our privacy notice

Your data matters- how we collect, use, & protect your information

Shaldon Marine Ltd – Privacy Notice

At Shaldon Marine Ltd, we respect your privacy and want to be clear about how we handle your personal information. This Privacy Notice explains in plain English how we collect, use, and protect your personal data when you use our services or interact with our website. We’ve written it to be easy to understand, but if you have any questions, please contact us.

This notice covers:

Who we are and what we do – Information about Shaldon Marine and the services we offer.
What personal data we collect – The types of personal information we gather about you.
How we collect your data – The ways we get your information (e.g. forms, phone, in person).
How we use your data – Why we need your information and what we do with it.
Who we share your data with – The third-party services or partners that handle your data with us.
How long we keep your data – How long we retain your information and why.
Children and vulnerable individuals – Our policy on collecting data from kids or vulnerable people.
Your rights and choices – The rights you have over your data (access, correction, deletion, etc.).
How we protect your data – Measures we take to keep your information safe.
Legal compliance – The laws we follow (and that we don’t have extra obligations beyond GDPR).
How to contact us – How you can reach us with questions or requests about your data.

Who We Are (and What We Do)

Shaldon Marine Ltd (“we” or “us”) is a marine services company based in Devon, UK. We offer a wide range of boating and marine-related services to our customers. For example, we provide boat storage and boat sales services (among others) shaldonmarine.co.uk. Our team can help with everything from lifting boats in and out of the water, to engine servicing and repairs, to selling new or used boats. We have two storage yards and a workshop in Shaldon to serve our clients.

This privacy notice applies to our website (www.shaldonmarine.co.uk) and all the services we offer at Shaldon Marine Ltd. When you use our services or contact us, we may collect and process some personal information about you – and we want you to know exactly what that means.

What Personal Data We Collect

We only collect personal data that we need to carry out our business and provide our services to you. The types of personal information we may collect include:

This includes your name, postal address, email address, and telephone number.

If you make a payment to us (for example, for storage fees or purchasing a boat), we may collect payment details such as your bank account or card information.

If you enter into a contract with us (like a boat storage agreement or a sales contract), we might record details related to that contract (e.g. contract number or boat details linked to you).

Any information you provide when contacting us – for instance, emails or messages you send, or information you give us over the phone.

To protect your property and our property within the yards we operate CCTV. CCTV is stored securely on servers, and is regularly deleted.

How We Collect Your Data

We collect personal data directly from you in a few different ways:

When you fill out a form on our website (for example, the contact form or any service enquiry form), you provide us with your name, contact information, and any message or details you include. This information is sent to us through our website (which is powered by WordPress).

If you sign up for our services in person, you might fill out a paper form or contract. For instance, we use paper forms for storage contracts and boat sale contracts. These forms will contain your contact details and relevant information for the service. We collect and keep those details when you submit the forms to us.

You may give us information when you communicate with us via email or phone. For example, if you email us an enquiry or call us to discuss services, we’ll collect the details you provide (such as your name, phone number, email, and any information related to your inquiry). We use Google’s G Suite for our emails, so communications you send by email are stored on Google’s email servers.

You might also provide information to us face-to-face. For example, if you visit our workshop or office and give us details to arrange a service or ask for a quote, we may note down your contact information and what services you’re interested in.

No matter how you provide your data, we will only ask for information that we genuinely need to serve you or fulfill our legal obligations. Providing your personal data is usually voluntary – for example, you fill in your details to get a service. If you ever choose not to provide certain information, we will tell you if that means we can’t proceed (for instance, we need payment details to process a transaction).

How We Use Your Personal Data

We use your personal information for the purposes it was given to us, and we always strive to use it in fair and transparent ways. Here are the main ways we use the data we collect:

We use your information to carry out the services you have requested from us. For example, if you have a boat storage contract with us, we use your details to reserve your space, maintain contact, and manage that contract. If you purchase a boat or service, we use your details to process the sale and any related paperwork. We cannot provide our services without using some personal details (like knowing who you are and how to contact you).

