When using Global Technology Ltd’s (“GTMaritime”) software services, you are trusting us with both yours and your end user’s information. Looking after the personal information you share with us is very important, therefore this privacy notice is intended to provide you with confidence that your personal data is kept safely and securely and to provide clarity on what data we collect, what we do with information and the ways in which we protect privacy in compliance with the General Data Protection Regulation, 2018 (GDPR) and the UK Data Protection Act 2018.
What information we process and why we process this information
Information we get from utilising our software services – For the purposes of the GDPR, in relation to processing data through our software systems, we are a processor of data. Personal data is processed through our systems and only stored in line with your selected archiving preferences on our Dashboard.
The company processes email data which may contain personal information, as it has entered into a commercial contract with your organisation, and to meet its obligations under this contract.
Information you give to us – When signing up to use our software services we require you to provide us with personal information, such as your name, company name, email address and telephone number. We will only use this information to carry out our obligations arising from any contracts entered into between you and us. We will use this information to contact you to notify you about any changes to our products and services that you are utilising.
If you contact GTMaritime’s Customer Operations, Finance or Sales Operations Teams, we keep a record of your communication to help solve any issues you might be facing or to respond order requests or invoice queries.
How we use your information
We are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:
- Contract – your personal information is processed in order to fulfil a contractual arrangement.
- Consent – where you agree to us using your information in this way e.g. sending you marketing communications relating to our business, products or services.
- Legitimate Interests – this means the interests of GTMaritime in managing our business and where there is a reasonable expectation from you as the data subject based on the relationship you have with us.
- Legal Obligation – where there is a statutory or other legal requirement to share this information.
Below is a list of ways that we use your personal information, and which of the reasons described above we rely on to do so. If we rely on legitimate interests, we also describe what we believe these legitimate interests to be:
|What we use your personal information for||Our Reasons (Legal Basis)||Our explanation of GTMaritime’s Legitimate interest and consent processes.|
|Personal information that is stored on GTMaritime’s servers / systems through our processing of vessel’s email data.||Fulfilling a contract||N/A|
|Sending invoices.||Fulfilling a contract||N/A|
|Logging tickets or emails with our Customer Operations, Sales Operations or Finance Departments.||Fulfilling a contract||N/A|
|Contacting you to update you on technical changes to our products and services.||Legitimate interests||Developing products, services and applications that retain our customers and improve our customer experience.|
|Marketing communications to inform you of new solutions and services, product updates and brand messages.||Legitimate interest||We will only contact you for marketing purposes if you have signed up as a customer to use our software services. Customers are automatically opted into our database to receive brand and marketing communications. Non-customers are able to opt in to receive communications via the GTMaritime website. All recipients of communications are able to opt out at any time via the link at the bottom of email communications or by contacting firstname.lastname@example.org|
|Collection of Business cards from existing customers or new contacts||Legitimate interest||It is reasonable for us to assume that the business card owner would expect to be contacted by the person they provided their card to and to be added to the business database to receive ongoing communications. They are able to opt out of all communications via the link at the bottom of the email or by contacting email@example.com.|
We will ask you for your consent before using your information for a purpose other those set out above.
Information that we share
We do not share personal information with companies, organisations or individuals outside of GTMaritime unless one of the following circumstances apply:
If your software services are managed for you by a reseller who provides user support to your organisation, then they will have access to your software services and information. Your reseller may be able to:
- Access or retain information stored as part of your account.
- Receive your account information in order to satisfy applicable law, regulation, legal process or enforceable government request.
- Change your account password.
- Suspend or terminate your account access.
For external processing
We process emails, that may contain personal information, on our servers in countries around the world through our trusted IT partners who support our business systems and process it for us. This is based on our instructions and in compliance with this Privacy Notice and any other appropriate confidentiality and security measures. We do this to provide you with a high quality available service.
For Legal reasons
We will only share personal information with companies, organisations or individuals outside of GTMaritime if we have a belief in good faith that access, use, preservation or disclosure is reasonably necessary too:
- Meet any applicable law, regulation, legal process or enforceable governmental request.
- Enforce applicable terms of Service, including investigation of potential violations.
- Detect, prevent or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of GTMaritime, our users or the public, as required or permitted by law.
Our commitments to you
All GTMaritime employees and data processors who have access to and are associated with the processing of personal data, are obliged to handle customer information with the upmost confidentiality.
We work hard to protect GTMaritime and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. The organisation has a documented “Information Security Policy” and a set of subordinate security policies and controls relating to our management of data and information security. In particular:
- GTMaritime operate separate corporate and customer infrastructures to maintain complete physical and logical separation between networks.
- GTMaritime take steps to minimise the exposure of systems to the Internet.
- The Customer infrastructure can only be accessed by GTMaritime staff with a legitimate need. All access is granted on the principle of “least privilege”. Access is secured with multi-factor authentication.
- Security of data is reviewed on a regular basis with policies and procedures updated where necessary.
- Failure to comply with company security obligations is met with disciplinary action up to and including dismissal.
- GTMaritime has implemented a range of staff IT solutions promoting business continuity by reducing office dependency.
- GTMaritime review all processing activities on a yearly basis to ensure they remain relevant, lawful and limited to the agreed purposes.
- Information is only stored for as long as is necessary with retention periods, which are reviewed annually.
- Information is only stored electronically and there is a mandatory and consistent encryption deployed on all Company devices including laptops and mobile phones.
- GTMaritime ensures that all suppliers it works with are compliant with data protection regulations through the procurement process and with contracts that are entered into.
How long we keep your information
We will only keep the information that is necessary to enable us to provide you with the services that you have requested (list above) for as long as it takes us to provide that service and as otherwise described below.
The length of time we hold your personal information is determined by the purpose for which we hold that information.
Email data, which may contain personal information, processed through our Customer systems is stored in line with your selected archiving options. Upon termination of an email account all email data will be deleted automatically within 60 days unless you determine when and how the deletion or return of information should take place.
We may need to retain personal information you have supplied to us when signing up for our software services to establish facts or bring or defend legal claims. For this purpose, we will always retain customer information, which may contain personal data, for a period of 7 years after the date it is no longer needed by us for the purpose listed under ‘How we use your information’ above.
If you have asked us not to use your details for marketing purposes either as an existing customer or new contact and we do not have an existing business relationship with you, we may still need to keep your personal information to ensure our systems reflect your preferences. You have the right to request this information is deleted as per the ‘What are your rights’ section below.
What are your rights
You are entitled to request the following information from GTMaritime, these are called Data Subject Access Rights and there is more information on these on the Information Commissioners website www.ico.co.uk.
- Right of access – to request access to your personal information about how we process it.
- Right to rectification – to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
- Right to erasure (also known as Right to be forgotten) – to have your personal information erased unless we have to keep that information for legitimate business or legal purposes.
- Right to restriction of processing – to restrict processing of your personal information.
- Right to data portability – to electronically move, copy or transfer your personal information in a standard form.
- Right to object – to object to processing of your personal information.
- Rights with regards to automated individual decision making, including profiling.
Where you have provided consent for us to contact you, you are free to withdraw consent at any time by contacting us using the information below.
Should you need to contact us or have any questions relating to this privacy notice or how your information is processed, please write to our Data Protection Representative: