This Policy provides an overview of how we comply with data protection legislation and the basis on which any personal data we collect from you, or that you provide to us, will be processed. Although we may need to collect and hold certain personal data in order to deliver our services to you, we are committed to protecting and respecting your privacy.
About Recall Recover Limited
Recall Recover Limited (“RR”) is a company registered in England and Wales (registered number 13071406). It provides trauma-informed interviewing and crew wellbeing in marine casualties. You will be interviewed by one of our investigators and may be offered ongoing wellbeing support.
Controller / Contact details
Entity: Recall Recover Limited
DPO: Ben Beesley
Address: 54 St James Street, Liverpool, United Kingdom L1 0AB
Contact Details: email@example.com
What information is being collected
As part of providing our marine casualty investigation service, it is necessary to obtain and hold certain personal and sensitive personal data.
For individuals we may interview in relation to our investigative processes, and for individuals who may undergo our wellbeing processes, the data we may collect includes title, first name, last name, job title, company name, company address, home address, phone and fax numbers, email addresses, date of birth, age, nationality, mother tongue, languages, communication app display/username(s), education and educational achievements, qualifications, training, employment contract(s) and employment history, working experience, working habits and medical fitness records and matters relating to personal wellbeing (where relevant) and next of kin.
Special category personal data collected, held and processed includes: information we collect about your health, including information about your existing and previous medial conditions, information sent from an employer and/or any third party relating to your health and other personal circumstances; therapy notes, letters, reports and outcome measures generated through our face to face discussions, as part of providing you with an agreed service. We, any employer or other third party (as appropriate) may also collect any other Special Category of Personal data about you including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation and trade union membership. We do not collect any information about criminal convictions and offences.
For individuals other than those we may interview in relation to our investigative and wellbeing processes, the data we may collect under these categories includes title, first name, last name, job title, company name, company address, home address, phone and fax numbers, email addresses, marketing preferences/records, professional qualifications and interests, personal interests, interaction and engagements with us, financial data (where relevant), service data.
How we obtain personal information
We use different methods to collect data from and about you including through direct interactions, automated technologies or via third parties.
Purposes and Lawful Basis for Processing Personal and Special Category Information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where expressed and informed consent has been given by the person whose data is being processed; and/or
Where it is necessary for us to perform the contract we are about to enter into or have entered into with your employer, their insurers, legal/claims advisors or agents; and/or
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
Where we need to comply with a legal obligation.
Under the General Data Protection Regulations 2016/679, our lawful basis for processing and storing personal information is one of Legitimate Interest. We need to receive, process and store your information in order to provide the requested and agreed investigative, interview, witness and clinical psychology services to the highest standard. Without such information, we cannot provide a safe nor effective service.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
We require your explicit consent for processing sensitive category data, so we will provide you with a further communication asking for you to confirm your consent to this processing.
How data is stored
All data received, generated and processed as part of the service we provide is stored securely.
Paper: written notes, and other materials generated from discussions in session, and any written materials sent to us from a third party, are stored in a locked secure filing cabinet. Only the person dealing with your matter will have access to the key.
Computer-based/Smartphone: We use MS Office. This can be accessed via the relevant users iPhone, iPad, desktop and laptop, all of which will only be accessible via a password and/or Touch ID. Only the relevant users will have access to any information stored on the system, via their individual URL and password/Touch ID. Temporary storage of digital copies on password protected laptop used away from office is transferred to desktop computer on return. Emails and attachments on MS Exchange server, with emails replicated to password protected desktop and laptop computers, and Touch ID protected iPad and iPhone, are backed up to desktop computer. We use GDPR-compliant service providers such as WeTransfer and Dropbox for data transfer service. Your data will be in an encrypted state during transfer and at rest.
Email/Messaging/Chat: your email addresses, display/usernames, avatars, and correspondence may be stored in the relevant communication system account or app by nature of you making contact. Copies of correspondence may be taken and stored in accordance with the processes for other types of electronic records described above. Your telephone number may be stored in messaging apps or on the relevant call list should communication happen via these routes.
Investigative interview records will be kept until all actual and potential commercial disputes have been finally resolved. Psychological assessment records and therapy notes will be kept until 8 years after completion of the service provided. Interview materials, questionnaires and observational material generated through medico-legal assessments will be kept indefinitely.
The security and confidentiality of your data are extremely important to us. Therefore, your data will never be used, sold or shared for any purpose other than for providing the agreed service. As part of our service we may be required to share the data we collect with legal/claim advisors, insurers organizations, shipowner/shipmanager organizations, other psychology service providers, our accountant and your employer.
Our professional code of practice requires us to share information appropriately. Should an individual we work with disclose that they or someone else is at serious risk of harm, we may need to contact other agencies such as their usual medical practitioner, as is consistent with our professional obligation to place safety first.
For individuals who are engaged in therapy, we may be asked to provide a summary or up-date report.
Individuals have the right to have a copy of the records we hold for them, under GDPR. We will only release copies of our records where there has been a signed, addressed and dated request for such from you.
We require all third parties to respect the security of your personal and special category data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Many of our external third parties (including our international associate consultants to whom we sometimes refer your case to) are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention and destruction
We do not keep information about you any longer than is necessary. The length of time we keep your data may be determined by statutory or regulatory requirements. We delete or destroy all personal data when it is no longer required.
A copy of our data retention policy is available to individuals on request. This shows how long we would expect to keep your data and why.
Your rights under data protection legislation
You have various rights under the relevant data protection legislation. If you wish to exercise any of these rights, then please contact the DPO in writing.
We are confident that we will be able to answer any questions you may have, but should you feel it is necessary you do have the right to contact the UK Information Commissioner’s Office to discuss the matter further.
You have the right to see what personal data we hold about you. You also have the right to know where we got the data from, how and why we are processing your data, who it has been shared with, and how long we intend to keep it for.
You have the right to ask us to investigate, and correct where appropriate, any personal data we hold about you that you believe is wrong.
You have the right to ask us to erase personal data that we hold about you where we no longer have a lawful purpose to process the data, or where the data is being processed based on your consent which has now been withdrawn.
This right may be restricted by our need to comply with laws, regulations or other legitimate reasons that require us to retain data. However, we will tell you if this is the case.
Restriction of Processing
You have the right to ask us to restrict the processing of your personal data. Restricted processing means that we cannot make any changes to the data unless we have your consent. You can ask for restricted processing where:
You believe the data we hold is inaccurate and we need time to properly investigate;
We have unintentionally come into possession of your personal data that we should not hold but you do not want us to delete it;
Where we no longer need your personal data, but you want us to hold on to it for legal reasons; or
Where you have objected to how we use your personal data, and this is being investigated.
Right to Object
Where you feel that we are processing your personal data in a way that is inappropriate you have the right to object and so ask us to demonstrate legitimate grounds for doing so. This includes asking us not to communicate with you other than in ways you choose.
Right to not be subject to Automated Decision-making or Profiling
We do not make decisions based on automated processing or profiling.
Third Party Links
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Information relating to any changes will be made available on our web-site – www.recallrecover.com
Last revised: November 2021