STCW online is a tradename of Emergency Control Maritime Training B.V. (ECMT). ECMT is the legal entity responsible for protecting your privacy. We care deeply about your privacy, because it is vital to protect everyone’s personal and professional safety in the digital age. The protection and security of personal data that we process is of paramount importance to us and, as an EU based company, we have developed specific controls and protocols for any breaches relating to the GDPR and data protection laws. Our privacy strategy is to meet and exceed GDPR requirements.
This Policy applies to the website www.stcw.online, the learning platform (“LMS”) www.stcw.academy and the app (“App”) for sharing content with the learner on mobile devices. The app’s communication functionality enables ECMT to collect data of learner’s (“User”) progress, including testing results (if any).
In order to enable on- and offline learning, we provide secure access to the LMS. The LMS collects minimal required personal data and information of the user to enable making a secure connection and to provide end-users with a certificate of proficiency (CoP) where applicable. Read below in more detail which data is used and exchanged.
When Clients want to use our paid services, they also have to provide us with payment information.
We do not have access to or keep this payment information.
We collect information when you give us feedback via our website, LMS or your App Store or a questionnaire or via the support web form on www.stcw.online. During your visit to our Website, LMS or use of the App, we automatically collect certain information of you, your visit to the service and the device you are using. The information we store includes notification access, device-specific settings
and characteristics, system activity, location details, IP address, language settings and other device event information, access dates and times of your usage of the LMS. We also collect data about when and how you use the service.
We use your data to assist you in the best possible way, it may be used for the following reasons:
Training journey: The main reason why we collect your personal data is to supply you with our core service: assistance with your training journey.
Management and improvement of our Services: We use your information to manage our Website, App, and business and to improve our services continuously.
Marketing and Customer Service: our customer service is here to help you and we use your data to do so. We may send you email notifications and/or in-App messages, this includes emails in which we provide you with information and ask you to provide us with information about possible follow-up actions. In order to keep you informed, we may send you communications relating to our business, by email or other contact details you provided to us. If you submit personal information for publication on our Website, we will use that information in accordance with the license you grant to us.
If you opt-in for our mailing list, we may send you non-commercial communications, including our newsletter. When you use our services, we may send you a questionnaire or invite you to provide a review of your experiences with our service. We also may get in touch with you regarding feedback, inquiries, and complaints you made regarding our Website and App. We might ask you to rate us or leave information and comments on if and how we met your expectations.
Research activities: In order to support the research in remote learning, we may use your data, pseudonymized (without a direct link to your identity) or anonymized (without us being able to identify you at all), for research purposes. This may include sharing your data with carefully selected third party learning institutions. By uploading your information, including images in the App, you explicitly consent to the images being processed for the purposes of the provision of the services and to be used anonymously for the purposes of research and testing of our services. As such, your images may be reviewed by our employees or third-party consultants who work for us and who are bound by strict confidentiality.
Contractual necessity: In order to fulfil the contract you enter into with us when you use our Services, we have to process some essential information. When you wish to use one of our paid services we may need to process your email address and payment information.
Legitimate interests: We are committed to improving and growing our service. Some of your data can help us to improve and promote our Service and Website, other data we may need for administrative, legal purposes or anti-fraud activities.
Consent: For certain promotional and marketing activities, we may ask additional consent. When you wish to withdraw your consent, please contact us via the support web form on www.stcw.online.
ECMT shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The detailed data fields are described below:
All data mentioned is essential from ECMT perspective. The data collected is required for normal operation of the service and to issue the client (user) with a valid CoP as required by the (IMO) Member States.
All data processed by the ECMT must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Our service can only be used when you as the end user have reached the age of eighteen (18) years or when you are older.
The application cannot deliver its full intended value without capturing the data. Access to client or learner data is regulated in such a way that the smallest possible group of persons gains access to both the client’s identity and, simultaneously, learners user data.
Personal data is shared when there is information captured in a case before / during/after communication between ECMT and the user.
ECMT has third party service providers that help us provide or improve our service. This includes service providers, payment providers and financial institutions, business partners or research institutions. Read below in more detail how your data is used and exchanged.
Please find an up-to-date list of the categories of our third parties here:
All data you provide to us and we collect from you is stored on secure cloud servers (the Servers) in the territory of the European Union, which are held to high standards (ISO9001, ISO 27001, GDPR compliant, and annual verification under the Privacy Shield verification program). By submitting your personal information, you agree to the transfer of your personal information to the servers.
Personal information may also be processed by our staff or by other third party service providers operating outside your country who work for us. We take such steps as are necessary for the
circumstances to ensure that any third party service providers treat your data securely and in accordance with applicable laws.
We have implemented a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
Whenever feasible and possible individual information will be encrypted, anonymised and aggregated to the level that allows practical use of the information.
To restrict access to personal information:
We will only use your personal data as long as we have your consent to do so. Please remember that when your consent is our legal basis to use your data, you can always revoke it any time. In principle we will store the personal data at a recognisable transactional level for a maximum of 10 years – or longer if required by law-. Disposal of data means permanent deletion from the database.
If you terminate the Services and delete your account, we will retain your personal information for a period of 12 months, after which we will delete your data. We will ask for your consent to process your data anonymously for research purposes.
We will retain (electronic) documents containing personal information:
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, ECMT (i.e. the data protection officer) shall promptly assess the risk to people’s rights and freedoms. This will be reported to the Managing Director and if appropriate the data protection officer will also report this breach to the relevant authorities.
This refers to access to personal information/correction and deletion/withdrawal of consent
Individuals involved in an incident can request for a report with their personal information.
At any time you can make a request to review, correct, delete, obtain your data. You are also entitled to withdraw consent for the processing of the personal data we hold of you. You can do this by mail or email, using the addresses listed below.
Individuals can submit a request to delete personal data. This also applies to the withdrawal of consent.
In order to exercise your rights, please send us an email to email@example.com specifying your request and the right you want to exercise. We will, upon your request, provide you with access to your personal information that is held by us. We will provide the data to you in a structured, understandable and machine-readable way. An identify check will take place to ensure due diligence. In your request for access, we also request that you identify, as clearly as possible, the type(s) of information you wish to have access to. We will comply with your request to provide access to your personal information within 60 days and if you agree we may charge you or your company our reasonable costs incurred in supplying you with access to this information.
You are also entitled to lodge a claim with the appropriate supervisory authority, depending on the country you are using our services from.
Privacy laws and regulations vary throughout the world. Our policy is based on EU privacy laws (GDPR).
If this policy for any reason does not meet specific requirements from other governing bodies or local laws, do not use our solutions and please inform us accordingly. Void where prohibited by law.
If for any reason you do not accept this policy, do not use our solutions.
The Websites and the Application are owned and operated by ECMT B.V., Rotterdam, The Netherlands. You can contact us by writing to ECMT, P.O. Box 59008, 3008 PA, Rotterdam or by using our Website contact form or by email to firstname.lastname@example.org.
Data Protection Officer: C. Verhoeven
Version April, 2020