scilly ferries

Harland & Wolff (Scilly Ferries) Ltd. is a new ferry service launching in Spring 2024 operating between Penzance and St Mary’s.

Latest Posts

The Shop, Quay House, The Bank, St Mary’s, Isles of Scilly, TR21 0HY

Follow us to follow our journey

Privacy Policy


Harland & Wolff (Scilly Ferries) Limited (“Scilly Ferries“, “we” or “us“) of Riverbank House, 2 Swan Lane, London EC4R 3TT, is committed to respecting and safeguarding the privacy of your personal data in accordance with data protection laws.

We use your personal data to provide our products and services to you. This Privacy Notice (“Notice“) describes what personal data we collect from you, how we handle your personal data and your rights as an individual when you use our products and services.


In order to offer you our products and services, we need to collect certain personal data about you (and any passenger on a ferry booking), which may include:

  • Identity information, such as name, gender and date of birth;
  • Contact details, such as your email address, address, and telephone number;
  • Payment information, including payment card details;
  • Information captured via CCTV (used on board our ferries and in our terminals), such as image, location and time stamps;
  • Information regarding any customer account, such as user name and password;
  • Information contained within ID documents, such as passports and drivers’ licence;
  • Information regarding membership of our Residents’ Club;
  • Your direct marketing and communication preferences;
  • Booking information, including the dates and times of travel;
  • Details of your interactions with us and our customer support team, such as emails or messages sent through our website or social media;
  • Details of any complaints, accidents or legal claims;
  • Exclusion lists (relating to passengers who are not permitted to travel);
  • Technical and usage information; and
  • Any other information you voluntarily provide to us.

We only collect and process limited personal data relating to children under the age of 16:

  • As part of a booking where they are one of the passengers, where that booking has been made by an adult;
  • If they are a member of our Residents’ Club (with parental consent); or
  • If they are involved in an accident whilst travelling with us.

Health data is a special category of personal data which by law requires additional protection. While we limit the circumstances in which we collect and process such information, we may do so when:

  • You notify us that you or another passenger has a medical condition or need (e.g. reduced mobility, an assistance dog, wheelchair access requirements); or
  • There has been an accident on board or at one of our terminals.

By providing any special category personal data, you explicitly agree that we may collect it and use it to provide our products and services to you.

You must ensure that you have the consent of any individuals whose personal data you provide to us and that you either remove their personal data from your accounts where you no longer have such consent or contact us so that we can help you to do so. You should also provide a copy of this Notice to such individuals.


We ensure that we have a lawful basis or bases for processing your personal data. We use your personal data on one or more of the following lawful bases:

  • It is necessary in our legitimate interests. We have a legitimate business interest in processing your data, e.g. to provide our products and services to you, to evaluate your Residents’ Club membership application, to analyse, manage, evaluate and improve our products and services, to deal with your queries and feedback. Where we rely on legitimate interests, we have balanced our rights against your interests and fundamental rights and determined that our legitimate interests are not overridden in those circumstances.
  • It is necessary to comply with a legal obligation. We collect and process some information about you to comply with our legal obligations and keep records as required by law.
  • It is necessary for the performance of a contract between you and us or to take steps at your request prior to entering into the contract, for e.g. we will need to process your personal data to fulfil a transaction with you to provide our products and services.
  • In rare cases, it may be necessary to process your personal data to protect your or another person’s vital interests (i.e. your life) (e.g. in emergency circumstances when communicating with first responders or medical professionals) or because it is necessary for the performance of a task in the public interest.
  • In limited circumstances, we may request your consent to process your personal data.

When we process special category personal data (e.g. health data), we have an additional lawful basis for that processing based on data protection law requirements. In the limited circumstances where we process such personal data:

  • We will request your explicit consent to do so.
  • It is necessary for the establishment, exercise or defence of legal claims.
  • The personal data is manifestly made public by you.
  • There may also be very rare occasions where we need to process this information to protect your or another person’s vital interests (i.e. your or the other person’s life) where you are physically or legally incapable of giving consent.


We use your personal data for the following purposes:

  • To provide and administer our products and services;
  • To process and manage payments;
  • To create and manage your customer account;
  • To manage the Residents Club and your membership of it;
  • To communicate news and promotions to you relating to our products and services, or other marketing or promotional activities, including via our newsletter;
  • To provide travel alerts;
  • To manage our relationship with you, including responding to your communications and providing customer support;
  • To manage any issues with our products or services;
  • To understand and respond to customer feedback;
  • To manage any disputes or claims, take legal advice and to comply with legal obligations;
  • To deal with any accidents or damage on our premises or our ferries;
  • To monitor for fraud and for the prevention or detection of crime;
  • For our internal business purposes, such as data analysis, audits, market research, and improving our products and services;
  • To manage the business generally, including dealing with insurers, auditors, lawyers and other professional advisers; and
  • To analyse by means of cookies and similar technologies (please see “Cookies” below for further information on this).


