Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
Support
My Account

Spotlight

  • Contact us if you need help!
 

 
 

Privacy Policy

 
This is the privacy notice for CSO Alliance Limited (and the Maritime Cyber Alliance). This privacy notice sets out the basis on which any personal data We collect from you, or that you provide to us, directly or indirectly will be processed by us. Please read the following carefully to understand our views and practices regarding personal data and how We treat it. 


CSO Alliance Limited is a company registered in England and Wales under company number 08319882 whose registered office is at The Mill, Quainton Road, Waddeson, Aylesbury, Buckinghamshire, England HP18 0LP.


For the purpose of the General Data Protection Regulation 16/679 the data controller is CSO Alliance Limited. We can be contacted at the registered office address or info@csoalliance.com


WHO WE ARE


CSO Alliance is a community of company security officers tasked with defending over 50,000 merchant marine assets with over 1.2 million crew, from criminality. CSO Alliance collects and aggregates data isolating criminal activity and trends to ensure that all chief security officers who are members (hereafter referred to as ‘Clients’) can fully brief their captains and crew as to the risks they face, wherever they sail. 


OUR STATUS UNDER GDPR


Depending on the nature of the interaction, we act as a processor in that we are acting upon instructions from our Clients when we provide our services to them; and when we control the purposes and means of the processing of personal data, such as processing our employee’s personal data, we are a controller, as defined under the Regulation.


THE PERSONAL DATA WE COLLECT ABOUT YOU


We collect personal data for a number of purposes in order to undertake our business model. This includes the collection of personal data which identifies you when you sign up to our mailing list, become a member or communicate with us. If you make a purchase or sign up for an event we maintain a record of your history. If you share any access requirements or other special requirements with us we will note this in your record on our contact management system, Capsule CRM. We keep a record of the emails we send you, and we may track whether you receive or open them so we can make sure we are sending you the most relevant information. When we collect personal data from you we store it under a strict safeguarding and confidentiality regime. 


THE REASON WE USE PERSONAL DATA


CSO Alliance will collect data from you to process payments, our member experience and provide you with information or services you have requested, to meet contractual requirements and comply with our administrative duties, sectoral regulations and the general law. Personal data collected this way will only be used to provide you with information that you would reasonably expect or have agreed to. When we run activities in partnership with other organisations we will only share your personal data with them if your consent is required, and you have given us consent to do so. We do not share or sell your personal data with other organisations to use for their own purposes without your agreement. We may pass your personal data on to third-party service providers contracted to us. In these circumstances, the third party will be obliged to keep your details securely, and to use them only to fulfil their contractual obligations to us. When they no longer need your personal data to fulfil this service, they will dispose of the details in line with our data retention policy. 


Personal data, including in your capacity as a member of CSO Alliance, will be held on a customer relationship management system which holds contact details and a record of your interactions with us. Where possible we aim to keep a single record for each member. Where you apply for employment at CSO Alliance and are unsuccessful, we delete your records in line with our data retention policy. 


SHARING INFORMATION 


As set out above, we may share information with third parties so that they can assist us in providing our services; selected third parties could include:

• Clients, suppliers and sub-contractors for the performance of any contract we enter into with them. For example, so that our platform can work effectively, we may engage with contractors to carry out part of our services.
• Analytics and search engine providers that assist us in the improvement and optimisation of our site.


We will disclose your personal information to third parties:

• If CSO Alliance or substantially all of its assets are acquired by a third party, in which case personal data held by it about its Clients will be one of the transferred assets.
• If we are under a duty to disclose or share personal data to comply with any legal obligation, or in order to enforce or apply our terms and other agreements; or to protect the rights, property, or safety of CSO Alliance, our Clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.


THE LEGAL BASIS UPON WHICH WE ACT


We only process personal information where we have a lawful basis for doing so. These are:


Consent

Where We process personal data as a result of your consent, We ensure that consent is freely given, specific and informed, and established by a clear affirmative act. Where you wish to withdraw your consent, we have set out (below) how you may do this.


Contract Performance

Where We enter into a contract with third parties, processing of personal data may, as a matter of course, be necessary to execute such contract or take pre-contract preparation steps. This can include obligations under our terms and conditions with our members. 


Legal Obligations

Where We have legal obligations, processing of personal data may be required by law. This may include contact with our regulators or public institutions. 


Legitimate Interest

Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and yours. We may therefore contact you about things which we feel are of interest to you or which, based on what we know about you, are in the interests of our charitable objectives to let you know. This will from time to time include marketing and raising awareness, but at any stage you can tell us that you do not want to receive such information and we will stop contacting you with it.


