Personal information charter

The Maritime Coastguard Agency holds personal data for seafarers, ship owners,agents and members of the public who have voluntarily registered their vessels.

Your information privacy

The Maritime and Coastguard Agency take your privacy seriously and in compliance with the new data protection legislation and the EU General Data Protection Regulation (GDPR) you can take a look at what we will be doing to manage and protect your personal information.

The data controller

The Maritime and Coastguard Agency, as an executive agency of the Department for Transport, is the data controller for any personal data you provide us with.

The data protection officer

DfT together with its executive agencies have put in place a governance structure that ensures the DfT data protection officer is able to meet their legal obligations while ensuring that the executive agencies, as separate business units, have day-to-day access to the data protection expertise they need. To achieve this, the data protection officer is supported by a team, which consists of data protection managers from each of the executive agencies. The DfT data protection governance policy (available on request) explains this more fully.

The data protection officer informs and advises the department and its executive agencies on how to comply with data protection law, and monitors compliance. The data protection manager at the MCA acts as the first point of contact for individuals whose data is being processed and if necessary they will escalate matters to the data protection officer for liaison with the Information Commissioner’s Office.

For any queries relating to how your information is handled at the MCA please contact us at:

Data Protection Manager,
Bay 3/10, Spring Place,
105 Commercial Road,
Southampton,
SO15 1EG

Email: dataprotectionmanager@mcga.gov.uk

Your privacy

We know how important it is to protect your privacy and comply with data protection law. If we need to collect, store or otherwise use your personal information, we will:

  • provide a legal basis for doing so, and only ask for what we need;
  • do so in a fair and transparent way, letting you know why we need your information and how we will use it;
  • use it in the way we said we would and not in a way you wouldn’t expect without letting you know first;
  • ensure that we don’t keep more information than we need, or for longer than we need it;
  • make sure it is accurate and up-to-date;
  • make sure nobody has access to it who shouldn’t;
  • ensure that it is kept safe and secure.

Data accuracy

You can help us by making sure that the information you give to us is accurate and let us know of any changes. For example, if you change telephone numbers or move to a new home, let us know so that we can keep your information up to date and accurate.

What allows the MCA to process your personal data?

To process your personal data, we need to meet one of the following conditions (or legal bases):

  • you have freely given your consent – it will be clear to you what you are consenting to and how you can withdraw your consent;
  • it is necessary for a contract you have entered into with us, or a contract that you intend to enter into;
  • it is necessary to meet a legal obligation;
  • it is necessary to protect someone’s ‘vital interests’ (a matter of life or death);
  • it is necessary to perform a public task (to carry out a public function or exercise powers set out in law, or to perform a specific task in the public interest that is set out in law);
  • it is necessary for our legitimate interests or that of a third party (a condition used where personal data is going to be used in ways that are reasonably expected and are not intrusive, and/or where there are compelling reasons for the processing).

The lawful basis that we rely on to process your personal data will determine which of the following rights are available to you. Much of the processing we do in the MCA will be necessary to meet our legal obligations or to perform a public task. If we hold personal data about you in different parts of the MCA for different purposes, then the legal basis we rely on in each case may not be the same.

Your rights

The GDPR sets out a number of rights which individuals have over their personal data, allowing you to request copies of your personal data or, in certain circumstances, to have it deleted or modified. These rights are explained fully on the Information Commissioner’s Office website. The MCA will ensure that we uphold your rights to the extent that they apply to the way in which we process your personal data.

The right to be informed

The right to be informed is a key part of the transparency requirements of data protection law. It includes various categories of information which would normally be provided in what is known as a ‘privacy information notice’.

Where you provide us with your information directly, you will see a privacy information notice from us which will tell you or provide a link to information on:

  • what information we collect about you and the purpose and legal basis for processing it (including details of the legitimate interests where that is the basis);
  • how will we use the information about you;
  • how long we will retain your information;
  • who we may share your information with;
  • access to your information and correction;
  • how to contact us.

The right to of access

You can request copies of the personal data that we hold about you at any time by making what is known as a ‘subject access request’. We will respond to a subject access request within one month of receipt.

