Waterways Ombudsman Scheme – compliance with the EU General Data Protection Regulation (GDPR)
The Waterways Ombudsman Scheme is covered by the GDPR. This includes a range of measures governing who may process personal data, by what means and for what purposes.
The Scheme is registered with the Information Commissioner’s Office as a data controller.
Your personal data and how we use it
Personal data (or information) is data about individuals (also known as data subjects) who contact the Scheme in connection with a complaint or enquiry. The personal information we are likely to collect includes, your name, address, contact details, correspondence and conversations with us, as well as any evidence provided by you or the organisation you are complaining about.
The main role of the Ombudsman is to consider complaints where the complainant has completed the internal complaints process of the organisation which is the target of the complaint. The Ombudsman also deals with enquiries, which may be about a potential complaint, or of a more general nature, or may be requests for advice or guidance.
Where the Ombudsman decides to conduct a formal investigation, or where she handles an enquiry, she will need to process your personal data. Under the GDPR there must be a lawful basis for processing personal data, one of which is “legitimate interest”. This means, in essence, that data is used in ways that a complainant or enquirer would reasonably expect.
For investigations and enquiries your personal data is processed on the basis of legitimate interest. Where the Ombudsman conducts a formal investigation she may also ask you to provide feedback about the service, but this will only be with your consent.
The Ombudsman will process your personal data only to the extent that is necessary to achieve the aims of the Waterways Ombudsman Scheme. In addition to considering complaints or dealing with enquiries, this will include sharing of information with the Waterways Ombudsman Committee, which oversees the Scheme, and with the Chartered Trading Standards Institute for the purposes of accreditation of the Scheme. Information will not be provided, without your consent, to any person or organisation that is not subject to the GDPR.
The Scheme is an independent entity. It does not have direct access to any personal data held by any organisation within its scope, nor do any of those organisations have direct access to any personal data held by the Scheme.
How long we keep your personal data
Personal data will not be kept longer than is necessary. Once a case or an enquiry has been closed, it will be retained for the following periods:
- in the case of enquiries where the Ombudsman does not carry out a formal investigation, any electronic or paper records are securely deleted or destroyed 12 months after the last contact with the enquirer;
- full case files are securely deleted or destroyed 12 months after the last communication from the complainant after the case has been closed, or six months after the publication of the annual report covering the date on which the final decision was issued, if later;
- Ombudsman final decisions are kept permanently.
You have the right to request a copy of your personal information and for it to be corrected if appropriate. A charge will not normally be made. The Ombudsman has a month to comply with the request.
You also have the right to request that your data be deleted or amended. You can also request that any further processing be stopped, although this will mean that your complaint or enquiry will be discontinued.
You can do this by emailing email@example.com
What to do if you’re unhappy with how we’ve handled your personal information
You should first let the Ombudsman know, so that she can look into your concerns. She is the data controller.
If you’re unhappy with the response, you can contact the Information Commissioner’s Office at www.ico.org.uk, firstname.lastname@example.org or 01625 545745.
More detailed information about compliance with the GDPR is available under the Publications tab or by following this link.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Websites in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer.
To learn more about cookies and how to manage them, visit AboutCookies.org.