Privacy policy

This privacy policy contains a lot of information but we want you to be fully informed about your rights, and how Burgess stores, uses and shares your personal data. This notice explains in detail:

• the companies that form part of the Burgess group and that may access and process your personal data as described in this privacy policy;
• the different categories of data subjects (individuals) that we deal with (and you may fall within one or more of these categories);
• the personal data we may collect about you when you interact with us and how we may collect, use and share your personal data;
• our legal bases for using your personal data;
• how long we keep your personal data;
• how we protect your personal data;
• the third parties and countries to which we may transfer your personal data; and
• your rights regarding your personal data.

Burgess is made up of a number of related companies. Accordingly, for the purposes of this privacy notice, “Burgess”, “we” or “our” refers to the relevant company/ies below that you have dealings with.

For the purpose of applicable data protection legislation, including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) in the European Economic Area (the “GDPR”) and/or the Data Protection Act 2018 and Regulation (EU) 2017/679 as retained in the UK by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) (the “UK GDPR”), the company/ies below will act as controller in relation to your personal data.
 

• Nigel Burgess SAM
• Nigel Burgess Ltd
• Burgess Technical Services Ltd
• Burgess Crew Services (Guernsey) ICC Limited
• Burgess Yachting Financial Services Ltd
• OceanStyle Yachting Limited • Burgess Yachts Asia PTE Ltd
• Burgess Yachts LLC • Nigel Burgess Inc (New York)
• Nigel Burgess Inc (Florida)
• OceanStyle LLC

This privacy policy applies to all our companies except where we say otherwise. Our data protection officer can be contacted via dpo@burgessyachts.com.

The GDPR and UK GDPR set out a number of different legal grounds on which a controller may collect and process personal data. When we collect and process your personal data, we will determine the grounds on which we will do so, which may be:

(i) Consent
In specific situations, we collect and process your data with your consent. For example, when you transact business with us or ask to receive information about our services or any of the yachts on our website/app. When collecting your personal data, we will always be clear which data is necessary in connection with a particular service. You have the legal right to withdraw your consent at any time.

(ii) Performance of a contract
In most cases, we process your personal data as necessary for the performance of a contract with you, for example to fulfil an order and provide our products and services to you, or take preparatory steps prior to entering into a contract with you.

(iii) Legal compliance
We may need to collect and process your personal data in order to comply with our legal obligations as a business. For example, this applies to our know-your-client and anti-money laundering checks.

(iv) Legitimate interest
Where none of the above grounds apply, we will process your personal data as necessary to pursue our own legitimate interests or those of a third party that we work with, including another member of the Burgess group. We will only rely on this ground for processing where this does not negatively impact your fundamental rights and freedoms.

We have detailed below the types of data subject we routinely deal with and that this privacy policy is intended to apply to.

(i) Website users and those who contact us
This includes those who use our website, complete a contact form, subscribe to a newsletter or other communication, engage with interactive features, or who engage with us via other means such as email, telephone, post or social media.

(ii) Customers and service users
This includes those who book an appointment or meeting with us, purchase products or services from us, those for whose benefit we provide services (for example third party charter guests and family, friends and associates of someone who has made a booking with us or one of our related companies), those who download and install one of our applications, communicate with us regarding our products, services and account management (including in relation to any query or complaint), and those who provide reviews.

(iii) Service providers, partners and personnel
This includes third party suppliers, partners, consultants, crew and their personnel where applicable, as well as applicants for yacht crew roles. Specific privacy policy terms relating to crew are shown in the Annex to this policy.

(iv) Individuals whose personal data is provided by third parties, including those listed above
The third parties that we deal with, including those data subjects and third parties described above, will provide personal data to us in connection with the performance of our business. This may include details of prospective customers provided by partners, brokers or obtained from third party sources, as well as details of guests for the purposes of managing and performing bookings and details of key individuals required for know-your-client and anti-money laundering purposes.

If you are unsure which of the above types of data subject you fall within, please contact us.

The types of personal data we collect about you will depend on your relationship with us. The following is a general description of the types of personal data that we will process in most cases:
 

• Your personal contact details such as name, title, postal addresses, email addresses and telephone numbers. 
• echnical information, such as information from your visits to our website/app or relating to the event invitations, updates, marketing materials and other communications we send to you electronically.
• Your communication preferences regarding marketing materials.
• Any other personal information you provide to us during your relationship with us, such as dietary requirements, any physical disability and your views and comments.
• Identification and background information we may collect about you as part of our business acceptance procedures and recruitment procedures.
• Copies of documents you provide to prove your identity where the law requires this or where we require it when you transact with us. This may include a copy of your passport or equivalent ID document. This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
• Details of your yachting preferences.
• Financial information, such as your bank account details.
• The company you work for and your position.
• Your social media username(s), if you interact with us through those channels, to help us respond to your comments, questions or feedback.

If you would like to understand the exact personal data we process about you, please contact us to make a data subject access request.

Some of the information described above, such as identification and physical disability information is classified as being ‘special’ category data, which must be treated especially carefully. We will only use this for the specific purposes for which the data is provided by you.

This is how we will collect your personal data and why:

(i) Website users and those who contact us
We will use information collected about how people interact with and use our website and its features in order to improve our website and customise the experience as appropriate. We may use cookies to assist with this – more information on cookies is provided below.

If you contact us, we will use the information provided in order to respond and deal with your enquiry, including to provide information requested by you. We may also keep a record of your requests to inform any future communication and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you or to pursue our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience and communications with us.

(ii) Customers and service users
We will use your personal data:
 

• In the course of our business acceptance procedures to manage, administer and improve our provision of services to clients and to administer any service or support which you have requested, based on your consent given at the time of request or as necessary to prepare for and perform a contact entered into with you.
• To protect our business and you from fraud and other illegal activities and meet our know-your-client and anti-money laundering compliance obligations. This includes using your personal data to perform legal checks and maintain, update and safeguard our dealings with you. We will do this in order to comply with our legal obligations or otherwise as part of our legitimate interests.
• To process payments and to prevent fraudulent transactions. We do this on the basis of performance of a contract or for our legitimate business interests. This also helps to protect our clients from fraud.
• If we discover any criminal activity or alleged criminal activity. We aim to protect the individuals we interact with from criminal activities.
• To keep you informed by post, email and telephone about relevant services, events etc. that you may be interested in. Of course, you are free to opt out of hearing from us by any of these channels at any time.
• To send you communications required by law or which are necessary to inform you about the services we provide to you. These messages will not include any promotional content and do not require prior consent. If we do not use your personal data for these purposes, we would be unable to perform our contract with you and/or comply with our legal obligations.
• To develop, test and improve the systems and services we provide to you. We will do this on the basis of our legitimate business interests.
• To comply with our contractual or legal obligations to share data with law enforcement agencies and any third parties that we work with.

(iii) Service providers, partners and personnel
We will use your personal data:
 

• To satisfy ourselves regarding your status, finances, service performance etc. prior to entering into a contract or as part of our ongoing relationship management with you. We will do this on the basis of our legitimate business interests.
• To liaise with you regarding the products and services we work together to provide and to facilitate the provision of those products and services to us or our/your customers and to make or receive payments as per our contract arrangements. This is necessary for the performance of our contract.

(iv) Individuals whose personal data is provided by third parties, including those listed above
We will use your personal data on the same terms as above, depending on the reasons for which your personal data has been shared with us.

In all cases, we may also use personal data for the following purposes:
 

• Monitoring and recording communications - we may monitor and record communications with you (such as telephone conversations and emails) for the purpose of training, fraud prevention, and/or quality assurance. We may also retain copies of communications and details provided to us by you, for example support requests, account queries, complaints, for internal account management and auditing purposes. This is done on the basis of legitimate interests.
• Credit checking - we may do a credit check on you so that we can make credit decisions about you and members of your household/business; and to prevent and detect fraud and money laundering. Our search will be recorded on the files of the credit reference agency.
• Credit reporting - we may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. If you provide false or inaccurate information to us and we suspect fraud, we will record this.

Cookies are text files which are stored on your computer or other device when you visit our website. They allow us to distinguish you from other users of our website. This helps us to provide you with a positive experience when you browse our website and to improve our website.

Our website uses session cookies and persistent cookies. Session cookies are stored temporarily on your device whilst you browse our website and are deleted from your device when you finish browsing. Persistent cookies are stored on your device after you have finished browsing our website so that we can remember your preferences when you visit our website in the future. Persistent cookies will automatically be deleted from your device after 30 days.

