Website Privacy Policy

This website is provided by Ardersier Port (Scotland) Limited (we, our or us). We are committed to protecting the privacy of individuals whose personal data we process (you or your).

We take your privacy seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint in relation to our use of your personal data.

We are Ardersier Port (Scotland) Limited, a company registered in Scotland under company registration number SC698452. Our registered office is at Ardersier Port Approach, Ardersier, Inverness, Scotland IV2 7QX.

We may collect and use certain personal data about you through your use of our website. When we do so we are subject to data protection laws in the United Kingdom including the UK General Data Protection Regulation (UK GDPR). We are the controller of personal data obtained and/or collected via our website, meaning we decide how and for what purposes it is used by us. You can contact us by email at ardersier@brunswickgroup.com.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us at the above email address.

This website is not intended for children and we do not knowingly collect data relating to children. Children should not access or use our website. If you are aware that any personal data of any children has been shared with us through our website please let us know so that we can delete that data.

We may use different methods to collect data from you and about you including through:

• direct interactions with you, such as filling in submission forms. This includes personal data you provide when you request communications to be sent to you.
• automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
• third parties. We may collect personal data from third parties including analytics providers and search engine providers.

The personal data we collect about you depends on the particular activities carried out through our website. We have grouped together the various types of data we may hold about you as a website user as follows:

• Identity data includes names, titles, dates of birth and pronoun preferences;
• Contact data includes addresses, telephone numbers, personal and work email addresses and communications preferences;
• Correspondence data includes data you provide to us when you correspond with us, for example by completing submission forms on our website;
• Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, internet server provider's domain name, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website; and
• Usage data includes information about how you use our website, products or services.

Please note that by operating cookies on our website we collect certain information about you automatically when you use our website, including details of your domain name, IP address, operating system and browser. For further information about the use of cookies, please see our cookies policy which can be found in the footer of our website: www.ap.uk.

We do not knowingly collect any sensitive personal data or special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences through our website. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

If we consider it necessary to obtain your consent in relation to the use of your personal data you will be asked to provide this and/or we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at ardersier@brunswickgroup.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

As a website user, your personal data may be processed by us or our sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

• to respond to communications and submissions you make to us, including through submission forms on our website;
• to use data analytics to improve our website;
• to comply with legal and/or regulatory requirements;
• to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems;
• such other actions as are necessary to manage our business activities including processing instructions, monitoring and recording electronic communications for quality control, analysis and training purposes and enforcing or defending our rights and/or interests; and
• to share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.

We will only use your personal information as the law permits. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

The legal bases we principally rely upon are these:

• it is necessary for the purposes of our legitimate interests or those of a third party; and/or
• it is necessary for us to comply with a legal or regulatory obligation on us.

Where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will only carry out such processing if these legitimate interests are not overridden by your interests, fundamental rights or freedoms.

Where we need to collect personal data by law or in connection with our website and you fail to provide that information, we may not be able to give you full access to our website. We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out below we relied upon in a specific type of processing for a particular category of personal data.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for a different or unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

We will not disclose personal information we hold about you to any third party except as set out below and where we have a lawful basis for doing so.

We may disclose your personal data to other affiliates in our group and to third parties who are providing services to us, including IT, document retention, backup and disaster recovery service providers and professional advisers.

We may also disclose personal data we hold to third parties in the following circumstances:

• in the event that we sell any business or assets, in which case we may disclose personal data we hold about you to the prospective and/or actual buyer of such business or assets; and/or
• if we are under a legal obligation to disclose your personal data to a third party (for example, to Governmental bodies).

Where we disclose your personal data to third parties, those third parties may in certain circumstances require to process your personal data for purposes and means which they determine. For example, they may need to use your information to comply with their own legal obligations. In those cases, the relevant service provider will be acting as a controller in respect of your personal data, and its use of your personal data will be subject to its privacy policy (which they are required by law to make available to you).

Whenever your personal data is transferred out of the UK or the European Economic Area ("EEA") by us, we ensure a similar degree of protection is afforded to it by ensuring either of the following safeguards is implemented:

• the country or territory outside the UK or EEA that we send data to has been deemed to provide an adequate level of protection for personal data by the UK Secretary of State or European Commission (as applicable); or
• we have put in place specific standard contracts approved by the European Commission or the UK Secretary of State (as applicable) which give personal data the same protection it has in the EEA or the UK (as applicable).

Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the UK or EEA.

We have put in place measures designed to ensure the security of the personal data we collect and store about you. We will comply with law in our approach to protecting your personal data from unauthorised disclosure and/or access, but we cannot guarantee the security of any data we collect and store.

Our website may, from time to time, include links to third party websites, plug-ins and applications. Following those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their content including, but not limited to, their privacy policies and practices. When you leave our website, you should read the privacy policy of each website you visit.

In certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
• Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us at ardersier@brunswickgroup.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you wish to exercise any of the rights set out above, please contact us at ardersier@brunswickgroup.com.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The personal data we hold about you needs to be accurate and up-to-date in order to comply with data protection law. Please let us know of any changes to your personal data so that we can correct our records.

We keep our privacy policy under regular review and may change it from time to time. This version was last updated in April 2023.