Privacy Notice

Purpose

We value your privacy and take our obligations under privacy and data protection law very seriously. This Privacy Notice gives you information about how we collect and process your personal information.

This Privacy Notice describes in detail who is responsible for the personal information that we collect about you via the following channels: (i) through your use of our website; (ii) when you visit our ports or other SGL premises; (iii) when you enter into a relationship with us for the provision of services or communications with us, and (iv) when you register your interest to join SLG as an employee or apply for a job at SGL (whether directly with SGL or via a recruitment agency).

In particular this Privacy Notice describes:

• Who we are
• What is personal information?
• What personal information we collect about you
• What sensitive personal information we collect about you
• How we collect your personal information
• Information about third parties
• How we use your personal information
• How long we keep your personal information
• Who we share your personal information with
• How we protect your personal information
• Transferring your personal information out of the EEA
• Your rights regarding your personal information
• How to contact us
• Updates to Privacy Notice

In this Privacy Notice:

• references to you or your means any individual whose Personal Information we may collect via the channels described above;
• references to Customer means any organisation or individual that we supply goods or services to; and
• references to the Website means the websites which are operated by or on behalf of a member of the ABP Group (of which SGL is a part) and such other of the Group’s websites as we may operate from time to time.

If you are an employee, worker or contractor of the ABP Group, then please refer to the ABP Privacy Notice on iPort or request a copy from dataprotection@abports.co.uk

Who we Are

This Privacy Notice is issued on behalf of SGL so when we say “we”, “our”, “SGL” or “us” we mean Solent Gateway Limited. SGL is the “data controller” for the personal information collected and used in connection with the provision of services or communications by us to you, or when you visit our website, port or other SGL premises. This means we are responsible for deciding how we can use your personal information.
SGL is part of the ABP Group which is made of different legal entities, details of which can be found at www.abports.co.uk

What is Personal Information

Personal information means information about a living person by which that person can be identified either directly or indirectly.
Sensitive personal information is a special category of personal information which is particularly sensitive and which requires higher levels of protection, such as information about a person’s health or sexual orientation. For the purposes of this Notice, information about criminal convictions will be categorised as sensitive personal information.

What Personal Information We Collect About You

We may collect Personal Information from you in the course of our business depending on the context of our particular relationship with you. In particular:

Websites

If you visit our websites we collect the following information about you:

• if you visit our website, technical information such as your internet protocol address used to connect your computer to the website, browser type and version, time zone setting, browser plug in types and versions, operating systems and platforms;
• if you voluntarily complete any online forms on our website or any survey we collect the information requested by that form (e.g. email address, name, address, telephone number, location), marketing preferences; and
• we use technology to track the patterns of behaviour of visitors to our Websites and statistical information about the number of visitors to our Website. This helps us to provide you with a good experience when you browse our Internet Services and also allows us to improve our Internet Services. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

Our Websites are not intended for children and we do not knowingly collect data relating to children via our Websites.

Candidates for employment at SGL

If you apply for a job at SGL or register your interest with SGL for job opportunities, we may collect the following information about you:

• the information you have provided to us in your curriculum vitae and covering letter;
• the information you have provided on our application or registration form (whether provided online via our careers website or otherwise) such as name, title, address, telephone number, personal email address, date of birth, employment history, qualifications, right to work information;
• any information provided to us during an interview;

Business Customers, Potential Business Customers, Stakeholders

If you are a business customer or stakeholder of SGL, or if you or we would like to develop a business relationship, we may collect:

• your contact information such as name and prefix, job title, business and personal: address, telephone / mobile / fax numbers and email address;
• financial information and account details such as national insurance number, bank account number or other financial account number and account details;
• credit checking information such as details of your credit history, credit reference information and credit scores;
• information about you collected from publicly available resources e.g. details of your professional online presence such as your LinkedIn profile; Companies House or HM Land Registry or public databases;
• your interests and marketing preferences (including subscriptions to any newsletters), including any opt outs you provide;
• professional information (such as previous positions and professional experience) for business development purposes;
• any survey or consultation responses or other information which you may voluntarily provide to SGL;

Interactions with SGL

If you contact or correspond with SGL we may collect:

• contact details such as your name, image and contact information (including business and personal email, telephone and postal address); and
• your marketing preferences;

SGL’s premises / port estate

If you visit or work at any of SGL’s premises (e.g. offices, port estate, car parks), we may collect:

• information collected by our information technology systems (e.g. door entry and reception logs, CCTV, automatic number plate recognition, body worn cameras or other surveillance system recordings, access control system, communications systems),
• information collected by our security personnel about your visit (e.g. vehicle registration, your name, company and job title);
• training records (e.g. your name and details of the port related training you have carried out) and other information required by SGL for health and safety purposes if you have an operational role on the port/terminal; and

What Sensitive Personal Information We Collect About You

We may collect Sensitive Personal Information from you in the course of our business depending on the context of our particular relationship with you. In particular:

Candidates for employment at SGL

If you apply for a job at SGL or register your interest with SGL for job opportunities, we may collect the following types of more sensitive personal information about you:

• information about your health, including any medical condition, health and sickness records;
• information collected by SGL’s drugs and alcohol tester if you are subject to such test being carried out as a pre-condition to your employment;
• information regarding unspent criminal convictions which you have declared as part of your application process;
• information relating to equal opportunities, such as ethnicity, nationality, religious beliefs, sexual orientation and gender.

