Portico Shipping Limited
1. Portico Shipping Limited is committed to respecting privacy and protecting any personal
information that is collected or processed in accordance with the requirements of the EU
General Data Protection Regulation (the “GDPR”) and/or any other applicable Data
Protection laws or regulations (as may be amended from time to time) which safeguards
2. This Privacy Notice and Policy is issued by Portico Shipping Limited. All references to
“we”, “our”, “Portico” or “us” in this Notice and Policy are references to Portico Shipping
Limited, which is incorporated in England with company number 02012886. References
to “Customer” are references to any organisation or entity to whom Portico supply
services and/or provide any information in connection with the provision of such services.
References to “you” or “your” are references to any individual to whom services are
supplied or who is otherwise engaged or employed by Portico or one of our Customers.
3. This Privacy Notice provides information about how Portico collects and processes your
personal information. It also sets out our Policy for the protection of any personal data
which may be collected by Portico during your interactions with us for the provision of
services, when you visit our marine container Terminal (which includes the land, premises
and berth space used by Portico within the port of Portsmouth) or when you use our
Website. “Personal data” is any information relating to a living individual, by means of
which information that individual can be identified directly or indirectly. “Processing”
means any operation or set of operations which is performed on personal data, and
includes compiling, keeping, using, sharing or otherwise making available to others,
altering and erasing personal data.
4. Portico determines the purposes and means of any processing of personal data that it
undertakes. It is therefore a “controller” of personal data for the purposes of the GDPR
and is registered as such with the Information Commissioner’s Office (ICO) with
registration number Z8711731.
5. Any questions in relation to this Policy or regarding Portico’s processing of personal
data (as well as any requests relating to the exercise of rights referred to in paragraphs
16 and 17) should, in the first instance, be addressed to Melanie Bunting, HR Business
Partner, Flathouse Quay, Prospect Road, Portsmouth, PO2 7SP. If you have reason to
believe that the company may be in breach of the General Data Protection Regulations
in their processing of your personal data, please report this to Melanie Bunting, HR
Business Partner or Bruce Corbett, Compliance Manager as soon as possible. The
company is responsible for reporting any breach of GDPR to the ICO.
6. Portico expressly reserves the right to make changes to this Policy from time to time.
Where it is possible to do so, advance notice of any significant changes made to this
Policy will be given. Please visit our Website to keep up to date with any changes to this
7. The processing of personal data is lawful only if the controller can rely on one of the lawful
bases for processing under the GDPR, which are listed as (a) to (f) in paragraph 1 of
Article 6 of the GDPR, and in which you are described as the “data subject”.
8. For such processing of personal data as Portico engages in, it may rely on bases (a), (b),
(c), and (f) of paragraph 1 of Article 6 of the GDPR as follows:
(a) Consent – (in any cases in which you have consented to processing) “the data subject
has given consent to the processing of his or her personal data for one or more
(b) Contract – (in cases where we have a contract with you or such a contract is being
negotiated) “processing is necessary for the performance of a contract to which the
data subject is a party or in order to take steps at the request of the data subject prior
to entering into a contract”. Where you are the Customer, there will be a contract or
prospective contract between you and Portico, pursuant to which Portico will supply
services to you.
(c) Legal Obligation – (where processing by Portico is required in order to comply with
its non-contractual legal obligations, in particular statutory and common law
obligations) “processing is necessary for compliance with a legal obligation to which
the controller is subject”.
(f) Legitimate Interests – “processing is necessary for the purposes of the legitimate
interests pursued by the controller or by a third party, except where such interests
are overridden by the interests or fundamental rights and freedoms of the data subject
which require protection of personal data, in particular where the data subject is a
child”. Legitimate interests can include commercial interests and non-electronic
marketing activities. Portico has considered its present use of personal data and
concluded that that the processing presents no risk to the interests or fundamental
rights and freedoms of any persons such as would prevent such processing. In
determining whether legitimate interests are involved in the processing, Portico
conducts a purpose test (identifying the legitimate interest), a necessity test (showing
that processing is necessary to achieve the purpose), and a balancing test (that the
processing is proportionate and has a minimal privacy impact on any individual’s
interests, rights and freedoms).
9. Portico processes various types of personal data including the following:
10. When you provide us with personal data relating to third parties such as your employees
or your visitors, you warrant and confirm that you have the consent of the third party to
share such information with us.
11. Portico does not engage in the large-scale processing of personal data, processing
activity considered to be high risk by the ICO, systematic monitoring of the public,
automated decision making, or personal data profiling. It is Portico’s policy not to process
or have any involvement in the processing of data relating to children, or the processing
of special categories of personal data namely:
12. Portico does not process any personal data that it holds other than for the purposes listed
below, together with the lawful bases for processing (a), (b), (c), and (f) of the GDPR (as
referred to in paragraph 8 above) that may apply:
13. It will sometimes be necessary for Portico to pass on information to third parties. For
example, Portico may share your personal data with:
14. It is also occasionally necessary for Portico to share personal data outside of the
Before any personal data is transferred outside of the EEA, Portico adopts certain
procedures and safeguards with a view to ensuring that any such information is fully
protected in accordance with any applicable data protection law. Further details on the
safeguards implemented by Portico can be provided, upon request, from Melanie Bunting
(at the address set out in paragraph 5 above).
15. All processing of your personal data is undertaken in accordance with six data protection
principles (specified in Article 5 of the GDPR). The data protection principles are as
16. You have the right to ask us whether or not personal data concerning you is being
processed and, where that is the case, to be given access to the personal data in machine
readable form (together with the information set out in GDPR Article 15 paragraph 1).
17. You have additional rights, which include: