Privacy Policy

This privacy statement describes how Sea-Flux Limited (Sea-Flux) deals with your personal information, and how we protect your privacy.

Your Privacy

Our commitment to your privacy

Sea-Flux is a New Zealand registered company that has developed software products primarily focused on providing the maritime industry with easy to use, compliance-based applications that significantly enhance the safety of vessels and crew.

Our focus is on creating a paperless environment where every aspect of our customers team’s work from the same page, with a single source of “truth”. Communication, situational awareness and efficiency are some of the key elements that we have developed to create this environment.

This privacy statement outlines what personal information we collect, how we store, use and share it, and how you can access or correct your personal information. It applies when you visit our websites, use our applications or contact us in any way.

We deal with your personal information in accordance with this privacy statement, the New Zealand Privacy Act 2020 and other applicable data protection laws such as the EU GDPR, the UK GDPR and the UK Data Protection Act 2018.

We may occasionally update this privacy statement, to reflect changes to our practices, and where the changes are material, we will notify you when we do so.

This statement was last updated on 14 October 2024.

Engaging a New Zealand-based company

Some of our clients are based outside of New Zealand and may have questions about whether they can transfer personal information to New Zealand. It is important to note that New Zealand has stringent data privacy laws and has been deemed ‘adequate’ by both the European Commission and the United Kingdom.

Essentially, ‘adequacy’ means that our privacy legislation and regulatory framework meets EU and UK expectations and can be trusted.

As a result, it is permissible to transfer UK and EU personal data to a company based in New Zealand, such as Sea-Flux. Sea-Flux adheres to key EU and UK data protection requirements, described in this privacy statement and in our Terms and Conditions.

Sea-Flux also ensures that where we transfer personal data outside New Zealand (for instance, to a data storage centre in Australia), we do so in compliance with EU and UK data protection requirements.

Your Personal Information

Collecting your personal information

We collect personal information that we need in order to deliver our services to you. We collect personal information directly from you when you access our services or engage with us through our websites.

Information collected from you

If you make contact with us, we are likely to hold basic Business Contact Information, such as:

Your name, company name and contact details.
Your address or region and housing information.
Meeting notes from our conversations with you.
Survey results and responses, when you participate in any of our surveys.
Any correspondence with Sea-Flux
Website activity
Transaction history
Size of your vessel and fleet
Your industry

Along with any other information you choose to provide us.

If you become a customer, there is additional Customer Relationship Information that we will hold, including:

Name and positions and contact information of key members of your team
Payment method which could include your credit card number (last 4 digits), name on your card, expiry date and card verification code (CVC) code* (only if you are paying by Stripe)
Bank details (last 5 digits) and name of bank (if paying by GoCardless)

In addition – within the Sea-Flux application there is the ability to hold Crew Personal Information relating to crew for the purposes of crew management and safety. This information might include the following:

First name
Last name
Email
Position
Role/Department
Contact number
DOB
Inducted date
Passport details
Address
Next of Kin
Next of kin relationship
Next of Kin contact
Medical doctor
Doctor contact #
Medical issues
Current medication
Previous injuries/surgeries
Allergies
Blood type
Induction files
Sea time records
Personal certificates
Drill and training history

Along with any other information you choose to provide us. Collectively, this is known as your “personal information”.

Note: We do not store full credit card details. These are captured directly by Stripe, a Payment Card Industry Data Security Standard compliant payment provider, which will only deal with your personal information in accordance with the Privacy Act and its privacy policy.

We also collect information using ‘Cookies’. You can find out more about this in the ‘Cookies’ section below.

Using your Personal Information

In order to deliver our services, we use your personal information in the ways set out below. If we need to use information in a way not outlined below, we will only do so if required or permitted by law or with your authorisation.

Personal information used	Purpose	Lawful basis
Business Contact Information (described above)	Provide you with any products and services you request or sign up for. Conduct market research surveys to improve the Sea-Flux application. Target or customise our marketing and advertising. Tell you about new products, services, promotions and campaigns. Provide you with information about the operation and security of our websites. Contact you to advise you of changes to terms, services or promotions. Email communications	Legitimate Interests; Consent
Customer Relationship Information (described above)	To manage our relationship with you, including to invoice you or receive payment for any of our services that require payment.	Legitimate Interests; Contractual Necessity
Crew Personal Information (described above)	To provide you with any products and services you request or sign up for.	Legitimate Interests
Log and usage data, support query data (e.g. diagnostic, performance data)	For the management and security of the website and apps, to provide functionality and performance, and to help improve our site.	Legitimate Interests

Where we process your personal information on the basis of ‘Legitimate Interests’, we have balanced your rights and freedoms against our legitimate interests, or those of any third parties, and determined your rights are not infringed. Our legitimate interests relate to our commercial interests and our need to operate our business.

Some examples of our legitimate interests include maintaining the security of our system, conducting data analytics, responding to your communications, enhancing, modifying or improving our services and identifying usage trends.

Where we process your personal data for the purposes of fulfilling a contract with you, it will be a requirement for you to provide some personal information (particularly business contact information). If you do not provide us with this personal information, we may not be able to conclude the contract with you.

