Skip to content

Impartial training and careers advice

Call us: +441983 280 641

+441983 280 641

General Data Protection Regulation

1. Purpose

Flying Fish UK Ltd (“Flying Fish”) is committed to protecting the privacy and security of personal information entrusted to us by our customers, employees, contractors, suppliers and business partners.

This policy sets out how Flying Fish complies with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) when collecting, processing, storing, sharing and disposing of personal data.

This policy applies to all employees, contractors, instructors, consultants and any third parties processing personal data on behalf of Flying Fish.

2. Scope

This policy applies to all personal data processed by Flying Fish, including data relating to:

  • Customers and students
  • Seafarers using our tax return services
  • Prospective customers and marketing contacts
  • Employees and contractors
  • Suppliers and business partners
  • Website users

The policy applies to all data held electronically and in paper format.

3. Data protection principles

Flying Fish will ensure that personal data is:

  1. Processed lawfully, fairly and transparently.
  2. Collected for specified, explicit and legitimate purposes.
  3. Adequate, relevant and limited to what is necessary.
  4. Accurate and kept up to date.
  5. Retained only for as long as necessary.
  6. Protected against unauthorised access, loss or damage.
  7. Processed in a manner that demonstrates accountability.

4. Personal data we collect

Flying Fish may collect and process the following information:

Customer and Student Information

  • Full name
  • Date of birth
  • Address
  • Email address
  • Telephone number
  • Nationality
  • Emergency contact details
  • Medical information
  • Assessment results and certification records
  • Passport details or identification documents are required for certification purposes

Seafarers Tax Service Information

For customers using our Seafarers’ Tax Return Service, we may collect:

  • National Insurance Number
  • Unique Taxpayer Reference (UTR)
  • Employment details
  • Vessel and travel records
  • Income and tax information
  • HMRC correspondence
  • Supporting documents provided for tax return preparation

Website and Marketing Information

  • Contact form submissions
  • Email marketing preferences
  • Website usage data
  • Cookies and analytics data

5. Lawful Basis for Processing

Flying Fish processes personal data under one or more of the following lawful bases:

Contractual Necessity

To:

  • Deliver training courses
  • Process course bookings
  • Provide certification services
  • Deliver tax return services
  • Provide customer support

Legal Obligation

To:

  • Comply with HMRC requirements
  • Maintain financial records
  • Meet maritime regulatory requirements
  • Respond to lawful requests from authorities

Legitimate Interests

To:

  • Manage customer relationships
  • Improve services
  • Conduct business administration
  • Maintain training records

Consent

Where required for:

  • Marketing communications
  • Certain optional services

Customers may withdraw consent at any time.

6. Data Sharing

Flying Fish may share personal data where necessary with:

Awarding and Certification Bodies

Including but not limited to:

  • Royal Yachting Association
  • Maritime certification bodies
  • Examination and assessment organisations

Where sharing is necessary for course registration, examination, certification or verification.

Training Partners

Where a course is delivered wholly or partly by an external training provider, Flying Fish may share relevant personal information required for:

  • Course enrolment
  • Administration
  • Certification
  • Regulatory compliance

Only information necessary for these purposes will be shared.

HMRC and Professional Advisers

Where required to provide tax return services or comply with legal obligations.

Service Providers

Including:

  • Stripe for payment processing
  • HubSpot for customer relationship management
  • Google Workspace cloud storage and business software providers
  • PC Consultants IT support providers

All service providers are required to maintain appropriate security measures and process data only on our instructions.

7. Payment Processing

Flying Fish uses Stripe to process payments.

Flying Fish does not store customers’ credit/debit card details on our systems. Payment card information is processed securely by Stripe in accordance with industry security standards.

8. Customer Relationship Management

Flying Fish uses HubSpot as its Customer Relationship Management (CRM) system.

Customer information may be stored within HubSpot for:

  • Customer communications
  • Course administration
  • Sales enquiries
  • Marketing activities
  • Customer support

Access is restricted to authorised personnel only.

9. Data Retention

Flying Fish retains personal data only for as long as necessary.

Training Records

STCW Training and certification records will normally be retained until the customer’s 70th Birthday or five years after course completion, unless longer retention is required by regulatory bodies.

Records of RYA course completion will be held within the CRM system.

Tax Return Service Records

Records relating to self-assessment tax return services will be retained for a minimum of six years following submission of the relevant tax return to comply with HMRC requirements.

Financial Records

Financial and accounting records will be retained in accordance with HMRC and Companies Act requirements.

At the end of the retention period, information will be securely deleted or destroyed.

10. Information Security

Flying Fish will implement appropriate technical and organisational measures, including:

  • Password-protected systems
  • Multi-factor authentication where available
  • Secure cloud storage
  • Restricted access to personal data
  • Regular software updates
  • Staff training
  • Secure disposal of paper records
  • Secure backup procedures

All staff are responsible for protecting personal data and reporting any concerns immediately.

11. Individual Rights

Individuals have the right to:

  • Access their personal data
  • Correct inaccurate information
  • Request deletion where applicable
  • Restrict processing
  • Object to processing
  • Request transfer of their data
  • Withdraw consent where processing is based on consent

Requests should be submitted in writing to Flying Fish via mail@flyingfishonline.com

Flying Fish will respond within one month, where required by law.

12. Data Breaches

Any actual or suspected personal data breach must be reported immediately to management.

Flying Fish will:

  • Investigate the breach
  • Assess risks to individuals
  • Take corrective action
  • Notify the ICO where legally required
  • Notify affected individuals where required

Records of all data breaches will be maintained.

13. Staff Responsibilities

All staff, instructors and contractors must:

  • Follow this policy
  • Protect personal information
  • Use company systems securely
  • Report suspected breaches promptly
  • Complete any required data protection training

Failure to comply may result in disciplinary action.

14. Policy Review

This policy will be reviewed annually or sooner if required due to:

  • Changes in legislation
  • Changes in business activities
  • Regulatory guidance
  • Security incidents

Contact Details

Flying Fish UK Ltd
 15 High Street
 Cowes
 Isle of Wight
 PO31 7AF

Email: info@flyingfishonline.com

For data protection enquiries, requests or complaints, please contact us at the above address.