Privacy Policy

Document overview

This document sets out Sea-Flux’s privacy statement, describing how Sea-Flux collects, stores, uses, and shares the personal information of its website visitors, customers, and the users managed within the Sea-Flux application. It explains the legal framework under which Sea-Flux operates — including the New Zealand Privacy Act 2020, EU GDPR, UK GDPR, and UK Data Protection Act 2018 — and addresses the lawful basis for transferring personal data to New Zealand as an ‘adequate’ jurisdiction. The document details the categories of personal information held, the purposes for which it is used, and the third-party providers engaged to deliver Sea-Flux’s services. It also covers data retention practices, the use of cookies, and the privacy rights available to individuals — including rights of access, correction, deletion, and portability.

Our commitment to your privacy

Sea-Flux is a New Zealand registered company that has developed software products primarily focused on providing the maritime industry with easy to use, compliance-based applications that significantly enhance the safety of vessels and crew. 

Our focus is on creating a paperless environment where every aspect of our customers team’s work from the same page, with a single source of “truth”. Communication, situational awareness and efficiency are some of the key elements that we have developed to create this environment.

This privacy statement outlines what personal information we collect, how we store, use and share it, and how you can access or correct your personal information. It applies when you visit our websites, use our applications or contact us in any way.

We deal with your personal information in accordance with this privacy statement, the New Zealand Privacy Act 2020 and other applicable data protection laws such as the EU GDPR, the UK GDPR and the UK Data Protection Act 2018. .

We may occasionally update this privacy statement, to reflect changes to our practices, and where the changes are material, we will notify you when we do so.

Engaging a New Zealand-based company

Some of our clients are based outside of New Zealand and may have questions about whether they can transfer personal information to New Zealand. It is important to note that New Zealand has stringent data privacy laws and has been deemed ‘adequate’ by both the European Commission and the United Kingdom. Essentially, ‘adequacy’ means that our privacy legislation and regulatory framework meets EU and UK expectations and can be trusted. 

As a result, it is permissible to transfer UK and EU personal data to a company based in New Zealand, such as Sea-Flux. Sea-Flux adheres to key EU and UK data protection requirements, described in this privacy statement and in our Terms and Conditions. Sea-Flux also ensures that where we transfer personal data outside New Zealand (for instance, to a data storage centre in Australia), we do so in compliance with EU and UK data protection requirements.

Your Personal Information

Collecting your personal information

We collect personal information that we need in order to deliver our services to you. We collect personal information directly from you when you access our services or engage with us through our websites.

Information collected from you

If you make contact with us, we are likely to hold basic Business Contact Information, such as:

• Your name, company name and contact details.
• Your address or region and housing information.
• Meeting notes from our conversations with you.
• Survey results and responses, when you participate in any of our surveys.
• Any correspondence with Sea-Flux
• Website activity
• Transaction history
• Size of your vessel and fleet
• Your industry
• Along with any other information you choose to provide us.

If you become a customer, there is additional Customer Relationship Information that we will hold, including:

• Name and positions and contact information of key members of your team
• Payment method which could include your credit card number (last 4 digits), name on your card, expiry date and card verification code (CVC) code* (only if you are paying by Stripe)
• Bank details (last 5 digits) and name of bank (if paying by GoCardless)

In addition – within the Sea-Flux application there is the ability to hold Crew Personal Information relating to crew for the purposes of crew management and safety. This information might include the following:

• First name
• Last name
• Email
• Position
• Role/Department
• Contact number
• DOB
• Inducted date
• Passport details
• Address
• Next of Kin
• Next of kin relationship
• Next of Kin contact
• Medical doctor
• Doctor contact #
• Medical issues
• Current medication
• Previous injuries/surgeries
• Allergies
• Blood type
• Induction files
• Sea time records
• Personal certificates
• Drill and training history

Along with any other information you choose to provide us. Collectively, this is known as your “personal information”.

Note: We do not store full credit card details. These are captured directly by Stripe, a Payment Card Industry Data Security Standard compliant payment provider, which will only deal with your personal information in accordance with the Privacy Act and its privacy policy.

We also collect information using ‘Cookies’. You can find out more about this in the ‘Cookies’ section below.

Using your Personal Information

In order to deliver our services, we use your personal information in the ways set out below. If we need to use information in a way not outlined below, we will only do so if required or permitted by law or with your authorisation.