There is no fee for making a subject access request, but charges may be made where someone asks for further copies of information which they have already received, or in exceptional circumstances, such as where a request is clearly unfounded, excessive or repetitive. We will advise you of your right to complain to the Information Commissioner or to seek a judicial remedy as appropriate.

If you would like to make a subject access request, please contact:

Information Assurance Branch,
Bay 3/10, Spring Place,
105 Commercial Road,
Southampton,
SO15 1EG

Email: informationassurance@mcga.gov.uk

Right to object

You have the right to object to us processing your personal data in any of the following circumstances:

  • where the processing is based on either the legitimate interests or public task condition;
  • direct marketing (including profiling);
  • for scientific and/or historical research and statistics purposes.

Where you object to us processing your personal data based on the legitimate interests or public task condition or scientific and/or historical research and statistical purposes, we will stop processing that information unless we can demonstrate that there are overriding reasons to do so, including where processing is necessary for the conduct of legal claims.

Other rights

Other rights you may have are:

  • a right to rectification if your personal data is inaccurate;
  • a right to erasure, a right to restrict processing, a right to data portability;
  • rights in relation to automated decision making.

Whilst these rights are unlikely to apply to the kind of processing that DfT and its executive agencies routinely carry out, if you think they may apply and want to know more, please refer to the Information Commissioner’s Office website. Any request you make to the MCA to exercise these rights will receive appropriate consideration, within the timescales required by data protection law.

When we share information

We may share personal information within our organisation or with other bodies where we are permitted to do so by law. There are some cases where we can pass on your information without telling you, for example, to prevent or detect crime, or in order to produce anonymised statistics. In all cases, whether data is shared internally or externally we will be governed by data protection law.

A small proportion of our records are transferred to the national archives and may be made available in accordance with the Freedom of Information Act 2000.

Privacy by design

Where we introduce new technologies, policies or processes, we will ensure that your privacy is considered from the outset.

Where appropriate, we will carry out a data protection impact assessment (DPIA). DPIAs allow risks to be identified at an early stage and solutions found to reduce or avoid data risks.

We will always carry out a DPIA where we use new technologies or consider that there is a high risk to the rights and freedoms of individuals. The data protection officer or the wider data protection team will provide advice on DPIAs to ensure that they are carried out effectively. Where an assessment identifies risks that cannot be satisfactorily reduced or avoided, we will seek advice from the Information Commissioner to help us find the best solution.

The steps we take to keep your data secure

We take information security very seriously and will do all we can to protect your personal data from unauthorised access, accidental loss, destruction and damage. We will carry out regular reviews and audits to ensure that our methods of collecting, holding and processing personal data meet the government’s security standards and industry good practice. Where we transfer personal information overseas, we will make sure that this only happens where appropriate safeguards are in place to protect it. The cross-government security policy framework on GOV.UK sets out how government organisations and third parties handling government information and other assets apply protective security.

The training and guidance we give to our staff

All staff are trained in the importance of protecting personal and other sensitive information. Those who routinely access personal data as part of their jobs receive more in-depth training. Staff in the MCA who have access to large volumes of personal data receive training that has been tailored to the agency’s business environment.

Managers who have formal responsibilities for large datasets, for example as information asset owners, will also receive additional training so that they have a clear understanding of what they need to do to keep the data under their control safe and secure.

As well as the above, all civil servants are required to work in line with the core values set out in the {Civil Service Code}(https://www.gov.uk/government/publications/civil-service-code/the-civil-service-code) - integrity, honesty, objectivity and impartiality. These values also apply to the handling of personal data.

Data breach notification

The MCA does everything it can to keep personal data secure. However, if a personal data breach occurs which is likely to result in a risk to the rights and freedoms of individuals (for example, financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), we will ensure that the information commissioner’s office is informed of the breach without delay, and in any event within 72 hours after having become aware of it. Where we know there has been a breach we will ensure that individuals are notified of the breach directly and without delay. Where it is not possible to contact individuals directly, we will attempt to make people aware through other means, e.g. a public announcement.

Where a personal data breach occurs, affected individuals (or data subjects) will be provided with the following information:

  • the categories and approximate number of data subjects concerned;
  • the categories and approximate number of records involved;
  • the contact details of the department’s data protection officer.
  • the likely consequences of the breach;
  • details of the measures already taken or planned to address the breach including any steps taken to mitigate potential damaging effects.

How to make a complaint

If you are unhappy with the way we have handled your personal information and want to make a complaint, please write to the department’s data protection officer or the data protection manager. You can contact the MCA’s data protection manager using the details below.

We will acknowledge your complaint within five working days and send you a full response within 20 working days. If we can’t respond fully in this time, we will write and let you know why and tell you when you should get a full response.

If you remain dissatisfied, or if you require independent advice about data protection, privacy and data sharing issues, contact:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire, SK9 5AF

Information Commissioner’s Office

How to contact us:

If you want to request information about our privacy information notices or information we hold about you, please contact:

The Data Protection Manager

Telephone: 0203 8172322 Email: dataprotectionmanager@mcga.gov.uk

Privacy information notices

We use personal information for a wide range of purposes, to enable us to carry out our functions as a government department. these include but are not limited to:

  • maintaining our accounts and records;
  • consideration and investigation of complaints;
  • answering queries;
  • corporate administration;
  • the support and management of our staff;
  • enforcement and regulatory duties;
  • administration of certification for seafarers

If we do hold information about you, we will provide you with specific information about our plans for using your data and your rights in relation to it.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for five years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

People who request information under the Freedom of Information Act (FOI), Subject Access and the Environmental Information Regulations (EIR).

When we receive a request under FOI and EIR we create a file containing the request and will record the name of the requestor and their contact details on our tracking database.

We will only use the personal information we collect to process the request and to check on the level of service we provide.

The MCA may be required to share correspondence including personal data provided where it is necessary for the purposes for which it was received. For example, if the relevant information needed to respond is held by another executive agency. It may also be appropriate to transfer correspondence to another public body when it has the responsibility for the matter in question. This includes transferring correspondence to a devolved administration if the matter sits with them. In each of these cases the sharing is necessary in order that accountability and transparency about public functions can be discharged.

We will keep personal information contained in files and our database in line with our retention policy. This means that information relating to an FOI will be retained for five years from closure.

It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Our services

To find out how we use the personal information we collect about you please select the relevant service that you require.

Seafarer training and certification Seafarer medical information Support for maritime training (SMarT) Ship registration Boat masters licence Beacon registration Coastguard safety scheme Emergency response Wreck and salvage

406 MHz beacons privacy information notice

How we use your information

The Maritime and Coastguard Agency (MCA) collect and retain the personal information provided when you register a UK coded 406 MHz beacon. These beacons include Emergency Locator Transmitter (ELTs) used in aircraft, Personal Locator Beacons (PLBs) carried by individuals and used in multiple-environments or those beacons carried on vessels in a maritime environment such as Emergency Position Indicating Radio Beacons (EPIRBs), Simplified Voyage Data Recorders (S-VDRs) and Ship Security Alert System (SSAS). We will use this information to fulfil our mandatory duties under International Maritime Organisation recommendations & Cospas-Sarsat requirements. Processing your information allows the MCA to exercise its official duty and to identify persons in distress and helps save lives.

If your beacon is activated and a distress signal received, the search and rescue authorities will contact you and/or your emergency contacts, using the information on the register.

How long we will retain your information

We will retain your information until we are advised that the beacon is no longer active, for example it has been removed from the vessel, replaced or destroyed.

There is a legal carriage requirement to carry EPIRBs and/or PLBs on certain Fishing Vessels as well as Merchant Vessels and the registration of these 406 MHz beacons is mandatory, as per the Statutory Instrument 2000 No 1850. Records relating to such beacons should be checked and the registration updated annually or within a 5-year period as outlined in MSN 1810.

For all other individuals the MCA will write to you to validate your details if you have not contacted us within 8 years, this corresponds with the expected current battery life of a beacon.

Who we will share your information with?

Global Search & Rescue authorities and those delegated authorities, such as RNLI Lifeboats, Police or Rescue Helicopter crew, that are directly involved with investigations relating to a beacon activation. In addition, for the purpose of verification, we share data where applicable with beacon manufacturers, suppliers and programmers, Shore based maintenance providers and assigned and approved Radio Surveyors, in accordance with MSC 1039 & MSC 1040.

Seafarer training and certification privacy information notice

This privacy information notice explains how we use any personal information we collect about you when you apply for certification with us.

