Policy No:
EXT/NED/IT/2025/004
Privacy Policy
Last Updated: 01-04-2025
This Privacy Policy describes how BLU Maritime Consultancy Pte. Ltd. ("BLU," "we," "us," or "our") collects, uses, discloses, and protects the personal data of individuals who visit our website located at www.blu-maritime.com (the "Website") or access or use our associated portals, platforms, or online services, which we will refer to as the "BLU TEC Portal." This includes website visitors and the following categories of registered users: Clients, Client Staff (Contracted and On-Roll), Vendors, and BLU Staff. Different sections of this policy may apply differently to these user categories as indicated.
1. Data Controller and Contact Information
Data Controller (GDPR and PDPA Singapore): BLU Maritime Consultancy Pte. Ltd.
Address: #19–18 VISION, 2 VENTURE DRIVE, VISION EXCHANGE, SINGAPORE 608526
Data Protection Officer (DPO): BLU Maritime Consultancy Pte. Ltd.
Email for Privacy Inquiries: BLU_IT@blu-maritime.com
2. Collection of Personal Data
We collect the following categories of personal data from different user groups:
Website Visitors:
Technical Data: IP address, Device Information (device type, operating system), User Agent.
Browsing Activity: Pages visited, time spent on the site, referring website (collected via our website server logs).
Location Data (potentially): General location inferred from IP address.
Clients and Client Staff (Contracted and On-Roll):
Identity Data: Name, Nationality, Date of Birth, Age, Gender, Passport Number, Seaman Booklet Number, CDC Number, User Rank or Designation.
Contact Data: Email address, Contact Number.
Technical Data: IP address, Device Information (device type, operating system), User Agent.
Location Data: General location inferred from IP address.
Company and Vessel Association: Company and vessel with which they are associated.
Service-Related Data: Sign-on and sign-off dates, Port of call, ETA/ETB/ETD plan, Purchase requirements.
Health Data (for some users): Height, Weight, Allergies, Current Medication, Smoking status, Alcohol intake, Blood group.
Dietary Preferences: Information inferred from nationality or other provided data (e.g., to avoid displaying non-halal food), diet preference (veg/non-veg).
Account Data: Username and encrypted password.
Data from Uploaded Excels: Personal data contained in Excel sheets uploaded by our staff on your behalf.
Vendors:
Business Contact Data: Contact Person's Name, Email address, Contact Number.
Business Details: Business Name, Business Address, Certification Licenses, Other Business Details required for executing supply requests.
Financial Data: Bank details for payments.
BLU Staff: Data collected as part of employment will be covered in a separate internal policy.
3. Purposes of Processing Personal Data and Legal Bases (GDPR) / Consent and Exceptions (PDPA Singapore)
We process your personal data for the following purposes:
Website Operation and Security (Website Visitors): To ensure the proper functioning and security of our Website.
GDPR Legal Basis: Legitimate Interests (Art. 6(1)(f)) – ensuring website functionality and security.
PDPA Singapore Basis: Legitimate Interests (Section 15(a)) – maintaining website security and functionality.
Website Analytics (General) (Website Visitors): To analyze website traffic and usage patterns to improve our Website (note: we analyze server logs for this).
GDPR Legal Basis: Legitimate Interests (Art. 6(1)(f)) – improving our website, balanced with user rights (emphasizing anonymization/aggregation where possible).
PDPA Singapore Basis: Legitimate Interests (Section 15) if data is aggregated and anonymized.
Essential Cookies (Website Visitors and Registered Users): To set and manage essential cookies for session security when you access the Website and BLU TEC Portal.
GDPR Legal Basis: Legitimate Interests (Art. 6(1)(f)) – ensuring website and portal functionality and security.
PDPA Singapore Basis: Consent (via Cookie Policy acceptance).
Account Creation and Management (Registered Users): To create and manage user accounts, verify identity, and provide access to the BLU TEC Portal.
GDPR Legal Basis: Performance of a contract (Art. 6(1)(b)) followed by consent on 1st login.
PDPA Singapore Basis: Based on request from Registered Client followed by consent (obtained via the one-time checkbox on 1st login).
Providing Services (Registered Users): To deliver our various services, including processing orders, providing health report analysis, generating learning management system reports, displaying category-wise food consumption trends, and all other reports within the BLU TEC Portal.
GDPR Legal Basis: Performance of a contract (Art. 6(1)(b)). For Health Data, Explicit Consent (Art. 9(2)(a)). For dietary preferences, Legitimate Interests (Art. 6(1)(f)) – providing relevant services based on inferred preferences, balanced with user rights.
PDPA Singapore Basis: Consent via registered client/vendor for Health Data (explicitly) and for dietary preferences (explicitly) or potentially Legitimate Interests (Section 15), where the benefit outweighs any adverse effect.
Order Processing (Registered Users): To process and fulfil purchase requirements, including sharing necessary data with vendors.
GDPR Legal Basis: Performance of a contract (Art. 6(1)(b)).
PDPA Singapore Basis: Consent via registered client/vendor, Performance of Contract (Section 15(b)).
Customer Support (Registered Users): To provide assistance, respond to inquiries, and resolve issues related to the Website and BLU TEC Portal.
GDPR Legal Basis: Performance of a contract (Art. 6(1)(b)) or Legitimate Interests (Art. 6(1)(f)) – providing effective customer service.
PDPA Singapore Basis: Consent via registered client/vendor or Legitimate Interests (Section 15(a)) – responding to user requests.
Communication (Registered Users): To send important notices, updates, and other service-related information regarding the Website and BLU TEC Portal.
GDPR Legal Basis: Performance of a contract (Art. 6(1)(b)) or Legitimate Interests (Art. 6(1)(f)) – keeping users informed about the services.
PDPA Singapore Basis: Consent via registered client/vendor or deemed consent (Section 15(c)) – necessary for the provision of services.
Analytics to Enhance Quality of Service (Registered Users): To analyze user behaviour and trends within the Website and BLU TEC Portal to improve our services (based on aggregated and anonymized data where possible).
GDPR Legal Basis: Legitimate Interests (Art. 6(1)(f)) – improving our services, balanced with user rights.
PDPA Singapore Basis: Consent (obtained via the one-time checkbox) or potentially Legitimate Interests (Section 15) if data is aggregated and anonymized.
Security (Website Visitors and Registered Users): To ensure the security and integrity of our Website, BLU TEC Portal, and user data, including blocking logins from new devices.
GDPR Legal Basis: Legitimate Interests (Art. 6(1)(f)) – protecting our platform and users.
PDPA Singapore Basis: Legitimate Interests (Section 15(a)) – preventing unauthorized access.
Compliance (All Users): To comply with applicable laws, regulations, and legal processes.
GDPR Legal Basis: Legal Obligation (Art. 6(1)(c)).
PDPA Singapore Basis: Legal Obligations (Section 15(e)).
Processing Vendor Payments (Vendors): To process payments for goods and services provided by vendors.
GDPR Legal Basis: Performance of a contract (Art. 6(1)(b)) or Legal Obligation (if required for tax purposes, Art. 6(1)(c)).
PDPA Singapore Basis: Consent (obtained via contract) or Performance of Contract (Section 15(b)).
Regarding Health Data: We process health data (height, weight, allergies, current medication, smoking/alcohol intake, blood group) for registered users based on their explicit consent via registered client. This data is used to provide health report analysis as part of our services within the BLU TEC Portal.
Regarding Dietary Preferences: We process information about the nationality or other provided data of registered users to infer dietary preferences to improve the quality of service (e.g., not displaying non-halal food) within the BLU TEC Portal. This is based on their consent via registered client or our legitimate interests in providing relevant services, balanced with their rights.
4. Cookies and Other Tracking Technologies
We use cookies for the essential purpose of uniquely identifying your device and maintaining session security when you access the Website and BLU TEC Portal. When a user logs in, we save a session key in a cookie. If a login attempt is made from a different device we block the login to enhance security. We do not use cookies for marketing, advertising, or other commercial purposes.
By accepting our Cookie Policy (via the one-time checkbox upon registration or continued website use where implied consent applies for essential cookies), you consent to this essential use of cookies.
5. Disclosure of Personal Data to Third Parties
We only share personal data of registered users with third-party vendors to the extent necessary for processing their orders initiated through the BLU TEC Portal. This may include sharing their name, contact details, and order specifics to fulfil their purchase requirements. We have contracts in place with these vendors to ensure the protection of their personal data.
We do not share your personal data with any other third parties for marketing, advertising, or other commercial purposes.
6. International Data Transfers
Your personal data is primarily stored on our hosting servers located in Singapore (GoDaddy). Access to this data is provided to our development team located in our sister company in India for the purposes of maintaining and developing the Website and BLU TEC Portal. We ensure that our sister company in India adheres to appropriate data protection standards.
Our staff located in Singapore, Philippines, India, Greece, London, and Canada can access the BLU TEC Portal, but their access is restricted based on their roles and responsibilities, ensuring they only see the personal data necessary for their tasks.
We take weekly backups of our entire code and database, with backups stored in both India and Singapore. These backups are subject to our security and disaster recovery measures.
Given that our hosting provider (GoDaddy) and our sister company in India are located outside the European Economic Area (EEA), and that staff in London, vendors based in EU and potentially EU-resident crew data may access our servers in Singapore, we ensure that these transfers are subject to appropriate safeguards in accordance with the GDPR.
GDPR Consideration: For transfers of personal data to recipients located outside the EEA, including Singapore and India, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46(2)(c) of the GDPR. We have implemented or will implement these clauses with GoDaddy and our sister company in India to ensure an adequate level of protection for your personal data.
PDPA Singapore Consideration: Transfers to India for development access are subject to Section 26 of the PDPA. We ensure that our sister company in India provides a standard of protection comparable to that under the PDPA.
7. Data Retention
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, as outlined below:
Website Visitor Data: Technical data and browsing activity are typically retained in server logs for a limited period for security and analytical purposes.
Registered User Data (excluding Health Data): This data is retained for the duration of your engagement with us to manage your account, provide services through the BLU TEC Portal, and for a reasonable period thereafter for administrative and legal purposes.
Health Data: We retain health data for registered users to display trends and analysis within the BLU TEC Portal as part of our service offerings. This data will be retained for the duration of the Client's contract and a reasonable period thereafter for administrative and legal purposes. We will anonymize or pseudonymize this data when it is no longer required for active service provision but may be kept for statistical analysis, where applicable.
Vendor Data: We retain vendor data for the duration of our business relationship and as required for legal and financial record-keeping.
Once the retention period expires, we will securely delete or anonymize your personal data in accordance with our data retention policies and applicable laws.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
The right to access your personal data.
The right to rectification of inaccurate or incomplete personal data.
The right to erasure ("right to be forgotten") under certain circumstances.
The right to restriction of processing under certain circumstances.
The right to data portability.
The right to object to processing under certain circumstances.
Rights in relation to automated decision-making, including profiling (note: we do not engage in this).
The right to withdraw consent at any time (where consent is the legal basis for processing).
The right to lodge a complaint with a supervisory authority in the EEA.
Under the PDPA Singapore, you have the right to:
The right to access your personal data in our possession or under our control.
The right to correct an error or omission in your personal data that is in our possession or under our control.
The right to withdraw your consent to the collection, use, or disclosure of your personal data (subject to contractual and legal restrictions and reasonable notice).
To exercise any of these rights, please contact us using the contact information provided in Section 1.
9. Data Security
We have implemented reasonable security arrangements to protect the personal data in our possession or under our control to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks related to the Website and BLU TEC Portal. These measures include:
Role-based access control to the BLU TEC Portal, ensuring staff, vendors and clients only see necessary data.
Encryption of passwords stored in our database.
Use of licensed antivirus software on endpoint devices.
Managed firewall services from GoDaddy.
Regular updates and patching of operating systems and software on staff machines.
Monthly cyber security and digital safety training sessions for our staff.
Secure data transfer protocols.
Regular backups of our code and database.
Proper management and control over the live data as well as the backup copy and media.
10. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements related to the Website and BLU TEC Portal. We will post any changes on our Website and BLU TEC Portal and update the "Last Updated" date. Where required by law, we will provide you with notice of significant changes and obtain your consent if necessary.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices related to the Website and BLU TEC Portal, please contact us at:
BLU Maritime Consultancy Pte. Ltd.
#19-18 VISION, 2 VENTURE DRIVE, VISION EXCHANGE, SINGAPORE 608526
Email for Privacy Inquiries: BLU_IT@blu-maritime.com
Date of Publication (1st Apr. 2025) Version 1.1