1.Welcome to the Pocket Charters (‘‘PC’’) Privacy Notice. Pocket Charters is the trading name of Pocket Chartering Limited (“we”, “us”, “our”), a company registered in England and Wales
under Company Registration Number 07633796 with its registered office at 170 Finchley Road, London
NW3 6BP.
This Privacy Notice (“Notice”) explains how we use (“Process”) your personal information (including
personal information that you provide to us about other persons) (together, “Personal Information”). It
also explains your privacy rights and how you can exercise them.
We respect your privacy and we are committed to protecting your personal data. We are responsible for
the Personal Information we collect about you (including through the website
www.pocketcharters.co.uk). The type of Personal Information we collect and how we Process it will vary
depending on the relationship we have with you. Please note in particular that:
· We may use cookies on our website and in any marketing emails to help us manage and improve our websites, your browsing experience, and the material/information that we send; and
· As a collaborative business, we may share certain Personal Information with our related entities or other persons engaged to provide the agreed services to you and also select third parties, subject to appropriate safeguards.
We will publish updates to this Privacy Notice on this website, with relevant changes highlighted as
appropriate. Where we hold or Process your Personal Data, we will also take appropriate measures to inform you of any amendments which have a material impact on you and your ability to exercise yourprivacy rights.
If you have any questions regarding our processing of your Personal Information or would like to exercise your privacy rights, please email: info@pocketcharters.co.uk
How We Collect Your Personal Information
We collect Personal Information to provide our services, for legal and regulatory purposes and to manage our business and relationships. For further details, please see the ‘Use of your Personal Information’ section of this Notice below.
2
How we collect information
Public information Personal Information about you or your business which is publicly available,
for example on your employers’ website, public professional social
networking sites, the press; and relevant electronic data sources.
Information from third parties
Personal Information provided to us by third parties (for example by our
clients; joint agents; sub-agents; suppliers; advisers; consultants, lawyers
and other professional experts; counterparties; previous, current and future
employers; correspondents and enquirers; regulators and public authorities;
relatives; and other persons) where such Information is provided to us in
connection with the relevant purposes set out in this Notice.
Information collected through our websites
We may use cookies on our website and certain marketing emails which
collect your IP address and certain other information from you when you
visit our website. For further details please see the ‘Marketing and Cookies’
section.
You will voluntarily provide most of your Personal Information directly to us. We will also obtain Personal
Information from other sources or persons. Sometimes the provision of your Personal Information to us
by third parties will be unsolicited and/or provided in confidence (for example, reports made to us by
regulators and other persons) and we will be unable to notify you of this. In all cases we shall take such
necessary steps to ensure that Personal Information is obtained and used in a fair and lawful way.
The Types of Personal Information That We Collect
The categories of Personal Information we collect will vary, depending on our specific relationship with
you and the context. We will not be able to further our relationship with you without certain Personal Information.
Type of Data Examples Context
Personal
contact
details
Your home address, mobile
number and personal email
address.
We will usually ask for this if you do not currently have
office/work contact details and also for customer due
diligence purposes.
Use of Your Personal Information
Our Processing of your Personal Information will include obtaining, recording or holding the data, or
carrying out any operation or set of operations on the data including organising, copying, analysing,
amending, retrieving, using, systemising, storing, disclosing, transferring, retaining, archiving,
anonymising, erasing or destroying it by automated or non-automated means.
3
The UK GDPR as tailored by the Data Protection Act 2018 require us to communicate to you the purposes
for which we Process your Personal Information (the “Permitted Purposes”), together with the
corresponding ‘Legal Basis’. These are summarised in the tables below.
Further details on: (a) security and business continuity arrangements; (b) client due diligence, supplier
vetting; and (c) equal opportunities monitoring and reporting, can be found in ‘The types of Personal
Information that we collect’ section above.
General Permitted Purposes
We Process Your Personal Information for one or more of the following general Permitted Purposes.
Legal Basis Permitted Purpose
Where it is necessary to
perform our contract with you
or to take steps at your
request to enter into the
contract
For example:
(a) to perform our services if you are a client (including related client
files management; order/matter acceptance, modification and
processing)
(b) to enter into or perform our agreement with you if you are a
supplier or external adviser or partner (including supplier account
management; purchase order processing; and for payment of
invoices); or
(c) to enter into or perform any other contract/agreement we may
have with you.
Where it is necessary for
compliance with a legal
obligation
For example:
(a) to carry out internal and related entity conflicts and other
regulatory checks on new client matters and to undertake
appropriate client due diligence in accordance with anti-money
laundering law;
(b) to undertake appropriate vetting of suppliers and external
advisers (for example, to comply with our obligations under
applicable privacy, tax payment and tax evasion, modern slavery,
anti-bribery and corruption and confidentiality rules);
(c) for equal opportunities monitoring and reporting purposes;
(d) to co-operate with our regulators and other public authorities
(including by responding to their requests for information;
undertaking internal investigations; and complying with our reporting
and other professional obligations); and
(e) to comply with any other obligation to which we are subject
under applicable rules and law.
Where it is necessary for the
purposes of our or another
party’s legitimate interests,
except where these are
overridden by your interests,
rights or freedoms
For example:
(a) to ensure compliance with our internal policies;
(b) for general security and business continuity purposes;
(c) for business management and financial planning (including
management of suppliers; business process improvement and quality
purposes; management reporting and reviewing records; accounting
4
and auditing; and corporate due diligence);
(d) for managing insurances, complaints, potential and actual claims;
(e) to ensure the effective provision of our services to clients and
enhance our business;
(f) for the improvement of our business policies and processes;
(g) for training and continuing professional development purposes;
(h) to manage our network;
(i) to organise corporate events and to carry out market research
campaigns;
(j) to protect, manage and improve our websites, and other services
(including:(i) to make sure our websites function as they should; (ii)
to recognise you when you return to the websites; and (iii) to analyse
how our websites and online services are performing)
(k) for any other legitimate purpose communicated to you at the time
of collection of your Personal Information.
We consider that our legitimate interests and these uses are
proportionate, and compatible with your interests, legal rights or
freedoms.
Where it is necessary to
protect your vital interests or
that of another person
For example, the disclosure of your Personal Information to medical
staff in the event of medical emergencies.
Marketing and Cookies
We generally rely on our legitimate interests to Process your Personal Information for marketing
purposes. We will inform you in advance of sending you marketing or if a related entity will send you
marketing material (unless this is reasonably obvious in the circumstances – for example, when you
provide us with your business card during a formal meeting). You will be able to opt-out of any marketing
email sent by us, by clicking the opt-out link that we include in each email.
Cookies
We may use cookies (small text files placed on your device) and similar technologies on our website and
marketing emails to:
1. make sure our website functions as it should;
2. recognise you when you return to the website (for example, to remember your login details so
that you do not need to re-enter it on subsequent visits);
3. analyse how our website and online services are performing (for example to understand how
people arrive at and use our website so that we can make it more intuitive); and
4. to present you with customised options relating to your interests, based on your previous use of
the websites (for example, where you are known to us, we will keep a record of the articles on
5
our website that you have clicked on/downloaded, and use that information to send you
material which we have identified as relevant to your interests).
Please note that some of the cookies on our website may be third party cookies (e.g. Google advertising
cookies) which we do not control. Please view the relevant website for details of their privacy policy.
If you are concerned about cookies, most web browsers (Safari, Internet Explorer, Chrome etc) now
recognise when a cookie is offered and allow you to opt-out of receiving it. You can also delete all cookies
that are already on your browser. If you choose to do this, you may have to manually adjust some
preferences every time you visit our website and some services and functionalities may not work.
For more information about cookies and how to disable and/or delete them, please visit
www.allaboutcookies.org
Where Is Your Personal Information Stored and Who Will It Be Shared?
We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit
access to your personal data to those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our instructions, and they are
subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and
any applicable regulator of a breach where we are legally required to do so.
We will also at times need to share some of your Personal Information with select third parties, such as:
Persons related to you Your other agents, consultants, other advisers, counterparties, beneficiaries,
trustees, banks and related persons who operate or are based around the
world, where you ask us to, or as otherwise necessary for the Permitted
Purposes.
Persons related to us Senior lenders, our agents, consultants and other professionals, suppliers
and external agencies/administrators who assist us with legal,
administrative, financial, operational and other services, and may have
access to certain of your Personal Information as part of their role. These
will include, for example:
(a) IT software, applications and services, including web content
management, recruitment and telecommunications services suppliers;
website, online portal and client extranet providers;
(b) business continuity/disaster recovery and data back-up providers;
(c) our file storage and management suppliers;
(d) third party due diligence and identity/background verification suppliers;
(e) our banks and other financial providers (such as currency exchange, e-
6
billing and outsourced payroll suppliers);
(f) our insurers, insurance brokers and lawyers;
(g) our auditors and other professionals engaged for audit purposes;
(h) debt collection agencies;
(i) local lawyers, tax advisors or experts; and
(i) other professional advisors.
Our suppliers will usually be based in the United Kingdom. Other agents,
consultants and professionals may be based in other countries.
Entities under common ownership, and potential affiliates and successors in
title to our business, who may be based around the world.
Courts/tribunals; and
law enforcement,
regulatory and public
authorities
Where disclosure is required by applicable rules and law, or by any court,
tribunal, law enforcement, regulatory, public or quasi-governmental
authority or department around the world.
Other involved persons If you attend an event organised or hosted by us, we may disclose your
details to others who attend or participate in the organisation of that event
(as notified to you). Any other persons with whom we may interact on your
behalf or at your request and/or where this is otherwise necessary in
connection with the Permitted Purposes.
We do not disclose (or sell) your Personal Information to any other third parties.
This Processing may involve the transfer (sometimes via cloud computing) of some of your Personal
Information to other countries whose privacy laws may not be as comprehensive to those where you are
based. Where third party and/or cross-border transfers take place, we will put enhanced confidentiality
and information security safeguards in place to ensure the lawfulness of the transfer and protect your
Personal Information. For further details, please see the Security of your Personal Information and data
breaches section of this Notice below.
Security of Your Personal Information and Data Breaches
We operate technical, non-technical and procedural controls to safeguard your Personal Information
(including protection against unauthorised or unlawful Processing and against accidental loss, destruction
or damage). In particular:
The use of:
(a) recognised, reputable and compliant webhosting and platform services such as Dropbox and
Microsoft and other recognised and reputable and products involved in the storage and protection of
our systems and files;
(b) physical and technical controls on, and monitoring of, access to our premises and systems; and
(c) Business Continuity and Disaster Recovery Plans.
7
We only engage reputable suppliers and lenders. Where suppliers and lenders will have access to our
and/or our clients’ information, they are also made subject to strict contractual provisions requiring
them to ensure any Personal Information is kept secure and is only used in accordance with our
instructions (or as otherwise and to the extent strictly required by law, if applicable).
Where your Personal Information is transferred to other countries, we will put appropriate safeguards
in place to ensure the lawfulness and security of the transfer. All transfers of Personal Information
outside of the UK will be based on the EU Commission’s standard contractual clauses. We will also put
such arrangements in place with third parties as appropriate. Where required under applicable local
law, we will seek your consent to the transfer.
We will keep these arrangements under regular review, taking into account security and compliance best
practices, current risks, threats, vulnerabilities, mitigating controls, technology, and changes in applicable
legal requirements.
However, the transmission of information via the internet is not completely secure. Although we do our
best to protect your Personal Information, we cannot guarantee the security of your Information
transmitted to our websites – and any such transmission is at your own risk. Our website may also, from
time to time, contain links to third party websites – which are outside of our control and are not covered
by this Notice. If you access other websites using the links provided, please check their privacy policy
before submitting any Personal Information to them.
Data Breaches
If a data breach (leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your
Personal Information) occurs which is likely to result in a high risk of adversely affecting your rights and
freedoms, we will inform you of this without undue delay. Where legally permitted, any such
notifications will be made either via email, post or telephone.
How long we keep Your Information
We will only keep your Personal Information in an accessible form which can identify you for as long as
we need to for the Permitted Purposes. As retention periods can vary significantly depending on the
Permitted Purpose and the relevant jurisdictions concerned, it is not possible for us to commit to an
overall retention period for all of your Personal Information held by us. For example, we are under legal
obligations to keep certain records for specific periods which will usually extend after the end of a
contractual relationship (including minimum statutory retention periods in respect of client due diligence
documents – which vary from jurisdiction to jurisdiction).
8
As a result, we use certain categories and criteria to determine how long we keep certain of your
Personal Information, and these are set out below. Where your Personal Information is used for more
than one Permitted Purpose, there will be overlapping retention periods in respect of that Information. In
such cases, we will retain your Information for the longer of those overlapping retention periods. We will
also transfer paper files into, and store them in, electronic format where appropriate.
Type of Personal
Information
Retention Period
Personal Information
Processed in
connection with
lending matters
Up to 5 years after the date of the termination of our business relationship,
unless:
(a) otherwise required by applicable law;
(b) where required for regulatory, compliance or insurance purposes;
(c) where a longer limitation period applies in respect of specific types of
actions/documents; and/or in the event of a dispute which requires it to be
kept for longer; or
(d) there is another legitimate reason which requires it to be kept for longer.
Personal Information
relating to suppliers
and the services they
provide to us
Up to 5 years following the end of our business relationship, unless:
(a) otherwise required by applicable law;
(b) you consent to us storing it for longer;
(c) the Information forms part of files which are required to be kept for longer
(for example where you were involved in one of our client matters); or
(d) where a longer limitation period applies in respect of specific types of
actions/documents; and/or in the event of a dispute or other legitimate
reason which requires it to be kept for longer.
Where we no longer require your Personal Information, we will take steps to delete or anonymise it.
There will be circumstances where certain Information cannot be permanently deleted or anonymised,
for example because it is stored in our back-ups for business continuity purposes.
In such cases, we will take appropriate steps to minimise (and pseduonymise where technically
practicable) the Personal Information that we hold, and to ensure that it is: (a) not used in connection
with any decision involving you; (b) not shared with anyone, except where we are legally required to do
so (e.g. following a court order); (c) kept secure and virtually inaccessible; and (d) permanently deleted if,
or when, this becomes technically possible.
9
Your Rights
The following privacy rights apply under the UK GDPR as tailored by the Data Protection Act 2018.
Although applicable data protection legislation in relevant jurisdictions afford similar rights, there may be
circumstances where some of these rights do not apply under or are modified by, local law. Further
information can be sought from our privacy contacts. In the event of any inconsistency, the applicable
local legislation will prevail.
Right to be informed You can ask us to provide you with privacy information about how we
Process your Personal Information. That information is set out in this
Privacy Notice, together with any other specific notices which are
provided to you at the time of collection of your Information.
Right of access You can request us to confirm whether we Process your Personal
Information. You can also ask us to access your Personal Information.
Right to rectification and
erasure
In the event that we hold inaccurate or incomplete Personal
Information, you can ask us to rectify or complete that Information.
You can also ask us to erase your Personal Information. This right is not
absolute and only applies in certain circumstances.
Right to restrict processing You can ask us to restrict the Processing of your Personal Information
(or to suppress it) for a certain period of time. This right is not absolute
and only applies in certain circumstances.
Right of data portability You can ask us to move, copy or transfer your Personal Information
back to you or to another person under certain circumstances. This
right only applies: (a) to Personal Information you have provided to us
as a Data Controller; (b) where the Processing is based on your consent
or for the performance of a contract; and (c) when processing is carried
out by automated means.
Right to object You can ask us at any time to stop Processing your Personal
Information for marketing purposes. Where there are legitimate
grounds to do so, you can also object to us Processing your Personal
Information on the basis of our legitimate interests and in certain other
situations.
Right to withdraw consent Where we are Processing your Personal Information on the basis of
your consent, you can withdraw that consent at any time.
Rights in relation to
automated decision-making
and profiling
You have the right to: (a) ensure that any significant decisions affecting
you are not made purely by automated means based on an online
profile or other information (i.e. a person is involved in the decision-
making), and (b) that you can express your views and to challenge the
decision. We are also under obligations to ensure that any profiling is
undertaken in a fair and transparent way.
10
For further details about these privacy rights under UK GDPR (including their limitations), please see the
Guide to the UK GDPR on the Information Commissioner’s Office website .
To exercise your rights, please send a written and dated request (a “Request”) to
info@pocketcharters.co.uk. Please note that:
We will need to verify your identity in order to be able to comply with certain of your Requests.
When you Request access to your Personal Information, there will be some Personal Information
which we are not able to disclose to you, such as documents which include confidential or
personal information about another entity or person; documentation relating to management
forecasting or planning; legally privileged documents; and copies of references.
We will not be able to comply with your Request in certain circumstances, for example where
your Request is manifestly unfounded or excessive.
We hope to address any enquiry or Request to your satisfaction, but if we do not, you have the right to
lodge a complaint with the relevant data protection regulator in the country where you normally live or
work, or where an alleged breach of data protection is said to have occurred (such as the Information
Commissioners’ Office in England)
Contacts And other Important Privacy Information
If you have any queries regarding this Privacy Notice or our processing of your Personal Information,
please email us at info@pocketcharters.co.uk