We will never disclose or share your personal data unless we have a lawful basis for doing so.

We may share personal data about you with:

  • Other companies in the Scilly Ferries group for our general business purposes or where services are shared between our group;
  • Charter parties;
  • Third party service providers and companies that provide services for us on our behalf, such as IT services providers, analytics providers, CRM providers and payment services providers;
  • Government departments and statutory and regulatory bodies, including data protection regulators and law enforcement, where lawfully permitted or required; and
  • Our professional advisers, such as accountants, law firms, auditors and insurers.


A cookie is a small file of letters and numbers that we will store on your browser or the hard drive of your computer. Cookies collect information about how you browse a website and allow the website to remember your preferences and tailor your experience of that website to best suit you. Our website uses cookies to provide you with the best experience when browsing. We also use cookies to collect information that allows us to improve our website and to provide you with advertising that is better suited to you and your interests. For more information, please see our Cookie Notice.


We rarely transfer personal data outside of the United Kingdom (“UK“). Where we do need to send personal data outside the UK, we either transfer to a country that has been deemed “adequate” for personal data transfers by the UK government (such as countries in the European Economic Area) or we put in place approved international data transfer contract clauses (such as the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses).

If you would like to receive more information on the safeguards that we implement, including copies of relevant data transfer contracts, please contact us as indicated below.


We take the security of the personal data we collect seriously. We have implemented and maintain technical and organisational security measures (as required by applicable data protection laws) to protect your personal data from accidental or unlawful destruction, damage, loss, alteration or unauthorised disclosure or access.

Unfortunately, the transmission of information over the internet or public communications networks can never be completely secure and we therefore cannot 100 percent guarantee the security of personal data that you provide to us online.


This Notice may contain links to third party websites. We are not responsible for the content of these other websites, and you should read the privacy notices provided by such websites.


We will keep your personal data only for as long as is necessary for the purposes outlined in this Notice, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is longer. We will only ever retain your personal data for a limited period of time.
To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, applicable legal requirements or operational retention needs and whether we can achieve those purposes through other means. In general, we will retain your personal data for a period no longer than 90 days, except:

  • When you create an account with us or are member of the Residents’ Club, in which case your personal data will be retained for as long as you have an account or are a member, and then for up to an additional 2 years for compliance and audit purposes; and
  • Personal data used to send you direct marketing will be retained for as long as we can lawfully market to you (e.g. until you opt out).

Upon expiry of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.


In accordance with data protection law, you have the following rights in relation to your personal data:

  • Right of access. If you ask us, we will confirm whether we are processing your personal data and, subject to certain conditions, we will provide you with a copy of that personal data along with certain other details such as the purpose(s) of the data processing.
  • Right to rectification. If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. Please help us to keep your personal data up to date by letting us know of any changes to your personal data (including changes to your contact details) as soon as possible.
  • Right to erasure. Subject to certain conditions, you may ask us to delete or remove your personal data, such as where we no longer need the personal data for the purposes for which it was collected or our legal basis for the processing is your consent and you withdraw consent.
  • Right to restrict processing. You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing.
  • Right to data portability. You have the right to obtain from us (or to have transferred to another controller) your personal data that we process by automated means on the basis of your consent or necessity for a contract with you. We will provide the personal data in a structured, commonly used and machine-readable format.
  • Right to object. You may object to our processing your personal data, and we will stop processing your personal data if (i) we are relying on a legitimate interest to process your personal data, unless we demonstrate compelling legitimate grounds for the processing or (ii) we are processing your personal data for direct marketing purposes.
  • Right to withdraw consent. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your personal data carried out before we received notice that you wished to withdraw your consent.


If you would like to contact our Data Protection Officer to make a request, exercise your data protection rights, lodge a complaint or for anything else relating to your personal data, you can do so in writing:


The Data Protection Officer
Harland & Wolff (Scilly Ferries) Limited
Riverbank House
2 Swan Lane

Please note that we may require additional information to verify your identity before we are able to respond to your request or respond to the exercise of your rights as set out above.

You have the right to complain to the Information Commissioner’s Office about our processing of your personal data. The ICO’s contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
Tel: 0303 123 1113


Any changes we may make to our Notice in the future will be posted to this website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Notice.

Last Updated: 5 February 2024

You don't have permission to register