Crewdentials Limited, a company with these corporate details (Crewdentials) is the data controller in respect of certain aspects of your data and is registered with Office of the Data Protection Authority of Guernsey.
The nominated data protection officer is contactable via our contact form .
We keep our privacy statements under regular review. This version was last updated on 20 February 2024.
We do not control and are not responsible for the privacy policy of any website or organisation to which this website provides links. By including references, hyperlinks or other connections to such third party websites we do not imply any endorsement of them or any association with their owners or operators.
Who do we collect data on?
This privacy statement applies to the following individuals whom we collect personal data from or about. An individual falling in to any of the below categories is a Data Subject for the purposes of this statement:
- Crew who fill in a workflow or create at Crew Profile;
- Business users who sign up for a Business Workspace;
- Visitors to our website;
- Individuals who request information, newsletters, marketing material or other publications from us; and
- Individuals who use our certificate analysing demo page.
How is personal data collected?
We collect and use personal data from visitors to our website in the following instances:
- When a visitor uses the contact form or other method to contact us; and
- When a visitor uses the certificate analysing demo page.
What personal data do we collect?
Category of Data: Registration Details (Profile and Business Workspace Users)
Personal Data collected: name and email address
1. Purposes
- to enable Crewdentials to establish your User Account and authenticate your email address
- to manage our relationship with you in accordance with our terms and conditions
- to assist you with troubleshooting any access or User Account issues
- internal record keeping
- to inform you of new products, services or features
Lawful Basis: Contract
If you link, connect, or log in to Crewdentials through a third party service (eg Google, Facebook, Apple) you direct that service to send us information (such as your name, email address, language preference and profile picture) controlled by that service or as authorised by you via your privacy settings at that service.
General visitors to our website are covered under the Website Visitors section in this privacy statement.
Form submissions and direct contact with Crewdentials
(name, email address, phone number, message content)
- Purpose: to enable Crewdentials to communicate with you and respond to your enquiry
- Lawful Basis: legitimate interests
Certificate analysing demo page
(certificate content which may include; name, date of birth, discharge book number)
When a visitor uploads a certificate or document to our certificate analysing demo page, if our system does not recognise either i) the type of certificate or ii) the issuer, we subsequently receive an electronic copy of the document submitted and the results of the scan. We use this data solely for the purpose of analysing why the system failed to recognise the document and to subsequently re-train the system for better performance for all users. We do not hold on to this data for any longer than is strictly necessary. Once we have re-trained the system we permanently delete all records of this data from our systems. This data is only accessible to a handful of Crewdentials employees and will never be shared to third parties. We treat this data in the strictest confidence.
- Purpose: to improve the performance of our certificate analysing software
- Lawful Basis: legitimate interests
Legitimate interests
We can rely on this basis where we are using your data in a way which you would reasonably expect and which have a minimal privacy impact. We have undertaken an exercise to identify our and others’ legitimate interests in processing the data and balance that against your rights and freedoms. You have the right to object to our processing based on legitimate interest.
Website visitors
Cookies
When you visit any website, small text files (known as ‘cookies’) are put onto your computer to collect information about how you browse this site. The information collected is not personally identifiable.
When you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data in Matomo Analytics for statistical purposes, to improve our site and to recognise and stop any misuse.
We do not use third party cookies on our website.
Your data rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
You also have the right to ask us not to continue to process your personal data for marketing purposes.
You can exercise any of these rights at any time by contacting us via our contact form or you can write to us at PO Box 215, St Peter Port, Guernsey GY1 3NL. You may also contact the Office of Data Protection in Guernsey using the contact details at this link https://www.odpa.gg/information-hub/information-rights.
Data sharing and data processing
Guernsey is not in the EEA, but the European Commission has deemed that Guernsey provides an adequate level of protection for personal data.
There are limited circumstances in which Crewdentials may share your personal data, such as suspected or confirmed identity fraud or other offences, valid and legally binding requests for information from third parties.
We do not sell your personal data to any person, including but not limited to managers, employers, recruiters, training centres or advertisers.
Data security
All information you provide to us is stored on secure third party servers located in the EU. We have built multi-factor authentication into our systems to improve the security of your data. The Crewdentials website is served via HTTPS so all data will automatically undergo end to end encryption.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
How long will we keep the data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or it we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm through unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other mean, and the applicable legal, regulatory, tax, accounting or other requirements.