Personal information used	Purpose	Lawful basis
Business Contact Information (described above)	We use your personal information to:  Provide you with any products and services you request or sign up for.  Conduct market research surveys to improve the Sea-Flux application.  Target or customise our marketing and advertising. Tell you about our new products, services, promotions and campaigns. For example, if you are opted-in to email marketing communications we may email you to let you know about new content you may be interested in.  Provide you with information about the operation and security of our websites.  Contact you to advise you of changes to our terms and conditions, services or new products or promotions.  Email communications	Legitimate Interests; Consent
Customer Relationship Information (described above)	To manage our relationship with you, including to Invoice you, or receive payment from you, for any of our services that require payment.	Legitimate Interests; Contractual Necessity
Crew Personal Information (described above)	To provide you with any products and services you request or sign up for.	Legitimate Interests
Log and usage data as well as data from support queries (for instance, diagnostic, usage, and performance information collected when you use our website or apps. This may include the Internet Protocol (IP) address, your location, device information, browser type and settings and information about your activity (such as the date/ time stamps associated with your usage). This may also include instances where you have received IT support with the Site’s functionality.)	For the management and security of the website and apps, to provide functionality and performance, and to help us improve our Site.	Legitimate Interests

Where we process your personal information on the basis of ‘Legitimate Interests’, we have balanced your rights and freedoms against our legitimate interests, or those of any third parties, and determined your rights are not infringed. Our legitimate interests relate to our commercial interests and our need to operate our business. 

Some examples of our legitimate interests include maintaining the security of our system, conducting data analytics, responding to your communications, enhancing, modifying or improving our services and identifying usage trends.

Where we process your personal data for the purposes of fulfilling a contract with you, it will be a requirement for you to provide some personal information (particularly business contact information). If you do not provide us with this personal information, we may not be able to conclude the contract with you.

Sharing your Personal Information

From time to time, we need to share your personal information with third parties, for example, with:

• Suppliers, including those who help us to manage the Site and other IT systems, or who send marketing emails on our behalf.
• Third parties providing professional services to us (for instance, our tax advisors, auditors or legal advisors).
• Law enforcement bodies, government agencies, regulators, courts, where we are required or permitted to do so.
• Your personal information may also be transferred to other third parties (where permitted under applicable law) if we sell, merge, purchase or transfer any part or all of our business or assets.

We do not sell or rent your personal information to any third party. However, we do share your personal information with trusted third parties that work on our behalf to deliver our services to you (such as for computing and storage purposes, for email correspondence and marketing purposes).

We have already engaged key third parties to process personal information on our behalf, including:

• Google – Cloud hosting and computing infrastructure provider
• Monday.com – CRM manger
• Hubspot – CRM manger
• Google Drive/Workspace 
• PandaDoc – Proposal and SLA generator
• Mailchimp – Marketing automation and email marketing.
• Xero – Invoicing and payment provider.
• Stripe – invoicing and payment provider.
• GoCardless – invoicing and payment provider.
• Wise – invoicing and payment provider.
• Zapier – Automations provider
• Sentry – Software development 
• LaunchDarkly – Software development 
• Atlassian – Software development 
• Slack – Internal communications
• Trainerbite – Marketing assistance
• Odyssey – Marketing assistance
• Permalink – Website assistance 
• Blyth Industries – Uk representative

We do not authorise third parties to use or disclose your personal information except for the purpose of providing the service we request from them. Where we share your personal information with third parties, we take steps to ensure that they protect your personal information and treat it carefully. Where those third parties are based outside of New Zealand, we take steps to put appropriate safeguards in place. You can contact us if you would like further information about these safeguards.

How we store and protect personal information

We take all reasonable steps to ensure the personal information we collect is protected against loss, unauthorised access and disclosure or any other misuse. We have an information and communications technology policy in place to ensure staff manage and protect our data and devices. Access to our systems and platforms is controlled, through role-based access, and all access is logged and audited.

We use trusted third-party providers to store and process our data and ensure that our cloud-based platforms meet privacy requirements. For more information on privacy practices and GDPR compliance for our key third party providers, see the following links:

Privacy policies

• Google Cloud – For more information on the ISO, SOC 1,2,3 certificates & documents, please contact support@sea-flux.com
• https://firebase.google.com/support/privacy
• https://cloud.google.com/terms/cloud-privacy-notice
• Hubspot – https://legal.hubspot.com/privacy-policy 
• Monday.com – https://monday.com/trustcenter/privacy –
• Google Drive  – https://policies.google.com/privacy
• PandaDoc – https://www.pandadoc.com/privacy-notice/​
• ​Mailchimp – https://www.intuit.com/privacy/statement/
• Xero – https://www.xero.com/au/legal/privacy/
• Stripe – https://stripe.com/nz/privacy-center/legal
• GoCardless –https://gocardless.com/privacy/
• Wise – https://wise.com/gb/legal/global-privacy-policy-en​
• Zapier – https://zapier.com/legal/data-privacy
• Sentry – https://sentry.io/privacy/
• LaunchDarkly – https://launchdarkly.com/policies/privacy/
• Atlassian – https://www.atlassian.com/legal/privacy-policy/
• Slack – https://slack.com/intl/en-nz/trust/privacy/privacy-policy