What information do we collect about you?

The Maritime and Coastguard Agency (MCA) collect information about you when you apply for a:

  • Certificate of competency (CoC)
  • Certificate of equivalent competency (CEC)
  • Deck/engine watch rating certification
  • Yacht rating certificate
  • Authority to operate (ATO) certificate
  • Able seafarer certificate
  • Electro technical rating certificate
  • Boat master licence (BML)

To meet the applicable Standards of Training and Certification and Watchkeeping (STCW) requirements and the merchant shipping boatmasters qualifications, crew and hours of work and to meet our obligations as set out in the Merchant Shipping Act 1995-part III clause 47.

How will we use the information about you?

We collect information about you to process your application for a Certificate of CoC/CEC as well as for application types listed above. The personal information you provide is processed by our staff in the UK to assess your application and for correspondence purposes. We may use your information to improve our customer service, investigate complaints, legal claims or important incidents. We may use your information for crime prevention and prosecution of offenders.

Financial Information

Financial information which you provide to us, such as credit card details will only be used to process your payment for your application and will be destroyed once payment has been authorised.

How long we will retain your information

Your information will be held for as long as you have a valid certificate of competency. If you have not revalidated your certificate and have not returned to sea after 25 years we will remove your personal information from our systems.

Holders of a certificate of competency who have not been to sea for 20 years prior to making a new application must follow the guidance set out in MSN 1861.

Who we share your information with

The information you provide is primarily for processing your application for a certificate but may be shared with other statutory bodies/organisations to enable them to fulfil their statutory and legal obligations. Information may be shared with other UK government departments or governments of UN countries, training providers, maritime companies, and port state control authorities for verification purposes. We may also share your contact details with a third party to provide us with a customer service survey to improve our customer service and to provide better value for money.

Seafarer medical information privacy information notice

How we use your information

The Maritime and Coastguard Agency (MCA) collect and retain personal information provided on the medical examination of seafarers report form (ENG 2) the seafarer medical examination notice of failure/restriction (ENG 3), the certificate of medical fitness (ENG 1), and any seafarer medical report forms (ML5), which are referred to MCA for assessment.

We will use this information to fulfil our duties as stated in the Merchant Shipping (Maritime Labour Convention) (Medical Certification) Regulations 2010 (which implement the UK’s international obligations under Maritime Labour Convention, 2006), the ILO Work in Fishing Convention (C.188) and the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, 1978, as amended (STCW).

For ENG medical examinations the MCA approved doctors or when necessary the medical administration team (which is part of the seafarer safety & health branch of the MCA), will process your personal data, including medical information, to enable MCA approved doctors or medical referees to make a decision on your fitness to work at sea.

For ML5 medical referrals the medical administration team (which is part of the seafarer safety & health branch of the MCA), will process your personal data, including medical information, to enable the MCA ML5 assessors’ to make a decision on your fitness to work.

We will provide medical certificate verification to authorized organizations. The information provided will only verify a medical certificate as being valid or invalid, we will not provide any personal or medical information.

Anonymised data will be collated to support statistical and quality assurance, this information is published on Gov.UK please click here to view the annual reports.

How long we will retain your information

We will keep a record of your result for 10 years after which time we will securely destroy your information.

Who we will share your information with?

The information you provide is primarily used to enable processing staff at the MCA to assess a seafarer’s fitness to work at sea and issue a boatmasters licence or certificate. If applying for a Royal Yachting Association (RYA) certificate, the information will be shared with the RYA processing staff. If you attend another approved doctor in the future, that doctor will have access to the previous medical history to support the safety and standards as stated in the Merchant Shipping Regulations (Medical Certification) 2010.

Ship registration privacy information notice

This privacy information notice explains how we use any personal information we collect about you when you register your vessel with us.

How we use your information

The Maritime and Coastguard Agency (MCA) collects and retains the personal information provided when you register your boat on:

Part 1 Register of british ships

Part 11 Register of fishing vessels

Part 111 Small ships register (SSR)

Part 1V Foreign owned ships for bareboat charter

We collect information about you to carry out our official duty and to keep the UK ship register up to date and to make sure our services are planned to meet ship owner’s needs. To check and report on how effective the MCA and the services it commissions have been. To make sure that the MCA gives value for money. We may use your information to investigate complaints, legal claims or important incidents. We may use your information for crime prevention and prosecution of offenders.

