Privacy Policy (UK GDPR & Cookie Policy)
Effective Date: 28-01-2026
1. Definitions
1.1 “Personal Data” – any information relating to an identified or identifiable natural person.
1.2 “Processing” – any operation or set of operations performed on personal data, whether automated or not, including collection, storage, use, disclosure, or deletion.
1.3 “Data Subject” – the individual whose personal data is collected, processed, or stored by the Company.
1.4 “Controller” – Vivan Maritime Global Services Limited, which determines the purposes and means of processing personal data.
1.5 “Processor” – any third party acting on behalf of the Controller to process personal data.
1.6 “UK GDPR” – the United Kingdom General Data Protection Regulation (as retained and amended in UK law).
1.7 “Cookies” – small text files stored on a user’s device to enhance website functionality, analytics, or marketing.
1.8 “Consent” – any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes, signifying agreement to the processing of personal data.
1.9 “ICO” – Information Commissioner’s Office, the UK’s independent authority responsible for upholding information rights.
1.10 “B2B Transactions” – business-to-business interactions conducted between Vivan Maritime Global Services Limited and corporate clients or partners.
2. Introduction
Vivan Maritime Global Services Limited (“the Company”) is committed to protecting the privacy and confidentiality of all personal data in compliance with the UK GDPR, Data Protection Act 2018, and guidance issued by the ICO.
This Privacy Policy outlines:
How personal data is collected, used, stored, and disclosed
The legal basis for processing personal data
How the Company ensures compliance with UK data protection law
The rights of Data Subjects under UK GDPR
This policy applies to all individuals interacting with the Company via:
Corporate website
Email correspondence
Trade enquiries or orders
Marketing communications
Contractual business relationships
3. Data Controller Details
Company Name: Vivan Maritime Global Services Limited
Registered Address: [Insert UK Registered Address]
Company Registration Number: [Insert Number]
Contact: privacy@vivanmaritime.com
Data Protection Officer (DPO): [Insert Name, if applicable]
The Controller is responsible for ensuring compliance with this Privacy Policy and responding to Data Subject requests.
4. Scope and Applicability
This policy applies to:
Employees, contractors, and representatives of corporate clients
Customers submitting B2B orders
Suppliers and third-party partners
Website visitors submitting enquiries or subscribing to newsletters
It does not apply to personal data processed outside the scope of the Company’s operations, or to publicly available information used lawfully.
5. Lawful Basis for Processing
The Company processes personal data under the following lawful bases:
5.1 Contractual Necessity – to fulfil contractual obligations, including order processing, delivery, and payment.
5.2 Legal Obligation – to comply with laws such as tax reporting, anti-money laundering, and health & safety regulations.
5.3 Legitimate Interests – to pursue legitimate business interests, including fraud prevention, marketing communications, and business operations, provided these do not override the rights of Data Subjects.
5.4 Consent – where required, for marketing communications or analytics. Consent may be withdrawn at any time.
5.5 Vital Interests – to protect individuals in emergencies where necessary.
6. Types of Data Collected
The Company may collect, process, and store the following categories of personal and corporate data:
6.1 Identification Data: Names, job titles, company names.
6.2 Contact Data: Email addresses, phone numbers, postal addresses.
6.3 Transactional Data: Orders, payments, invoices, delivery addresses.
6.4 Technical Data: IP address, device type, browser type, cookies, website usage.
6.5 Communications Data: Emails, messages, notes of conversations with representatives.
7. Purposes of Data Processing
7.1 Order Fulfilment and Contract Performance
The Company processes personal data to execute and manage commercial contracts, including:
Processing orders for the import/export of spices
Preparing invoices, quotations, and delivery documentation
Communicating with clients regarding order status, logistics, or contractual obligations
7.2 Marketing and Promotional Activities
Where consent is obtained, personal data may be processed to:
Deliver newsletters and commercial communications
Inform clients about new products or services
Conduct targeted marketing campaigns based on lawful business interest
7.3 Regulatory Compliance
Data processing ensures compliance with UK and international laws, including:
Tax and accounting regulations
Anti-money laundering obligations
Health, safety, and food safety regulations
7.4 Fraud Prevention and Risk Management
Processing personal and transactional data allows the Company to:
Monitor and detect fraudulent activities
Protect the integrity of commercial operations
Ensure safe and secure financial transactions
7.5 Website Analytics and Improvement
The Company uses website data to:
Understand website usage and traffic patterns
Enhance functionality, usability, and security
Optimize marketing and engagement strategies
8. Data Collection Methods
8.1 Direct Collection
Data is collected directly from clients, partners, and website visitors via:
Online forms and enquiries
Email and telephone correspondence
B2B transactions and order forms
8.2 Indirect Collection
Data may also be collected indirectly through:
Cookies and website analytics
Publicly available information for business verification
Third-party providers engaged in due diligence
8.3 Automated Collection
Certain technical data is collected automatically via website interactions, including:
IP address and geolocation
Browser type and device information
Clickstream and session data
9. Cookies and Online Tracking
9.1 Purpose of Cookies
Cookies are small data files stored on the user’s device to improve functionality and analytics. The Company uses cookies for:
Essential website operation
Performance analytics and traffic measurement
Marketing and advertising, including retargeting
9.2 Types of Cookies
See Schedule A – Cookie Types
9.3 Consent and Management
Users can manage cookies through:
Browser settings to accept, reject, or delete cookies
Website cookie banners for explicit consent
Opt-out options for third-party marketing cookies
9.4 Third-Party Tracking
Third-party services (e.g., analytics, advertising) may place cookies on the website. These services operate under their privacy policies and contractual safeguards.
10. Data Retention Policy
10.1 Retention Principles
The Company retains personal data only as long as necessary to:
Fulfil contractual obligations
Comply with statutory obligations
Resolve disputes or enforce agreements
10.2 Specific Retention Periods
Transactional and financial data: 7 years (UK HMRC compliance)
Marketing consent records: 5 years or until consent withdrawal
Website analytics and cookies: 12 months, unless anonymized
10.3 Secure Disposal
Data no longer required is securely deleted or anonymized in accordance with industry standards and UK GDPR principles.
10.4 Schedule C – Retention Periods provides full details.
11. Data Sharing and Disclosure
11.1 Internal Sharing
Personal data is shared internally on a need-to-know basis for operational purposes.
11.2 External Sharing
Data may be disclosed to:
Freight and logistics partners
Payment processors and banking institutions
Legal, accounting, or regulatory authorities
11.3 Third-Party Processors
All third-party processors are bound by contractual obligations to process data securely and lawfully (See Schedule B).
11.4 Legal Requirements
The Company may disclose data where required to:
Comply with law or legal proceedings
Prevent fraud or other unlawful activity
Protect rights, property, or safety
12. Third-Party Processors
12.1 Selection Criteria
The Company selects processors based on:
Compliance with UK GDPR
Technical and organizational security measures
Proven record of reliability
12.2 Contracts
All processors operate under formal written contracts defining:
Purpose of processing
Security obligations
Termination and return/deletion of data
12.3 Schedule B – Third-Party Processors
A detailed list of approved processors, their roles, and safeguards is maintained.
13. Data Subject Rights
13.1 Right of Access
Data Subjects may request access to all personal data processed by the Company.
13.2 Right to Rectification
Individuals may request corrections to inaccurate or incomplete data.
13.3 Right to Erasure
Where applicable, individuals may request deletion of personal data, subject to legal and contractual limitations.
13.4 Right to Restriction of Processing
Processing may be restricted for specific purposes while disputes are resolved.
13.5 Right to Object
Individuals may object to processing based on legitimate interests or marketing purposes.
13.6 Right to Data Portability
Data Subjects may receive personal data in a structured, machine-readable format.
13.7 Withdrawal of Consent
Consent may be withdrawn at any time without affecting lawfulness of prior processing.
13.8 Complaints
Data Subjects may lodge complaints with the ICO if they believe rights have been infringed.
14. Security Measures
14.1 Organizational Measures
Access restrictions based on role
Staff training on data protection
Regular audits and compliance reviews
14.2 Technical Measures
Encryption of sensitive data
Secure servers and network protection
Regular system updates and patching
14.3 Breach Response
A formal breach notification and response plan is maintained.
15. International Transfers
15.1 Transfers Outside the UK/EEA
Where data is transferred internationally, safeguards include:
Standard contractual clauses
Binding corporate rules
Explicit consent where required
15.2 Risk Mitigation
All transfers undergo risk assessment and contractual protections to ensure GDPR compliance.
16. