- MCI takes your privacy seriously. This policy covers the collection, processing and other use of personal data under the General Data Protection Regulations (“GDPR”) 2018.
- For the purpose of the GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to Katrina Matheson at our address PO Box 882, Rarotonga, Cook Islands.
INFORMATION WE COLLECT
- We will collect personal data only if it is directly provided to us by you on an MCI application form or through the contact us page on our website. The information we collect will be limited to the information that we need in order to complete a transaction, e.g. your e-mail address, name, home or work address and telephone number, and therefore has been provided by you with your consent. Normally you will only provide such details if you wish to sign up for our free e-newsletter or other resources, or are entering into an agreement to supply us with goods or services or are purchasing services from us.
- We will only collect the information that we need in order to complete the transactions that we undertake with you. Except in cases where information is required to be provided and published by law or international convention, for example the STCW Convention, we will never ask for personal information that is not relevant, including gender or sexual orientation, marital status, religion, political affiliation, health status, age etc – nor will we ever record any such information – nor publish any such information.
- In the process of conducting our business we need to “Know Your Customer” including the need to conduct background checks on owners and managers of vessels for the purpose of compliance with global efforts on Anti-Money Laundering/ Countering the Financing of Terrorism (see http://www.fatf-gafi.org). MCI’s due diligence information will be kept for as long as a vessel remains on the Register. This information will not be shared or published in any way unless an owner or manager is found to be a designated person or entity, in which case this will be reported to the responsible Cook Islands Government agency, who may share this information with other governments.
- We use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
- Your payment information (e.g. credit card details) provided when you make a purchase from us is not received or stored by us. The third party payment processors that we use process that information securely and privately. Maritime Cook Islands will not have access to that information at any time. We may share your personal data with our payment processors, but only for the purpose of completing the relevant payment transaction. Such payment processors are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
USE OF YOUR INFORMATION
- We may hold and process personal data that you provide to us in accordance with the GDPR.
- The information that we collect and store relating to you is primarily used to enable us to operate the Cook Islands Ships Register and to provide our services to you, and to meet our contractual commitments to you. In addition, we may use the information for the following purposes:
- To notify you about the regulatory environment affecting maritime activities and any changes to or difficulties with compliance with international maritime legislation and standards;
- Changes to our website, such as improvements or service/product changes, that may affect our service;
- If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale to you;
- Where you have consented to receive our e-newsletters, from time to time to provide that to you.
DISCLOSURE OF YOUR INFORMATION
- The Cook Islands Ships Register is a public resource. A person may inspect the Register and obtain a copy or extract from any registerable interest entered in the Register or document associate with any such entry. This will include the name and contact details of the owner and/or manager, mortgagee and mortgagor of a vessel. The STCW convention requires us to make available through our website, for verification by interested parties – the name, photograph, rank, date of birth, nationality and gender of a seafarer who holds a Cook Islands Certificate of Competency or Proficiency or a Cook Islands’ endorsement of another state’s Certificate of Competency or Proficiency.
- We may disclose your information to regulatory bodies to enable us to comply with the law and to assist with global efforts on Anti-Money Laundering/ Countering the Financing of Terrorism, fraud prevention and credit risk reduction.
- We will never provide your data to third parties who may wish to contact you about their goods or services.
- Please be advised that we do not reveal information about identifiable individuals to our advertisers but we may, on occasion, provide them with aggregate statistical information about our clients.
CONTROLLING THE USE OF YOUR DATA
- If you have given us consent to use your data for the purpose of receiving our newsletter you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 or email us at firstname.lastname@example.org at any time.
- If you are the owner or manager of a vessel registered on the Cook Islands Ships Register, or a supplier who assists us to implement international maritime legislation then we will send you notices relating to safety, security, prevention of pollution and compliance with the requirements of international maritime conventions, codes and other instruments.
WHERE WE STORE AND TRANSFER YOUR DATA
- The information you provide to us is stored by remote website server hosts. These server hosts have physical servers in multiple countries including countries inside of the European Economic Area (EEA) as well as the USA, the Cook Islands and other locations – this is generally the nature of data stored in “the Cloud”. Staff operating in any of the countries in which we operate and in which our data processors operate may also process personal data.
- We do not collect, use or disclose sensitive personal data, such as race, religion, or political affiliations.
- We may disclose your personal data outside of our group only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us.
- You have the right to opt out of our processing your personal data for marketing purposes by contacting us at email@example.com
- The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
- Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential. You should choose a password it is not easy for someone to guess.
THIRD PARTY LINKS
- You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
- The GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2 above, or email firstname.lastname@example.org
- There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
- You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email to email@example.com
CHANGES TO THIS POLICY
Version: April 2018