Who we are
Our website address is: https://www.wind-ship.org
The International Windship Association (IWSA) (which may be referred to in this document as ‘IWSA’,‘we’, ‘ourselves’, ‘us’ and ‘our’) has ownership of this web site and its various functions. For the necessary grounds of the Information Protection Act 1998 (Act), the information controller is International Windship Association.
- Important information
- We do not knowingly collect information which relates to children and our website is not intended for children.
- We are the information controller and accountable for your personal information.
- by email to: firstname.lastname@example.org
- by post to: International Windship Association, Data Protection Manager, Quality Company Formations, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
- You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, like the opportunity to deal with your concerns before you contact the ICO so we encourage you to contact us first and we will look to resolve the matter.
- Our website may have links to third-party websites, plug-ins and apps. By connecting or clicking on these links please be aware that you may be allowing third parties to share or gather your personal information. We do not have any control over these third-party websites, plug in or apps and we will not be held responsible for their privacy policies – please make sure to read their privacy policies to recognise what personal information they collect about you and the way in which this information is used.
- Your responsibility to inform us of updates
- It is imperative that the information we have about you is correct and up to date, please ensure we are aware of any changes to your personal information.
- The information we collect about you
- Part 1 of Schedule 1 provides you with the types of personal information we are likely to collect, use, store and transfer.
- We also collect, use and share aggregated information. However, if we combine aggregated information with your personal information so that it can directly or indirectly identify you, we treat this as your personal information.
- We do not collect any special classes of personal information.
- Failure to provide personal information
- If we are required by regulation, or under the terms of an agreement we have with you, to collect your personal information and you fail to provide the required information, we may not be able to enter into the agreement with you and therefore we may have to terminate an agreement or service. We will notify you of this at the appropriate time.
- How personal information is collected
- We gather personal information via the following methods:
|direct communications||you may provide personal information when you subscribe to our newsletter or other services or otherwise or contact us (by letter, telephone or electronic mail).|
|robotic technology||When you browse or interact with this website, we may automatically collect personal information – this includes technical and usage data. This is done by using cookies, and other related technologies. If you visit other websites that use our cookies, we may also receive technical information about you. Please see our cookie notice here for further details.|
|Publicly available information||we may collect personal information from publicly availably sources [such as online databases, media lists, websites etc.]|
|third parties||we may receive personal information from: (a)analytics providers based inside or outside the EU (such as Google); (b) advertising networks inside or outside the EU; (c) search information providers inside or outside the EU; and (d) our suppliers such as payment providers, delivery services, website support and maintenance providers.|
- How we use your personal information
- We will only use your personal information where there is a lawful basis to do so. Usually, we will use your personal information:
- to achieve the agreement we are to enter into or have entered into with you;
- to ensure we are complying with a legal requirement; and
- where it is essential to carry out our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Part 2 of Schedule 1 sets out the legal basis we will rely on to process your personal information.
- We usually only rely on consent as the legal basis for processing your personal information to send email and SMS marketing messages and you have the right to remove your consent at any time by getting in touch with us. Please be aware that we may process your personal information for more than one lawful basis depending on the precise purpose for which we are using your information.
- From time to time, we may examine your personal information to ascertain what services and activities we think may be of interest to you. You will only receive marketing messages from us, if you have requested information from us or purchased services from us, if you provided consent to marketing at the time we collected your personal information and you have not since opted out or removed your consent or if we have another basis to send you the marketing communications.
- We will ensure to get your express opt in before sharing any of your personal information with other parties for marketing reasons. We do not sell any customer lists, accept advertising or profit from any third party revenue based on the information gathered on this website.
- How to opt out
- You can remove your consent from receiving marketing emails by clicking the unsubscribe button within the specific marketing message or by informing us directly that you do not wish to receive those marketing messages. You can also remove your consent to marketing at any time by contacting our DPM.
- . Even if you remove your consent from receiving marketing messages, we may still use your personal information for other purposes as long as we have a legal grounding to do so.
- Change of purpose
- Your personal information will only be used for the reason it was initially collected for. We will only use your personal information for another reason if that reason is connected to the initial reason.
- If use of your personal information is required for an unconnected reason, we will inform you and will explain the lawful basis which allows us to use your personal information in this way.
- Where this is required or allowed by law, we may process your personal information without your knowledge or consent.
- Disclosure of your personal information
- We may have to share your personal information with third parties, more details on this can be found in Part 4 of Schedule 1. All third parties are required to treat your personal information in accordance with data protection regulations and to respect the security of your personal information. Third party service providers are not authorised to use your personal information for their own aims. Your personal information can only be processed within the specific instructions and for the specified reasons that we prescribe.
- When sharing your data with third parties as specified in Part 4 of Schedule 1, we may transfer your data outside the European Union (EU).
- We may work with intermediaries based outside the EU, therefore their processing of your personal data will involve a transfer of data outside the EU.
- In these circumstances, we ensure your data is protected by ensuring at least one of the following safety mechanisms is in place:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe with our services providers;
- We may transfer data to US based service providers under the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
- Please contact our DPM if you require further information on the specific methods used by us in situations where your personal data out of the EU.
- Information security
- Your personal data is held in the highest regard and we do our utmost to ensure it is kept secure. Nonetheless, please note that no security system, however advanced, can provide guaranteed safety all of the time. IWSA is dedicated to protecting and securing your personal data, but we are unable to fully promise or license our server security. Also, there may be unfortunate instances where personal data that you provide on this website is seized during Internet communications. We adhere to the qualified industry standards to always protect the personal data.
- IWSA personnel, agents, contractors and other third parties will only be allowed access to your personal information if they require access in order to perform their core business function – we will take steps to limit access to those that do not require access to your personal information. Those accessing your personal information will be subject to a duty of confidentiality.
- We have procedures in place to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Information retention
- IWSA will only store your personal information for as long as necessary to fulfil the purposes we collected your personal information for. This includes for the purposes of fulfilling our legal, accounting, or reporting requirements.
- Details of retention periods for different aspects of your personal information are available in our retention policy which you can request from us. However, we are legally obligated to keep rudimentary information about our customers (including contact, identity, financial and transaction information) for six years after our business relationship ends, for tax reasons.
- We may also anonymise your personal information (so that it can no longer be linked to you) for research or statistical purposes. We can use anonymised information indeterminately without further notice to you.
- Your legal rights
- You have certain rights in certain situations under data protection law. These are set out in full in Part 3 of Schedule 1. Please contact our DPM if you wish to exercise any of your legal rights.
- You will not have to pay a fee to exercise any of your rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee for this information or refuse to comply with your request.
- We may request specific information from you to help us confirm your identity when you contact us. This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.
- We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Part 1: Categories of personal information
|contact information||billing address, delivery address, email address and telephone number|
|financial information||bank account and payment card details|
|identity information||first name, maiden name, last name, occupation, username or similar identifier, title, date of birth and gender|
|marketing and communication information||your preferences in receiving marketing from us. Telephone calls may be recorded for security, training and quality purposes|
|profile information||your username and password, purchase or orders made by you, preferences, feedback and survey responses|
|technical information||internet protocol (IP) address, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website|
|transaction information||details about payments to and from you and other details of services you have purchased from us or sold to us.|
Part 2: Lawful base for processing and processing activities
The lawful basis upon which we may rely on to process your personal information are:
|consent||you have given your express consent for us to process your personal information for a specific purpose|
|contract||the processing is necessary for us to perform our contractual obligations with you under a contract, or because you have asked us to take specific steps before entering into a contract with you|
|legal obligation||the processing is necessary for us to comply with legal or regulatory obligation|
|legitimate interests||the processing is necessary for our or a third party’s legitimate interest e.g. in order for us to provide the best service to you via our website. Before we process your personal information on this basis we make sure we consider and balance any potential impact on you, and we will not use your personal information on this basis where such impact outweighs our interest|
Set out below are specific details of the processing activities we undertake with your personal information and the lawful basis for doing this.
|Purpose/Activity||Type of information||Lawful basis for processing|
|to register you as a new customer or member||identity & contact||(a) to perform our contract or agreement with you|
|to process and deliver your order, manage payments, fees and charges and debt recovery||identity, contact, financial, transaction and marketing & communications||(a) to perform our contract or agreement with you
(b) as necessary for our legitimate interest in recovering debts due to us
|to manage our relationship with you, notifying you about changes to our Terms or Privacy Notice and ask you to leave a review||identity, contact, profile & marketing & communications||(a) to perform our contract or agreement with you
(b) as necessary to comply with a legal obligation
(c) as necessary for our legitimate interests in keeping our records updated and analysing how members, suppliers or customers use our services
|to administer and protect our association and this website (including troubleshooting, information analysis, testing, system maintenance, support, reporting and hosting of information)||identity, contact & technical||(a) as necessary for our legitimate interests in running our association activities, provision of administration and IT services, network security, to prevent fraud and in the context of a reorganisation or restructuring exercise
(b) as necessary to comply with any legal obligations
|to deliver relevant website content/advertisements to you and measure or understand the effectiveness of our advertising||identity, contact, profile, usage, marketing & communications & technical||(a) as necessary for our legitimate interests in studying how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy|
|to use information analytics to improve our website, products/services, marketing, member, supporter, supplier or customer relationships and experiences||technical & usage||(a) as necessary for our legitimate interests to define types of stakeholders for our services, to keep our website updated and relevant, to develop our association activities and to inform our marketing & publicity strategy|
|to make suggestions and recommendations to you about association services and events that may be of interest to you, including promotional offers||identity, contact, technical, usage & profile||(a) as necessary for our legitimate interests to develop our association services and grow our activities|
Part 3: Your legal rights
You have the following legal rights in relation to your personal information:
|access your information||you can ask for access to and a copy of your personal information and can check we are lawfully processing it|
|correction||you can ask us to correct any incomplete or inaccurate personal information we hold about you|
|erasure||you can ask us to delete or remove your personal information where:
(a) there is no good reason for us continuing to process it;
(b) you have successfully exercised your right to object (see below);
(c) we may have processed your information unlawfully; or
(d) we are required to erase your personal information to comply with local law
(e) we may not always be able to comply with your request for specific legal reasons, which will be notified to you at the time of your request
|object||you can object to the processing of your personal information where:
(a) where we are relying on our legitimate interest (or those of a third party) as the basis for processing your personal information, if you feel it impacts on your fundamental rights and freedoms;
(b) where we are processing your personal information for direct marketing purposes
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms and, in such circumstances, we can continue to process your personal information for such purposes
|restrict processing||you can ask us to us to suspend or restrict the processing of your personal information, if:
(a) you want us to establish the accuracy of your personal information;
(b) our use of your personal information is unlawful, but you do not want us to erase it;
(c) you need us to hold your personal information (where we no longer require it) as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your personal information, but we need to verify whether we have overriding legitimate grounds to use it
|request a transfer||you can request a transfer of your personal information which is held in an automated manner and which you provided your consent for us to process such personal information or which we need to process to perform our contact with you, to you or a third party. We will provide your personal information in a structured, commonly used, machine-readable format|
|withdraw your consent||you can withdraw your consent at any time (where we are relying on consent to process your personal information). This does not affect the lawfulness of any processing carried out before you withdraw your consent|
Part 4: Third Parties
|service providers||acting as processors or controllers based in the EEA but also around the world who provide advertising and marketing, bank and merchant account services, payment processing and the delivery of services and/or documents from us|
|professional advisors||joint controllers including lawyers, accountants, auditors and insurers based in the United Kingdom, EU and/or outside the EU who provide consultancy, banking, legal, insurance and accounting services|
|HM Revenue & Customs, regulators and other authorities||acting as joint controllers based in the EEA who require reporting of processing activities in certain circumstances|
Part 5: Appendix
|aggregated information||information such as statistical or demographic information which may be derived from personal information, but which cannot by itself identify an information subject|
|controller||a body that determines the purposes and means of processing personal information|
|information subject||an individual living person identified by personal information (which will generally be you)|
|personal information||information identifying a information subject from that information alone or with other information we may hold but it does not include anonymised or aggregated information|
|processor||a body that is responsible for processing personal information on behalf of a controller|
|special categories of personal information||information about race, ethnicity political opinions, religious or philosophical beliefs, trade union membership, health, genetic, biometric information, sex life, sexual orientation|
|ICO||Information Commissioner’s Office, the UK’s supervisory authority for information protection issues|
The policy was formatted on 24 May 2018 following GDRP guidelines for Privacy Protection
The International Windship Association (IWSA) (which in this document may also be referred to as the ‘IWSA’,‘Web site’ or ‘Site’), uses ‘cookies’ to help us improve our services. Any person who uses this web site is in agreement with the cookies outlined in this policy. Cookies may be deactivated and restricted at any time, and this will not affect the effective running or your access and usage of the web site. Cookies are not used to collect any of your private data – this only occurs if you decide to provide such information.
What is a cookie?
What is the purpose of cookies?
- tracing the number of visitors to a web site and specific web pages.
- retaining usernames and passwords.
- saving addresses for billing and shipping purposes.
- retaining credit and debit card details.
- saving log-in details and keeping users logged in to web sites.
- storing items in online shopping carts that have yet to be purchased.
- monitoring transactions.
- studying movements and user conduct.
- enhancing goods, services and transmissions.
- showing adverts that will interest the user e.g. cookies will remember previous online purchases and browser history of users’ favourite shops to advertise similar products.
- gauging the usefulness of adverts and web browsing.
- augmenting web sites for easier navigation.
- improving and promoting products and services
Do these cookies allow you to spy on users?
- No. Performance Cookies do not retain any private information that can recognise an individual user. These cookies are only used to monitor the activity of different users.
How do I remove or change these cookies?
- Cookies can be removed from your Internet browser whenever you wish. Browsers can also be adjusted to suit your preferences, allowing you to activate or deactivate certain cookies routinely. There is also an option to be alerted each time your computer receives a cookie so that you can admit or refuse the cookies where appropriate. Please note:
- deleted cookies may slow down your future admittance to web sites as data will be lost.
- rejected cookies may prevent you from accessing certain areas of the web site or hinder your access to interactive tools or facilities.
How to restrict cookies on your web browser
- Click on the Safari menu tab.
- Select Preferences
- Select the Security tag
- Beneath the Accept Cookies command, apply accept, reject, or selectively accept cookies
- Select Tools in the menu option
- Select Options…
- Select Privacy tag in the top tab
- On the pull-down box, choose Use custom setting for history
- Un-tick the option that reads Accept Cookies from Sites
- Select OK and exit
Internet Explorer 7.0+
- Select Tools in the menu option
- Click the Options button
- Select the Privacy button on the top tab
- Select the Advanced button
- Click Prompt for the First-Party cookies as well as Third-Party Cookies
- Click OK and exit
Google Chrome 8.0+
- Select Tools Menu
- Click on Options
- Select the Under the Bonnet tab
- Select Cookie Setting tab and check the Block all third-party cookies without exception option
You can read more about cookies by visiting http://www.aboutcookies.org/.
Blog Postings – What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.