his is the privacy statement that applies to visitors to our website.
Crewdentials Limited, a company registered in Guernsey with company number 67547 and registered office at La Cherverie, Ruette Des Cherfs, Castel, Guernsey, GY5 7HQ (Crewdentials) is the data controller in respect of certain aspects of your data, and a processor in respect of other aspects. Crewdentials is registered with Office of the Data Protection Authority of Guernsey.
The nominated data protection officer is Dan Armsden, contactable on +44(0)1481 524 524 or firstname.lastname@example.org.
We keep our privacy statements under regular review. This version was last updated on 19 November 2020.
This privacy statement applies to the following individuals whom we collect personal data from or about. An individual falling in to any of the below categories is a Data Subject for the purposes of this statement:
We collect and use personal data from visitors to our website in the following instances:
General visitors to our website are covered under the Website Visitors section in this privacy statement.
1. Form Submissions & Direct Contact with Crewdentials
(name, email address, phone number, message content)
2. Certificate Analysing Demo Page
(certificate content which may include; name, date of birth, discharge book number)
When a visitor uploads a certificate or document to our certificate analysing demo page, if our system does not recognise either i) the type of certificate or ii) the issuer, we subsequently receive an electronic copy of the document submitted and the results of the scan. We use this data solely for the purpose of analysing why the system failed to recognise the document and to subsequently re-train the system for better performance for all users. We do not hold on to this data for any longer than is strictly necessary. Once we have re-trained the system we permanently delete all records of this data from our systems. This data is only accessible to three employees of Crewdentials Limited and will never be shared to third parties. We treat this data in the strictest confidence.
Legitimate Interests: We can rely on this basis where we are using your data in a way which you would reasonably expect and which have a minimal privacy impact. We have undertaken an exercise to identify our and others’ legitimate interests in processing the data and balance that against your rights and freedoms. You have the right to object to our processing based on legitimate interest.
When you visit any website, small text files (known as ‘cookies’) are put onto your computer to collect information about how you browse this site. The information collected is not personally identifiable.
Google Analytics stores information about:
Under certain circumstances you have the following rights under data protection laws in relation to your personal data:
You also have the right to ask us not to continue to process your personal data for marketing purposes.
You can exercise any of these rights at any time by contacting us at email@example.com or by mailing us at La Cherverie, Ruette Des Cherfs, Castel, Guernsey, GY5 7HQ. You may also contact the Office of Data Protection in Guernsey using the contact details at this link https://odpa.gg/exercising-your-rights/.
Guernsey is not in the EEA, but the European Commission has deemed that Guernsey provides an adequate level of protection for personal data.
There are limited circumstances in which Crewdentials may share your personal data, such as suspected or confirmed identity fraud or other offences, valid and legally binding requests for information from third parties.
We do not sell your personal data to any person, including but not limited to managers, employers, recruiters, training centres or advertisers.
All information you provide to us is stored on secure third party servers located in the EU. We have built multifactor authentication into our systems to improve the security of your data. The Crewdentials website is served via HTTPS so all data will automatically undergo end to end encryption.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or it we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm through unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other mean, and the applicable legal, regulatory, tax, accounting or other requirements.