Crew Life at Sea – Website Privacy Policy

Effective date: 20 August 2024
Company: Crew Life at Sea (Pty) Ltd (“Crew Life at Sea”, “we”, “us”, “our”)
Registered office: Cape Town, South Africa
Contact: [email protected]

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit crewlifeatsea.com (the “Site”) or interact with us, including when you apply for jobs or use our recruitment services.

1) Who we are & scope

Crew Life at Sea is a recruitment agency that sources and places candidates for cruise lines, hotels, and other hospitality and maritime employers. This Policy applies to:

  • Visitors to our Site,

  • Candidates and referral agents who submit information to us,

  • Clients and prospective clients who engage our services.

We act as a controller for information we collect directly and as a processor where we process data on behalf of clients.

2) What we collect

2.1 Information you provide

  • Contact details: name, email, phone, location.

  • Application data: CV/résumé, cover letters, employment history, education, references, qualifications/certifications (e.g., STCW), language abilities, portfolios.

  • Compliance data (where applicable): passport details, visas (e.g., C1/D, Schengen, J-1), seaman’s book, medical fitness certificates, background checks, drug/alcohol screening results, and other onboarding documentation required by law or by clients.

  • Financial/admin data (limited): bank/remittance details needed to facilitate reimbursements or travel arrangements.

  • Communications: emails, messages, interview notes, and feedback.

Special categories & sensitive data: We may process health information (e.g., fit-to-work medicals) or criminal-background information only where necessary, lawful, and permitted (e.g., your explicit consent or legal/contractual obligation).

2.2 Information we collect automatically

  • Usage & device data: IP address, browser type, pages viewed, time spent, and referring URLs (via cookies and similar technologies). See Cookies below.

2.3 Information from third parties

  • Referees and former employers, skills/testing providers, background check partners.

  • Public sources (e.g., LinkedIn, job boards) where you have made your profile public.

  • Clients who provide role requirements or feedback about interviews and placements.

3) Why we use your information (purposes & legal bases)

We use personal information to:

  • Recruit and place candidates with clients; assess suitability, verify credentials, arrange interviews, make introductions (contract, legitimate interests; sometimes consent for special categories).

  • Comply with law and client/industry standards (e.g., maritime, immigration, right-to-work, health & safety) (legal obligation).

  • Communicate with you about roles, applications, updates, and service notices (legitimate interests / contract).

  • Operate and improve our Site, services, and candidate experience; analytics and troubleshooting (legitimate interests).

  • Marketing (updates, opportunities) where permitted; you can opt out at any time (consent / legitimate interests).

  • Protect our rights, prevent fraud/abuse, and ensure security (legitimate interests, legal obligation).

We do not use your information for fully automated decisions that produce legal or similarly significant effects without human involvement.

4) Cookies & analytics

We use cookies and similar technologies to run the Site, keep it secure, remember preferences, and measure performance. You can control cookies via your browser settings and (where offered) our cookie banner. Disabling certain cookies may affect Site functionality.

5) Sharing your information

We share information only as needed and subject to appropriate safeguards:

  • Clients/employers to consider you for roles, schedule interviews, and onboard successful candidates.

  • Service providers/“operators” who help us deliver services (e.g., cloud hosting, email, document management, applicant tracking, communications, ID/credential checks). Typical providers may include Google Workspace, document e-signature/verification tools, applicant-tracking or project systems, and secure file storage.

  • Compliance & authorities where required by law, court order, or to protect rights and safety.

  • Business transfers (e.g., merger, acquisition) subject to continuity of protections.

We do not sell your personal information.

6) International transfers

We are based in South Africa and work with clients and providers globally. If we transfer your information to countries with different data protection laws, we will ensure appropriate safeguards (e.g., contractual clauses, adequacy decisions, or equivalent measures).

7) Retention

We keep personal information only as long as necessary for the purposes above, including:

  • Recruitment records: typically 24 months after last meaningful interaction, unless you ask us to keep your profile active or a longer period is required by law or to establish/exercise/defend legal claims.

  • Compliance/financial records: per legal/accounting retention duties.

When no longer needed, we securely delete or anonymise data.

8) Security

We use technical and organisational measures appropriate to the risk, including access controls, encryption in transit, least-privilege access, and staff confidentiality obligations. No system is 100% secure; if a breach occurs, we will notify you and regulators as required by law.

9) Your rights

Your rights depend on your location, but may include:

South Africa (POPIA)

  • Access to your personal information.

  • Correction/Deletion where inaccurate or no longer needed.

  • Objection/Restriction to certain processing.

  • Lodge a complaint with the Information Regulator.

European Economic Area/UK (GDPR/UK GDPR)

  • Access, Rectification, Erasure.

  • Portability (copy of your data).

  • Restriction and Objection (including to direct marketing).

  • Withdraw consent where processing is based on consent.

  • Lodge a complaint with your supervisory authority.

California (CCPA/CPRA)

  • Know/Access categories and specific pieces of personal information we collected.

  • Delete personal information (with statutory exceptions).

  • Correct inaccurate information.

  • Opt-out of “sale” or “sharing” for cross-context behavioural advertising (we do not sell; if we ever do, we will provide a “Do Not Sell or Share” mechanism).

  • Limit use of sensitive personal information (we use such data only for permitted purposes).

To exercise rights, contact [email protected]. We will verify your request and respond within the applicable statutory timeframe. You may authorise an agent where your law allows.

10) Candidate references & background checks

By providing referees’ or third parties’ details, you confirm you are authorised to share them. We contact referees only for recruitment verification and will process any information received in line with this Policy. Where background checks/medical screenings are required, we will inform you of scope, legal basis, and outcomes handling.

11) Children

Our services are not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us information, contact us to delete it.

12) Third-party links

Our Site may link to third-party sites/services. Their privacy practices are not covered by this Policy. Please review their policies.

13) Changes to this Policy

We may update this Policy from time to time. The “Effective date” above shows when it was last revised. Material changes will be communicated on the Site or via email where appropriate.

14) How to contact us

Crew Life at Sea (Pty) Ltd
Cape Town, South Africa
Email: [email protected]

South Africa – Information Regulator: You may lodge a complaint with the Information Regulator if you believe your rights under POPIA have been infringed. Visit the Information Regulator’s official website for current contact details.

15) Region-specific notices (summary)

  • POPIA (South Africa): We process personal information as an accountable party/operator under POPIA and maintain security safeguards and processing records. We conclude operator agreements with third-party processors.

  • GDPR (EEA/UK): Where GDPR applies, our legal bases are consent, contract necessity, legal obligation, and legitimate interests. We use appropriate safeguards for international transfers (e.g., SCCs/IDTA where applicable).

  • CCPA/CPRA (California): We do not sell or share personal information for cross-context behavioural advertising. We do not use or disclose sensitive personal information for purposes other than those permitted by law.