Calmac website search form
Privacy Policy

We use cookies to enhance your experience. By continuing to visit this website you agree to our use of cookies. Find out more

Privacy Policy

Privacy Notice

Published on 22/10/2024

1. Who are we?

In this Privacy Notice (the "Notice"), the terms "we", "our", and "us" are used to refer to our group companies, consisting of:

  • CalMac Ferries Ltd, with its registered address at the Ferry Terminal, Gourock, PA19 1QP, and with company number SC302282 (registered as a data controller with the Information Commissioner's Office under registration number Z9867026); 

  • David MacBrayne Ltd, with its registered address at the Ferry Terminal, Gourock, PA19 1QP, and with company number SC015304 (registered as a data controller with the Information Commissioner's Office under registration number Z9867148);  

  • David MacBrayne HR (UK) Ltd, with its registered address at the Ferry Terminal, Gourock, PA19 1QP, and with company number SC282760 (registered as a data controller with the Information Commissioner's Office under registration number Z9867009); and  

  • Argyll Ferries Ltd with its registered address at the Ferry Terminal, Gourock, PA19 1QP, and with company number SC391762, (registered with the Information Commissioner's Office under registration number ZB712463). 

 

2.       Purpose

We are a data controller of personal data which means that we are responsible for processing it lawfully. 

This Notice sets out how we process your personal data, howsoever collected, including, but not limited to, by phone call, text, email, social media, paper form, through using our website or when you attend one of our community stakeholder events or from third parties. 

We are committed to protecting the privacy of the individuals whose personal data we process. Any personal data that is processed in accordance with data protection law, including: 

  • the UK General Data Protection Regulation; 

  • the Data Protection Act 2018; and 

  • the Privacy and Electronic Communications Regulations 

 

3.       What personal data we may process about you

We may process the following types of personal data: 

  • Your full name, gender, and date of birth; 

  • Your full postal address; 

  • Contact information such as phone numbers, email address or social media identifiers; 

  • Data relating to your travel booking and itinerary, including booking reference number, payment and bank account information; 

  • Vehicle details and registration number; 

  • Geo-demographic information, which may include your postcode, preferences and interests; 

  • Job application details including CVs; 

  • CCTV image data collected at ports, on vessels and (on some routes) via Bodycams; 

  • Data collected through your access to, and use of, the CalMac public Wi-Fi service on vessels and in ports (your e-mail address, hardware device MAC address, and the date and time you connect to the CalMac WIFI Service); 

  • Information about other passengers in your booking; 

  • Advance Passenger Information (where required by legislation). This information includes your full name, your nationality, your date of birth and your gender; 

  • Communications you exchange with us (for example, your emails, letters, texts, phone calls, social media interactions with us, or your participation and interaction at community stakeholder events), including phone recordings; 

  • Device type and browser and cookie preferences; 

  • Username and password when you set up an account; 

  • Health data (e.g. for concessions, access requirements, dietary requirements, or recording of health and safety incidents) 

  • Where you have provided us with consent, name and imagery for marketing or broadcasting purposes. 

The personal data which we process is generally used for service and operational purposes, for example making reservations, processing payments, producing tickets, alerting of service interruptions, confirming orders, fulfilling your requests, protection of yourself and others and for identification purposes to comply with maritime law. It is also used for analytical purposes to assist in service improvements, future planning, promotional or marketing offers. 

 

4.       How we collect the personal data

Information which you provide to us directly: 

  • Make a reservation with us, including telephone reservations where the personal information is placed into our reservations system; 

  • Sign up for any of our services or activities; 

  • Request a brochure or newsletter; 

  • Enter a competition; 

  • Respond to a survey; 

  • Create a customer account; 

  • Purchase an adventure and/or good using our online sales platform; 

  • Provide passenger information to comply with maritime regulations; 

  • Participate in our recruitment processes; 

  • Provide feedback or otherwise interact with us, including via social media, email, phone call, text or at community stakeholder events; 

  • Respond to any queries or requests; and 

  • Make a complaint or passenger claim. 

 

Information which we receive from others: 

  • Booking information provided by others making a booking on your behalf; 

  • Profiling data. 

You do not have to provide your personal data to us. However, if you do not provide your personal data to us when we need you to, we may not be able to provide our services to you or respond to your queries. For example, under Merchant Shipping (Counting and Registration of Persons on Board Passenger Ships) Regulations 1999, we are required to produce, for maritime safety, a passenger list for our longer sailings. If you do not provide this required data, then you would not be eligible to travel on these routes. 

