Privacy Policy

Effective Date: Jan 1, 2025

Effective Date: January 1, 2025
Last Updated: Semptember 16, 2025

1. Introduction & Corporate Commitment

At Seachios® Marine Services, safeguarding privacy, confidentiality, and data integrity is a core corporate priority. This Privacy Policy (“Policy”) establishes the governance principles and operational framework under which we collect, process, store, transfer, and secure personal data.

We are committed to lawful, fair, and transparent processing, in compliance with global privacy and data protection frameworks, including:

General Data Protection Regulation (GDPR – European Union)
Lei Geral de Proteção de Dados (LGPD – Brazil)
California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA – United States)
Other applicable international privacy laws.

By engaging with our Services, platforms, or corporate operations, you acknowledge and agree to the terms of this Policy.

2. Scope of this Privacy Policy

This Policy applies worldwide to:

Clients, partners, suppliers, contractors, and corporate stakeholders.
Website visitors and users of our digital platforms and applications.
Representatives of corporate entities engaged with our services.

It governs both online and offline data collection methods, including contractual, operational, and digital interactions.

3. Definitions

Personal Data: Information relating to an identified or identifiable natural person.
Sensitive Personal Data: Data requiring enhanced protection, such as health, biometric, ethnic, or religious information.
Data Subject: The individual to whom personal data relates.
Controller / Operator: Seachios acts as a Controller when determining processing purposes, and as an Operator (Processor) when handling data on behalf of clients.

4. Categories of Data Collected

Personally Identifiable Information (PII): Names, professional roles, contact details.
Financial Data: Billing information, payment identifiers.
Technical Data: IP addresses, cookies, device metadata, geolocation.
Sensitive Data: Only processed under explicit legal or contractual necessity and subject to consent.

5. Sources of Data

Direct Collection: Web forms, contracts, operational engagements.
Automated Collection: Cookies, system logs, analytics tools.
Third-Party Sources: Business partners, regulators, and public registries.

6. Purposes of Processing

Service Delivery & Performance
Operational Optimization & Analytics
Regulatory and Legal Compliance
Marketing & Corporate Communication (with opt-out rights)
Fraud Prevention, Risk Mitigation, and Cybersecurity Monitoring

7. Sharing & Disclosures

We share personal data only under strict governance and contractual safeguards, with:

Service Providers: Payment processors, IT providers, auditors.
Regulatory Authorities: Where legally required.
Affiliates & Subsidiaries: For corporate administrative purposes.
Business Transfers: In mergers, acquisitions, or asset restructuring, with protections maintained.

7-A. Data Non-Sale Commitment

Seachios® Marine Services makes a clear, binding, and unequivocal commitment: we do not sell, rent, trade, or otherwise commercialize personal data.

In line with the CCPA/CPRA (California), LGPD (Brazil), and GDPR (European Union):

We do not and will never engage in practices that constitute “data sales” under any jurisdiction.
Data transfers are strictly limited to service provision, regulatory compliance, or contractual necessity.
When working with service providers, we enforce robust contractual confidentiality and data protection clauses equivalent to international standards.

8. Cross-Border Data Transfers

Given our global operations, data may be transferred internationally. Seachios ensures that:

EU & LGPD Safeguards: Transfers comply with Standard Contractual Clauses, adequacy decisions, or equivalent protections.
CCPA/CPRA Alignment: Data is safeguarded with protections equivalent to California privacy standards.
European Data Infrastructure: Seachios maintains **robust and advanced data security systems located in the European Union, ensuring that data hosted and processed within EU jurisdictions benefits from the highest internationally recognized level of protection, cybersecurity controls, and regulatory compliance.

9. Data Security & Governance

Seachios employs a multi-layered cybersecurity architecture including:

Encryption: Full encryption at rest and in transit.
Access Controls: Role-based and least-privilege access.
Audit & Monitoring: Regular penetration tests and vulnerability assessments.
Incident Response: Immediate containment and notification mechanisms in the event of a breach.

10. Legal Bases for Processing

We process data under the following lawful bases:

GDPR: Consent, contractual necessity, legal obligation, legitimate interest.
LGPD: Consent, contractual execution, compliance with law, legitimate interest.
CCPA/CPRA: Transparency, purpose limitation, opt-out rights (noting Seachios does not sell personal data).

11. Data Subject Rights

Data subjects retain enforceable rights, including:

Access, Correction, Deletion, and Portability
Restriction or Objection to Processing
Opt-Out of Marketing or Automated Decision-Making
Non-Discrimination under CCPA/CPRA
LGPD-Specific Rights: Anonymization, suspension of excessive processing, explanation of automated processes.

12. Cookies & Tracking

We use cookies to:

Enhance navigation and usability.
Collect anonymized analytics.
Personalize corporate communications.

Users may disable cookies through browser settings.

13. Retention & Disposal

Personal data is retained:

For the duration of the business relationship.
As required by law or regulation.
Only as long as necessary for operational purposes.

After this period, data is securely deleted or anonymized.

14. Children’s Privacy

Seachios does not knowingly process data of individuals under 16 years of age. If collected inadvertently, such data will be deleted promptly upon parental or guardian notification.

15. International Compliance

This Policy ensures compliance with:

GDPR (Europe)
LGPD (Brazil)
CCPA/CPRA (United States)
PIPEDA (Canada)
LFPDPPP (Mexico)
Other privacy regulations across the Americas, Europe, and beyond.

16. Updates to this Policy

This Policy may be updated periodically to reflect regulatory, technological, or organizational changes. Notice will be provided via our website or direct corporate communication channels.