SGL’s premises / port estate

If you visit or work at any of SGL’s premises (e.g. offices, port estate, car parks), we may collect the following for sensitive personal information about you:

• information about you if you are involved in any incident (e.g. a health and safety incident) while on SGL’s premises (e.g. details of any injury which you may have suffered and how it occurred).

How We Collect Personal Information

We collect personal information from you in person when you meet with us, when you visit SGL premises, when you make an enquiry or booking or enter into an agreement with us, through correspondence or other communications with you and via our Websites or other social media pages (e.g. SGL’s Twitter or Facebook pages).

If you apply for a job at SGL, we may collect personal information from a recruitment agency, and from your named referees (where applicable).

We may also collect personal information from publicly accessible sources such as Companies House, LinkedIn or public databases. Occasionally, we may obtain personal information about you through third parties such as your employer or a credit checking agency.

Third Party Personal Information

In the course of us providing goods or services to you, you may provide us with personal information relating to third parties. For example, your employees or your visitors, or your referees if you are applying for a job.

We will use this personal information in accordance with this Privacy Notice. If you are providing personal information to us relating to a third party, you confirm that you have the consent of the third party to share such personal information with us and that you have made the information in this Privacy Notice available to the third party.

How We Use Your Personal Information

Your personal information may be used by us, our employees, service providers, and disclosed to third parties for the following purposes. For each of these purposes, we have set out the legal basis on which we use your personal information.

Purpose	Legal Basis
To communicate with you and other individuals about our services.	The legal basis will fall into one of the following four categories, depending on the communication and the purpose for which it was sent: • our legitimate business interests in order for us to manage our relationship with you; • necessary for the performance of a contract between you and us; • consent; and/or • compliance with legal obligations to which we are subject.
To carry out our obligations arising from any contracts entered into between you and us, and to provide you with our services.	Depending on the circumstances: • necessary for the performance of our contractual obligations between you and us; or • our legitimate business interests to comply with the terms of a contract we have in place with a customer.
To improve our products, services and our staff training.	This processing is necessary for our legitimate business interests in order for us to manage our relationship with you and to improve/develop our products, services and staff training.
To manage any service or quality related issues, complaints, feedback and queries.	Depending on the context, this processing could be necessary for: • the performance of our contractual obligations between you and us; • us to comply with our legal and regulatory obligations; and/or • our legitimate business interests in order for us to manage our relationship with you and ensure our services are fit for purpose and meet the needs of our organisation.
To send you direct marketing communications about our services, including newsletters.	Depending on the circumstances: • our legitimate business interests to contact you about the services we offer and relevant industry news; or • consent – in some circumstances, we may rely on your consent to send direct marketing communications to you.
To carry out satisfaction surveys and analysis.	The processing is carried out for our legitimate business interests because it enables us to develop and improve our services offered to you.
To prevent and detect fraud, financial crime and anti-money laundering.	Depending on the circumstances: • the processing is necessary for us to comply with our legal and regulatory obligations; or • the processing is carried out for our legitimate business interests in order to conduct and manage our business.
The prevention and detection of crime	• The processing of CCTV footage is necessary for our legitimate business interests. We have a legitimate interest in preventing and detecting crime at our premises and to prevent the misuse of our car parks. • The processing may also be necessary in connection with legal proceedings (i.e. the establishment, exercise or defence of legal claims).
To ensure the security of our premises, ensure the health and safety of individuals and to ensure high standards of behaviour and performance.	• The processing of CCTV footage, automatic number plate recognition images, footage captured from body worn video cameras (for example, those worn by security guards) and swipe card records is necessary for our legitimate business interests. We have a legitimate interest in ensuring high standards of behaviour and performance across our business, and the detection of crime. • Where this involves the processing of sensitive personal information, we process such information in order to prevent unlawful acts or with explicit consent, depending on the circumstances,
To comply with any legal or regulatory obligations (including in connection with a court order).	The processing is necessary for compliance with a legal obligation to which we are subject.
Assessing your fitness to work at our ports or other premises.	The processing is carried out for our legitimate business interests to ensure that those individuals who are quayside at our ports, are fit to be there and do not pose a health and safety risk. Where this involves the processing of sensitive personal information such as drug and alcohol testing, we process such information in order to carry out our employment legal obligations,
To enforce or apply the contracts concerning you (including contracts between you and us).	Depending on the circumstances: • the processing is carried out for our legitimate business interests in order to conduct and manage our business; or • in connection with legal proceedings (i.e. the establishment, exercise or defence of legal claims).
To assess your skills, qualifications and suitability for a role at SGL, carry out reference checks (where applicable) and communicate with you about the recruitment process.	The processing is carried out for our legitimate business interests to decide whether to appoint you to the relevant role and whether to enter into a contract of employment with you. Where this involves the processing of criminal conviction data we do so in connection with our rights and obligations in connection with employment.

