• Our new ticketing site is now live! Using either this or the original site (both powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

CalMac and personal data…

Status
Not open for further replies.
Buzby

Buzby

Member
Joined
14 Apr 2023
Messages
1,115
Location
Glasgow, Scotland
In the absence RailSail, I found myself in Oban and having to purchase a return ticket to Achnacroish (the only port on the Isle of Lismore).

CalMac had a fairly slick website for supplying barcode tickets, but in addition to the usual stuff, they wanted a full DoB as well, this is after you select Child/Adult/Concession etc. Do they think I’ll buy a discounted ticket then put a conflicting date they can jump on?

It’s none of their darn business and I doubt they’ll send a birthday card. Anyone remember the ‘Over 18/21’ tick boxes? We’re being taken for fools - your CC company won’t disclose it, why must CalMac require it? I asked, via their website but they never replied!
 

Attachments

  • IMG_0498.jpeg
    IMG_0498.jpeg
    2.2 MB · Views: 14
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

GLC

GLC

Member
Joined
21 Nov 2018
Messages
351
They explain the reason why on their website https://www.calmac.co.uk/faqs/tickets-and-reservations/passenger-registration

Calmac said:
For voyages longer than 20 miles out to sea, we're required to collect passenger details (name, gender, date of birth), to comply with maritime law - specifically, Merchant Shipping (Counting and Registration of Persons on board Passenger Ships) Regulations 1999. If you're travelling on these routes, detailed below, we need to record your details in both directions. Your details can be recorded online, when you make your booking, or when making your booking with our Customer Engagement Centre or Port teams.

  • Ardrossan - Campbeltown
  • Campbeltown - Brodick
  • Coll - Tiree
  • Lochboisdale - Castlebay
  • Lochmaddy - Tarbert
  • Mallaig - Lochboisdale
  • Oban - Castlebay
  • Oban - Coll
  • Oban - Colonsay
  • Oban - Lochboisdale
  • Oban - Tiree
  • Tiree - Castlebay
  • Uig - Lochmaddy
  • Uig - Tarbert
  • Ullapool - Stornoway
We are aware that at present, personal data required by maritime law for longer sailings is being requested for all sailings on our online booking and ticketing platform. We are aware of this error in our system, and we are working with our supplier to resolve it.
Click to expand...
 
Buzby

Buzby

Member
Joined
14 Apr 2023
Messages
1,115
Location
Glasgow, Scotland
Oban to Lismore is about 8Km, the DoB is taken for ALL crossings, even those under 20m and most certainly within inland waters (and not ‘out to sea’). Further no information is given on what happens to such data, who has access, how long it is retained and if it is ever deleted following the journey?

it still doesn’t hold water (excuse the pun).
 
B

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
104,072
Location
"Marston Vale mafia"
Buzby said:
Oban to Lismore is about 8Km, the DoB is taken for ALL crossings, even those under 20m and most certainly within inland waters (and not ‘out to sea’). Further no information is given on what happens to such data, who has access, how long it is retained and if it is ever deleted following the journey?

it still doesn’t hold water (excuse the pun).
Click to expand...

I'd suggest you read it again, they have explicitly explained why it's collected for all crossings - basically it's a bug and they're working on it.

I suspect other ferry companies (which almost all operate international routes from the UK) just get it when checking passports.

As to what they do with it, one assumes it's deleted after the crossing as there's no need for them to retain it, they're just required to have it while the ship is under sail. Presumably in that context its purpose is to allow the identification of casualties.
 
Buzby

Buzby

Member
Joined
14 Apr 2023
Messages
1,115
Location
Glasgow, Scotland
Why would anyone ‘assume’ what is done with the data? Without a stated policy the only thing you can safely assume is that it will be disposed of within 6 years (which is a requirement of the DPA). This ‘bug’ whereby it is erroneously collected for all crossings somewhat invalidates the earlier suggestion that it is a requirement of Merchant Shipping Regulations (1999). The bulk of CalMac crossings are short and therefore exempt, with just The Minch being the exception. The rest are within Firths or local waters - but we’re talking about personal data here which in most cases can compromise an individual if misused.

I’m expected to accept that simply because CalMac know my DoB, I will somehow be ‘safer’ on my crossing than if I was an adult/child or concession? You really couldn’t make it up - which of course anyone can do because no passports are required as it is still none of their business. As for casualty identification - sorry, that made me laugh longest as a DoB doesn’t really help with corpse identification. Just another piece of personal info that can be needlessly and unjustifiably captured, lost and misused by third parties.
 
transportphoto

transportphoto

Established Member
Associate Staff
Jobs & Careers
Quizmaster
Joined
21 Jan 2010
Messages
5,131
Please raise your concerns to CalMac and, if needed, the Information Commissioner. I really don’t understand the value of this thread other than to vent frustration.
 
N

Noddy

Member
Joined
11 Oct 2014
Messages
1,197
Location
UK
Buzby said:
Why would anyone ‘assume’ what is done with the data? Without a stated policy the only thing you can safely assume is that it will be disposed of within 6 years (which is a requirement of the DPA). This ‘bug’ whereby it is erroneously collected for all crossings somewhat invalidates the earlier suggestion that it is a requirement of Merchant Shipping Regulations (1999). The bulk of CalMac crossings are short and therefore exempt, with just The Minch being the exception. The rest are within Firths or local waters - but we’re talking about personal data here which in most cases can compromise an individual if misused.