GDPR policies 

• Google Firebase- https://firebase.google.com/terms/data-processing-terms/
• Hubspot – https://www.hubspot.com/data-privacy/gdpr
• Monday.com – https://support.monday.com/hc/en-us/articles/360000733949-monday-com-and-GDPR 
• Google Drive  – https://cloud.google.com/privacy/gdpr
• PandaDoc – https://www.pandadoc.com/gdpr/ 
• ​Mailchimp – https://mailchimp.com/help/mailchimp-european-data-transfers/​
• Xero – https://www.xero.com/nz/data/xero-and-gdpr/
• Stripe – https://stripe.com/nz/legal/dpa
• GoCardless – https://gocardless.com/legal/gdpr/ 
• Wise – https://wise.com/gb/about/security
• Zapier – https://help.zapier.com/hc/en-us/articles/16737802843661-Is-Zapier-GDPR-compliant
• Atlassian – https://www.atlassian.com/trust/privacy/country/europe-and-gdpr
• Slack – https://slack.com/gdpr

Retention of personal information

We will retain your personal information for as long as required to perform the purposes for which the data was collected. For instance, if we are providing you with services, we will retain your personal information for the duration of our relationship with you. For example, we may be required to retain certain information, such as credit card billing information, for a certain period of time, and it may be necessary to retain certain information in order to complete any services or transactions with us.

In addition, we may be required to retain personal information in order to comply with tax and company laws and regulations, as well as statute of limitation periods.

Please see the Sea-Flux Data Retention/Subscription Cancellation Policy for further details. https://sea-flux.com/data-policy/​

In some instances, you may also withdraw your consent from us keeping your personal information or request deletion of your personal information gathered from the Site, and we may delete data on that basis (See the ‘’Your Privacy Rights’’ section below’).

Cookies

What are cookies?

Cookies are small data files that are stored on a user’s hard drive at the request of a Web site to enable the site to recognise users who have previously visited them and retain certain information such as customer preferences and history. When you visit our Site, some information is automatically collected through the use of log files, such as your computer’s Internet Protocol (IP) address, your computer’s operating system, the browser type, the address of a referring web site and your activity on the Site. We use this information for purposes such as analysing trends, administering the Sites, improving customer service, diagnosing problems with our servers, tracking user movement, and gathering broad demographic information for aggregate use. We also automatically collect certain information through the use of “cookies.”

We use the following third-party analytics and advertising features on our Site:

Google Analytics

You can opt out of Google Analytics without affecting how you visit our site. For more information on opting out, please visit this page.

https://support.google.com/analytics/answer/181881hl=en#:~:text=You%20can%20opt%2Dout%20of,Google%20Analytics%20about%20visit%20activity.

https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en

Before you disclose any personal information to another site, we advise you to check its terms and conditions, including its privacy and security policies.

Your Privacy Rights

Marketing Communications

You may “opt out” of receiving marketing or promotional communications from us or from having us share personal information with our marketing partners by emailing us at support@sea-flux.com.

You also have the following rights:

• Right to access and/or correct your personal information: You have the right to request access to a copy of the personal information we hold about you. You also have the right to request correction of any information we hold about you that is inaccurate.
• Right to request deletion of your personal information: You have the right to request that we delete your personal information, particularly where we no longer need to retain it. You may also delete certain information by closing your account.
• Right to withdraw your consent: You can withdraw your consent at any time (although it is important to note that withdrawing consent does not affect our use of your personal information before that point).
• Right to object to our use of your personal information: For instance, you may object to our use of your personal information for marketing purposes, and you can request that we stop using your personal information for this purpose.
• Right to restrict our use of your personal information: For instance, if you believe that personal information we hold about you is inaccurate, you can request that we do not use your personal information until we have verified the accuracy or corrected your personal information.
• Right to request data portability: You can request that we transmit to another organisation all personal information you have provided to us in a structured, commonly used, and machine-readable format, where technically feasible.

If you wish to exercise the rights described above (if they are applicable to you, based on your location), please contact us at support@sea-flux.com. Please note that we may not always be in a position to comply with your request. In certain circumstances, we may not be able to remove or change certain information, even in the event an account is closed. For example, we may be required to retain certain information, such as billing information, for a certain period of time, and it may be necessary to retain certain information in order to complete any services or transactions with us.

It is important to note that if we hold your personal information because of a contract for services with your employer, we may re-direct your request to your employer. 

Finally, you have the right to complain to the data privacy regulator in the country where you live.

You can choose to opt out of having your email address provided to Google and Facebook for targeted advertising by emailing us with your request to support@sea-flux.com

Complaints and contact details

Sea-Flux is committed to dealing quickly and appropriately with any privacy complaints. If you have any questions, you are concerned this privacy statement may have been breached or your privacy has been compromised, our privacy officer / data protection officer can be reached at support@sea-flux.com. If you would prefer to speak to a contact in the UK, please let us know. 

If we cannot adequately address your privacy concerns, you have the right to complain to the data protection regulator in the country in which you live.

In New Zealand, you can contact the Office of the Privacy Commissioner: https://www.privacy.org.nz/ 

In Australia, you can contact the Office of the Australian Information Commissioner: https://www.oaic.gov.au/ 

In the United Kingdom, you can contact the Information Commissioner’s Office: https://ico.org.uk/

In the EU, you can contact the data protection regulator in the country in which you reside: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Other information

You can find more information about our policies for protecting your personal information in our terms and conditions and within our security policy.

Review