News and Events
Terms and ConditionsDATA PROTECTION POLICY
1. INTRODUCTION
1.1 NorthLink Ferries Limited ("NFL") is required to collect and use personal information relating to customers, employees and others for the purposes of running their operations.
1.2 NFL recognises the importance of respecting the personal privacy or customers, employees and others and the need to put in place appropriate safeguards relating to the processing of personal information.
1.3 The type of personal information that NFL may require includes information about: customers; current, past and prospective employees; suppliers and others with whom it communicates. This personal information, whether it is held on paper, on computer or other media, will be subject to the appropriate safeguards in the Data Protection Act 1998 (the "Act").
1.4 NFL is a Data Controller for the purposes of the Act and this policy sets out NFL's approach to these matters and to compliance with the data protection laws. The policy applies to all employees or any other persons working for or on behalf of NFL.
2. POLICY
2.1 In order to comply with the Act NFL will:
2.11 Operate within the confines of its data protection registration;
2.12 Operate in compliance with the data protection principles in the Act;
2.13 Ensure any exemptions are applied consistently and accurately in accordance with the law;
2.14 Take note of the guidance and standards issued by the Information Commissioner from time to time;
2.15 Take note of applicable codes of practices; and
2.16 Provide appropriate data protection training to all staff.
3. COLLECTION AND RETENTION
3.1 NFL will only collect personal information that is relevant to the carrying out of its legitimate purposes and functions in a way that does not prejudice the interests of individuals. NFL will ensure that the information it holds is as accurate as possible, given the methods used in collection.
3.2 NFL will keep all personal information up to date, and when no longer required for NFL's legitimate purposes, steps will be taken to archive or destroy it as appropriate.
3.3 Any personal information which is processed will have the appropriate safeguards applied to them to ensure compliance with the Act.
3.4 Sensitive personal information is personal information relating to an individual's racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental condition, sexual life, details of the commission or alleged commission of any offence and any court proceedings relating to the commission of an offence
3.5 NFL will handle sensitive personal information with particular care. Before collecting or processing sensitive personal information, NFL will ensure that the appropriate notifications have been given and any required consents obtained.
4. DATA PROCESSING
Data processing will be allowed where there is a clear purpose for the activity which meets the requirement of the Act. Any non-obvious purposes for processing will be notified to the individual.
5. DISCLOSURES
5.1 NFL will not allow information collected from individuals to be disclosed to third parties except where, for example:
5.11 The individual has consented to the disclosure; or
5.12 NFL is legally obliged to disclose the information; or
5.13 There is a business requirement to disclose the information which does not prejudice the interests of individuals or breach the Act.
6. THIRD PARTY DATA PROCESSING
Where information is passed to a third party for processing, NFL will ensure that a written contract is put in place that requires the processor to act only on NFL 's instructions, not to disclose personal information without specific authority, to provide appropriate operational and technical security and to allow NFL to check the contract is being complied with.
NFL will not send personal information to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal information.
7. RIGHTS TO ACCESS INFORMATION
7.1 Employees and other subjects of personal information held by NFL have a right to access their personal information subject to any exemptions under the Act. If personal details are inaccurate, they can be amended on request.
7.2 Any person who wishes to exercise this right should make the request in writing to NFL's Customer Care Manager.
7.3 NFL reserves the right to charge the maximum fee payable for each access request.
8. SECURITY
NFL has put in place technical, physical and operational security measures to ensure the security of personal information against unauthorised or unlawful processing and against unauthorised or unlawful processing and against the accidental loss or destruction of, or damage to, personal information.
9. DESIGNATED DATA CONTROLLER
NFL's Commercial Director is responsible for ensuring compliance with the Act and implementation of this policy and is assisted in this function by the Customer Care Manager. The Customer Care Manager can be contacted at customerservices@northlinkferries.co.uk . Any questions or concerns about the interpretation or operation of this policy should be taken up in the first instance with the Customer Care Manager.
10. STATUS OF THIS POLICY
This policy has been approved by NFL's Directors and any breach of this policy will be taken seriously. This policy may be varied, amended or updated at any time.
11. COMPLAINTS
Any employee, customer or other person who considers that the policy has not been followed in respect of their personal information should raise the matter with their line manager or the Customer Care Manager in the first instance. Any complaint will be taken seriously and investigated thoroughly.
NorthLink Ferries Ltd is also subject to The Freedom of Information (Scotland) Act 2002.
Booking directly with NorthLink Ferries on www.northlinkferries.co.uk is cheaper than booking 
with another website and we never charge for any amendments made to your booking!