We use your contact information (email, phone, address) to stay in touch with you about important information. This includes sending you confirmations, invoices, updates about your service or contract, or responding to questions you ask us. If you reach out to us, we’ll use your data to reply or follow up.

If you owe a fee or make a purchase, we use your personal and payment details to create invoices and process payments. For example, we might enter your billing info into our accounting system (Xero) to send you an invoice, or use your provided payment details to collect a payment via our payment processor (iZettle).

If you have signed up to our newsletter or explicitly asked to receive updates, we will use your email address to send you our newsletter or occasional news about Shaldon Marine. We will only send you marketing or promotional emails if you have agreed to it. And of course, you can opt out at any time (see “Your Rights and Choices” below).

We also may use and keep some of your information to fulfill our legal or regulatory obligations. For instance, we need to keep records of transactions for accounting and tax purposes. This might involve using your data to generate financial reports or to satisfy requirements from authorities. We only use what is necessary for these purposes.

What We Don’t Do: We do not sell your personal information to third parties. We also do not use your data for any kind of automated decision making or profiling (like automatic credit scoring or marketing algorithms) – basically, a human being is in control of our processes, not a computer making decisions about you. If we ever need to use your data for a new purpose not covered in this notice, we will let you know and, if required, ask for your permission.

Who We Share Your Data With

We treat your personal data with care and confidentiality. We will never sell your data, and we only share it with third parties when it’s necessary to run our business or provide our services to you. Here are the types of third parties and service providers we use, and what data sharing with them might involve:

Our website is built on WordPress, which means that when you submit information through our website forms, that data passes through our website hosting and WordPress platform. The information you enter (like your name, email, and message) is stored securely on our website’s backend and sent to us. Our web host and platform have access to that data in theory, but they are governed by privacy obligations as well.

We use Google’s G Suite (now often referred to as Google Workspace) for our email and online documents. If you email us or if we email you, your email (including your email address and the content of the message) is stored on Google’s servers. Google acts as a data processor for our emails. They have robust security measures and are part of international data protection agreements. We trust Google to keep those communications secure on our behalf.

For managing our accounts and billing, we use a cloud-based accounting software called Xero. If you are a customer, we will input your relevant details into Xero – typically your name, contact information, and details of the service or product you purchased (and the amount you owe or paid). This allows us to generate quotes, invoices, receipts, and keep track of our finances. Xero is a reputable accounting platform and will also have its own protections in place for any data we store there.

When it comes to collecting payments, especially direct debit or online payments, we use GoCardless. If you set up a direct debit or online payment to pay us, you will likely provide your payment details (such as bank account information) through the GoCardless system. GoCardless will process your payment securely on our behalf. They may store your name, contact, and payment info to facilitate the transaction. GoCardless is a regulated payment processor and is required to handle your data safely and in compliance with data protection law.

In some cases, we might work with partner companies or subcontractors to carry out a service for you (for example, a specialist technician or a company like Coastal Canvas or Structural Marine for specific boat services). If we need to share your information with a partner to fulfill your request, we will only share what is necessary (such as your name or contact info and the details required for the job). We ensure any partner is also obliged to keep your information confidential and use it only for the agreed purpose.

We may also need to share your information if we are required to by law. For example, if a government authority or law enforcement agency lawfully requires us to provide certain data, we must comply. Similarly, we might share information with our professional advisors (like accountants or lawyers) or authorities like HM Revenue & Customs if needed to comply with tax, audit, or other regulations. This would only happen under proper circumstances and only what’s necessary would be shared.

The third-party services we use (for example, Google or Xero) might store or process data outside the UK. Whenever your data is transferred outside of the UK (or European Economic Area), we make sure that appropriate safeguards are in place – for instance, these companies may be part of international frameworks or use standard contractual clauses approved for data protection. In short, your data still gets a similar level of protection even if it leaves the country.