 

5.       Our legal basis for processing your personal data

We will only process your personal data where we have a legal basis or bases for doing so. The legal bases for our processing of your personal data are: 

  • to enable us to enter into and to perform our contract with you; 

  • to allow us to exercise our legitimate interests as a data controller. We rely on legitimate interests as a data controller to process the personal data that you provide to us for the following purposes: surveys, the recording of CCTV imagery including using body worn cameras, customer research, soft opt-in for direct marketing, data cleansing, processing geo-demographic information, gender and date of birth for registering an account with us, business data append for our B2B Customers, smart scheduling for marketing communications' sending newsletters to our stakeholders, travel trade newsletters and surveys,  recording visitors  to our premises and social media reporting, data matching and establishing lookalike audiences for social media advertising; 

  • to comply with our legal obligations; 

  • with your consent, which you may withdraw at any time; 

  • where it is necessary for the performance of a task carried out by us in the public interest or in the exercise of official authority vested in us; 

  • to protect your vital interests or those of another person. 

 

6.       How we will use the personal data we collect

We will process your personal data in order to: 

  • Manage your travel bookings and/or provide you with the services you request; 

  • Manage the boarding process; 

  • Send status updates and service communications to you; 

  • Support your safety and wellbeing when you travel with us and to meet specific maritime regulations, with which we must comply; 

  • Communicate with you about your account or transactions with us and send you information about our products and services; 

  • Communicate with you in relation to various marketing activities; 

  • Support specific management and administrative purposes; 

  • Analyse and improve the services offered by us; 

  • Enhance passenger experience, we want to ensure that you receive the best service possible therefore we may share your personal data with third parties to gain customer feedback on your journey, including customer surveys; 

  • Comply with our legal obligations; 

  • Undertake our company administrative purposes, such as billing, accounting, invoice processing etc; 

  • Undertake promotional and marketing activities, such as concession processing, competitions, service and targeted marketing campaign analysis, passenger route and buying analytics, systems development; 

  • Undertake surveys; 

  • Investigate any allegations or complaints of unacceptable behaviour before, during or after using our services or crossings and impose any relevant sanctions or travel bans as is required to protect our vessels, other passengers and staff; and 

  • Managing and maintaining the safety and security of our operations. 

Consistent with your choices we may send you information regarding offers and promotions. You can alter your choices and withdraw your consent at any time using the process set out in section 14. 

We will not share your personal data with third parties for marketing purposes without your explicit consent. You have right to withdraw your consent to processing of this nature at any time using the process set out in section 14. 

 

7.       Security and international transfers of your personal data

The security of your personal data is extremely important to us. We are committed to implementing appropriate technical and organisational measures and we take all reasonable precautions in order to prevent your personal data from being accidentally or unlawfully destroyed, lost, altered, accessed or otherwise used in an unlawful manner. 

We will only transfer your data outside of the United Kingdom where we comply with legal requirements. 

 

 8.       When and why we disclose your details to third parties

The personal data that you provide to us will be processed within our own systems, which are located within our premises or those of an appointed third party, with whom we have appropriate data processing agreements, and/or, data sharing agreements, as appropriate. 

Ordinarily, we will not share your personal data other than as detailed above, except where disclosure is required or permitted or required by law or you have given your consent for us to do so. 

If we are investigating any complaint, abusive or violent behaviour, information may be collected from any sources and information disclosed to Police Scotland, the Local Authority / Council and/or Council departments, Scottish Fire & Rescue Service and others involved in any complaint. 

We are a member of the David MacBrayne Group of companies (referred to in this Notice as "DML Group"). In common with many businesses that operate as part of a group, different members of DML Group carry out certain administrative tasks that need to be undertaken in order to allow us to provide our services to you. To allow those tasks to be carried out, we may share your personal data with other DML Group members. Any sharing of your personal data with another DML Group member will always be carried out in accordance with the terms of this Notice. 

 

 9.       The use of cookies on our websites and how you can reject these cookies

 

Cookies are small text files which are stored on your computer when you visit certain web pages. We use cookies to understand how our sites are used which helps us to improve your overall online experience. Some of the cookies we use are necessary for some of our sites to work whilst other cookies are used to provide tailored advertising by trusted third parties.  

The cookies we and our third parties place on your computer do not collect personally identifiable information like your name, address or payment details. To find out more about cookies, visit www.aboutcookies.org

The privacy of your information is important to us, and we want to keep you well informed about cookies. We shall continue to work on initiatives in relation to recent cookie legislation to ensure you have the best experience when visiting our website. 

Cookies do not store sensitive information (for example, your name, address or payment details); they simply hold the 'key' which, once you access a website, is associated with this information. 

