We have a number of talks coming up about our expeditions, register for a talk by clicking here!

Privacy Policy

Last updated 8th April 2022. You can also find a pdf version of this document by clicking here.

1. Introduction

This document is intended to tell you what to expect with regards to all data which is collected, handled and processed by Operation Wallacea Ltd. This policy applies to all internal handling of data with regards to Operation Wallacea as a data controller, as well as all organisations to which that information is transmitted to as data processors. In this policy, “we”, “us” and “our” refer to Operation Wallacea Ltd, and the terms “expedition” or “the field” are used to refer to an overseas trip of a pre-defined length organised by Operation Wallacea with specifically agreed conservation, research or education focuses.

This policy exists to ensure that we comply with current data protection laws (in particular the European General Data Protection Regulation, GDPR), follow good practice, are protecting the rights of staff, customers and partners, and we are open about how data is stored and processed. It was designed to be easy to understand and is intended to be worded in clear and plain language.

The policy was prepared by previous systems manager Toby Farman and current systems manager Olivia Farman and approved by operations director Alex Tozer.

1.1. Friends of Wallacea

Friends of Wallacea is a wholly owned subsidiary of Operation Wallacea that began operation in 2020. From a data protection and privacy perspective, all Friends of Wallacea operations are identical to those listed in this document. As an organisation they utilize the same procedures on the same systems as Operation Wallacea – for example they use the Operation Wallacea CRM database and the associated web portal. As such, this document acts as the privacy policy for Friends of Wallacea as an Operation Wallacea subsidiary.

2. The Information We Collect and Store

2.1. Applicable Individuals

There are multiple types of individual that we collect data from.

  1. Website visitors
  2. Those that may be interested in an Operation Wallacea expedition as a client, hereafter referred to as “Potential Clients.”
  3. Those that may be interested in an Operation Wallacea expedition as a staff member, hereafter referred to as “Potential Staff.”
  4. Those that are participants in an Operation Wallacea expedition, hereafter referred to as “Participants.” This type includes field staff members.
  5. Those that are acting as a parent, guardian, emergency contact, are listed as a physician on a PADI/SSI form, or are the university supervisor of a participant joining an Operation Wallacea expedition, hereafter referred to as “Other Contacts.”

Information collected from each of type of individual is collected, handled and processed in different ways. Each given individual can also fall into multiple categories dependant on the nature of their interaction with us.

2.2. Requirements for Participants

All participants that are taking part in an Operation Wallacea expedition are required to provide all the information listed in section 2.6 as part of their booking. This is primarily a health and safety requirement but further detail on why we need that specific data can be found in section 5.2.

2.3. Information Collected from All Website Visitors

Operation Wallacea uses Google Analytics to track website usage, and this is done through the utilization of cookies. Data collected via google analytics includes IP address, operating system version, device type, system and performance information, browser type, information on which web pages you visit, click on, how you arrived at the website (via referral or search query) and other such log information.

Cookies can be deleted or disabled via your browser settings.

2.4. Information Collected from Potential Clients

  • Name
  • Email address
  • Telephone numbers
  • If applicable, postal address
  • Details on current links with academic institutions or schools
  • If applicable, details of current university degree course
  • Details on interests for particular Operation Wallacea projects

2.5. Information Collected from Potential Staff

  • Name
  • Email address
  • Telephone numbers
  • Nationality
  • Gender
  • Application related information provided by the individual
  • Submitted CV/Resume

2.6. Information Collected from Participants

  • Name as displayed on passport
  • Email address
  • Postal Address/Billing Address
  • Telephone numbers
  • Date of Birth
  • Gender
  • Nationality
  • Passport number
  • Passport expiry date
  • Emergency contact information
  • Diet preferences
  • Medical information comprising of
    • Current medications
    • Current allergies
    • Severity of those allergies
    • Current medical conditions
    • Past medical conditions
    • Current psychiatric issues
    • Past psychiatric issues
  • If taking part in marine activities, participants must complete a form supplied by PADI that expands on the above medical information, and also includes
    • Name and address of primary physician
    • Contact number for primary physician
  • If completing a dissertation/thesis project
    • Name and email address of their university supervisor
    • Copy of completed dissertation/thesis
  • Details on current links with academic institutions or schools
  • If applicable, details of current university degree course
  • Details on interests for particular Operation Wallacea projects

2.7. Information Collected from Other Contacts

  • Name
  • Email address
  • Telephone numbers (for emergency contacts)

2.8. Financial Information

Operation Wallacea is PCI compliant. All online and phone payments are handled externally via Sagepay or Authorize.net.

We do not store card details or bank account details for potential clients, potential staff, other contacts or the majority of participants. The sole exception to this is for staff members to whom we are making payments, whose details are kept in a manner compliant with PCI recommendations.

3. How We Collect Information

3.1. Potential Clients

3.1.1. Potential Clients for a Research Assistant, Dissertation or Thesis Expedition

We collect information from potential clients through three methods;

  • Submission of an “Expression of Interest” form currently located at the following link: https://www.opwall.com/find-out-more/expression-of-interest/
  • Submission of a hard copy “Expression of Interest” form from an in-person meeting. Forms are destroyed when information has been transcribed to our client database. (See section 4)
  • Direct contact and request for more information from an Operation Wallacea staff member.

3.1.2. Potential Clients for Leading a School Expedition or Field Trip

Potential clients for leading a school expedition are primarily teachers/academics who may be interested in organising an expedition. Their information is collected via:

  • Submission of an “Expression of Interest” form located at the following link: https://www.opwall.com/find-out-more/express-an-interest-schools/
  • Information publicly available online (for example on schools’ websites)
  • Information provided by school secretaries/staff members.
  • Submission of a hard copy “Expression of Interest” form from an in-person meeting. Forms are destroyed when information has been transcribed to a database. (See section 4)
  • Direct contact and request for more information from an Operation Wallacea staff member.

3.1.3. Potential Clients for Joining a School Expedition

Potential clients for joining a school expedition or field trip are supplied to us by the school, organising academic, or group organiser.

3.2. Potential Staff

Potential staff members are asked to complete an application form through http://jobs.opwall.com

3.3. Participants

Information is collected from participants using an online portal located at https://portal.opwall.com

3.4. Other Contacts

Other contact information is collected in one of the following ways

3.4.1. Guardians

  • Submitted via the school alongside potential client information
  • Submitted by their own dependant on https://portal.opwall.com

3.4.2. Emergency Contacts

3.4.3. Physicians from PADI/SSI forms

3.4.4. University Supervisors

  • Submitted via participant, typically via email
4. How We Store and Secure Data

4.1. Client Database

The majority of the personal information Operation Wallacea has collected is kept on an online client database that was built and is maintained by Consilience Media (see also 6.4.5). As part of their contract they are required to implement industry best practice for securing the data electronically, and recommend security updates and changes to Operation Wallacea where appropriate.

Data collection of participants occurs through https://portal.opwall.com which is the client facing side of the client database.

4.2. Other Security Measures

Operation Wallacea has a data security policy that outlines all practices and precautions that must be implemented by staff in order to keep data safe. This includes items such as password policies, requirements for device encryption, procedures for securing data when on expeditions and local security measures for offices.

5. How We Use the Information Collected

5.1. Basis Under Which We Use Data

Under GDPR article six we are required to provide a lawful basis in order to process all personal data. The lawful basis under which we do that processing are as follows;

  • To fulfil our contractual responsibility to deliver services to our participants (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)
  • To comply with the legal requirement for invoicing within the UK (processing is necessary for compliance with a legal obligation to which the controller is subject)
  • To market to those who have requested information about our services (the data subject has given consent to the processing of his or her personal data for one or more specific purposes)
  • To pursue Operation Wallacea’s legitimate interests of improving service experience, ensuring adequate health and safety of all expedition participants. (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child)

5.1.1

Data may be used for training purposes for staff. See 7. Data Retention for more information on how long this data is stored.

5.2. Specific Data Types

5.2.1. Name

Name is how we identify individuals, and is required for numerous booking procedures relating to delivering expedition services. For example they are required to book flight tickets, hotel rooms and transfers.

5.2.2. Email Address, Telephone Numbers, Addresses

  • We use contact information to respond to inquiries, send information as part of providing an expedition, and pass on important pieces of information regarding a participants expedition.
  • We are required to have a valid address in order to issue invoices under UK law.
  • We may use that contact information to market to potential clients (this excludes potential staff and other contacts), and marketing can be opted out of at any time.
  • All participants of an expedition, upon completion of that expedition, are offered the chance to join an email newsletter in order to keep them up to date with Operation Wallacea.

5.2.3. Date of Birth

We need date of birth as our programs are not suitable, or may require modification, for certain age groups. Provisions may also need to be made for consent or supervision.

5.2.4. Nationality, Passport Number, Passport Expiry Date

Nationality, passport number and passport expiry date may be required at numerous different levels of expedition preparation. This can include, but is not limited to – booking flights, booking hotel rooms, permit applications.

We also use it to advise on visa or other immigration related items.

5.2.5. Gender

We require gender in order to do rooming allocations.

5.2.6. Emergency Contact Information

We hold emergency contact information if there is a need to contact someone with regards to an issue or incident that may have impacted an individual on expedition.

5.2.7. Diet Preferences

We require diet information in order to ensure that all dietary needs are met for each participant.

5.2.8. Medical Information

Medical information is counted as a special category under article nine of the GDPR, and as such we are required to ensure we have an additional lawful basis for collecting and processing that data.

“the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;”

We ask for specific consent in order to process the medical information of our participants, however it is required that all of our participants complete this information and we cannot bring those who do not submit medical information on an expedition. (See 2.2)

Specific types of medical information required are as follows, as well as the guidance included on https://portal.opwall.com when the participant is completing it and the reasoning behind requesting that information.

5.2.8.1. Current Medications

“If you are taking any medication please list those, including dosage information and the condition it is used to treat. Please also include any medications you carry but do not regularly take, for example epi-pens or inhalers.”

Current medication, or recently taken medication, is a primary piece of information requested by medics or doctors in emergency situations, particularly if the individual is incapacitated or cannot respond verbally.

5.2.8.2. Current Allergies, and Severity of Those Allergies

“If you have any drug or environmental allergies please indicate their nature.”

“If you’ve listed allergies above please describe the severity of the reaction, and whether you carry an epi-pen in the case of severe allergies, when your last reaction was, and the regularity of the reaction.”

We need to be able to ensure that we are not putting people at risk from the expedition environment, and use this question to ensure that we can remove or mitigate the risk of a potential allergic reaction, particularly severe ones. In certain instances, this can also impact expedition procedure – for example determining the location of available adrenaline/epi-pens.

Drug allergies (for example for antibiotics or anaesthetics) is also information that has to be passed on to medics or doctors in emergency situations, particularly if the individual is incapacitated or cannot respond verbally.

5.2.8.3. Current Medical Conditions

“Please list anything you regularly see a doctor for, is reoccurring, requires ongoing treatment, or any physical impairments. Please also include in this field any other medically related items that may impact your expedition, e.g. pregnancy.”

This is used to give us a general overview of individual health. There are numerous potential conditions that may impact a participant’s safety on expedition, some of which may not be immediately apparent to those that haven’t been to the expedition location.

Current medical conditions is also information that has to be passed on to medics or doctors in emergency situations, particularly if the individual is incapacitated or cannot respond verbally.

Knowledge of current conditions may impact diagnosis of any potential problems.

5.2.8.4. Past Medical Conditions

“Anything you’ve regularly seen a doctor for in the past.”

