The Offshore Marine Management Holdings (OMMH) group of companies (Offshore Marine Subsea Intl., Offshore Consult, Offshore Marine Equipment and Offshore Marine People & Academy) are committed to being transparent about how it records, keeps and processes data and to meeting its data protection obligations as set out under the General Data Protection Regulation ((EU) 2016/679) and the Data Protection Act ('Data Protection legislation'). OMMH will comply with all applicable requirements of current data protection legislation and also OMMH's Privacy policy.
Personal Data and Processing that Data:
OMMH will comply with data protection laws and the data protection principles set out in GDPR and other legislation and will ensure that all data is:
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by our employees or authorised third parties in the proper performance of their duties.
Personal data may be shared internally for the purposes of employee management. This includes parties involved in the employee management process including but not limited to human resources, payroll and management teams, interviewers/assessors involved in the employee management process, managers in all business area and IT staff if access to the data is necessary for the performance of their roles. Specific third parties may be involved in the execution of these services however we will at all times ensure those parties that we use are compliant with GDPR or standards equivalent to GDPR to ensure your personal data is handled correctly.
We will only hold personal data for as long as is reasonably necessary. You are entitled to withdraw your consent to us holding your personal data at any time at which point your data will be deleted and/or destroyed. However, steps may need to be taken in conjunction with the data protection officer to find an effective way to process data to execute the contract held with you. Personal data associated with Health and Safety information may in certain circumstances be held for up to 40 years.
You have the following rights regarding your information:
Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights.
You have the right to obtain access to your personal data and certain other information. This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.
You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not an absolute right to erasure; there are exceptions set out in the GDPR. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so. This means taking identifying fields within a database and replacing them with artificial identifiers or pseudonyms (a fictitious name).
You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.
You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply as set out in GDPR, you have the right to have such information transferred directly to a third party.
You have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances.
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. If you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful.
It may be necessary for OMMH to process personal data for a legitimate purpose and to effect the contract we hold with you. OMMH will seek your consent to process personal data. You have the right to withdraw your consent to use of your personal data. In such circumstances it will be necessary to collaborate with the data protection officer to determine a suitable means of processing your data to effect the contract with you.
You are entitled to have your personal data corrected if it is inaccurate or incomplete. OMMH will always take steps to update personal data as soon as practicable following notification. Where OMMH has not been notified of amended personal data OMMH cannot be held accountable for any consequences that arise from the possession and utilisation of inaccurate data. Document Title: Data Protection Policy Document Ref: OM-COR-PR-046 Revision: Z1 Issue Date: 20/04/2022 Page 5 of 7
OMMH may share personal data with third party companies with whom we have a commercial relationship as well as for processing supporting administrative activities such as payroll and pension, information technology services, insurances, employee benefits and legal services. The majority of those third parties are located within the EEA and are bound equally in respect of data protection obligations as OMMH is. OMMH ensure that those third parties have adequate process and procedures in place to ensure compliance with data protection laws and GDPR.
Some commercial clients with whom OMMH may share personal data and who may host, store and handle that personal data are located outside of the EEA and therefore are not subject to the same obligations as the data protection laws imposed within the EEA. OMMH’s policy is to only maintain relationships with only those third parties that are able to exhibit equivalent standards of data protection as those imposed within the EEA. OMMH will only share personal data with third parties who can evidence adequate safeguards are in place to protect your personal data.
OMMH will seek your consent to the transfer, store and process personal data within and outside of the EEA. You can withdraw your consent at any time.
It is a requirement for OMMH to be registered with the Information Commissioner’s Office (‘ICO’) where personal data is processed by OMMH. OMMH is registered with the ICO and additional information in respect of that registration can be found at the ICO’s Register of data controllers https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/.
