Guidance

Ports and marine facilities safety code compliance exercise survey privacy notice

Updated 11 December 2025

1. How we use your information

This privacy notice describes how the Maritime and Coastguard Agency (MCA) collect and use personal information about you when you complete the ports and marine facilities safety code compliance exercise survey.

The data controller for your personal information is the Maritime and Coastguard Agency (MCA). This notice sets out how your data will be used and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This survey is administered by the Ports and VTS Team at the MCA, who are responsible for managing the ports compliance exercise. The MCA will use the information you provide to us to assess how ports understand and apply the Code of Practice for Ports, such as how they manage port operations safely and comply with the 10 components of the Code of Practice. This will enable the MCA to gather crucial data on the number of port/reception facilities that both understand about the code and take measures to comply.

If you have any questions about the survey, please contact navigation.safety@mcga.gov.uk.

2. The type of personal information we collect

The MCA will collect and process the following personal information during the survey:

• your full name
• generic email address for port/facility
• your contact details including your organisation’s name and address

The MCA will also collect information about how your organisation complies with the ports and marine facilities safety code. The MCA will only collect your name, generic email address and contact number for the purposes of contacting the port for the purposes of arranging a health check.

3. How we get the personal information and why we have it

The personal information that we process is provided by you to the MCA directly for the following reasons:

• to communicate with you and your organisation on port operations and to arrange compliance checks.

Under UK GDPR, the MCA will only process your personal data where we have a lawful basis to do so. We process your personal data for this purpose in accordance with Article 6(1)(e) of the UK GDPR: the processing is necessary for the performance of a public task.

4. How we store and ensure the security of your personal information

Your information is securely stored on GOV.UK forms and the MCA’s secure infrastructure. The information you provide will be accessible only by staff members directly involved in the compliance exercise for ports/facilities. We will securely store your personal information in the UK. We do not routinely transfer data overseas but when this is necessary, we will ensure that we have the appropriate safeguards in place.

5. How long we retain your personal information

We will keep your personal information for a maximum of three years, after which time it will be deleted. Non-identifiable information about port compliance will be kept longer in line with our retention policy.

6. Who will we share your personal information with?

The MCA will not share your personal information with parties to use for a purpose that is not compatible with the port marine compliance exercise.

7. Your data protection rights

Information on how the MCA looks after personal data, your rights, how to contact our data protection officer and how to complain about processing of your personal data can be found on our personal information charter.