It is possible that medical conditions may re-occur in an expedition environment, and in an emergency this information may be requested by medics or doctors.

5.2.8.1. Current Psychiatric Issues / Past Psychiatric Issues

“Please include any effect these have on your daily life and any triggers where applicable.”
“Please include length of time since recovery and how/if you received treatment.”

Operation Wallacea expeditions, by design, take place in environments that are frequently challenging both physically and mentally. Understanding participants’ mental health statuses may impact our medical and operational preparations, and allow us to inform our participants about any potential issues they may themselves have on site.

5.2.9. CV or Resume

Potential staff members are asked to submit a CV or Resume in order to determine their suitability for a job role. These are occasionally, albeit infrequently, given to in-country partners if the role is being recruit for by both Operation Wallacea and the partner.

6. Information That We Share

6.1. Permanent Staff Members

Operation Wallacea is based within the UK, but has a number of contracted staff members located in other countries that primarily market internationally. Most prominently this does include offices based in the United States and Canada. Those staff members have access to the client database, which is used to store all information on all categories of individual. The database itself is hosted within the UK (see section 4 and 6.4.5)

All our permanent staff members, regardless of location, are required as part of their employment to adhere to a centrally distributed data security policy regardless of the local laws in the country in which they’re based.

6.1.1. Country Managers

Each individual expedition is led by an Operation Wallacea staff member known as the “Country Manager” who has overall responsibility for that project and the health and safety of all participants. The country manager has received training on data protection and is responsible for ensuring that the guidelines placed down in the Operation Wallacea data security policy are adhered to on expedition.

6.2. Field and Temporary Staff Members

Due to the operating protocols of Operation Wallacea during expeditions, there are certain staff members that need to receive information that are not contracted to Operation Wallacea on a permanent basis. These individuals are typically recruited for a specific contract and due to the nature of their roles may have to receive personal information of participants.

These staff members are given information only pertinent to their role, but this may include sensitive items such as medical information. They are trained in data protection procedures and are contractually required to follow the data protection procedures laid out in Operation Wallacea’s data security policy.

The staff member responsible for the overall management of an expedition (Country Manager – see section 6.1.1) is required to ensure that the data given to these individuals is deleted upon the completion of their contract.

6.2.1. Camp or Site Managers

Camp/site managers are responsible for the wellbeing of all individuals within a specific location. They are only given information related to the individuals at that location, but this may include medical information to ensure on-site health and safety standards or the safety of a participant during an incident or emergency.

6.2.2. Medics
Expedition medics are given the details of all participants that they are responsible for during the duration of their contract. They are typically issued this information prior to the expedition in an anonymised format to allow them to prepare, or raise any medical concerns or queries about participants to the site management team. Once they reach site, they are given access to a non-anonymised version of the participants they share a location with.

6.2.3. Other Staff

All other on-site staff receive information that is only relevant to their potential job role.

For example:

  • Those responsible for food preparation will receive names, dietary requirements and where appropriate allergy information.
  • Those responsible for leading students in the field may be given names and limited health information if the site manager or medic determines that a specific participants medical history may put them at risk on a particular activity.

The determination of what is appropriate to pass on to which staff member is made by the country manager. (See 6.1.1)

6.3. Transfers of Data Outside the European Economic Area

The majority of our in-country partners are based in “third countries” that fall outside the European Economic Area. They are all contracted as data processors under article 26 of the GDPR and are required to adhere to the data processing and security described in section 6.2.

We do not transfer data to any organisation outside the European Economic Area that is not contracted as a data processor.

6.4. Data Processors

Data processors are organisations that we have contracted to perform a particular service or task for us. Those contractual obligations require that we pass them certain pieces of personal information, and as such we require that there are data protection and confidentiality provisions built into their contract.

