Privacy Policy

1. Introduction

SeaReady Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you:

Use our website (seaready.co.uk)
Use our software applications (SeaReady SMS Pro, MPX, or other products)
Engage our consultancy services
Contact us for support or sales enquiries

We are the data controller for the personal information we process, unless otherwise stated.

2. Information We Collect

2.1 Information You Provide to Us

Account Registration:

Name, email address, phone number
Company name, job title
Billing address
Payment information (processed by our payment provider)

Using Our Services:

Safety Management System data (vessel details, crew information, documents, records)
Voyage information (if using MPX or similar products)
Communications with us (support tickets, emails, feedback)

Consultancy Services:

Information you provide during consultancy engagements
Documents you share for review or audit

2.2 Information We Collect Automatically

Website Usage:

IP address, browser type, device type
Pages visited, time spent on pages
Referring website
Cookies (see Section 10)

Application Usage:

Login timestamps
Feature usage (to improve our products)
Error logs (to fix bugs)
Performance data (to maintain service quality)

2.3 Information from Third Parties

Payment Providers:

Payment confirmation and transaction details (from Stripe or similar)

Authentication Providers:

If you sign in using Google/Microsoft, we receive basic profile information (name, email)

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery (Contractual Necessity)

Provide access to our software
Process transactions and maintain accounts
Deliver consultancy services
Provide customer support
Send service-related notifications (e.g., system maintenance, security alerts)

3.2 Business Operations (Legitimate Interest)

Improve our products and services
Develop new features
Analyze usage patterns to optimize performance
Prevent fraud and abuse
Comply with legal obligations (accounting, tax, regulatory)

3.3 Marketing (Consent or Legitimate Interest)

Send product updates and newsletters (you can opt out anytime)
Inform you of new features or services
Conduct surveys and research

You can opt out of marketing communications at any time by clicking "unsubscribe" in emails or contacting us.

4. Legal Basis for Processing (GDPR)

We process your personal information under the following legal bases:

Purpose	Legal Basis
Providing our services to you	Contract performance
Processing payments	Contract performance
Customer support	Contract performance
Product improvement	Legitimate interest
Security and fraud prevention	Legitimate interest + Legal obligation
Marketing (existing customers)	Legitimate interest
Marketing (new contacts)	Consent
Compliance with laws (tax, accounting)	Legal obligation

6. Data Retention

We retain your personal information only as long as necessary:

Data Type	Retention Period	Reason
Account data	Duration of account + 30 days after closure	Service delivery + transition period
SMS records	Duration of contract + 7 years	Maritime compliance (MCA requirements)
Financial records	7 years from transaction	UK tax law (HMRC)
Support communications	2 years	Customer service quality
Marketing data	Until you unsubscribe + 30 days	Legal compliance
Logs (security, access)	12 months	Security and compliance

After retention periods expire, we securely delete or anonymize your data.

7. Your Rights (GDPR)

You have the following rights regarding your personal information:

7.1 Right of Access

Request a copy of your personal data we hold (free, within 30 days)

7.2 Right to Rectification

Correct inaccurate or incomplete data

7.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your data (subject to legal retention requirements)

7.4 Right to Restrict Processing

Limit how we use your data in certain circumstances

7.5 Right to Data Portability

Receive your data in machine-readable format (CSV, JSON)

7.6 Right to Object

Object to processing based on legitimate interest (e.g., marketing)

7.7 Right to Withdraw Consent

If we rely on consent, you can withdraw it anytime

7.8 Right to Complain

Lodge a complaint with the ICO (see Section 15)

To exercise your rights, contact: privacy@seaready.co.uk

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Technical Measures:

Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Multi-factor authentication (MFA) for admin access
Regular security updates and patching
Automated backups (encrypted, UK/EU storage)

Organizational Measures:

Access controls (role-based, least privilege)
Staff training on data protection
Data Processing Agreements with all third parties
Regular security audits
Incident response procedures (Data Breach Response Plan)

For full details, see our Information Security Policy (available on request for enterprise clients).

9. Data Breaches

In the unlikely event of a data breach:

We will notify the ICO within 72 hours (if required under GDPR)
We will notify affected individuals within 24 hours (if high risk)
We have Cyber Liability Insurance
See our Data Breach Response Plan (internal document)

To report a suspected breach: security@seaready.co.uk

10. Cookies & Tracking

10.1 What Are Cookies?

Small text files stored on your device to remember preferences and analyze usage.

10.2 Cookies We Use

Cookie Type	Purpose	Duration	Your Control
Essential	Login, security, service functionality	Session or 30 days	Cannot be disabled (required for service)
Performance	Analytics, error tracking	12 months	Can opt out via cookie banner
Functional	Remember preferences (language, etc.)	12 months	Can opt out via cookie banner

10.3 Third-Party Cookies

We may use:

Google Analytics (privacy-focused mode, IP anonymization enabled)

10.4 Your Cookie Choices

Accept/reject via cookie banner (when you first visit)
Browser settings: Most browsers allow you to block cookies (may affect functionality)

11. International Transfers

We do NOT transfer your data outside the UK/EU.

All data is stored in UK/EU data centers (AWS London region or equivalent).

If we need to transfer data internationally in future (e.g., for support services), we will:

Notify you in advance
Use approved transfer mechanisms (Standard Contractual Clauses, Adequacy Decisions)
Obtain your consent if required

12. Children's Privacy

Our services are NOT intended for children under 16.

We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately: privacy@seaready.co.uk

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

Changes in our services
Changes in data protection laws
Feedback from users or regulators

When we make changes:

We will update the "Last Updated" date at the top
Material changes will be notified via email (30 days before taking effect)
Continued use of our services after changes = acceptance

Previous versions available on request.

14. Contact Us

Data Protection Queries:

Email: privacy@seaready.co.uk
Post: SeaReady Ltd, Office 1581, 92 Castle Street, Belfast, BT1 1HE
Phone: [To be added]

Response time: We aim to respond within 5 business days.

15. Complaints & Regulatory Authority

If you're unhappy with how we handle your data, you have the right to complain to:

Information Commissioner's Office (ICO)

Website: ico.org.uk
Helpline: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first so we can try to resolve your concerns directly.

16. Maritime-Specific Considerations

For SMS (Safety Management System) customers:

Your SMS data (vessel details, crew records, procedures) is YOUR data - we are a processor, you are the controller
You remain responsible for compliance with maritime regulations (MCA, WBC3, etc.)
We provide tools to help you meet regulatory requirements, but ultimate responsibility is yours
Data Processing Agreement (DPA) provided with your contract
7-year retention for SMS records aligns with MCA requirements

For consultancy clients:

Information shared during consultancy is confidential and used only for the engagement
We may retain anonymized/aggregated data for quality improvement (no personal/company identifiers)

Summary (Plain Language)

What we collect: Your name, email, company details, and data you input into our systems.

Why: To provide our services, improve our products, and comply with laws.

Who we share with: Only essential service providers (hosting, payments) - all GDPR compliant, UK/EU based.

How long: As long as you're a customer + 7 years for maritime records (legal requirement).

Your rights: Access, correct, delete, download, or object to use of your data anytime.

Contact: privacy@seaready.co.uk

Acknowledgment

By using our services, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree, please do not use our services.

Change Log

Version	Date	Changes	Approved By
v1.0	[Incorporation date]	Initial policy	J. Fulton, Director

Latest version available at: https://seaready.co.uk/privacy

This policy complies with UK GDPR and Data Protection Act 2018.

Table of Contents