DATA PROTECTION & PRIVACY POLICY
1. Policy Statement & Scope
MaritimePay Ltd ("the Company," "we," "us") is committed to protecting the privacy and security of all personal data we process. As a UK-incorporated entity (Company Number 16851216), we comply with the UK GDPR, the Data Protection Act 2018, and the EU GDPR (Regulation (EU) 2016/679).
This policy applies to our activities as a Data Controller for our own business contacts and as a Joint Controller/Processor in our capacity as a "Program Ally" for Corpay. We collect "Required Information" to facilitate international trade and payment services for customers within the UK, EEA, and globally.
2. Data Controller & Contact Information
-
Data Controller: MaritimePay Ltd.
-
Responsible Person: Miguel Verissimo
-
Contact: [Email Address]
-
Registered Office: Francis House, 2 Park Road, High Barnet, EN5 5RN, UK.
3. Information Collection & Lawful Basis for Processing
We process personal data based on specific lawful bases under Article 6 of the GDPR. Our primary role is the collection and transmission of "Required Information" (Schedule B) for Corpay onboarding.
Category of Data Subject
Types of Personal Data
Purpose of Processing
Lawful Basis (GDPR Art. 6)
Corporate Contacts
Name, business email, phone, job title.
Service application and relationship management.
Legitimate Interest: Necessary for business operations.
UBOs, Directors, & Signatories
Full name, DOB, nationality, residential address, Photo ID, ownership %.
Mandatory KYC/KYB, AML screening, and Sanctions checks.
Legal Obligation: Compliance with UK MLR 2017. Public Interest: Prevention of financial crime.
Prospective Clients
Inquiry details via website or email.
Responding to service inquiries.
Legitimate Interest: Business development.
4. Security and Data Protection Measures
We implement technical and organizational measures to protect data against unauthorized access or loss:
-
Access Controls: Access to sensitive KYC/KYB data (e.g., UBO passports) is restricted to the MLRO and authorized compliance staff on a "need-to-know" basis.
-
Encryption: Data is encrypted during transmission to Corpay and at rest within our secure digital environment.
-
Data Minimization: We only collect the "Required Information" mandated by our Co-operation Agreement and regulatory standards.
5. Data Sharing & International Transfers
-
Sharing with Corpay: A core function of our service is transmitting application data to Corpay (including Cambridge Mercantile Corp. entities in the US, Canada, and EEA) to facilitate onboarding.
-
Third-Party Processors: We use secure IT and cloud providers bound by strict data protection contracts.
-
International Transfers: As we support global maritime trade, data may be transferred outside the UK/EEA. We ensure these transfers are protected by Standard Contractual Clauses (SCCs) or other adequacy mechanisms recognized by the UK ICO and European Commission.
6. Data Subject Rights
Individuals may exercise the following rights by contacting our Responsible Person:
-
Right of Access: Request a copy of held personal data.
-
Right to Rectification: Correct inaccurate or incomplete records.
-
Right to Erasure: Request deletion (subject to the 5-year AML retention requirement).
-
Right to Object/Restrict: Object to processing based on legitimate interests.
-
Right to Data Portability: Receive data in a structured, machine-readable format.
7. Data Retention Policy
In accordance with UK Anti-Money Laundering (AML) regulations and our compliance plan, we retain Customer Due Diligence (CDD) and transaction-related data for a minimum of five (5) years after the business relationship ends. After this period, data is securely deleted or anonymized unless required for ongoing legal or regulatory purposes.
8. Data Breach Notification
MaritimePay maintains a Data Breach Response Policy. In the event of a breach posing a risk to individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours and inform affected data subjects without undue delay.
9. Policy Governance
This policy is reviewed annually by the MLRO.
Version: 1.1
Effective Date: [Insert Date]
Approved by: [Director Name]
GET IN TOUCH
5 Vasileos Georgiou str. Marousi
15 122, Athens, Greece
MENU
PRIVACY POLICIES