Whenever we share data with a service provider, we do so under agreements that require them to keep your information secure and to use it only for providing their service to us. We choose reputable companies with strong privacy practices. We do not allow any third party to use your personal data for their own marketing or purposes not related to the service they’re giving us.

How Long We Keep Your Data

We keep your personal information only for as long as it is needed for the purposes we collected it, or as long as is required by law – whichever is longer. We do not keep your data forever, and once we don’t need it, we will safely dispose of it. Here’s how that works in practice:

If you are a customer or have an active contract with us, we will retain your personal data for the duration of that relationship. For example, if you store your boat with us or we are providing a service, we will keep your details on file while that is ongoing. This allows us to manage the contract and contact you as needed.

If you have signed up to receive our newsletter or marketing emails, we will keep your contact details (like your name and email) on our mailing list until you decide to unsubscribe or ask us to remove your data. Every newsletter message will typically include an “unsubscribe” option so you can opt out easily if you no longer want those emails.

Once you stop using our services or your contract with us ends, we will review what personal data we have from you. We will retain only what is necessary for legal or business purposes and securely delete the rest. For instance, we may need to keep basic information on our invoices and financial records for a certain number of years to comply with tax and accounting laws. (In the UK, companies are generally required to keep accounting records for six years after the end of a financial year.) This means your name or transaction details might remain in our financial files until that period passes. We won’t keep more data than we need.

When we no longer have any legitimate need or legal obligation to keep your personal data, we will remove it from our systems. This may involve erasing electronic records, shredding paper documents, or anonymizing data (so it can no longer be linked to you). For example, we might anonymize statistical information about our customers (like how many people used a service in a year) but remove any personal identifiers.

In summary, we aim not to hold on to your personal information longer than necessary. If you have specific questions about our retention periods for a certain type of record, feel free to contact us and we can give you more detail.

CCTV Processing

We use CCTV around our yard, inside the office, and within the workshop for the purposes of security and crime prevention. The footage is stored securely for 30 days, unless it is needed for an investigation. Access to the footage is restricted to the directors of Shaldon Marine Ltd only. Our legal basis for using CCTV is our legitimate interest in protecting our property, staff, and business. We do not share footage with third parties unless we are legally required to do so, such as by the police.

Children and Vulnerable Individuals

Our services at Shaldon Marine are not directed to children (under 18 years of age) or to vulnerable individuals. We do not knowingly collect personal data from children. All of our offerings – such as boat storage, sales, and marine services – are intended for adults (e.g., boat owners or persons over 18 who can enter contracts).

If you are under 18, please do not provide any personal information to us. If we discover that we have inadvertently collected personal data from a child, we will delete it as soon as possible. Parents or guardians: if you believe a child under your care has given personal data to us, please contact us so we can remove it.

We also do not specifically target or profile any vulnerable individuals. Our goal is to treat all customers equally and with respect for their privacy. If you have any concerns about personal data for a vulnerable person in relation to our services, let us know and we will handle it with extra care.

Your Rights and Choices

As a customer or contact of Shaldon Marine, you have rights over your personal data. We want you to be aware of these rights, because it’s your information and you’re in control. Below is a summary of your key data protection rights under the UK GDPR:

You have the right to ask us for a copy of the personal information we hold about you. This is sometimes called a “Subject Access Request.” We will provide you with a copy of your data, usually within one month, free of charge.

If any of the information we have about you is incorrect or out of date, you have the right to have it corrected. Just let us know what needs fixing, and we’ll update it.

You can ask us to delete your personal data if it’s no longer necessary for us to keep it. For example, if you no longer have a contract with us and we don’t need the data for legal reasons, you can request that we erase it. This is sometimes known as the “right to be forgotten.” Please note there may be times we cannot delete data immediately – such as when we are required by law to keep it for a certain period – but we will inform you if that’s the case.

In certain situations, you have the right to ask us to stop using your data for a while (for example, if you believe the data is inaccurate or you have objected to our use of it). We will still store the data but not use it until the issue is resolved.

