Data Protection Policy

  1. General Statement of Lets Cruise LLC's Duties and Scope
    • Lets Cruise LLC is required to process relevant personal data regarding members of staff, applicants and customers and shall take all reasonable steps to do so in accordance with this policy.
    • Lets Cruise LLC does not buy or sell personal data.
  2. Definitions
    • "Lets Cruise LLC" an incorporated LLC.

      An LLC is a limited liability company the United States-specific form of a private limited company.

    • "Data Controller"

      Lets Cruise LLC is a registered Data Controller. A controller is an entity that decides the purpose and manner that personal data is used, or will be used

    • "Data Protection Processor"

      The person or group that processes the data on behalf of the controller. Processing is obtaining, recording, adapting or holding personal data

    • "All Staff"

      Are all staff or employees of Lets Cruise LLC, including those on temporary or part time contracts and volunteers.

    • "Personal data"

      Any information that can be used to identify an indivdual person.

    • "Sensitive personal data"

      Encompasses genetic data, information about religious and political views, sexual orientation, and more.

    • "Data Subject"

      Is a living natural individual who is the subject of the personal data.

  3. Accessibility of this document.
    • This policy is written using clear and plain language and is considered as age appropriate (Age 13 and above) for the accessibility of all data subjects of Lets Cruise LLC.
  4. Data Protection Controller and Data Protection Officer
    • Lets Cruise LLC has appointed Russell Parrott as the Data Protection Controller (DPC who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of current Data Protection Legislation.
  5. The Principles
    • Lets Cruise LLC shall comply with the Data Protection principles contained in the legislation to ensure all data are:-
      1. Fairly and lawfully processed in a transparent manner.
      2. Processed for a legitimate purpose.
      3. Adequate, relevant and not excessive.
      4. Accurate and up to date.
      5. Not kept for longer than necessary.
      6. Processed in accordance with the data subject's rights.
      7. Processed securely.
  6. Data Security
    • Lets Cruise LLC will take appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the legislation.
    • Lets Cruise LLC and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data and against the accidental loss of, or damage to all personal data.
    • Violations of this policy by staff may be treated as misconduct or gross misconduct.
    • An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and should be encrypted when transported offsite.
    • Some other personal data however may be appropriate for publication or limited publication within Lets Cruise LLC, therefore having a lower requirement for data security, for example customer contact details.
  7. Rights of the Data Subject
    • GDPR expands the rights of the data subject over previous legislation, specifically data subjects have:
      1. The right to be informed.
      2. The right of access.
      3. The right to rectification.
      4. The right to erasure.
      5. The right to restrict processing.
      6. The right to data portability.
      7. The right to object.
      8. Rights in relation to automated decision making and profiling.
    • This policy and the published Privacy Statement are part of these rights.
    • If you wish to exercise any of these rights, with the exception of the right to access, please contact the named Data Protection Controller whose contact details are listed in Section19 of this policy.
  8. Processing of Personal Data
    • Lets Cruise LLC maintains a Privacy Statement which details personal information processed and the legal basis for processing that data. The current version can be viewed at https://letscruise.com/privacy-policy.html
    • Lets Cruise LLC processes some personal data for purposes considered direct marketing and fund-raising.
    • Data subjects have the right to withdraw consent to these activities.
  9. Sensitive Personal Data
    • At the date of this Policy Lets Cruise LLC does not process sensitive personal data.
  10. Criminal Convictions and Offences.
    • Lets Cruise LLC does not maintain registers of or process data on Criminal Convictions and offences
  11. Rights of Access to Information - what was formally known as Subject Access Request or 'SAR'
    • Data subjects have the right of access their Personal data held by Lets Cruise LLC, subject to the provisions of current Data Protection legislation.
    • Any Data Subject wishing to access their personal data should put their request in writing to the DPC or DPO. Lets Cruise LLC will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within one month for access to personal data and 21 days to provide a reply to a request.
    • The information will be made available to the Data Subject as soon as is reasonably possible after it has come to Lets Cruise LLC's attention and in compliance with the relevant legislation. Proof of identity is required before any information will be made available. Only the DPC or DPO may accept or respond to a request. Any other staff receiving such a request MUST immediately pass it to the DPC / DPO for processing or refer the person making the request to the DPC / DPO.
  12. Exemptions
    • Certain personal data or obligations are exempted from the some of the provisions of the Data Protection legislation which includes matters such as processing for National Security and Public Security, the prevention or detection and prosecution of criminal offences.
    • The above are examples only of some of the some of the exemptions under the legislation. Any further information on exemptions should be sought from the DPC or DPO.
  13. Accuracy
    • Lets Cruise LLC will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify Lets Cruise LLC of any changes to information held about them.
  14. Enforcement
    • If an individual believes that Lets Cruise LLC has not complied with this policy or acted otherwise than in accordance with data protection legislation, the member of staff should utilise Lets Cruise LLC grievance procedure and should also notify the DPC or DPO.
  15. External Processors and Controllers
    • Lets Cruise LLC must ensure that data processed by external processors, for example, service providers and Cloud services including storage, web sites are compliant with this policy and the relevant legislation. All external processors and controllers must be listed in the data processing register maintained by the DPO.
  16. Secure Destruction
    • When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.
  17. Retention of Data
    • Lets Cruise LLC may retain data for differing periods of time for different purposes as required by statute or best practice, individual departments incorporate these retention times into the processes and manuals. Statutory obligations, legal processes and enquiries may also direct the retention of certain data. Lets Cruise LLC may store some data such as registers and photographs indefinitely in its archive.
  18. Contacts and Representatives.
    • The DPC and DPO can be contacted in writing via the published Lets Cruise LLC address.
    • The DPO can be contact via email at dataprotection@letscruise.com

Author: Russell Parrott
Date: 11 October 2018