Privacy Policy – STCW.online™

Who are we?

STCW online is a tradename of Emergency Control Maritime Training B.V. (ECMT). ECMT is the legal entity responsible for protecting your privacy. We care deeply about your privacy, because it is vital to protect everyone’s personal and professional safety in the digital age. The protection and security of personal data that we process is of paramount importance to us and, as an EU based company, we have developed specific controls and protocols for any breaches relating to the GDPR and data protection laws. Our privacy strategy is to meet and exceed GDPR requirements.

Applies to

This Policy applies to the website www.stcw.online, the learning platform (“LMS”) www.stcw.academy and the app (“App”) for sharing content with the learner on mobile devices.  The app’s communication functionality enables ECMT to collect data of learner’s (“User”) progress, including testing results (if any).

ECMT acts as the data controller and processor of personal information when you register with us or use the App to register information. This Privacy Policy applies to all interactions using the STCW online™ App and STCW.online, owned by Emergency Control Maritime Training BV, it’s partners, affiliates and re-sellers, together named as ‘we’.

Please read the policy carefully and contact us with any questions or concerns about our privacy practices. We might amend this Privacy Policy from time to time. Visit our web page (www.stcw.online) regularly in order to understand what we do. If we make changes which are relevant to your consent and underlying information, we will always notify you before you use our service.

THIS PRIVACY POLICY APPLIES TO BOTH END USERS/PARTNERS AND THEIR CLIENTS (INDIVIDUALS). END USERS OF THE LMS ARE MUST CONSENT END USER DATA CAN BE KEPT. CLIENTS (INDIVIDUALS TAKING COURSES) HAVE THE RIGHT TO BEING FORGOTTEN.

IF YOU OR ANY OF YOUR CLIENTS WHOSE DATA IS PROCESSED DO NOT AGREE WITH OUR PROCESSING OF PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY, YOU CANNOT CONTINUE THE USE OF OUR SERVICES. IF YOU AGREE WITH OUR PRIVACY POLICY, WE HEREBY WELCOME YOU TO OUR SERVICE.

What information do we collect?

In order to enable on- and offline learning, we provide secure access to the LMS. The LMS collects minimal required personal data and information of the user to enable making a secure connection and to provide end-users with a certificate of proficiency (CoP) where applicable. Read below in more detail which data is used and exchanged.

When Clients want to use our paid services, they also have to provide us with payment information.
We do not have access to or keep this payment information.

We collect information when you give us feedback via our website, LMS or your App Store or a questionnaire or via the support web form on www.stcw.online. During your visit to our Website, LMS or use of the App, we automatically collect certain information of you, your visit to the service and the device you are using. The information we store includes notification access, device-specific settings

and characteristics, system activity, location details, IP address, language settings and other device event information, access dates and times of your usage of the LMS. We also collect data about when and how you use the service.

How will the information be used?

We use your data to assist you in the best possible way, it may be used for the following reasons:

Training journey: The main reason why we collect your personal data is to supply you with our core service: assistance with your training journey.

Management and improvement of our Services: We use your information to manage our Website, App, and business and to improve our services continuously.

Marketing and Customer Service: our customer service is here to help you and we use your data to do so. We may send you email notifications and/or in-App messages, this includes emails in which we provide you with information and ask you to provide us with information about possible follow-up actions. In order to keep you informed, we may send you communications relating to our business, by email or other contact details you provided to us. If you submit personal information for publication on our Website, we will use that information in accordance with the license you grant to us.

If you opt-in for our mailing list, we may send you non-commercial communications, including our newsletter. When you use our services, we may send you a questionnaire or invite you to provide a review of your experiences with our service. We also may get in touch with you regarding feedback, inquiries, and complaints you made regarding our Website and App. We might ask you to rate us or leave information and comments on if and how we met your expectations.

Research activities: In order to support the research in remote learning, we may use your data, pseudonymized (without a direct link to your identity) or anonymized (without us being able to identify you at all), for research purposes. This may include sharing your data with carefully selected third party learning institutions. By uploading your information, including images in the App, you explicitly consent to the images being processed for the purposes of the provision of the services and to be used anonymously for the purposes of research and testing of our services. As such, your images may be reviewed by our employees or third-party consultants who work for us and who are bound by strict confidentiality.

Legal purposes: In certain cases, we may need to use your information to handle and resolve legal disputes, for regulatory investigations and compliance, or to enforce the terms of use of the service as reasonably expected. We have to comply with certain laws and (country-specific) regulations.

Contractual necessity: In order to fulfil the contract you enter into with us when you use our Services, we have to process some essential information. When you wish to use one of our paid services we may need to process your email address and payment information.

Legitimate interests: We are committed to improving and growing our service. Some of your data can help us to improve and promote our Service and Website, other data we may need for administrative, legal purposes or anti-fraud activities.

Consent: For certain promotional and marketing activities, we may ask additional consent. When you wish to withdraw your consent, please contact us via the support web form on www.stcw.online.

Data minimization

ECMT shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The detailed data fields are described below:

  • the client user – who is a user of the application –
    • Personal data (email address, user id, password, company, first and last name, telephone number)
  • the learner user – who is a user of the application –
    • Personal data (email address, user id, password, first and last name, date of birth, country and place of birth)
  • the journey
    • Regular personal data (learners progress, results and certification).

All data mentioned is essential from ECMT perspective. The data collected is required for normal operation of the service and to issue the client (user) with a valid CoP as required by the (IMO) Member States.

All data processed by the ECMT must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.

Our service can only be used when you as the end user have reached the age of sixteen (16) years or when you are older.

The application cannot deliver its full intended value without capturing the data. Access to client or learner data is regulated in such a way that the smallest possible group of persons gains access to both the client’s identity and, simultaneously, learners user data.

When do we share personal data?

Personal data is shared when there is information captured in a case before / during/after communication between ECMT and the user.

With whom do we share personal data?

ECMT has third party service providers that help us provide or improve our service. This includes service providers, payment providers and financial institutions, business partners or research institutions. Read below in more detail how your data is used and exchanged.

Please find an up-to-date list of the categories of our third parties here:

  • User experience: Data of learners progress and results. The LMS uses a cloud service of Amazon Web Services (AWS) and data is encrypted with AEA-256.
  • Data storage: For cloud services including database management and application server hosting we use Amazon Web Services (AWS), with servers based in Europe.

Where do we store and process personal data?

All data you provide to us and we collect from you is stored on secure cloud servers (the Servers) in the territory of the European Union, which are held to high standards (ISO9001, ISO 27001, GDPR compliant, and annual verification under the Privacy Shield verification program). By submitting your personal information, you agree to the transfer of your personal information to the servers.

Personal information may also be processed by our staff or by other third party service providers operating outside your country who work for us. We take such steps as are necessary for the

circumstances to ensure that any third party service providers treat your data securely and in accordance with applicable laws.

How do we secure personal data?

We have implemented a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

Whenever feasible and possible individual information will be encrypted, anonymised and aggregated to the level that allows practical use of the information.

To restrict access to personal information:

  • We provide Secure Access Management (User id / Passwords) for the LMS.
  • We use data encryption embedded in a secure HTTPs communication protocol between the mobile app and the database on the server.
  • We use a secure database server. All supplied sensitive information is encrypted in the database. To protect data against accidental loss and to ensure business continuity and disaster recovery The database will have regular backup and recovery testing.
  • ECMT shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
  • Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
  • When personal data is deleted this should be done safely such that the data is irrecoverable.
  • Appropriate back-up and disaster recovery solutions shall be in place.

How long do we keep your personal data for?

We will only use your personal data as long as we have your consent to do so. Please remember that when your consent is our legal basis to use your data, you can always revoke it any time. In principle we will store the personal data at a recognisable transactional level for a maximum of 10 years – or longer if required by law-. Disposal of data means permanent deletion from the database.

If you terminate the Services and delete your account, we will retain your personal information for a period of 12 months, after which we will delete your data. We will ask for your consent to process your data anonymously for research purposes.

We will retain (electronic) documents containing personal information:

  • to the extent that we are required to do so by law;
  • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, ECMT (i.e. the data protection officer) shall promptly assess the risk to people’s rights and freedoms. This will be reported to the Managing Director and if appropriate the data protection officer will also report this breach to the relevant authorities.

Your rights in relation to personal data

This refers to access to personal information/correction and deletion/withdrawal of consent

Individuals involved in an incident can request for a report with their personal information.

At any time you can make a request to review, correct, delete, obtain your data. You are also entitled to withdraw consent for the processing of the personal data we hold of you. You can do this by mail or email, using the addresses listed below.

Individuals can submit a request to delete personal data. This also applies to the withdrawal of consent.

In order to exercise your rights, please send us an email to [email protected] specifying your request and the right you want to exercise. We will, upon your request, provide you with access to your personal information that is held by us. We will provide the data to you in a structured, understandable and machine-readable way. An identify check will take place to ensure due diligence. In your request for access, we also request that you identify, as clearly as possible, the type(s) of information you wish to have access to. We will comply with your request to provide access to your personal information within 60 days and if you agree we may charge you or your company our reasonable costs incurred in supplying you with access to this information.

You are also entitled to lodge a claim with the appropriate supervisory authority, depending on the country you are using our services from.

Compliant to law and regulations

Privacy laws and regulations vary throughout the world. Our policy is based on EU privacy laws (GDPR).

If this policy for any reason does not meet specific requirements from other governing bodies or local laws, do not use our solutions and please inform us accordingly. Void where prohibited by law.

We ask the user explicitly to accept our privacy policy in the LMS and App.

If for any reason you do not accept this policy, do not use our solutions.

The Websites and the Application are owned and operated by ECMT B.V., Rotterdam, The Netherlands. You can contact us by writing to ECMT, P.O. Box 59008, 3008 PA, Rotterdam or by using our Website contact form or by email to [email protected].

Data Protection Officer: C. Verhoeven

Version March, 2024

Back to top