy of the personal data we hold about you.
Right to Rectification If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered account with us, please contact us (see Contact Us above).
Right to Erasure (‘Right to be Forgotten’) You have the right to request that your personal data be deleted in certain circumstances including:
• The personal data is no longer needed for the purpose for which they were collected;
• You withdraw your consent (where the processing was based on consent);
• You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data;
• The personal data has been unlawfully processed; or
• To comply with a legal obligation.
• However, this right does not apply where, for example, the processing is necessary:
• To comply with a legal obligation; or
• For the establishment, exercise or defence of legal claims.
Right to Restriction of Processing You can ask that we restrict your personal data (i.e., keep but not use) where:
• The accuracy of the personal data is contested;
• The processing is unlawful but you do not want it erased;
• We no longer need the personal data but you require it for the establishment, exercise or defence of legal claims; or
• You have objected to the processing and verification as to our overriding legitimate grounds is pending.

We can continue to use your personal data:
• Where we have your consent to do so;
• For the establishment, exercise or defence of legal claims;
• To protect the rights of another; or
• For reasons of important public interest.
Right to Data Portability Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
• The processing is carried out by automated means; and
• The processing is based on your consent or on the performance of a contract with you.
Right to Object You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out.
Right to Complain You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

13. Terms and Conditions of Trading
Full information on Corporate Risk Solutions LTD standard terms and conditions of trading can be viewed here.

14. Policy changes
This Policy was last updated 24/05/2018. Any changes to this policy will be notified by email to our customer marketing mail list and will be published on our website.