PRIVACY POLICY

The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data, to make sure you stay informed PRIVACY POLICY

1. Introduction

The privacy and security of your personal information is extremely important to us. This Privacy Policy explains how and why personal data is collected, used, shared and protected when you interact with the Great Blue Ocean (GBO) coalition, including through our website, social media channels, events, and other engagement activities.

This policy is intended to ensure transparency and to help you understand your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We may update this Privacy Policy from time to time. Any changes will be published on this page and will apply from the date of publication.

Website: https://www.greatblueocean.org

2. Who We Are

The Great Blue Ocean (GBO) coalition was established in 2015 and works collectively with UK Overseas Territory communities, governments and the UK Government to help create and enhance Marine Protected Areas (MPAs).

GBO is not a separate legal entity. It is a coalition made up of the following six organisations:

  • Blue Marine Foundation – Registered charity in England and Wales (Charity No. 1137209; Company No. 07176743)
  • Greenpeace Environmental Trust – Registered charity in England and Wales (Charity No. 284934; Company No. 01636817)
  • Marine Conservation Society (MCS) – Registered charity in England and Wales (Charity No. 1004005) and Scotland (SC037480); Company No. 02550966
  • The Pew Charitable Trusts – Registered in the UK as a branch of a US organisation (Company No. FC029803)
  • Royal Society for the Protection of Birds (RSPB) – Registered charity in England and Wales (Charity No. 207076) and Scotland (SC037654)

3. Data Controllers and Governance Arrangements

For the purposes of UK GDPR, the six organisations listed above act as Joint Data Controllers in respect of personal data processed under the GBO coalition.

The organisations have entered into a Joint Controller Arrangement in accordance with Article 26 UK GDPR, which sets out their respective roles and responsibilities for data protection compliance.

Blue Marine Foundation has been designated as the lead controller and primary point of contact for data protection matters on behalf of the coalition.

A summary of the joint controller arrangement is as follows:

  • The coalition partners jointly determine the purposes and means of processing personal data in relation to GBO activities.
  • Blue Marine Foundation is responsible for:
    • acting as the primary contact for data subjects;
    • coordinating responses to data subject rights requests;
    • maintaining overarching data protection governance for coalition activities.
  • Each coalition partner remains responsible for the security and lawful handling of personal data within its own systems.

You may exercise your data protection rights in respect of coalition data by contacting Blue Marine Foundation (see Section 14), or by contacting any of the joint controllers directly.

4. Our Commitment to Your Privacy

We are committed to keeping personal data safe, secure and used only in ways that are lawful, fair and transparent. We do not sell personal data, and any third parties we engage to process data on our behalf do so under appropriate contractual safeguards and do not use the data for their own purposes.

5. Why We Collect Personal Data (Lawful Bases)

We only collect and process personal data where we have a clear purpose and a lawful basis under UK GDPR. These include:

a) Fundraising and support for GBO initiatives

We may process personal data to inform supporters about GBO initiatives and, on occasion, fundraising activities. Where required, communications include clear opt‑out mechanisms. Relevant lawful bases include legitimate interests and, where applicable, consent.

b) Buying or selling goods and services

Personal data is processed where necessary to meet contractual obligations when procuring or supplying goods and services. The lawful basis is contract.

c) Events and attendance management

Personal data is collected to administer attendance at GBO events. The lawful basis is legitimate interests in organising and managing events.

d) Raising awareness, including with partners and sponsors

Feedback collected from event attendees may be shared in aggregated or relevant form with partners and sponsors to evaluate and demonstrate the impact of GBO activities. Filming and photography may take place at events; where consent is required, this will be obtained in advance, and consent can be withdrawn at any time.

e) Legal and regulatory obligations

Personal data may be processed to comply with legal obligations, including requirements from HMRC, the Charity Commission, Companies House, the HSE and other regulators. The lawful basis is legal obligation.

f) Operation of the coalition

Personal data may be processed to enable the effective functioning of the coalition, including liaison with governments and communities, research and evaluation activities, office management, handling complaints, safeguarding, health and safety and security. The lawful basis is legitimate interests.

6. What Personal Data We Collect and How

a) Basic information

This may include name, email address, telephone number and, where relevant, place of work or education. Data is usually collected directly from you, or in some cases from your organisation in connection with an event or engagement.

b) Engagement information

This may include records of event attendance, donations, volunteering, communication preferences and interactions with GBO representatives.

c) Special category data

We do not normally collect special category data. Where it is necessary (for example, health information relating to event attendance or volunteering), this will be collected with explicit consent or where otherwise permitted by law, and handled with additional safeguards.

d) Children and young people

We do not knowingly collect personal data relating to children under 13 years of age without the express consent of a parent or guardian.

7. Data Sharing

Personal data may be shared between coalition partners where necessary for agreed GBO purposes and in accordance with the joint controller arrangement. Data may also be shared with service providers acting as data processors under contract. Personal data is not shared for independent use by partners or third parties.

8. International Transfers

Where personal data is transferred outside the UK, appropriate safeguards are applied in accordance with UK GDPR, such as adequacy regulations or approved transfer mechanisms.

9. Data Security

Appropriate technical and organisational measures are in place to protect personal data against unauthorised access, loss or misuse. Access to personal data is restricted to authorised personnel only.

10. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, or as required by law. Specific retention periods apply to different categories of data, including event records, communications and safeguarding or incident records.

11. Your Rights

You have the right to:

  • be informed about how your data is used;
  • access your personal data;
  • have inaccurate data corrected;
  • request erasure of your data;
  • restrict or object to processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • complain to the Information Commissioner’s Office (ICO).

12. Complaints and Feedback

Feedback and complaints are handled sensitively and in line with data protection requirements. Information provided will be used only for the purpose of responding and improving our activities.

13. Cookies and Social Media

Our website uses cookies to ensure functionality and understand usage. Separate cookie information is provided on the website. We operate social media pages; those platforms have their own privacy policies which apply in addition to this policy.

14. Contact Details

For questions about this Privacy Policy or to exercise your data protection rights, please contact:

Blue Marine Foundation (Lead Data Controller)

Email: info@greatblueocean.org

You also have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Tel: 0303 123 1113

Email: casework@ico.org.uk