privacy
legal

Privacy Statement (website)

James Benns on Jun 15, 2021

Crewdentials Limited, a company registered in Guernsey with company number 67547 and registered office at La Cherverie, Ruette Des Cherfs, Castel, Guernsey, GY5 7HQ (Crewdentials) is the data controller in respect of certain aspects of your data, and a processor in respect of other aspects. Crewdentials is registered with Office of the Data Protection Authority of Guernsey.

The nominated data protection officer is Dan Armsden, contactable on +44(0)1481 524 524 or hello@crewdentials.co.

We keep our privacy statements under regular review. This version was last updated on 15 June 2021.

We do not control and are not responsible for the privacy policy of any website or organisation to which this website provides links. By including references, hyperlinks or other connections to such third party websites we do not imply any endorsement of them or any association with their owners or operators.‍

Who do we Collect Data on?

This privacy statement applies to the following individuals whom we collect personal data from or about. An individual falling in to any of the below categories is a Data Subject for the purposes of this statement:

  • Visitors to our website;
  • Individuals who request information, newsletters, marketing material or other publications from us; and
  • Individuals who use our certificate analysing demo page.

How is Personal Data Collected?

We collect and use personal data from visitors to our website in the following instances:

  • When a visitor uses the contact form or other method to contact us; and
  • When a visitor uses the certificate analysing demo page.

What Personal Data do we Collect?

General visitors to our website are covered under the Website Visitors section in this privacy statement.

1. Form Submissions & Direct Contact with Crewdentials

(name, email address, phone number, message content)

  • Purpose: to enable Crewdentials to communicate with you and respond to your enquiry
  • Lawful Basis: legitimate interests

2. Certificate Analysing Demo Page

(certificate content which may include; name, date of birth, discharge book number)

When a visitor uploads a certificate or document to our certificate analysing demo page, if our system does not recognise either i) the type of certificate or ii) the issuer, we subsequently receive an electronic copy of the document submitted and the results of the scan. We use this data solely for the purpose of analysing why the system failed to recognise the document and to subsequently re-train the system for better performance for all users. We do not hold on to this data for any longer than is strictly necessary. Once we have re-trained the system we permanently delete all records of this data from our systems. This data is only accessible to three employees of Crewdentials Limited and will never be shared to third parties. We treat this data in the strictest confidence.

  • Purpose: to improve the performance of our certificate analysing software
  • Lawful Basis: legitimate interests

Legitimate Interests: We can rely on this basis where we are using your data in a way which you would reasonably expect and which have a minimal privacy impact. We have undertaken an exercise to identify our and others’ legitimate interests in processing the data and balance that against your rights and freedoms. You have the right to object to our processing based on legitimate interest.

Website Visitors

Cookies

When you visit any website, small text files (known as ‘cookies’) are put onto your computer to collect information about how you browse this site. The information collected is not personally identifiable.

We use cookies to:

  • measure how you use the website, using Google Analytics, so it can be updated and improved based on your needs; and
  • remember the notifications you’ve seen so that we don’t show them to you again;

Google Analytics stores information about:

  • the pages you visit on crewdentials.co;
  • how long you spend on each crewdentials.co page;
  • how you got to the site;
  • what you click on while you’re visiting the site.

Your Data Rights

Under certain circumstances you have the following rights under data protection laws in relation to your personal data:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request transfer of your personal data
  • Right to withdraw consent

You also have the right to ask us not to continue to process your personal data for marketing purposes.

You can exercise any of these rights at any time by contacting us at hello@crewdentials.co or by mailing us at La Cherverie, Ruette Des Cherfs, Castel, Guernsey, GY5 7HQ. You may also contact the Office of Data Protection in Guernsey using the contact details at this link https://odpa.gg/exercising-your-rights/.

Data Sharing and Data Processing

Guernsey is not in the EEA, but the European Commission has deemed that Guernsey provides an adequate level of protection for personal data.

There are limited circumstances in which Crewdentials may share your personal data, such as suspected or confirmed identity fraud or other offences, valid and legally binding requests for information from third parties.

We do not sell your personal data to any person, including but not limited to managers, employers, recruiters, training centres or advertisers.

Data Security

All information you provide to us is stored on secure third party servers located in the EU. We have built multifactor authentication into our systems to improve the security of your data. The Crewdentials website is served via HTTPS so all data will automatically undergo end to end encryption.

Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

How long will we keep the data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.  We may retain your personal data for a longer period in the event of a complaint or it we reasonably believe there is a prospect of litigation in respect of our relationship with you.

To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm through unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other mean, and the applicable legal, regulatory, tax, accounting or other requirements.