We use Google Analytics, Yandex Metrics and Dotmailer cookies to provide us with information about how you use our website, which we use to help us to improve our website.

If you wish to restrict, block or delete the cookies which are set by our website and third parties, you can do this using your browser settings. If you set your browser preferences to block all cookies, you may not be able to access all or parts of our website. If you delete cookies relating to our website, including your cookie preferences, you will be treated as a first-time visitor the next time you visit our website.

To find out more about cookies visit All About Cookies (please note we cannot be responsible for the content of external websites) and read our Cookie Policy.

By using our website without changing your browser settings, you consent to our use of cookies as set out above.

We want to send you information that is most relevant to your interests at particular times. To help us form a better, overall understanding of you as a Burgess client, we combine your personal data gathered across Burgess as described above. For this purpose we may also combine the data that we collect directly from you with data that we obtain from third parties.

We know how much data security matters. With this in mind, we will treat your personal data with the utmost care and take all appropriate steps to protect it.

As Burgess has companies in various jurisdictions, personal data may be transferred internationally. For specific business functions, such as information management and compliance, personal data is held and processed by Nigel Burgess Ltd in the United Kingdom on behalf of the Burgess group as a whole. Even so, personal data will also be held and processed locally by the Burgess company/ies that you deal with, depending on your location and the location of provision of goods and services.

This means that we will typically need to transfer your personal data to locations outside the jurisdiction in which you provide it, in order to use it on the bases set out above.

If you reside in the UK, your personal data may routinely be shared with our businesses and stored in the European Economic Area. This is permitted under the UK GDPR as the European Union is recognised by the UK Government as providing adequate safeguards for personal data.

If you reside in the European Economic Area, your personal data may routinely be shared with our UK business and stored in the UK. This is permitted under the GDPR as the UK is recognised by the European Commission as providing adequate safeguards for personal data.

UK and EU data subject information may also be transferred and processed outside of the UK/EEA. We will only do this subject to appropriate safeguards that comply with the GDPR and/or UK GDPR. More information regarding our sharing of personal data is set out below.

If you are based outside of the UK/EEA, you may have local data protection rights, which we will comply with as applicable to our processing of your personal data. We may supplement this privacy policy with additional notices and information where required by those local rights, including as set out in the Annexes to this privacy policy.

We have in place technical and organizational measures to protect the personal information we collect about you from unauthorised, improper or unlawful access, use, disclosure, alteration or destruction consistent with applicable data protection laws. We secure access to all transactional areas of our websites using ‘https’ technology.

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. We will delete your personal data from our systems unless we believe in good faith that we need to retain some information to place you on a ‘do not contact’ list or where the law or other regulation requires us to preserve it (for example, because of our obligations to tax or regulatory authorities).

As described above, we will routinely share information between the different Burgess companies, as necessary for us to provide our products and services or to meet our legitimate business interests. To facilitate this we have in place written agreements for the protection of your personal data, including the UK international data transfer agreement and/or the EU standard contractual clauses where necessary.

We may also share personal data with third parties as necessary to enable them to provide their products and/or services to us and/or to you. Here is the policy we apply to those organisations to keep your data safe and protect your privacy:
 

• We provide only the information they need to perform their specific services.
• They may only use your data for the exact purposes we specify in our contract with them. • We work closely with them to ensure that your privacy is respected and protected at all times.
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

We will have written agreements in place with these third parties to provide adequate safeguards for your personal data. Again, these will include the UK international data transfer agreement and/or the EU standard contractual clauses where necessary.

Examples of the kind of third parties we work with are:
 

• IT companies who support our website, app and other business systems and/or who host our systems and services and therefore store your personal data on our behalf.
• Operational companies such as delivery couriers, brokers, charter operators.
• Direct marketing companies who help us manage our electronic and printed communications with you.
• Data insight companies to ensure your details are up to date and accurate.
• Compliance service providers that perform checks on our behalf.

We may also share your personal data with third parties for their own purposes. We will only do this in very specific circumstances, for example:
 

• For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
• We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our clients into consideration.
• To a third party purchaser if we sell our business, in which case business information including customer and supplier contact information may be a transferred business asset.

For further information on how your personal data is shared with third parties, please contact us.

If you reside in the UK or EEA, you have the right to make a Data Subject Access Request (DSAR) and to request:
 

• Access to the personal data we hold about you and to find out how we process that personal data, free of charge in most cases.
• The correction of your personal data when incorrect, out of date or incomplete.
• The restriction on our processing of your personal data.
• That we stop using your personal data for direct marketing (either through specific channels, or all channels).
• That we stop any consent-based processing of your personal data after you withdraw that consent.

You can contact us to request to exercise these rights at any time.

You also have the right to lodge a complaint with the relevant supervisory body. For UK residents, this will be the Information Commissioner’s Office (ico.org.uk). For EEA residents, this will be Agencia Española de Protección de Datos (“AEPD”) in Spain. For Monegasque residents, this will be The Commission de Contrôle des Informations Nominatives (CCIN) (https://www.ccin.mc/en/ccin/) . We would request that you contact us prior to lodging a complaint with the supervisory body, to give us the opportunity to address your concerns.

If you live elsewhere, you may have other rights. Please contact us if you would like to exercise those rights.

Right to erasure
In certain situations, you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). If we choose not to action your request we will explain to you the reasons for our refusal. Generally, we will only disagree with you if certain limited exemptions apply.

If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. Please see below for more information on how to do this.

Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

There are several ways you can stop direct marketing communications from us:
 

• Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular team within Burgess.
• In our apps, you can manage your preferences and opt out from one or all of the different push notifications by selecting or deselecting the relevant options in the ‘Manage Notifications’ section.
• Email the Data Protection Officer by clicking here.
• Or write to us at: The Data Protection Officer, Nigel Burgess Ltd, Cunard House, 15 Regent Street, St James’s, London SW1Y 4LR

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling +44 (0)303 123 1113 or visit the website of the Information Commissioner's Office (please note we cannot be responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found below.

Where this privacy policy is available in a language other than English, then in case of any dispute about its meaning, the English version will take precedence.

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Sometimes we will need to transfer your personal data between countries to enable us to supply services you have requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK, EU or elsewhere.

By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.

This may occur because our information technology storage facilities and servers are located outside your country of residence and could include storage of your personal data on servers in the UK, EU or elsewhere.

We will ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that is not set out in this privacy policy. We will also make sure we adequately protect the confidentiality and privacy of your personal data.

We will ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.

We hope this privacy policy has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that have not been covered, please contact our Data Protection Officer who will be pleased to help you:
 

• Email the Data Protection Officer by clicking here.
• Or write to us at: The Data Protection Officer, Nigel Burgess Ltd, Cunard House, 15 Regent Street, St James’s, London SW1Y 4LR

This Annex to the Privacy Policy explains how we use any data we obtain from you in connection with yacht crew recruitment and related employment activities, how we store it and how we keep it safe.

We have listed below various ways in which we may use and process your personal data for recruitment and employment purposes, where appropriate and in accordance with any local laws and requirements. Please note that this list is not exhaustive.
 

• Collecting your data from you and from other sources, such as crew agencies and Linkedin;
• Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;
• Providing you with our recruitment services and to facilitate the recruitment process; 
• ssessing data about you against vacancies which we think may be suitable for you;
• Sending your information to clients, in order to apply for jobs or to assess your eligibility for jobs;
• Enabling you to submit your CV or apply online for roles we think may be of interest to you;
• Carrying out our obligations arising from any contracts entered into between you and us;
• Carrying out our obligations arising from any contracts entered into between Burgess and third parties in relation to your employment;
• Facilitating payroll and invoicing processes;
• Carrying out customer satisfaction surveys;
• Verifying details you have provided, using third party resources (such as psychometric evaluations or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws);
• Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties;
• Processing your data to enable us to send you targeted, relevant communications which we think will be of interest to you; • Carrying out appropriate reference checks to assess suitability for job roles;
• Carrying out our obligations for the operation of the vessel by supplying information to third parties as required, such as flight bookings, visa and immigration purposes.

We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests (see section 3 above). In certain circumstances you have the right to object (see section 12 above).