You have the right to object to us using your data in certain ways. For instance, you can object to receiving marketing emails from us. If you object to marketing, we will stop sending you our newsletter or updates. You can also object if you believe we’re processing your data without a legitimate reason.

This is the right to receive your personal data in a common, machine-readable format and to have it sent to another organisation if you request. This typically applies to data you provided to us and that we process by automated means (for example, if in the future we had an online portal where you entered information). If you need your data transferred to someone else, we will do our best to help with that.

In cases where we are relying on your consent to use your data (such as sending marketing emails), you have the right to withdraw that consent at any time. For example, you can unsubscribe from our newsletter and we will stop sending it. Withdrawing consent does not affect the lawfulness of any use of your data that happened before you withdrew.

If you are unhappy with how we have handled your personal data, please let us know first so we can try to put things right. But you also have the right to make a complaint to the Information Commissioner’s Office (ICO), which is the UK’s independent authority set up to uphold information rights. You can contact the ICO at https://ico.org.uk/ or call their helpline at 0303 123 1113.

To exercise any of your rights, you can contact us using the details in the “How to Contact Us” section below. We will respond to your requests as soon as we can (normally within one month, as required by law). We may need to verify your identity before fulfilling certain requests, just to make sure we’re giving the right data to the right person.

How We Protect Your Data

We understand that your personal information is important, and we take appropriate steps to keep it safe. Shaldon Marine has put in place various security measures to prevent your data from being lost, misused, or accessed by anyone who shouldn’t see it. For example:

Our computers and IT systems are password-protected and have up-to-date security software (like firewalls and antivirus protection).
We use reputable cloud services (such as Google G Suite and Xero) which employ encryption and robust security standards to protect the data we store with them.
Paper documents containing personal information (like contracts or forms) are stored securely, and we restrict who can access them. Only staff who need to see your information to do their job will have access.
We train our team to handle personal data carefully and to keep it confidential. Every employee and contractor at Shaldon Marine is aware of their duty to protect your privacy.
If we ever suspect a data breach (for instance, an unauthorised person accessing data or data being accidentally lost), we have a procedure to deal with it. We will inform you and the relevant authorities (like the ICO) as required by law if a serious breach occurs.

While we work hard to protect your information, it’s important to note that no company can guarantee 100% security. However, we continually review and improve our security practices to meet high standards of data protection. If you have any concerns about the security of your data, please contact us and we will be happy to discuss them.

Legal Compliance (UK GDPR and Other Obligations)

Shaldon Marine Ltd operates in accordance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018. These laws are designed to protect your personal data and give you rights over it – and everything in this notice is intended to comply with those requirements.

We want to be clear that we do not have any specific legal or regulatory obligations beyond the standard data protection laws. In other words, our business isn’t subject to any extra privacy regulations outside of UK GDPR. We don’t fall under any special sector-specific rules (like regulations for children’s data or financial institution privacy rules) – we simply follow the general law that applies to all organisations handling personal information. If any other privacy laws become relevant to our services, we will of course comply with them, but as of now, UK data protection law is the main framework we adhere to.

In plain terms, we’re committed to following the law and best practices when it comes to your privacy. We also maintain a registration with the Information Commissioner’s Office (ICO) as required for businesses that process personal data.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time, especially if our services or the laws change. If we make significant changes, we will notify you (for example, by posting a prominent notice on our website or by email if appropriate). However, we encourage you to check this page periodically to stay informed about how we are protecting your information. This notice is effective as of the date at the bottom.

(Last updated: July 2025)

How to Contact Us

If you have any questions about this Privacy Notice or about how we handle your personal data, please do not hesitate to contact us. We are here to help and address any concerns you might have. You can reach us in the following ways:

When contacting us about your personal data, please provide as much information as possible about your request to help us assist you (for example, if you are requesting a copy of your data, let us know who you are and what context you had dealings with us). We will respond as soon as we can.

Thank you for taking the time to read our Privacy Notice. Your trust is important to us, and we are committed to keeping your personal information safe and respecting your rights.