Data Privacy Policy

OSC is committed fully to abiding by the General Data Protection Regulation (GDPR) (EU) 2016/689. To this effect, OSC will obtain, handle, process, store, and destroy personal information, as required under GDPR.

What data does OSC collect?

  • CCTV (around/inside any OSC Premises, including and not limited too workshops, offices, warehouse and vessels, for the purpose of keeping employees safe, and secure, to prevent crime, to prevent employee misconduct and for the health and safety of employees);
  • Personnel biometric forms (for the purpose of offshore work);
  • Personnel Documents (including and not limited to passports, driving licences, medical certificates for the purposes of offshore work); and, 
  • Personal contact information (including and not limited too email, phone number, and address)

OSC is committed to:

  • Ensuring we comply with the seven data protection principles;
  • Meeting our legal obligations as laid down by GDPR;
  • Processing personal data only in order to meet our operational needs or fulfil legal requirements;
  • Ensuring all staff have read and understood this policy document;
  • Providing adequate training for all staff responsible for personal data;
  • Only providing personal data to outside company’s if necessary for your legitimate interest, with explicit consent, and, or it is necessary for the performance of a contract;
  • Ensuring anyone handling personal data knows where to find further guidance;
  • Ensuring all staff contact the nominated Data Privacy Officer if in any doubt, and not to jeopardise individuals’ rights or risk a contravention of GDPR;
  • Ensuring that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly; and,
  • Regularly reviewing data protection procedures and guidelines within the organisation.

Following data protection principles, OSC ensures information is:

  1. Used fairly and lawfully;
  2. Used for limited, specifically stated purposes;
  3. Used in a way that is adequate, relevant, and not excessive;
  4. Accurate and, where necessary, kept up to date;
  5. Kept for no longer than is absolutely necessary;
  6. handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
  7. Not transferred outside the UK without adequate protection.

Who has access to Data and how long is stored?

  • CCTV: only top-tier management have access to encrypted hard-drives, upon quest individuals can request CCTV footage which has them in OSC has two months to deliver footage. CCTV will be passed onto police if a suspected criminal incident has arisen. CCTV is clearly advertised around all OSC premises, data is only stored as long as necessary; 
  • Personal data: only those who require your data under GDPR principles will have access. Your data is secured through our IT system, which works under a tiered access system. OSC will only distribute data to outside parties where essential, in full compliance to GDPR; and, 
  • Marketing: OSC will contact personnel through appropriate channels to notify about offshore work, and discuss thereafter those who no longer wish to receive this information can opt out, and their information will be deleted or returned to individual upon request. 

OSC can conduct system monitoring, which can include but is not limited to email screening, computer profile monitoring, and web history searches for the purpose of staff security and IT system security.

OSC recognises and understands the consequences of failure to comply with the requirements of GDPR

OSC’s is registered under the Information Commissioners Office (ICO) to ensure GDPR compliance for CCTV.

If you have any concerns in regards to OSC GDPR practices contact our designated 

GDPR officer: Sophie Cox 


Address: OSC, Spott Road, Dunbar, EH42 1RR


Dr Victoria Todd Director

Ian Todd Director 

Date: 05/02/2021