IMPORTANT: SEAROC IS PRIORITISING SECURITY WITH SOC2 TYPE II CERTIFICATION

Privacy Concept. Blue Button with Padlock Icon on Modern Computer Keyboard. 3D Render.

Last updated: Mar 27, 2023

Data privacy is important. Please read this carefully.

We respect your privacy. This Privacy Policy explains our privacy practices and how we handle the information we process. When you use SeaRoc Group Ltd. websites, services, applications, and documentation, you are agreeing to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as described in this Privacy Policy.

If you have feedback or suggestions on our Privacy Policy, please email us at dpo@searoc.com

THIS PRIVACY POLICY

This Privacy Policy (together with our SaaS Agreement and / or our terms and conditions of use) applies to your use of our Service or mobile application software (“Apps”) once you have downloaded or streamed a copy of the App onto your computer, mobile telephone or handheld device (“Device”).

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

ABOUT US

The Service and Apps areprovided by SeaRoc Group Limited (company no. 06416555) ("SeaRoc", "we", "our", or "us"). Our registered office is at Hanover House, Queen Charlotte Street, Bristol, England, UK, BS1 4EX.

We are registered as a data controller with the Information Commissioner’s Office under data protection registration number ZA033014.

SeaRoc is a wholly-owned subsidiary of Vela Software Group, an operating group of Constellation Software Inc., a company incorporated in Canada and listed on the Toronto Stock Exchange.

The SeaRoc Group is made up of different legal entities, including SeaRoc and SeaPlanner. When we mention "SeaRoc", we are referring to the relevant company in the SeaRoc Group responsible for processing your data.

PERSONAL INFORMATION WE COLLECT ABOUT YOU

We will collect and process the following data about you:

Your contact information. This is information you provide when you register to use the Service or Apps (including first name, last name, username or similar identifier, email address and telephone number, photo).

Information you give us. It includes information when you report a problem with an App, or our services or by corresponding with us (for example, by email or chat). If you contact us, we will keep a record of that correspondence.

Device data. Each time you use our Service or Apps we will automatically collect personal data about your device including the type of mobile device you use, [a unique device identifier (for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting. We collect this data with your consent.

Location Data. We also use GPS technology to determine your current and historical locations. Some of our location-enabled Services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.

Information we receive from other sources: including from the organisation of which you are an employee, contractor or are otherwise associated which is our customer.

We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalised experience regardless of how you interact with us.

We will indicate to you where the provision of certain personal information is required in order for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested.

SEAROC AS DATA PROCESSOR

We collect and process personal information on behalf of our customers in the provision of our services. In these circumstances, SeaRoc is acting as a data processor and our customer remains the data controller in respect of personal information they provide to us.

This information may include “special categories” of personal data about you (this includes details about your race or ethnicity, information about your health, and genetic and biometric data).

This information includes:

  • Medication
  • Blood Type
  • Medical Conditions
  • Vaccinations (via certificates)

Where we process special categories of personal data about you, we only do so as processor on behalf of the organisation of which you are an employee, contractor or are otherwise associated which is our customer. As such, that organisation is responsible under data protection laws for ensuring that there is a legal basis for transferring the personal information to us and for our processing the personal information on their behalf.

To the extent that we are acting as data processor, we will process such personal information in accordance with our customer’s instructions and any agreement in place with our customer. SeaRoc will only use such personal information for the purposes of providing the services for which our customer has engaged us.

Our customer is responsible for ensuring that the privacy of individuals whose personal information they are processing is respected, including communicating to these individuals in their own privacy policies with whom the individual’s personal information is being shared and by whom it is being processed.

As a data processor, SeaRoc may share personal information where instructed by our customers (the data controller). We will refer any request from an individual for access to personal information which we hold about them to our customer. SeaRoc will not respond directly to the request.

SeaRoc will retain personal information which we process on behalf of our customers for as long as needed to provide services to our customer and in accordance with any agreement in place with our customer.

