Data Protection Policy

  1. General Statement of Liberty Aqua Tours LLC's Duties and Scope
    • Liberty Aqua Tours LLC is required to process relevant personal data regarding members of staff, applicants and customers and shall take all reasonable steps to do so in accordance with this policy.
    • Liberty Aqua Tours LLC does not buy or sell personal data.
  2. Definitions
    • "Liberty Aqua Tours LLC" an incorporated LLC.

      An LLC is a limited liability company the United States-specific form of a private limited company.

    • "Data Controller"

      Liberty Aqua Tours LLC is a registered Data Controller. A controller is an entity that decides the purpose and manner that personal data is used, or will be used

    • "Data Protection Processor"

      The person or group that processes the data on behalf of the controller. Processing is obtaining, recording, adapting or holding personal data

    • "All Staff"

      Are all staff or employees of Liberty Aqua Tours LLC, including those on temporary or part time contracts and volunteers.

    • "Personal data"

      Any information that can be used to identify an indivdual person.

    • "Sensitive personal data"

      Encompasses genetic data, information about religious and political views, sexual orientation, and more.

    • "Data Subject"

      Is a living natural individual who is the subject of the personal data.

  3. Accessibility of this document.
    • This policy is written using clear and plain language and is considered as age appropriate (Age 13 and above) for the accessibility of all data subjects of Liberty Aqua Tours LLC.
  4. Data Protection Controller and Data Protection Officer
    • Liberty Aqua Tours LLC has appointed Marco Tempesta as the Data Protection Controller (DPC who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of current Data Protection Legislation.
  5. The Principles
    • Liberty Aqua Tours LLC shall comply with the Data Protection principles contained in the legislation to ensure all data are:-
      1. Fairly and lawfully processed in a transparent manner.
      2. Processed for a legitimate purpose.
      3. Adequate, relevant and not excessive.
      4. Accurate and up to date.
      5. Not kept for longer than necessary.
      6. Processed in accordance with the data subject's rights.
      7. Processed securely.
  6. Data Security
    • Liberty Aqua Tours LLC will take appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the legislation.
    • Liberty Aqua Tours LLC and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data and against the accidental loss of, or damage to all personal data.
    • Violations of this policy by staff may be treated as misconduct or gross misconduct.
    • An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and should be encrypted when transported offsite.
    • Some other personal data however may be appropriate for publication or limited publication within Liberty Aqua Tours LLC, therefore having a lower requirement for data security, for example customer contact details.
  7. Rights of the Data Subject
    • GDPR expands the rights of the data subject over previous legislation, specifically data subjects have:
      1. The right to be informed.
      2. The right of access.
      3. The right to rectification.
      4. The right to erasure.
      5. The right to restrict processing.
      6. The right to data portability.
      7. The right to object.
      8. Rights in relation to automated decision making and profiling.
    • This policy and the published Privacy Statement are part of these rights.
    • If you wish to exercise any of these rights, with the exception of the right to access, please contact the named Data Protection Controller whose contact details are listed in Section19 of this policy.
  8. Processing of Personal Data
    • Liberty Aqua Tours LLC maintains a Privacy Statement which details personal information processed and the legal basis for processing that data. The current version can be viewed at http://libertysiteseeing.com/privacy-policy.html
    • Liberty Aqua Tours LLC processes some personal data for purposes considered direct marketing and fund-raising.
    • Data subjects have the right to withdraw consent to these activities.
  9. Sensitive Personal Data
    • At the date of this Policy Liberty Aqua Tours LLC does not process sensitive personal data.
  10. Criminal Convictions and Offences.
    • Liberty Aqua Tours LLC does not maintain registers of or process data on Criminal Convictions and offences
  11. Rights of Access to Information - what was formally known as Subject Access Request or 'SAR'
    • Data subjects have the right of access their Personal data held by Liberty Aqua Tours LLC, subject to the provisions of current Data Protection legislation.
    • Any Data Subject wishing to access their personal data should put their request in writing to the DPC or DPO. Liberty Aqua Tours LLC will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within one month for access to personal data and 21 days to provide a reply to a request.
    • The information will be made available to the Data Subject as soon as is reasonably possible after it has come to Liberty Aqua Tours LLC's attention and in compliance with the relevant legislation. Proof of identity is required before any information will be made available. Only the DPC or DPO may accept or respond to a request. Any other staff receiving such a request MUST immediately pass it to the DPC / DPO for processing or refer the person making the request to the DPC / DPO.
  12. Exemptions
    • Certain personal data or obligations are exempted from the some of the provisions of the Data Protection legislation which includes matters such as processing for National Security and Public Security, the prevention or detection and prosecution of criminal offences.
    • The above are examples only of some of the some of the exemptions under the legislation. Any further information on exemptions should be sought from the DPC or DPO.
  13. Accuracy
    • Liberty Aqua Tours LLC will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify Liberty Aqua Tours LLC of any changes to information held about them.
  14. Enforcement
    • If an individual believes that Liberty Aqua Tours LLC has not complied with this policy or acted otherwise than in accordance with data protection legislation, the member of staff should utilise Liberty Aqua Tours LLC grievance procedure and should also notify the DPC or DPO.
  15. External Processors and Controllers
    • Liberty Aqua Tours LLC must ensure that data processed by external processors, for example, service providers and Cloud services including storage, web sites are compliant with this policy and the relevant legislation. All external processors and controllers must be listed in the data processing register maintained by the DPO.
  16. Secure Destruction
    • When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.
  17. Retention of Data
    • Liberty Aqua Tours LLC may retain data for differing periods of time for different purposes as required by statute or best practice, individual departments incorporate these retention times into the processes and manuals. Statutory obligations, legal processes and enquiries may also direct the retention of certain data. Liberty Aqua Tours LLC may store some data such as registers and photographs indefinitely in its archive.
  18. Contacts and Representatives.