‘We’, ‘our’ or ‘us’ means Ports of Jersey.
‘You or ‘your’ means any person using the services of Ports of Jersey.
‘Information’ or ‘data’ means all the different forms of information you provide us and which we collect in carrying out our duties and in providing services to you.
If you have any questions relating to data protection:
- how we use your information
- information security
- wish to have your consent withdrawn, information modified, deleted or to gain access to the information held about you
Please contact our Data Protection Officer via email email@example.com or alternatively, write to Data Protection Officer, Ports of Jersey, Jersey Airport, St Peter, Jersey, JE1 1BY.
To process your personal data, we need to meet one of the following conditions (or legal bases):
- you have freely given your consent – it will be clear to you what you are consenting to and how you can withdraw your consent;
- it is necessary for a contract you have entered into with us, or a contract that you intend to enter into;
- it is necessary to meet a legal obligation;
- it is necessary to protect someone’s ‘vital interests’ (a matter of life or death);
- it is necessary to perform a public task (to carry out a public function or exercise powers set out in law, or to perform a specific task in the public interest that is set out in law);
- it is necessary for our legitimate interests or that of a third party (a condition used where personal data is going to be used in ways that are reasonably expected and are not intrusive, and/or where there are compelling reasons for the processing).
The lawful basis that we rely on to process your personal data will determine which of the following rights are available to you. Much of the processing we do at Ports of Jersey will be necessary to meet our legal obligations or to perform a public task. If we hold personal data about you for different purposes, then the legal basis we rely on in each case may not be the same.
What, how and why we collect personal data
The personal data which we collect and process will depend on the nature of our interaction with you. We collect your personal data to:
- help keep the public, our customers and employees safe and secure;
- comply with our obligations under Tax and Customs and Immigration legislation;
- operate any online applications and services used to promote a better customer experience;
- comply with our operational policies and procedures and the terms of our maritime and aviation operators;
- comply with our legal obligations and responsibilities;
- exercise our statutory powers.
We are the Data Controller of your information. We endeavour to structure our core business activities in a clear and transparent manner, reflecting the different ways we may interact with you. These include, but are not limited to:
We often need to collect information so that we can provide you with our full range of services and fulfil our statutory, regulatory and public obligations. Much of the information we hold comes directly from you.
In some cases, we gather data as part of our statutory functions, for example CCTV surveillance (including body-worn cameras) at the Harbour and Airport for security, safety and regulatory purposes. We also act as third party and joint controllers in certain instances. These are documented in Data Sharing Agreements and/or Processor Controller agreements (as required).
Please click on the relevant area to see the data we process, why we process the data, how we collect the data and how long we keep it for.
What we do with your information
We take the security of your personal information seriously and do not share this unless it is essential to provide you with a service in performing our statutory duties. There may also be occasions when we need to share your information, in the following ways:
- when we have your permission;
- when required by law to disclose it;
- while pursuing tasks for which we have a legitimate interest to remain open, safe and secure.
How we protect your information
We adopt up-to-date, appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information. We have a Data Protection Policy and Information Security Policy and Training Policy to ensure we adhere to the highest standards of governance.
The security measures we have in place include, but are not limited to:
- data is encrypted while at rest and sensitive documents may also be encrypted while in transit.
- destruction process – all personal data is securely removed after it has reached the end of its retention period. Paper waste is disposed of in designated confidential waste bins.
- physical security/access permissions – we implement an electronic access control system to physically restrict access to areas where data is stored. Access to data that is held in electronic format is managed by a username and password and access is restricted to only those users who have a valid business need.
- policies – all staff adhere to the Acceptable Use Policy.
- training – there is mandatory Data Protection training for all new staff and annual updates for existing staff.
We keep information for only as long as necessary to fulfil the purpose for which it was collected. Retention periods are applied according to the classification of the data type and the purpose for which it is held. The relevant retention periods may be disapplied in certain situations, including where evidence is required in civil and criminal matters.
Most browsers support cookies but you can set your browser to decline them and delete them whenever you like. However, some functions of our website may not work as they should if cookies are not enabled.
The law states that we can store cookies on your device if they are strictly necessary for the operation of our website. For all other types of cookies we need your permission.
Your consent applies to the following domains: ports.je and jerseyairport.com
Necessary cookies help to make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|_ga||This cookie is installed by Google Analytics. The cookie is used to calculate visitor session campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years||Analytics|
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number of visitors, the source where they have come from and the pages visited in an anonymous form.||1 day||Analytics|
|This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identify number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.||1 minute||Performance|
|test_cookie||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users’ browser supports cookies.||15 minutes||Advertisement|
|ARRAffinity||This cookie is set by websites that run on Windows Azure cloud platform. The cookie is used to ffinities a client to an instance of an Azure Web App.||Necessary|
Users may find plug-ins and other content on our websites and applications that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our site.
These sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our site, is subject to that website’s own terms and policies.
Third country transfers and safeguard
We operate in Jersey in the Channel Islands. We do use technology that may transfer data to another jurisdiction, for example use of Microsoft and cloud-based back-up of data. We will ensure that your data is appropriately protected (for example by reference to IT security standards) where such transfers do not offer the same level of protection of personal data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Your legal rights
Under the Data Protection (Jersey) Law 2018, you have the following rights with regards to your personal information:
- Right to be informed about the collection and the use of your personal data.
- Right to access your personal data and supplementary information.
- Right to rectification have inaccurate personal data rectified, or completed if it is incomplete.
- Right to erasure (to be forgotten) in certain circumstances.
- Right to restrict processing in certain circumstances.
- Right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services.
- Right to object to processing in certain circumstances, you may withdraw consent at any time (where relevant).
- Right regarding automated individual decision making and profiling.
- Right to raise a complaint with the Information Commissioner (https://oicjersey.org/).
If you object to processing or withdraw your consent, this may affect our ability to deliver services to you.
We may need to request specific information from you to help us confirm your identity to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. If you make a request, we have 28 days to respond to you once your identity is confirmed and you are not required to pay any charge for exercising your rights.
We endeavour to meet the highest standards when collecting and processing personal information. If you think our collection or use of personal information is unfair, misleading, or inappropriate, we encourage you to bring it to our attention. If you are unhappy with how we have used your personal data, you have the right to make a complaint at any time to the Jersey Office of the Information Commissioner (JOIC), the Jersey supervisory authority for data protection issues (https://jerseyoic.org/).
5 Castle Street
+44 (0) 1534 716530