IJUBOA is a data controller. It can be contacted as follows:
Mail: Lower Key House, Dorchester Road, Yeovil, Somerset BA22 9RD
Data protection contact: John Howard
The International Jack Up Barge Operator’s Association is a trade association representing and providing services to member companies, with the goal of improving safety and standards in the marine contracting industry. Data is generally collected and processed to fulfil contractual obligations of membership, It is primarily to have and to hold a record of those persons who have been issued with the official IJUBOA Blue Book for the purposes of improving their management skills of SEP’s. We also hold the details of employers who are members of the association which is done in collaboration with the SQA.
Under relevant laws, such as the EU General Data Protection Regulation (GDPR), data subjects have the following rights:
- The right to be informed – when we collect your data, we will tell you what data, why we are collecting it, how we will use it and how long we will store it for
- All personal details held by holders of the IJUBOA Blue Book have agreed to have their data kept by IJUBOA for the purposes of monitoring their CPD.
- The right to access – you have the right to access any personal data we hold about you and relevant supplementary information, so that you can verify the lawfulness of our processing
- The right to rectification – making sure that the data we hold about you is accurate and as complete as necessary for the purposes we hold it
- The right to erasure – you can ask us to erase any personal data that we hold about you. This is not an absolute right, applying only in certain circumstances, but we will review any such requests and communicate with you openly about your rights and our actions
- The right to restrict processing – you can permit us to store your data but ask us not to use it further (although again this applies only certain circumstances)
- The right to data portability – you can request from us any data that you have provided directly that you then wish to use for your own purposes across different services
- The right to object – you can object to processing of your personal data and we must comply unless there are compelling legitimate grounds to the contrary.
- If a person no longer requires the data to be held by IJUBOA subject to the above terms, all information held on that person will be deleted.
IJUBOA follows the six GDPR principles relating to the processing of personal data, i.e. that it should be:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and, where necessary, kept up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security.
The principal information that will be collected by IJUBOA from recipients of the Blue Book is date of birth, place of birth, nationality, passport number, telephone contact numbers, email address, and current photographic identity of that person. The following is a non-exhaustive list of data we collect. Where other methods are used, an additional data protection/privacy statement will be provided at the collection point and/or this policy updated.
- Membership – IJUBOA will where necessary confirm qualifications, experience and employment history with known members who have a legitimate right to be informed of this information. This data may additionally include a role or job title, to help verify the appropriateness of the nomination. We will notify such individuals of their nomination and our processing of their personal data on this basis. Data is used to provide a variety of member services. Names and company affiliations form part of a record of activity, such as minutes of committee meetings, proceedings of seminars and workshops, and as part of committee election materials. Business contact details may be shared with committee and workgroup members for the sole purpose of furthering IJUBOA’s published objectives and work programme. Such data is generally retained indefinitely, subject to the rights of data subjects to restrict processing.
- Publication sales – IJUBOA sells printed logbooks. It collects only that data which is necessary to identify the customer, deliver their goods, apply appropriate taxes and complete required accounting records. This data is retained in accordance with accounting rules.
- Events – IJUBOA organises with others a range of training sessions and workshops, to which its members and selected others are invited. As part of this activity, only that data is collected which is required for contacting delegates about event arrangements and providing reports on event outcomes. Such data is retained in accordance with accounting rules (as needed for paid events, but also for non-paid events for simplicity).
- Certification – IJUBOA runs certification schemes for certain positions in the nearshore and offshore SEP industry. As part of this, it collects and processes personal data relating to candidates and qualified personnel, which includes additional identity verification (such as passport or driving licence details), details of relevant certification and work history and a history of the application process, including examinations and resits. Such data is generally retained permanently. This is required to ensure a robust system that ensures the competence of those working highly safety critical positions in the marine SEP industry.
Approved training – IJUBOA approves or recognises a limited number of technical training courses in the SEP industry. As part of this, approved training establishments report the names and other identifying data (such as date or birth and/or passport number) and training history, which is used to verify the training history of IJUBOA certification candidates and as a back-up in case of provider closure.
- Other business records – IJUBOA maintains email, other electronic and physical records of business activities, which may contain personal data provided by individuals as part of normal business communications. This is processed in line with the six GDPR principles, with a document and data retention policy setting out retention periods appropriate to business needs and legal requirements.
IJUBOA uses industry leading online services and a variety of security software and hardware to ensure personal and other data is suitably protected. A comprehensive cybersecurity review is undertaken regularly. Awareness programmes on data protection and security matters are operated for IJUBOA staff and supported by an established, competent specialist IT company.
IJUBOA will comply with any legal requirements to provide data to national authorities.
It is sometimes necessary for IJUBOA to process data outside the EU:
IJUBOA data is restricted to staff operating at the IJUBOA HQ office. No data is permitted to leave this location unless it is specifically and correctly approved by two members of the IJUBOA admin staff. Such access is controlled by appropriate cybersecurity controls.
You also have the right to lodge a complaint directly with a supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK (or any other EU supervisory authority you prefer).
The ICO has extensive guidance to your rights and our responsibilities on its website (ico.org.uk).