Specifically, they are required to:

  • Only act on the written instructions of Operation Wallacea;
  • Ensure that people processing the data are subject to a duty of confidence;
  • Take appropriate measures to ensure the security of processing;
  • Only engage sub-processors with the prior consent of Operation Wallacea and under a written contract;
  • Assist Operation Wallacea in providing subject access and allowing data subjects to exercise their rights under the GDPR;
  • Assist Operation Wallacea in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
  • Delete or return all personal data to Operation Wallacea as requested at the end of the contract (as a minimum all personal data that is not legally required to keep should be deleted within 8 weeks of the individual’s expedition) and
  • Submit to audits and inspections, provide Operation Wallacea with whatever information it needs to ensure that they are both meeting their GDPR Article 28 obligations, and tell Operation Wallacea immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.

6.4.1. In-Country Partners

Each Operation Wallacea expedition has a local partner organisation based in the country in which the expedition takes place. The roles and responsibilities of those partners vary significantly from country to country. Some have only minimal involvement in project preparation, setup, and execution whereas others are involved in every single aspect of it.

For example, they are frequently required to book accommodation, arrange transfers, buy supplies (eg food) and where appropriate hire local people as assist the expedition as cooks, guides and other ancillary staff members, among other items.

The only information passed over is that which is required for the in-country partner to complete their contract. This usually includes the following information collected via the Opwall Portal (https://portal.opwall.com)

  • Name as displayed on passport
  • Telephone number
  • Date of Birth
  • Gender
  • Nationality
  • Passport number
  • Passport expiry date
    Diet preferences
  • Details on current links with academic institutions or schools
  • Allergy Information (See 6.4.2.1)

6.4.2. Transference of Medical Information to In-Country Partners

As a sensitive category of data, medical information is excluded from transfer to in-country Partners in all but the following exceptions:

6.4.2.1. Allergy Information

To minimize the risk to our participants of encountering a potential allergic reaction we do ensure that allergy information is passed to local partners. This is used to ensure that, alongside dietary information, those that may be involved in food preparation are aware of potential risks to the students.

It also ensures the participant accommodations are aware of any environmental issues that the participant may have.

6.4.2.2. PADI/SSI Documentation and Marine Activities

The Professional Association of Dive Instructors (hereafter known to as PADI) are the qualifying body for dive professionals utilized by Operation Wallacea on the majority of expeditions. We, and our in-country partners, hire PADI qualified staff exclusively to run in-water marine activities for those sites.

The sole exception to that is the Madagascar expedition, where Scuba Schools International (hereafter known as SSI) staff members are hired by our partner dive centre.

The forms that are required by PADI/SSI are almost identical, with the medical form used by both organizations being put together by the UHMS (Undersea and Hyperbaric Medical Society).

Both organisations have a requirement that all people participating in an activity supervised by one of their professionals complete a medical form to ensure that they are safe to dive, and that form must be seen and inspected by that professional.

That medical form lists many conditions that may impact diving, and if the person completing it confirms they have that condition they are required to get the form signed by a doctor.

In addition, Operation Wallacea also utilizes more conservative measures for dive safety due to the remote nature of the expeditions. There are a number of additional sub-questions that we have entered into the form at the recommendation of diving doctors, and for certain answers we will require that the participant visit a dive specialist instead of a regular physician.

Those forms, as such, can contain medical information. As a number of our in-country partners are also contracted to provide diving activities, these documents have to be passed to the relevant dive professionals.

6.4.2.3. Acting as Camp Managers or Medics

In a small number of instances, the in-country partner will also take a position as on-site management for a camp or expedition, or will have staff that are acting as medics.

Within those roles they are responsible for the health and safety of all participants in their care, and as such need to receive the additional medical information submitted by the individual i.e.;

  • Current medications
  • Current medical conditions
  • Past medical conditions
  • Current psychiatric issues
  • Past psychiatric issues

While in a position where they are acting in a role as a camp manager or medic, the in-country partner is required to ensure that information is kept safe according to the Operation Wallacea data security policy.

6.4.3. Flight Providers

During the booking process participants are asked if they wish for their details to be passed on to a flight provider to simplify their travel procedures. This takes two potential forms that determines what information is transferred.

