Privacy policy

Idwal Privacy Policy

 Last updated: 1st December

1.INTRODUCTION

Welcome to Idwal Marine Services Limited's privacy policy.

Idwal Marine Services Limited, registered in England and Wales under company number 07302506, respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal data, and informs you about your privacy rights under applicable data protection laws.

This website and our services are not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy notices we may provide when we collect or process personal data about you, so that you are fully aware of how and why we are using your data.

2. WHO WE ARE AND HOW TO CONTACT US

3. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, by sending you an email notification or posting a notice on our website or platform.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

4. THIRD-PARTY LINKS AND SERVICES

ur website and platform may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or practices.

When you leave our website or platform, we encourage you to read the privacy policy of every website you visit. 

5. THE PERSONAL DATA WE COLLECT

Personal data means any information about an individual from which that person can be identified. It does not include anonymized data where the identity has been removed.

We collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

• Identity Data includes first name, last name, maiden name, username or similar identifier, title, position, company role, nationality (for crew members), signatures (on certificates and documents) and Images (where individuals are identifiable in photographs).
• Contact Data includes billing address, delivery address, email address, telephone numbers, company name and business address.
• Financial Data includes bank account details, billing information and transaction history. Note: We do not store payment card details. Payment card information is processed directly by our payment processor (Stripe) and is not stored on our systems.
• Transaction Data includes details about payments to and from you, details of services you have purchased from us, Invoices, receipts and subscription information.
• Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and device information
• Profile Data includes username and password, purchases or orders made by you, your interests, preferences, and requirements, and feedback and survey response.
• Usage Data includes Information about how you use our website, platform, products, and services, such as pages visited, features used, time spent on pages and navigation paths.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not intentionally collect special categories of personal data (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, or genetic and biometric data).

However, we acknowledge that some ship documents may inadvertently contain special category data (for example nationality which may reveal ethnicity). Where such data is collected, it is incidental to our primary purposes and we apply appropriate safeguards.

We do not collect any information about criminal convictions and offences except where required by maritime regulations (such as crew security clearances visible on certificates).

6. HOW WE COLLECT YOUR PERSONAL DATA

We use different methods to collect personal data from and about you:

6.1 Direct Interactions

You may provide us with your personal data by:

• Creating an account on our platform
• Requesting our services (vessel inspections, reports, data access)
• Subscribing to our publications or newsletters
• Requesting marketing materials
• Entering a competition, promotion, or survey
• Providing feedback or contacting us
• Uploading documents, photographs, or information to our platform
• Filling in forms on our website or platform
• Corresponding with us by post, phone, email, or otherwise

6.2 Automated Technologies

As you interact with our website and platform, we automatically collect Technical Data and Usage Data through cookies and similar technologies. Please see our Cookie Policy for further details: https://www.idwalmarine.com/terms-and-conditions/cookie-policy

6.3 Third Parties

We may receive personal data about you from:

• Your employer or the company that engaged our services on your behalf

• Vessel owners, ship managers, or charterers who provide information as part of inspection services
• Port authorities, classification societies, or flag state administrations
• Publicly available sources (such as vessel registries, maritime databases)
• Business partners or service providers
• Analytics providers (such as Google Analytics, HotJar)
• Payment processors (such as Stripe)

6.4 User-Generated Content

When other users of our platform (such as vessel owners, ship managers, or inspectors) upload documents, photographs, or information containing your personal data, we process that data as described in this privacy policy. 

7. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of Contract: Where we need to perform a contract we are about to enter into or have entered into with you or your employer.
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Legal Obligation: Where we need to comply with a legal or regulatory obligation.
• Consent: Where you have given us specific consent to use your personal data for a particular purpose.

Note on Consent and Marketing: Generally, we do not rely on consent as a legal basis for processing your personal data, except in relation to sending you direct marketing communications via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at privacy@idwalmarine.com or using the unsubscribe link in our emails.

7.1 Purposes for Which We Use Your Personal Data

The table below describes the main purposes for which we use your personal data, the types of data involved, and the legal basis for processing:

7.2 Legitimate Interests

We have identified our legitimate interests as:

• Providing maritime inspection and data services

• Improving vessel safety and maritime compliance
• Developing analytical products and market intelligence
• Running our business efficiently and effectively
• Preventing fraud and ensuring security
• Communicating with customers about relevant services
• Improving our website, platform, and services

We always balance these interests against your fundamental rights and freedoms. We will not use your personal data where your interests override ours, unless we have your consent or are otherwise required or permitted by law.

7.3 Processing Personal Data from Uploaded Documents

Important Information:

When we process personal data obtained from documents uploaded to our platform (such as crew lists, certificates, or other maritime documents), we typically do so on behalf of the vessel owner, ship manager, or charterer who has engaged our services. In most cases:

• The vessel owner/manager is the data controller for personal data in documents they provide
• Idwal acts as a data processor on their behalf

However, when we use such data to create aggregated, anonymized analytics or market intelligence (where individuals cannot be identified), we may act as a data controller for that anonymized data.

Legal Basis for Processing:

• Performance of contract with the vessel owner/manager

• Legitimate interests in maritime safety and compliance
• Compliance with maritime regulations

Your Rights:
If your personal data appears in documents uploaded by others (such as crew lists or certificates), you have the same data protection rights as outlined in Section 11 below. To exercise your rights, please contact us at privacy@idwalmarine.com. We will coordinate with the relevant document provider to respond to your request.

7.4 Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

If you wish to understand how the processing for a new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

8. WHO WE SHARE YOUR PERSONAL DATA WITH

We may share your personal data with the following categories of recipients:

8.1 Service Providers and Third-Party Processors

We use trusted third-party service providers to help us operate our business and deliver our services. These providers process personal data on our behalf and are contractually obligated to keep your data secure and use it only for the purposes we specify.

Our main service providers include:

• Cloud Hosting and Infrastructure - Cloud service providers for platform hosting, data storage, and backup services.
• Analytics and User Experience - Platform analytics and operational tracking for user behavior analysis and website performance (e.g. Google Analytics).
• Marketing and Customer Relationship Management - CRM system, email marketing, website forms, marketing communications and social media advertising (e.g. LinkedIn and Twitter).
• Payment Processing - Secure payment processing and credit card transactions. Stripe processes and stores payment card details directly; we do not store card information on our systems.
• Business Operations - Cloud-based service providers for finance and accounting, collaboration and document management, project management, and business intelligence.
• Data Analytics - Cloud-based data warehouse and analytics infrastructure for business intelligence and service improvement.

8.2 Business Transfers

If we sell, merge, or reorganize any part of our business, we may transfer your personal data to the relevant third party (or their advisors) as part of that transaction. The new owners will be required to use your personal data in accordance with this privacy policy.

8.3 Legal Requirements

We may disclose your personal data to:

• Law enforcement agencies, regulators, or authorities if required by law

• Courts or tribunals if ordered to do so
• Professional advisors (lawyers, auditors, insurers)
• Government agencies for tax, compliance, or regulatory purposes

8.4 Other Users (Platform Context)

If you use our platform to collaborate on inspections or reports:

• Your contributions (comments, notes, documents) may be visible to other authorized users (such as vessel owners, ship managers, or inspectors)

• Vessel owners and ship managers may see information from documents they provided to us 

9. INTERNATIONAL TRANSFERS

Some of our service providers are based outside the United Kingdom and European Union, which means your personal data may be transferred to, stored in, or accessed from countries outside the UK/EU.

Primary transfer destination:

The United States - Some of our service providers operate from or store data in the United States.

Whenever we transfer your personal data outside the UK/EU, we ensure appropriate safeguards are in place to protect your data, including:

Standard Contractual Clauses (SCCs):

We use the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses approved by the UK Information Commissioner's Office or European Commission. These clauses require the recipient to protect your data to the same standards required in the UK/EU.

Adequacy Decisions:

Where possible, we transfer data to countries that have been deemed to provide an adequate level of data protection by the UK Government or European Commission.

Service Provider Commitments:

Our service providers have committed to appropriate data protection measures, including compliance with applicable data protection laws and use of Standard Contractual Clauses.

If you would like more information about the specific safeguards we have in place for international transfers, please contact us at privacy@idwalmarine.com.

10. DATA SECURITY

We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way.

Our security measures include:

• Encryption of data in transit and at rest

• Access controls and authentication requirements
• Regular security assessments and audits
• Secure backup procedures
• Employee training on data protection and security
• Confidentiality obligations for employees and contractors
• Incident response procedures

We limit access to your personal data to those employees, contractors, and service providers who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have implemented procedures to deal with any suspected personal data breach and will notify you and the ICO of a breach where we are legally required to do so.

Your Responsibility:
Where we have given you (or where you have chosen) a password for access to our platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

11. DATA RETENTION

11.1 How Long We Keep Your Data

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

Our retention periods are:

Important Note on Personal Data in Documents:

While we may retain documents and data indefinitely for maritime industry purposes, personal data contained within those documents (such as names, signatures, or other identifying information) is subject to our data retention schedule and will be deleted or anonymized in accordance with the periods set out above.

11.2 Determining Retention Periods

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data

• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• Applicable legal, regulatory, accounting, or reporting requirements
• Maritime industry standards and best practices

11.3 Deletion and Anonymization

When a retention period expires, or when you exercise your right to erasure, we will:

• Delete personal data from our active systems

• Delete personal data from backups (overwritten within 24 hours)
• Anonymize personal data where deletion would compromise system integrity
• Shred and dispose of any hard-copy documents containing personal data

In some cases, we may anonymize personal data (so that it can no longer identify you) for research, statistical, or analytical purposes. In such cases, we may use this anonymized data indefinitely without further notice to you.

12. YOUR LEGAL RIGHTS

Under UK data protection laws, you have the following rights:

12.1 Your Rights

Right of Access:
You have the right to request a copy of the personal data we hold about you.

Right to Rectification:
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten):
You have the right to request that we delete your personal data in certain circumstances, such as:

• The data is no longer necessary for the purposes for which it was collected

• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

Please note: This right is not absolute. We may be required to retain certain data for legal, regulatory, or maritime compliance reasons.

Right to Restriction of Processing:
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability:
You have the right to request that we transfer your personal data to you or to another service provider in a structured, commonly used, and machine-readable format (where technically feasible and where processing is based on consent or contract).

Right to Object:
You have the right to object to processing of your personal data where:

• We are processing based on legitimate interests
• We are using your data for direct marketing purposes
• We are processing for research or statistical purposes

Right to Withdraw Consent:
Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before you withdrew consent.

Right to Lodge a Complaint:
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly. Contact details: www.ico.org.uk or telephone 0303 123 1113.

12.2 How to Exercise Your Rights

To exercise any of your data protection rights, please contact us at:

• Email: privacy@idwalmarine.com
• Post: Data Protection Officer, Idwal Marine Services Limited, 1 Caspian Point, Caspian Way, Cardiff, CF10 4DQ, United Kingdom

What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask for further information in relation to your request to speed up our response.

12.3 Time Limit and Fees

No fee usually required:
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Response time:
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

13. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies on our website and platform. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy:

Cookie Policy: https://www.idwalmarine.com/terms-and-conditions/cookie-policy

14. DATA PROCESSING AGREEMENT

If you are a business customer and we process personal data on your behalf, our Data Processing Agreement sets out the terms and conditions that govern that processing.

Data Processing Agreement: https://www.idwalmarine.com/terms-and-conditions/data-processing

15. CONTACT US

If you have any questions about this privacy policy, how we handle your personal data, or if you wish to exercise any of your data protection rights, please contact us:

• Email: privacy@idwalmarine.com
• Data Protection Officer: GDPR@idwalmarine.com
• Post: Data Protection Officer, Idwal Marine Services Limited, 1 Caspian Point, Caspian Way, Cardiff, CF10 4DQ, United Kingdom
• Telephone: +44 (0)29 2044 6644
• Website: https://www.idwalmarine.com

16. GLOSSARY

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to provide you with the best service and the most secure experience. We balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data where your interests override ours, unless we have your consent or are otherwise required or permitted by law.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.

Legal Obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Consent means you have given clear, affirmative consent for us to process your personal data for a specific purpose.

Data Controller means the organization that determines the purposes and means of processing personal data.

Data Processor means the organization that processes personal data on behalf of a data controller.

Special Category Data (also known as sensitive personal data) includes data concerning race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for identification), health, sex life, or sexual orientation.

BY USING OUR WEBSITE, PLATFORM, OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.