Processing your personal information is necessary for the MCA to carry out our function as the register of British ships in the United Kingdom as stated in the Merchant Shipping Act 1995. The register shall be maintained in accordance with the private law provisions for registered ships. The register shall be available for public inspection.

Whilst a boat remains in UK territorial waters there is no compulsory requirement for her to be registered. However, under merchant shipping law, the concept of ownership is inextricably linked with the requirement of registration. By registering your boat, you are then bound by your flag state’s rules and regulations. In order to enjoy the freedom of the high seas a boat must be granted the nationality of a signatory state to the United Nations Convention on the Law of the Sea (‘UNCLOS’). The Merchant Shipping Act 1995 specifies which boats are British and therefore entitled to fly the British flag. For practical purposes if a boat wishes to leave UK territorial waters a boat needs to be registered and to carry on board the appropriate certificate. If a boat is of significant value, then it is worth registering on the part 1 register to reassure potential buyers of the boats ownership and title and if the boat is subject to a marine mortgage.

How long we will retain your information

The ships register is a public record where vessel registration details are recorded on the MCA vessel registration database to produce the certification required to register a vessel. The information stored on the register is kept indefinitely to support public requests for historical transcripts and information about the vessel.

All supporting documents and personal information provided at the time of registration are stored on paper-based customer files. The active files will remain open while the vessel is registered. Once the registration is closed the paper file is stored off site in secure storage and destroyed after 7 years unless there is an outstanding mortgage on the file.

If there is an outstanding mortgage on a file, it will remain open until the mortgage is paid.

Who we share your information with

The information you provide is primarily used for vessel registration purposes but may also be used for other non-vessel registration related purposes such as checking how effective our services are. Your information may be shared with other statutory bodies/organisations to enable them to fulfil their statutory obligations.

The information will only be shared with other organisations where there is a legal obligation to do so, or with the agreement of the vessel owners or their representatives.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

Vessel standards privacy information notice

This privacy information notice explains how we use any personal information we collect about you when we receive European Maritime and Fisheries Funding (EMFF) applications from the Marine Management Organisation (MMO).

What information do we collect about you?

The Maritime and Coastguard Agency (MCA) collect information about you when you apply to the MMO for an EMFF application for safety equipment or vessel modifications. This information could be your name, telephone number, vessel name and your email address.

It is incumbent on a fishing vessel operator to inform MCA about any proposed vessel modifications to comply with The fishing vessels (codes of practice) regulations 2017 No.943, and further set out in MSN 1871 (F) The Code of practice for the safety of small fishing vessels of less than 15m length overall, MSN 1872 (F) The code of safe working practice for the construction and use of fishing vessels of 15m length overall to less than 24m registered length and MSN 1873 (F) The code of practice for the construction and safe operation of fishing vessels of 24m registered length and over.

How will we use the information about you?

We collect information about you to assess your EMFF application for vessel stability and implications of the proposed vessel modifications. The personal information you provide is used by our staff in the UK to assess your application and for correspondence purposes. We may use your information to investigate complaints or important incidents.

How long we will retain your information

Your information will be held in the vessel file for the vessel’s lifetime. The correspondence sent to us by MMO with EMFF application forms containing your information will be deleted after two years.

Who we share your information with

The information you provide is primarily for assessing your application for EMFF funding but may be shared with other statutory bodies/organisations to enable them to fulfil their statutory and legal obligations.

Information may be shared with other UK government departments for verification purposes.

SMarT privacy information notice

This privacy information notice explains how the MCA use any personal information we collect about you when your sponsoring company claims for the government funded support for maritime training (SMarT) on your behalf.

Government funded support for maritime training (SMarT) is administered on behalf of the MCA by the administering body (AB), currently MaTSU. MaTSU is not a policy making body but has an executive role in ensuring that the scheme is operated effectively. MaTSU approves the payment of public funding to approved training providers (sponsoring companies) to support the costs of approved training.

What information do we collect about you?

A training provider will only enter non-personally identifiable details into the SMarT database when a reference number will be allocated. If you are transferring from one training provider to another, non-personally identifiable details about your previous SMarT funding claims will also be entered.

If you are undertaking ECDIS, high voltage or HELM courses your name, certificate of competency details and a copy of your passport will be submitted to MaTSU for validation and kept in a separate claims spreadsheet. All copies of personal data supplied will be deleted from the database once validated.

If you leave a training provider without completing your full approved training your name and reference number will be recorded in a separate ‘leavers’ spreadsheet to ensure the proper administering of the scheme. For this reason, training providers will be able to access the ‘leavers’ list via a secure web enabled SMarT portal.

How will we use the information about you?

The personal information collected will be used to populate anonymised aggregate government statistics. Bi-annual audits undertaken by MaTSU will take place on individual sponsoring companies and your information may be selected to ensure scheme compliance and appropriate use of government funding and state aid. If your records are selected, it may be necessary for some of your personal information to be uploaded to a secure web enabled SMarT portal and retained for up to 30 days until the audit has been fully completed. Your personal information will then be deleted from the SMarT portal.

How long we will retain your information

If your personal details are entered onto the ECDIS, high voltage or HELM claims spreadsheet your information will be kept for a 10year period from the date the SMarT funding was last granted after which point the personal information will be removed.

If your information is entered onto the ‘leavers’ spreadsheet it will be kept for 10 years to ensure the scheme is administered properly and removed after this time period.

Who we share your information with

The information you provide is primarily used for the administration of the SMarT scheme and not shared with any other third parties. Anonymised data is provided to the department for transport on an annual basis and forms part of the annual publication of Seafarer Statistics.

Emergency response

Personal information gathered by our coastguard teams during an emergency response will be processed by the Maritime and Coastguard Agency (MCA) in order to facilitate and coordinate rescues, preserve the safety of life and to enable the MCA to carry out our public task. This information is shared with the Marine Accident Investigation Branch (MAIB), who are part of the Department for Transport, for them to carry out their legal duties under the provisions of the Merchant Shipping (Accident Reporting and Investigation) Regulations 2012. To see how the MAIB handle your personal data please see their Personal Information Charter on their website.

In certain rescue circumstances it may be necessary for us to share your data with global search and rescue authorities and those delegated competent authorities such as UK police and other UK 999 services and the Royal National Lifeboat Institution (RNLI).

If you contact us directly to report an incident, we will ask you for your contact details which may be shared with our coastguard rescue officers who will contact you directly.

Our media and marketing team may contact you to invite you to contribute to a news story or similar communications activity related to your experience. This is optional, and you can ask our media team not to contact you again for this purpose.

Your information will be kept securely and retained for 10 years after which time it will be reviewed and deleted unless required to support investigations and other reasons of public interest.

Coastguard safety scheme

The Maritime and Coastguard Agency (MCA) will use your registered details to carry out our search and rescue function. Your information will be made available to the coastguard throughout the UK. This will give them the information they need to mount a search and rescue operation if you get into difficulty. We would advise you to update your details every 2 years to ensure accuracy.

Receiver of wreck privacy information notice

How we use your information

The Maritime and Coastguard Agency (MCA) collect and retain personal information when you report wreck material. We do this for the purposes of administering the Merchant Shipping Act 1995, to process claims to wreck and salvage from wreck owners and salvors. The information that you provide is primarily used for administering claims to wreck and salvage but may also be used for the purpose of the prevention and detection of crime and the investigation and prosecution of offences.

How long will we retain your information?

We will retain and process your information for each salvage case (droit) until the case concerned is closed in accordance with the Merchant Shipping Act 1995. Your information will then remain on file to maintain a record of wreck material which has been legally salvaged.

Hardcopy files are eligible for destruction after a period of five years from the date of the last paper on the file.

For electronic droit records, your personal data will be deleted from the file five years after the date of the last correspondence on file for that case. An electronic summary record of each droit case will be kept as a permanent record of wreck finds which have been through the statutory reporting process. This record will primarily contain droit information, although it will also contain the name and address of the salvor.

For wreck owners, we will keep your personal data for as long as you have an ownership interest in any wreck. We do this in order that we can contact you should material that we believe maybe your property be recovered from a wreck and reported to us.