HOW WE USE YOUR PERSONAL INFORMATION

We may use some of your personal data for our own purposes, in which case we are responsible as controller.

Where we process your personal information as controller, under data protection law, we can only use your personal information if we have a proper reason, eg:

  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • or our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The table below explains what we use your personal information for and why.

How you can withdraw consent

Where you have provided consent, you may change your mind and withdraw consent at any time by contacting us as below, but that will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you do not consent as above, then you will not be able to download, install and use (or continue to use) our Service or Apps

ANONYMOUS DATA

We may anonymise and aggregate any of the personal information we collect about you (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving our Services and developing new products and features. We may also share such anonymised information with others.

HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT

We will store the personal information we collect about you for no longer than necessary and in accordance with our legal and contractual obligations and legitimate business interests.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.

We retain personal information for up six (6) years after we cease providing services to you where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.

RECIPIENTS OF PERSONAL INFORMATION

We share your personal information with the following categories of recipients (as required in accordance with the uses set out above):

  • Service providers: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, CRM, web hosting, or website analytics services.
  • Professional advisors: we may share your personal information with our lawyers, accountants, insurers and other professional advisors to the extent we need to (for example, to defend ourselves against legal claims).
  • Business partners: we may share your personal information (such as contact details) with our business partners where this is necessary in the normal course of our business.
  • Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
  • Law enforcement agencies: including courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations
  • Other members of our group: we may share your personal information with our affiliates (for example, where they provide services on our behalf) or where such sharing is otherwise necessary in accordance with the uses set out above.

We will take steps to protect your personal information where we need to share it with others. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

KEEPING YOUR PERSONAL INFORMATION SECURE

We implement appropriate technical and organisational measures, including encryption, to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers. We will never send you unsolicited emails or contact you by phone requesting your account ID or password.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION

We do not transfer your personal information outside of the UK save that where we share your personal information with our group companies, your personal information will be transferred to and stored in countries outside of the UK and European Economic Area (“EEA”) where our group members are located.

For example, we share personal data with:

  • our parent company, Vela Software Group, which is located in Canada;
  • our third party service providers which have operations in the USA, Japan, Taiwan, Korea and other non-UK/EEA countries.
Whenever we transfer your personal information out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
  • we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data (such as Canada);
  • otherwise, we will use international data transfer agreements approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the UK.

YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION

Where we process your personal information as controller, in accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  • Right of access. You have the right to obtain access to your personal information.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  • Right to object. You have a right to object to any processing based on our legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the “unsubscribe” link set out in any marketing communication you receive.
  • Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent.

Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy. You may also review and edit some of the personal information you have submitted to us by logging into your account on the Site.

COOKIES AND SIMILAR TECHNOLOGIES

A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our Site. We use cookies and similar technologies (such as web beacons, action tags, single-pixel gifs) on our Site. These help us recognise you and your device and store some information about your preferences or past actions.

Please refer to our Cookies Policy for more information as to the way in which we use cookies on our Site.

LINKS TO THIRD PARTY SITES

Our Service and Apps may, from time to time, contain links and APIs to and from third party websites, including those of our business partners, advertisers, news publications and affiliates. If you follow a link to any of these websites, please note that these websites have their own terms and conditions and privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

COMPLAINTS

Where we process your personal information as controller, please contact us if you have any queries or concerns about our use of your personal information (see below ‘Contacting us’). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint to your national data protection authority. If you are in the UK, information on how to contact the Information Commissioner is available at www.ico.org.uk.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time and so you should review this page periodically. When we change this Privacy Policy in a material way, we will update the "last modified" date at the end of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.

NOTICE TO YOU

If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Site. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.

CONTACTING US

If you have any questions, comments and requests regarding this Privacy Policy, you can contact us: FAO Data Protection Officer

By email: dpo@searoc.com

By telephone: +44 1243 816606

 

This Privacy Policy was last modified on March 27, 2023.