Version / Last update: September 2018
Who are we?
We are Sea Ventures. We respect your privacy. We comply with the Dutch Data Protection Act/Wet Bescherming Persoonsgegevens (hereafter: the DDPA) and the Data Protection Directive 95/46/EC (hereafter: the DPD). We also comply with the new General Data Protection Regulation (hereafter: the GDPR), which will be the replacement of this legislation from May 2018. All aforementioned legislation will hereafter be referred to as “the Relevant Legislation”.
What is this?
What is personal data?
Are you younger than sixteen years?
If you are younger than sixteen years, you cannot use our Website or services.
We act as Data Processor and Data Controller
We collect and process most personal data on behalf of the users of our Website and App (“Users”). Our Users determine the purpose and means of this processing of personal data, which means they act as Data Controller within the meaning of the Relevant Legislation. We process this data strictly in accordance with the instructions of our Users and we don’t process this data for our own purposes. In this respect, we act as “Data Processor” within the meaning of the Relevant Legislation.
Apart from the processing of personal data on behalf of our Users, we do collect and process some personal data for our own purposes. In this respect, we act as “Data Controller” ourselves within the meaning of the Relevant Legislation.
Which personal data do we process?
As Data Controller, we collect and process the following personal data:
- Contact information of our Users, e.g. [names, postal address, e-mail addresses and phone numbers];
- Login credentials of our User’s accounts;
As Data Processor, we collect and process the following personal on behalf of our Users:
- Job title, Profile pictures,
- Email circulars that are forwarded to Seabo
We may also process non-personal data whenever you interact with our Website or App. This data may include your browser name, the type of your computer and technical information about your means to connect to our Website and App (such as the operating system and the utilized internet service providers). To provide the services on our Website and App, we also ask for (parts of) the following data:
- Information about your vessel, e.g. name, type, next open port and open dates;
- Information about your cargo, e.g. type, size, duration, commodity and loading and discharge port;
How do we use the personal data?
We use abovementioned personal data we process as Data Controller for the purposes described below:
- To verify your identity to access your account;
- To contact you, to inform you about our products and services and to execute our agreement;
- To improve communication between different parties in the vessel industry;
As Data Processor, we process the personal data on behalf of our Users solely to provide our services on the Website and App to them.
How long will we keep the personal data?
The personal data for which we are the Data Controller will be deleted if they are no longer necessary for the fulfilment of the purposes mentioned above or are inaccurate. In no event will the personal data be kept longer than five years after the date on which the data have been updated for the last time, unless we are legally obliged to keep the data for a longer period.
The personal data collected by us as Data Processor, on behalf of our Users, will be retained as long as the User uses our Website and App and uses the personal data in that context. If the User stops using the Website and App by cancelling its account, we will keep the data for another period of 90 days – so the User can retrieve its data if requested. After this period, we will delete or destroy all personal and copies thereof, unless we are legally obliged to keep the data for a longer period.
Who do we share your personal data with?
On behalf of our Users, we only process the personal data based on their instructions. We will never share these personal data with anyone, unless our Users tell us to do so.
It is however possible that we use “Sub Data Processors” (with permission of our Users), for example the storage of the data and the hosting of the website. These Sub Data Processors must strictly follow our instructions and the instructions of our Users. Therefore, they will not use personal data for their own purposes. In addition to such storage and hosting providers, we use certain tools to provide our services to our clients. We make sure all of our Sub Data Processors comply with the relevant privacy legislation.
We use Data Processors for the processing of personal data for our own purposes as well.
The (Sub) Data Processors we may use for the processing as Data Controller or, with permission of our Users, as Data Processor are: Amazon Web Services, Rackspace.
Besides the above, we will not share your data with third parties – unless we are legally obliged to do so.
(No) Export of data outside the European Union
We may transfer the personal data outside the EU, if our Users ask us to do so or if one of our (Sub) Data Processors is located outside the EU. In case we transfer data outside the EU, the Data will only be transferred to countries who provide an adequate level of protection that meets the EU-standards. For example, we will verify if that organization is a Privacy Shield Participant or is listed as third country whose level of protection is approved by the European Commission¹. The transfer of data outside the EU will always comply with the Relevant Legislation (such as article 76 section 1 of the DDPA and - from 25 May 2018 - chapter 5 of the GDPR).
Generic aggregated (non-personal) data
We may convert personal data into non-personal data and aggregate it with information collected from other Users. In such case the data will be fully and irreversibly anonymized: they will no longer contain personal data. We use this data to improve the Website and App. We also may share such generic aggregated data with our business partners for industry analysis, demographic profiling, improvement of our services and other purposes.
How do we protect your personal data?
We work hard to protect your personal data from unauthorized or unlawful access, alteration, disclosure, use or destruction. We take the following security measures regarding your personal data:
- We secure our network connection with Secure Socket Layer (SSL) technology;
- We restrict access to the data to employees who have been designated as administrator;
- Our cloud services data is encrypted using Transport Later Security (TLS), Our implementation uses strong ciphers and key-lengths by default.
- We perform internal and external application security testing
We may use the following types of cookies on our Website and App:
Functional cookies: these are cookies that are essential for the operation of our Website and App. They enable you to move around our Website and use our features.
Analytical: we use these cookies to track visitor statistics. We use these statistics to continuously improve the Website and App, and thus offer you relevant content. These cookies also allow us to recognize and count the number of visitors and to see how visitors navigate when they’re using our Website and App. This helps us to improve user navigation and to ensure users to find what they need more easily.
You can change your cookie settings in your browser, if you don’t want cookies to be sent to your device. Please note that some features or services of our Website and App may not function properly without cookies.
Your rights and who to contact
As specified in and under the conditions of the Relevant Legislation, you have the right to tell (us) if you:
- would like to view and/or a copy of the personal which are processed by us as Data Controller about you, where they are being processed, who is receiving them, how long they will be saved by us and for what purpose;
- would like us to correct, update, shield or delete your personal data or restrict the processing therefrom in our records;
- wish to report any misuse of your personal data;
- have an objection against any processing of your personal data by us;
- think we are processing your personal data unlawfully. In this respect, you can file a complaint with the Dutch Data Protection Authority;
If you have any questions, comments or concerns about how we handle personal data, please contact us at [firstname.lastname@example.org ]. We will respond to such a request within 30 days of receipt by us.
¹ The European Commission has made a list of third countries whose level of protection is approved by the European Commission. Data transfers to the U.S. are considered adequate when based on the EU-U.S. Privacy Shield. The EU-U.S. Privacy Shield is an agreement between the U.S. Department of Economic Affairs and the European Commission on the exchange of personal data between companies in the EU and the U.S. The Privacy Shield has been in force since 1 August 2016. The Privacy Shield List enables European companies to verify whether data can be transferred to an U.S.-based company under the framework.