I’m expected to accept that simply because CalMac know my DoB, I will somehow be ‘safer’ on my crossing than if I was an adult/child or concession? You really couldn’t make it up - which of course anyone can do because no passports are required as it is still none of their business. As for casualty identification - sorry, that made me laugh longest as a DoB doesn’t really help with corpse identification. Just another piece of personal info that can be needlessly and unjustifiably captured, lost and misused by third parties.
Click to expand...

GDPR has no specified length that a business can retain data, but states that it should not be held for longer than necessary (it’s not an arbitrary 6 years). As they are collecting it to comply with maritime law, I would suggest that they no longer need it the moment you step ashore. But you’d have to speak to Calmac about that.

Under GDPR you can make what is know as a subject data request and a link to Calmac’s form to do this is here:

www.calmac.co.uk

Freedom of information | About us | Corporate CalMac

Learn about the Freedom of Information policies at CalMac and how you can access information through this process.
www.calmac.co.uk www.calmac.co.uk

They should tell you what information they hold about you, how they are using it, who they are sharing it with etc.

But like others have stated if they have to collect this data to comply with Maritime law they have to do it regardless of what you think about it. The issue is clearly with their booking software, which obviously can’t differentiate between journey type, not something sinister.
 
Buzby

Buzby

Member
Joined
14 Apr 2023
Messages
1,115
Location
Glasgow, Scotland
What most seem to overlook is that there is no penalty if you choose to provide incorrect data - I have been providing random DoB’s since it replaced the ‘Over 18/21’ tick boxes of the 70’s. I have no concerns of CalMac as I paid them to provide a service nothing more and apart from where I went they know nothing about me, so no need for GDPR - How long before train companies will feel obliged to do the same is anyone’s guess. The fact others feel no resistance to providing what is asked is sad, but remains their prerogative. I think my data is valuable and I treat it so.

How many of us were aware of this ‘Maritime Law’? I used STENA extensively between Stranraer and Larne, then Belfast. No passport, they just wanted to be paid for the service provided. There was tight security during the ‘troubles’ but then and subsequently (until 2005) no DoB! Of course you cannot vote without ID anymore anyone concerned about this trend should be worried, because the reasons for doing so are facile.
 
N

NIT100

Member
Joined
10 Aug 2022
Messages
169
Location
Glasgow
Buzby said:
How many of us were aware of this ‘Maritime Law’? I used STENA extensively between Stranraer and Larne, then Belfast. No passport, they just wanted to be paid for the service provided. There was tight security during the ‘troubles’ but then and subsequently (until 2005) no DoB! Of course you cannot vote without ID anymore anyone concerned about this trend should be worried, because the reasons for doing so are facile.
Click to expand...
Date of Birth has only become a requirement since 2021 under The Merchant Shipping (Counting and Registration of Persons on Board Passenger Ships) (Amendment) Regulations 2021. Before that only an indication of category of age was required. Nationality is now also required as well.

Buzby said:
What most seem to overlook is that there is no penalty if you choose to provide incorrect data
Click to expand...
I think it might be an offence under the 1999 Regulations to knowingly provide false information.
 
Last edited:
N

Noddy

Member
Joined
11 Oct 2014
Messages
1,197
Location
UK
NIT100 said:
Date of Birth has only become a requirement since 2021 under The Merchant Shipping (Counting and Registration of Persons on Board Passenger Ships) (Amendment) Regulations 2021. Before that only an indication of category of age was required. Nationality is now also required as well.


I think it might be an offence under the 1999 Regulations to knowingly provide false information.
Click to expand...


The updated 2021 regulations also say this with regards to data protection:

Personal data which is collected in accordance with regulation 6(2) must be kept by the owner of a passenger ship—

(a)for no longer than is necessary for the purpose of these Regulations; and

(b)in any event, no later than the moment the ship’s voyage has been safely completed and the data has been reported in the National Single Window or, as the case may be, to the passenger registrar after which it shall be erased without undue delay.”.
Click to expand...

Buzby said:
I have no concerns of CalMac as I paid them to provide a service nothing more and apart from where I went they know nothing about me, so no need for GDPR -
Click to expand...

If you have no concerns why did you even start this thread?
 
Buzby

Buzby

Member
Joined
14 Apr 2023
Messages
1,115
Location
Glasgow, Scotland
Noddy said:
If you have no concerns why did you even start this thread?
Click to expand...
Because I never provided them with any personal information, apart from the cardholder payment details. However, with regard to the Maritime Act they are requiring unneeded details due to failings in their system. No doubt the rest of us were blindsided by Y2K preparations where nothing really happened. As for your faith in any third-party playing by these rules I find touching. It’s all you have to protect (if you wish) what’s next? You cannot vote already, now ferries - will trains be next? It remains a half-assed scheme with marginal (if any) benefit. I’ve lost count of scams that request a DoB, and I hold these in the same contempt.

No point making it easy after-the-fact when it goes wrong.
 
Status
Not open for further replies.

Top