WITHDRAWAL OF CONSENT 


Consent should be as easy to withdraw as it is to give and you may ask that we do not process your personal data at any time. You may contact us to withdraw your consent using the contact details at the end of this privacy statement. Equally, where we process personal data based on our legitimate interest, you have a right to request that we stop processing personal data for our legitimate interests and withdraw your consent. 


HOW WE PROTECT YOUR PERSONAL INFORMATION


We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary. Any external providers we use to process your data (for instance the operators of our contact management system) must meet our security policies and comply with all relevant legislation about how they store and process your personal data. We may also receive information about you from third parties but will only contact you if we have your express permission.


YOUR RIGHTS TO FURTHER INFORMATION


At your request we will confirm the information We hold about you and how it is processed. You can request the following information: 


• Identity and the contact details of the person or organisation that has determined how and why to process your data. 
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests, information about those interests.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• If we intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• The source of personal data if it wasn’t collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.


What forms of ID will I need to provide in order to access this? 


We accept the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.


SENSITIVE PERSONAL DATA


Where CSO Alliance processes sensitive personal data, we do so on the basis that the Client has established a lawful exception to the prohibition on processing sensitive personal data under Article 9 of the Regulation; and where CSO Alliance is processing sensitive personal data of employees, it does so pursuant to its employment relationship with its personnel and so uses the exception set out in paragraph 2(b) of Article 9 of GDPR. 


TRANSFERRING OUT OF THE EEA 

Storing: We use cloud providers to store our personal data. Personal data may be transferred to and stored at a destination outside of the European Economic Area (EEA). 

Processing: We may use third parties to help us deliver our services and they may be based outside the EEA. Where data is transferred outside the EEA, We adhere to compliance mechanisms that are identified by the European Commission, for example, the use of EU model contract clauses or conformity to US Privacy Shield. 

Where we are the processor: in general, personal data is stored in the locations required by our Clients. Periodically, our Clients may agree specific terms as to where customer data, venue employee data and head office employee data is stored by us.  At all times, We act in accordance with the Regulation. 


DATA RETENTION PERIODS


CSO Alliance has a data retention policy which sets out how long it will store personal data, which is consistent with Article 5 of the Regulation. CSO Alliance only keeps personal data for as long as is necessary. For example, CSO Alliance is required to retain certain information in accordance with the general law, where information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on CSO Alliance’s business needs, which are balanced against the requirements of GDPR and the rights of the individual.


Where we are the controller

We will retain personal data for as long as necessary. As described above, in some cases, we will have a legal or statutory obligation to retain information for a set period, such as the limitation period. 


Where we are the processor 

Data is stored as instructed by our Clients in accordance with their approach to retention of personal data provided that this is within GDPR. We recommend you view their Terms of Use and Privacy Policy for more information.


SUMMARY OF DATA PROCESSORS


In order to provide our services to our Clients and their customers, CSO Alliance defines the different categories of personal data and works with carefully selected third parties. Some of our selected third parties are required to process personal data on our behalf, in compliance with our role as both a controller and processor. Our suppliers include Mailchimp, Capsule CRM, Sage, Kashflow, HSBC and Wididi. 


CONTACTING YOU


The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. We will get in touch with the supervisory authority (which in CSO Alliance’s case is the Information Commissioner on the United Kingdom) and with affected data subjects where this is required under GDPR. 


LINKS TO OTHER WEBSITES


Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


COOKIES 


We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use the following cookies:


Strictly necessary cookies 


These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.


Analytical/performance cookies


They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily


Functionality cookies


These are used to recognize you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)


Targeting cookies 


These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. 


FIRST PARTY COOKIES


How do I block first party cookies?


You block first party cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.


THIRD PARTY COOKIES


We may use Google Analytics cookies to track anonymous usage statistics but we do not collect any personal information that can be used to identify you. This data helps us analyze web page usage and improve our website to tailor it to our audience needs.


Google Analytics stores information about what pages you visit, how long you are on the site, how you got there and what you clicked on.


These are cookies served by a third-party service provider and are usually used to identify your computer when it visits another website, for example, when you log in to a social media site to share an article.


How do I block third party cookies?


You block third party cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.


FURTHER INFORMATION


For more information on cookies, go to www.aboutcookies.org


YOUR RIGHT TO COMPLAIN


If you have a complaint about the way we process your personal data, you can register your concern by contacting the Information Commissioner and following the instructions set out at www.ico.org.uk


CONTACT DETAILS 


CSO Alliance Limited


Address:
The Mill, Quainton Road, Waddesdon, Aylesbury, Buckinghamshire, England HP18 0LP

FAO Data Protection Owner. 


Email: info@csoalliance.com