If you no longer have an ownership interest in any wreck, you may contact us at row@mcga.gov.uk to inform us of this and to request that your personal data is updated or deleted.

Who will we share your information with?

We will not share your data with anyone other than for the purposes of processing your salvage/ownership claim or for the prevention and detection of crime or with your prior knowledge and agreement.

Certificate of proof of civil, passenger, other liability insurance privacy information notice

How we use your information

This privacy information notice explains how we use any personal information we collect about you when you apply for a certificate of insurance or other financial security in respect of one of the international maritime organisations conventions regarding compulsory insurance for a vessel or vessels.

How long we will retain your information

We will retain your information for seven years in line with government policy regarding financial information.

Who we will share your information with?

If you have indicated that you wish for your certificates to be sent by courier delivery, personal details (such as contact name, telephone number, and contact email address, plus delivery address) will be shared with the company contracted to provide the delivery services.

Association of Marine Electronic and Radio Colleges Limited (AMERC) privacy information notice

This privacy statement explains how the Maritime and Coastguard Agency (MCA) use any personal information that we collect about you when you apply for global maritime distress safety system (GMDSS) certification with the Association of Marine Electronic and Radio Colleges Limited (AMERC).

Applications for GMDSS certification are administered on behalf of the MCA, which is an executive agency, sponsored by the Department for Transport. The MCA is the data controller for the personal data we collect through the services provided by AMERC for the conduct of GMDSS examinations; course approvals, audits and collection of fees.

AMERC oversees the provision and delivery of courses leading to examinations for GMDSS certification. examination Co-ordination centres provide trained examiners to conduct GMDSS examinations at AMERC approved examination venues.

What information do we collect about you?

On behalf of the MCA, AMERC collects information about you when apply for a:

  • GMDSS general operators certificate (GOC)
  • GMDSS restricted operators certificate (ROC)
  • GMDSS long range certificate (LRC)
  • GMDSS long range certificate satellite module
  • GMDSS conversion
  • Electronic navigation equipment maintenance certificate
  • GMDSS radio maintenance certificate.

The Merchant Shipping (Standards of Training, Certification and Watchkeeping) Regulations 2015 implement the requirements of the International Convention and Code on Standards of Training, Certification and Watchkeeping (STCW) 1978, as amended, including the provisions prescribing the mandatory minimum requirements for certification of radio personnel appointed for distress and safety communication purposes in accordance with Regulation 19 of the Merchant Shipping (Radio Installations) Regulations 1998. The Radio Regulations implement in the UK, Chapter IV of the International Convention for the Safety of Life at Sea 1974 (SOLAS).

How will we use the information about you?

AMERC will collect information about you when you apply for GMDSS certification. The personal information you provide is processed by AMERC staff in the UK to assess your application and for correspondence purposes. Your information may be used for investigations, complaints, legal claims or important incidents. Audits are undertaken by AMERC and the MCA and your application may be randomly selected during this process.

Financial Information

Financial information which you provide to AMERC, such as credit card details will only be used to process your payment for your application and will be destroyed once payment has been authorised.

How long we will retain your information

Application forms for GMDSS certification will be held securely for one year by AMERC and will then be destroyed.

Your information will be held electronically for as long as you have a valid certificate of competency (COC). If you have not revalidated your COC and have not returned to sea after 25 years your personal information will be removed from the system.

Who we share your information with

After you have successfully undertaken a GMDSS approved course and passed your examination at your chosen examination/course centre, your application form, containing your personal information, will be submitted to AMERC for the processing and issue of your GMDSS Certificate. Your personal information will not be shared with any other parties.

Changes to our privacy policy

We keep our privacy policies under regular review and we will place any updates on this webpage. These privacy policies were last updated on 23 May 2018.

CCTV privacy statement

The Maritime and Coastguard Agency has CCTV cameras installed at selected sites around the UK. All cameras are installed for the security of staff, visitors and contractors at MCA sites for the protection of MCA properties.

Internal cameras are used:

  • for the monitoring of secure areas of buildings
  • to provide additional security within our buildings

External cameras are used:

  • to enhance building and site protection inside and outside of normal working hours

All footage is deleted after 30 days unless there is an overriding reason to be retained. Footage will not be shared outside MCA except in limited circumstances such as where it is necessary to make a disclosure to the police.