Equal opportunities monitoring and other sensitive personal data
 

• We are committed to ensuring that our crew recruitment processes are aligned with our approach to equal opportunities. Some of the data we may (in appropriate circumstances and in accordance with local law and requirements) collect about you comes under the umbrella of “diversity information”. This could be information about your ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/ or social-economic background. Where appropriate and in accordance with local laws and requirements, we will use this information on an anonymised basis to monitor our compliance with our equal opportunities policy. We may also disclose this (suitably anonymised where relevant) data to clients where this is contractually required or the Client specifically requests such information to enable them to comply with their own employment processes.
• This information is what is called “sensitive” personal information and slightly stricter data protection rules apply to it. We therefore need to obtain your explicit consent before we can use it. We will ask for your consent by offering you an opt-in. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information.
• We may collect other sensitive personal data about you, such as health-related information, religious affiliation, or details of any criminal convictions if this is appropriate in accordance with local laws and is required for a role that you are interested in applying for. We will never do this without your explicit consent. Please note that in certain jurisdictions in which we operate, different rules apply to this sensitive data.
• If you are not happy about this, you have the right to withdraw your consent at any time (see section 14 above).

Where applicable, we will comply with the requirements of the Personal Information Protection Law of the People’s Republic of China (“PIPL”) and other relevant Chinese laws and regulations.

We will process your personal data in accordance with the principles of legality, legitimacy, necessity, and good faith. We will obtain your consent before processing your personal data, where required, including for direct marketing purposes and where processing sensitive personal data.

If we process your personal information beyond the scope described in this privacy policy, we will separately explain the purpose, method, and scope of such processing to you, and obtain your consent again if required.

You agree that we may process your personal data outside the need to obtain your authority or consent where (i) it is necessary for the conclusion or performance of a contract to which you are a party, or for the implementation of human resources management in accordance with applicable labour rules and regulations; (ii) it is necessary for the performance of statutory duties or obligations; (iii) it is necessary for the response to a public health emergency or for the protection of the life, health and property safety of a natural person; (iv) it is necessary to process such personal data or other personal data that has been legally disclosed within a reasonable scope in accordance with the law; and/or (v) other circumstances prescribed by law and administrative regulations apply.

Our sharing of personal data with third parties is as set out above in our privacy policy.

Your personal data will be stored outside of the People’s Republic of China, and may be transferred to different entities and territories as described above. We will take necessary measures required by applicable law to ensure that your personal data is adequately protected at all times.

Under the PIPL, you have the following rights:
 

• Right to be informed: You have the right to know the processing of your personal data. In addition, you have the right to ask us to explain this privacy policy and the rules governing our processing of personal information.
• Right to access and copy: You can request access to your personal data or obtain a copy of your personal data.
• Right to correct and supplement: You can request that we to make corrections or supplements where you find that your personal data is inaccurate or incomplete.
• Right to delete: You can request the deletion of your personal data in certain circumstances (for example if you withdraw your consent, or the purpose of personal data processing has been achieved, it is impossible to achieve such purpose, or it is no longer necessary to achieve such purpose;)
• Right to transfer: You can transfer your personal data to another processor designated by you when it meets the conditions stipulated by the authorities.
• Right to make decisions, restrict and refuse: You can make decisions on the processing of your personal data and restrict or refuse that we process your personal data.
• Right to withdraw your consent: Where our processing of your personal data relies on your consent, you can withdraw your consent at any time. After you withdraw your consent, we will not process the relevant personal data, and cannot provide you with the corresponding services as a result. Withdrawal of consent will not affect the previous personal data processing whilst your consent was valid.

You can exercise these rights by contacting us via the details provided above. We may require you to provide information to enable us to verify your identity before we respond to your request. There are exemptions to the exercise of these rights and we will let you know if we intend to rely on any exemptions.

For the purposes of the California Consumer Privacy Act (“CCPA”), the types of personal data that we collect are as described in the other sections of this privacy policy. In the twelve months preceding the effective date of this privacy policy, we have not sold your personal data to any third party, though we do use standard analytics and tracking tools provided by third parties (see the ‘Cookies’ section for more information).

Subject to certain limitations, you have the right to (i) request more information about the categories and specific pieces of personal data that we collect, use and disclose; (ii) request deletion of your personal data; (iii) opt out of any “sales” of your personal data that may be occurring; and (iv) not be discriminated against for exercising any of these rights.

You can exercise these rights by contacting us via the details provided above. We may require you to provide information to enable us to verify your identity before we respond to your request.


This notice was last updated on 30/05/2024.