  • For school/field trip groups that are booking an expedition with Operation Wallacea as a package that includes flights. (Name, nationality, passport number and expiry, date of birth, gender, dietary requirements and allergy information, school attending).
  • For individuals that have opted into that contact during initial booking. (Name, date of birth, email address, phone number).

6.4.4. Insurers – Aviva

Operation Wallacea has an insurance policy in place with Aviva that covers all participants for the duration of their expedition. This insurance policy includes unlimited Overseas Medical and Travel Expenses, cover for Personal Property and Cancellation, Curtailment and Rearrangement cover for all participants

There is no data transferred to Aviva prior to an expedition barring the numbers of individuals undertaking it.

Data is only transferred to them in the instance of a claim, wherein only data relevant to that claim will be given to them. This may include, but is not limited to

  • Name
  • Contact Details
  • Address
  • In the case of travel expenses claims, travel and flight information.
  • In the case of medical claims, medical information submitted via the portal.

See https://www.opwall.com/resource/insurance/ for more details and policy documentation.

6.4.5. Consilience Media

Our client database, online portal (https://portal.opwall.com) and online finance system has been designed, developed and is currently maintained and administered by Consilience Media. (https://consil.co.uk/). They are also responsible for the security of the server against data breach.

Due to their administrative privileges they have full access to all information stored within the databases, including all personal data.

6.4.6. Accountants

Our accountants, Forrester Boyd, have access to all our financial records via our accounting software. This does include record of all invoices that have been issued by Operation Wallacea and customer information required in the creation of those invoices. This is limited to name and billing address.

6.5. Other

6.5.1. Mailchimp

Mailchimp is an online marketing platform that we use to create and distribute emails in the following circumstances;

  • Ex-participant newsletter. We maintain a newsletter for ex-participants that distributes updates about Operation Wallacea, updates about the Operation Wallacea expedition that they joined and potential job opportunities.
  • Marketing emails to potential clients. We periodically use mailchimp to send emails to those that have expressed an interest in joining an Operation Wallacea expedition.

Emails from Mailchimp can be opted out of at any time by clicking the “unsubscribe” link at the bottom of each. All those people who unsubscribe via mailchimp are also removed as a potential client from our databases. Details transferred to Mailchimp are restricted to name and email address.

Mailchimp’s own privacy details can be found here: https://mailchimp.com/legal/privacy/

7. Data Retention

7.1. By Operation Wallacea

We only hold information for as long as it is still being used for the purpose for which it was originally collected, unless there is a legal requirement that we retain that data for a longer period of time. For example, we are legally required to keep details regarding financial transactions for a period of up to six years, and we keep all data relating to the expedition services that we provide for six years after the expedition so that we can adequately respond to any civil or legal claims.

See also section 8.4. for how your right to erasure applies to this.

7.2. By Temporary and Field Staff Members

Individuals that receive personal data for a specific expedition (per 6.2) are required to delete that information upon the completion of that expedition/their contract. Country managers (see 6.1.1) are responsible for logging all data transfers to temporary staff members and utilizing that log to ensure that deletion takes place.

7.3. By Data Processors

All data processors (see 6.4) have the following clause built into their contracts:

“Delete or return all personal data to Operation Wallacea as requested at the end of the contract (as a minimum all personal data that is not legally required to keep should be deleted within 8 weeks of the individual’s expedition)”

8. Your Rights

Under the General Data Protection Regulation you have a number of legal rights with regards to your data.

8.1. The right to be informed

This document is intended to provide the basis of your right to be informed, including details on how we collect, use and process all the information that we collect, and the lawful basis under which we do so.