We may be required to obtain your personal information to comply with our legal requirements, to enable us to fulfil the terms of any contract that we have with or in preparation of us entering into a contract with you. For example, if you do not provide the relevant personal information to us such as your name and postal address, we will not be able to provide the relevant product to you or another person (as may be requested by you).

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We may process your personal information without your knowledge or consent, where this is required or permitted by law.

How Long We Keep Your Personal Information

We will only retain your Personal Information for as long as is necessary to fulfil the purposes we collected it for. The length of time we hold on to your personal information will vary according to what that information is and the reason for which it is being processed, including for the purposes of satisfying any legal, accounting or reporting requirements or defending any potential claim in accordance with our Record Retention Policy.

When it is no longer necessary to retain your Personal Information, we will delete or anonymise it.

Who We Share Your Personal Information With

We share your Personal Information with:

• our legal advisors, auditors, accountants, insurers and insurance brokers and other professional advisors,
• our third-party service providers and contractors that we may use in connection with our business;
• our IT service providers;
• police and other law enforcement agencies in connection with the prevention and detection of crime;
• other companies, entities and shareholders within the ABP Group (which we are a member of);
• third parties involved in any matter relating to you such as courts, law enforcement agencies and regulatory bodies;
• other external agencies and organisations (including the National Crime Agency) for the purpose of preventing and detecting fraud (including fraudulent transactions), money laundering and criminal activity;
• other entities in our group as part of our regular reporting activities on SGL performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data;
• third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or instructions of a regulatory body (including in connection with a court order), or in order to enforce or apply the terms of any agreements we have with or otherwise concerning you (including agreements between you and us) or to protect our rights, property or safety of our clients, employees or other third parties; and
• we will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

How We Protect Your Personal Information

We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a need to know. They will only process your Personal Information on our instructions, and they are subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Transferring Your Personal Information Out of the EEA

Sometimes it is necessary for us to process or share your Personal Information outside of the European Economic Area (EEA), e.g:

• With our service providers located outside the EEA (i.e. our IT suppliers);
• If you are based outside the EEA;
• If any SGL personnel access the information remotely while they are travelling outside the EEA.

When we transfer Personal Information outside of the EEA, we will implement appropriate and suitable safeguards to ensure that such personal information will be protected as required by applicable data protection law (e.g. contractual protections).

For further information as to the safeguards we implement please contact our Group Data Protection & Compliance Manager as detailed in the section “How to contact us”.

Your Rights With Respect To Your Personal Information

You have certain rights with respect to your personal information. The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights.

	Summary of your rights
Right of access to your personal information	You have the right to receive a copy of your personal information that we hold about you and information about how we use it, subject to certain exemptions.
Right to rectify your personal information	You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete.
Right to erasure of your personal information	You have the right to ask that your personal information be deleted in certain circumstances. For example (i) where your personal information is no longer necessary in relation to the purposes for which they were collected or otherwise used; (ii) if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal information; (iii) if you object to the use of your personal information (as set out below); (iv) if we have used your personal information unlawfully; or (v) if your personal information needs to be erased to comply with a legal obligation.
Right to restrict the use of your personal information	You have the right to suspend our use of your personal information in certain circumstances. For example: (i) where you think your personal information is inaccurate and only for such period to enable us to verify the accuracy of your personal information; (ii) the use of your personal information is unlawful and you oppose the erasure of your personal information and request that it is suspended instead; (iii) we no longer need your personal information, but your personal information is required by you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the use of your personal information and we are verifying whether our grounds for the use of your personal information override your objection.
Right to data portability	You have the right to obtain your personal information in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible. The right only applies where the use of your personal information is based on your consent or for the performance of a contract, and when the use of your personal information is carried out by automated (i.e. electronic) means.
Right to object to the use of your personal information	You have the right to object to the use of your personal information in certain circumstances. For example: (i) where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party); and (ii) if you object to the use of your personal information for direct marketing purposes.
Right to withdraw consent	You have the right to withdraw your consent at any time where we rely on consent to use your personal information.
Right to complain to the relevant data protection authority	You have the right to complain to the relevant data protection authority, which in the case of SGL, the Information Commissioner’s Office, where you think we have not used your personal information in accordance with data protection law.

How to Contact Us

If you have any comments or questions about how we handle your Personal Information or this Privacy Notice or to exercise any of your rights, please contact the Group Data Protection & Compliance Manager at:

• dataprotection@abports.co.uk,
• 07398671462
• or by post FAO Group Data Protection & Compliance Manager, Associated British Ports, 25 Bedford Street, London WC2E 9ES.

Updates

We will amend this Privacy Notice from time to time to ensure it remains up to date. Any changes we make to this Privacy Notice in the future will be posted on this page and, where appropriate, we will give you reasonable notice of any changes. Please visit our Websites to keep up to date with any changes. The current version will always be posted on our Websites. This Privacy Notice was first published on 20th July 2023.