Sharing your Personal Information

From time to time, we need to share your personal information with third parties, for example, with:

Suppliers, including those who help us to manage the Site and other IT systems, or who send marketing emails on our behalf.
Third parties providing professional services to us (for instance, our tax advisors, auditors or legal advisors).
Law enforcement bodies, government agencies, regulators, courts, where we are required or permitted to do so.
Other third parties (where permitted under applicable law) if we sell, merge, purchase or transfer any part or all of our business or assets.

We do not sell or rent your personal information to any third party. We share it only with trusted partners necessary to deliver services to you:

Orchid – Development agency
Google – Cloud hosting and computing infrastructure
Monday.com – CRM manager
Google Drive/Workspace and OneDrive
PandaDoc – Proposal and SLA generator
Mailchimp – Marketing automation and email marketing
Xero, Stripe, GoCardless, Wise – Invoicing and payment providers
Zapier – Automation provider
SwayTech, First Page – Marketing agencies
Blyth Industries – UK representative

We ensure third parties protect your information and treat it securely. For international transfers, we implement appropriate safeguards. Contact us for more details.

How we store and protect personal information

We take reasonable steps to protect personal information against loss, unauthorised access and misuse. Our systems use role-based access control, logging and auditing, and third-party services certified under standards like ISO 27001, 27017, 27018, SOC 1, SOC 2, and SOC 3.

Links to third-party privacy practices:

Retention of personal information

We will retain your personal information for as long as required to perform the purposes for which the data was collected. For instance, if we are providing you with services, we will retain your personal information for the duration of our relationship with you.

For example, we may be required to retain certain information, such as credit card billing information, for a certain period of time, and it may be necessary to retain certain information in order to complete any services or transactions with us.

In addition, we may be required to retain personal information in order to comply with tax and company laws and regulations, as well as statute of limitation periods.

See: Data Retention/Subscription Cancellation Policy

You may request deletion of your data or withdraw consent, as detailed in the section below.

Cookies

Cookies are small data files that are stored on a user’s hard drive at the request of a Web site to enable the site to recognise users who have previously visited them and retain certain information such as customer preferences and history.

When you visit our Site, some information is automatically collected through the use of log files, such as your computer’s Internet Protocol (IP) address, your computer’s operating system, the browser type, the address of a referring web site and your activity on the Site. We use this information for purposes such as analysing trends, administering the Sites, improving customer service, diagnosing problems with our servers, tracking user movement, and gathering broad demographic information for aggregate use.

We also automatically collect certain information through the use of “cookies.”

We use them for analytics, service improvement, and user experience. Information collected may include IP address, operating system, browser type, and site activity.

Third-party tools in use:

Google Analytics — Opt-out here
Browser opt-out plugin

Always check privacy terms on any third-party website you visit.

Your Privacy Rights

Right to access and/or correct your personal information: You have the right to request access to a copy of the personal information we hold about you. You also have the right to request correction of any information we hold about you that is inaccurate.
Right to request deletion of your personal information: You have the right to request that we delete your personal information, particularly where we no longer need to retain it. You may also delete certain information by closing your account.
Right to withdraw your consent: You can withdraw your consent at any time (although it is important to note that withdrawing consent does not affect our use of your personal information before that point).
Right to object to our use of your personal information: For instance, you may object to our use of your personal information for marketing purposes, and you can request that we stop using your personal information for this purpose.
Right to restrict our use of your personal information: For instance, if you believe that personal information we hold about you is inaccurate, you can request that we do not use your personal information until we have verified the accuracy or corrected your personal information.
Right to request data portability: You can request that we transmit to another organisation all personal information you have provided to us in a structured, commonly used, and machine-readable format, where technically feasible.

Contact safety@sea-flux.com to exercise these rights. Requests may be redirected to your employer where applicable. Legal retention obligations may prevent full compliance in some cases.

If you wish to exercise the rights described above (if they are applicable to you, based on your location), please contact us at safety@sea-flux.com. Please note that we may not always be in a position to comply with your request. In certain circumstances, we may not be able to remove or change certain information, even in the event an account is closed. For example, we may be required to retain certain information, such as billing information, for a certain period of time, and it may be necessary to retain certain information in order to complete any services or transactions with us.

It is important to note that if we hold your personal information because of a contract for services with your employer, we may re-direct your request to your employer.

Finally, you have the right to complain to the data privacy regulator in the country where you live.

You can choose to opt out of having your email address provided to Google and Facebook for targeted advertising by emailing us with your request to safety@sea-flux.com.

Complaints and contact details

To raise a privacy concern or make a complaint, contact our Privacy Officer at safety@sea-flux.com. If you’re based in the UK and prefer a local contact, let us know.

If unresolved, contact your local data protection authority:

Other information

More on our data practices is available in our Terms & Conditions and Security Policy.

Updated Version

Date	Version	Changes made	Changes made by
07.02.24	1.0	Full review and minor edits including, update to third party software providers	Tai
11.10.24	1.1	Review to update to mandatory UK and EU GDPR provisions	External
13.10.24	1.2	Update to third party providers and what personal information is collected	Tai
14.10.24	1.3	Update links for third party providers	Tai