This includes:

  • The name and contact details of our organisation. (Section 8.6)
  • The purposes of the processing. (Section 5)
  • The lawful basis for the processing. (Section 5)
  • The categories of personal data obtained (Section 5.2)
  • The recipients or categories of recipients of the personal data. (Section 6)
  • The details of transfers of the personal data to any third countries or international organisations. (Section 6)
  • The retention periods for the personal data. (Section 7)
  • The rights available to individuals in respect of the processing. (Section 8)
  • The right to withdraw consent (Section 8)
  • The right to lodge a complaint with a supervisory authority. (Section 10)
  • The source of the personal data (if the personal data is not obtained from the individual it relates to). (Section 3)
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to). (Section 2.2)
  • Rights in relation to automated decision making and profiling. (Section 8)

8.2. The right of access and the right of portability

You have the right to obtain and access all personal data that we store about you, and to obtain and reuse data submitted to for your own purposes.

If you would like that information please contact dataprotection@opwall.com

All requests will be answered within a 30-day period and be provided free of charge, apart from requests that are manifestly unfounded, excessive or repetitive, which may infer a fee or allow us our right to refusal. You will retain the right to appeal to the supervisory authority if that is the case. (See section 10)

8.3. The right to rectification

You have the right to correct any inaccurate personal data that we hold about you. For the majority of data for participants, this can be most frequently done through the Opwall Portal (https://portal.opwall.com) but you can also request rectification by contact dataprotection@opwall.com

8.4. The right to erasure/right to be forgotten

You have the right to have all data that we hold on you erased, if there is not a legal requirement that we retain it.

We are required to hold onto information related to financial transactions for a period of six years, and are required to retain all information for those that have participated in an expedition for six years. You can still exercise the right for erasure if you attended an expedition within that period, unless you were involved in on-site treatment of medical issues, or an incident.

You can request erasure by contacting dataprotection@opwall.com

8.5. The right to object

You have the right to object to our processing of your data under certain specific circumstances. The only processing Operation Wallacea undertakes with regards to this right is direct marketing, and we will immediately cease direct marketing if you request that we do so.

You can do this by contacting dataprotection@opwall.com

8.6. The right to withdraw consent

You have the right to withdraw consent with regards to our use or processing of any of the data that we hold on you. However, certain items are required as part of a booking with us and if you were to remove consent you would be unable to join an expedition. Standard cancellation charges per our terms and conditions would apply.

8.7. Rights in relation to automated decision making and profiling.

This right relates to profiling or carrying out automated decision making with regards to your data. Operation Wallacea currently does not undertake any activities that involve this.

9. Contact Information

Our contact information is as follows:

Operation Wallacea Ltd
Wallace House
Old Bolingbroke
Lincolnshire
PE23 4EX
United Kingdom

All data protection enquiries can be sent to dataprotection@opwall.com
All other miscellaneous enquiries can be sent to info@opwall.com

We can be contacted via phone call on 0044 1790 763194 during UK office hours.

10. Lodging a Complaint

If you have a complaint about how we handle, or have handled your data, please contact us at dataprotection@opwall.com.

If you find our responses inadequate or unsatisfactory, if you are resident in the European Union you can contact your local data protection supervisory authority. As Operation Wallacea operates out of the United Kingdom, we operate under the remit of the UK Information Commissioners Office (ICO). You can find contact information for lodging a complaint on their website: https://ico.org.uk/

11. Changelog

21st May 2018 – Initial document created

13th November 2018 – Added changelog, added CV/Resume to specific data types (5.2.9) and transference to partner (6.4.1)

1st April 2019 – Madagascar site now uses SSI instead of PADI so references added where applicable and section 6.4.2.2 which specifically deals with the forms updated.

1st April 2019 – Insurance company changed, replacing Cover-More Group with Zurich Insurance Group. Notably this removes the transference of participant medical data as Zurich does not require it unless a claim is submitted. (6.4.4)

10th January 2020 – Insurance company changed, replacing Zurich Insurance Group with Aviva.

17th June 2020 – Addition of Friends of Wallacea section (1.1)

Wallace House, Old Bolingbroke, Spilsby, Lincolnshire PE23 4EX, UK
| +44 (0) 1790 763194 | info@opwall.com