If you would prefer to restrict, block or delete cookies from us and our third-party advertisers, or any other website, you can use your browser to do this. Each browser is different so check the 'Help' menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies, we cannot guarantee the performance of our websites and some features may not work as expected. 

We use the following categories of cookies on our websites: 

Essential 

These cookies are strictly necessary for core features of our websites to work, such as page navigation. These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies, some services we provide, or you have asked for, cannot be provided.  
 

Functionality and analytics
 

These cookies are used to provide services or remember settings to enhance your visit, collecting and reporting information on its usage e.g. text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites. 
 

Targeting and marketing
 

These cookies are used by us or trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and does not contain your personal information. To find out more about cookies used for marketing, go to www.youronlinechoices.com and www.networkadvertising.org or contact us on our feedback page for further information about the trusted third parties we use. 

Cookies List
 
Here is a list of the main cookies we use, and what they are used for: 

Cookies Table

List of Cookies and Purposes

Cookie Name

Purpose

More information

 

Domain

Type

Description

Duration

__cf_bm 

.payments.worldpay.com 

Essential 

Third-Party 

This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 

30 minutes

_ga 

.calmac.co.uk 

Functionality & Analytics 

First-Party 

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. 

2 years

_ga_VJ1D9RNLM1 

.calmac.co.uk 

Functionality & Analytics 

First-Party 

This cookie is used by Google Analytics to persist session state. 

1 year

SRM_B 

.c.bing.com 

Functionality & Analytics 

Third-Party 

This is a Microsoft MSN cookie that ensures the proper functioning of this website. 

1 year

MR 

.c.clarity.ms 

Functionality & Analytics 

Third-Party 

This is a Microsoft MSN party cookie which we use to measure the use of the website for internal analytics. 

7 days

IDE 

.doubleclick.net 

Targeting & Marketing 

Third-Party 

This cookie is set by Doubleclick (owned by Google) and carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. 

1 year

test_cookie 

.doubleclick.net 

Targeting & Marketing 

Third-Party 

This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies. 

15 minutes

_gcl_au 

.calmac.co.uk 

Targeting & Marketing 

First-Party 

Provided by Google Tag Manager to experiment advertisement efficiency of website using their services. 

3 months

SM 

.c.clarity.ms 

Functionality & Analytics 

Third-Party 

This is a Microsoft MSN cookie which we use to measure the use of the website for internal analytics. 

Session

MUID 

.clarity.ms 

Targeting & Marketing 

Third-Party 

This cookie is widely used my Microsoft as a unique user identifier to sync across many different Microsoft domains. 

1 year

ANONCHK 

.c.clarity.ms 

Targeting & Marketing 

Third-Party 

This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. 

10 minutes

CLID 

www.clarity.ms 

Targeting & Marketing 

Third-Party 

This cookie is used to enable sharing media content to social media. It may also gather information on website visitors when they use social media to share website content from the page visited. 

1 year

MR 

.c.bing.com 

Functionality & Analytics 

Third-Party 

This is a Microsoft MSN which we use to measure the use of the website for internal analytics. 

7 days

_fbp 

.calmac.co.uk 

Targeting & Marketing 

First-Party 

Used by Meta to obtain data for data matching, profiling, and to deliver a series of advertisement products such as real time bidding from third party advertisers. This cookie consents to data being shared with Meta via the Meta Pixel. 

3 months

wd 

 

Functionality & Analytics 

This cookie stores the browser dimensions and is used by Facebook to optimise the rendering of the page 

1 week

usida 

 

Targeting & Marketing 

This cookie collects information about your browser, as well as unique identifiers to tailor advertising 

Session

sb

 

Functionality & Analytics 

This cookie stores browser information to improve security settings.

2 years

datr 

 

Functionality & Analytics 

This cookie helps to protect you from fraud. For example, it helps CalMac identify trusted browsers where you have logged in before. It also helps us to identify the browsers used by malicious actors and to prevent cyber-security attacks 

2 years

MUID 

.bing.com 

Targeting & Marketing 

Third-Party 

This cookie is widely used my Microsoft as a unique user identifier to sync across many different Microsoft domains. 

1 year

_clck www.clarity.ms 

Targeting & Marketing 

Third-Party 

This cookie is used to store a unique user ID 1 year
receive-cookie-deprecation www.google.com

Targeting & Marketing 

Third-Party

This cookie is used to facilitate third-party cookie depreciation from Chrome Web Browser 6 months
_clsk www.clarity.ms 

Functionality & Analytics 

Third Party 

This cookie is used to store and combine pageviews by a user into a single session recording 1 day
YSC .youtube.com 

Targeting & Marketing 

Third-Party  

YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages Session
VISITOR_INFO1_LIVE . youtube.com Targeting & Marketing A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface5 months, 27 days 
Personalisation_id .twitter,com 

Targeting & Marketing 

Third-Party 

Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting 2 years
yt_remote-device-id youtube.com 

Functionality & Analytics 

Third-Party 

YouTube sets this cookie to store the video preferences of the user using embedded YouTube video Never
Yt_remote-connected-devices Youtube.com 

Functionality & Analytics 

Third-Party 

YouTube sets this cookie to store the video preferences of the user using embedded YouTube video Never
_ga_VJ1D9RNLM1 .calmac.co.uk 

Targeting & Marketing 

First-Party 

This cookie is installed by Google Analytics 2 years
_gid .calmac.co.uk 

Targeting & Marketing 

First-Party 

Installed by Google Analytics _gid stores information about how visitors use a website while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source and the pages they visit anonymously 1 day
_hjFirstSeen .calmac.co.uk 

Functionality & Analytics 

First-Party 

Hotjar sets this cookie to identify a new user's first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user. 30 minutes
_hjincludedinSessionSample www.calmac.co.uk 

Functionality & Analytics 

First-Party 

Hotjar sets this cookie to know whether a user is included in the data sampling defined in the site's daily session limit 2 minutes 
_hjIncludedinPageviewSample www.calmac.co.uk 

Functionality & Analytics 

First-Party 

Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit2 minutes
_hjAbsoluteSessionInProgress .calmac.co.uk 

Functionality & Analytics 

First-Party 

Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie 30 minutes
CONSENT .youtube.com 

Functionality & Analytics 

Third-Party 

YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data 2 years
Muc_ads .twitter.com 

Targeting & Marketing 

Third-Party 

Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant. 2 years
_dc_gtm_UA-530570-1 .calmac.co.uk 

Functionality & Analytics 

First-Party 

To store service request numbers  

 

10.      Links and Third-Party Websites 

This Privacy Notice applies to this website only. 

This website may include links to other websites. Once you have used these links to leave our website, you should note that we do not have any control over that other website. We cannot, therefore, be responsible for the protection and privacy of any data you may supply whilst visiting such websites. We advise you to familiarise yourself with the individual privacy policies and other terms for each linked website prior to submitting your personal data. For instance, where your personal data is processed by Meta, you should review their privacy centre (https://www.facebook.com/privacy/center/) and their privacy notice (https://www.facebook.com/privacy/policy/) in order to understand how to opt out or object to certain kinds of processing activities, such as targeted advertising, profiling, etc. 

11.      Changes to this Privacy Notice 

From time to time, we may change this Notice to accommodate changes to our operations, new regulatory requirements, or for other purposes. Any changes will be effective as of the date posted. If we make significant changes to our Privacy Notices, we may alert you to these either via a specific 'bulletin' notice on our home page, or by email and/or post. 

This Notice was last reviewed and updated on 6 August 2024. 

 

 12.     Yours Rights

You may exercise your data subjects' rights under data protection laws in relation to our processing of your personal data. Your data subjects' rights include: 

  • right of access - you have the right to ask us for copies of your personal information; 

  • right to erasure - you have the right to ask us to erase your personal information in certain circumstances; 

  • right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances; 

  • right of rectification - you have the right to ask us to rectify personal information that you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete; 

  • right to object - you have the right to object to the processing of your personal information in certain circumstances; 

  • right to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances; 

  • rights in relation to automated individual processing, including profiling. 

You may contact us, using the details in paragraph 14 of this Privacy Notice, to request us exercise any of your rights. 

Alternatively, you can use our Subject Data Request Form to assist you through this process. 

 13. How long do we keep personal data?

Any personal data processed by us will be retained as per our Records Retention Policy, which is based on legal requirements and best practice.  

Where data is held for longer, for example to provide longer term statistical and trend analysis with regard to our services, the data will be anonymised to the extent that no personal data remains within the analytical dataset. 

 

 14.     Queries, Requests and Complaints

 

If you have any queries, requests or complaints, please contact us as follows: 

  • By post: Information Manager, CalMac Ferries Ltd, Gourock, PA19 1QP 

  • By email: dataprotection@calmac.co.uk  

 

Alternatively, you can contact our data protection officer directly by email: info@rgdp.co.uk. Please mark the subject matter of your email: CalMac. 

You can also complain to the Information Commissioner's Office if you are unhappy with how we have used your personal data: 

  • By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF 

  • Website: https:///www.ico.org.uk 

We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner's Office, so we would request that you contact us in the first instance. 

Close Don't show again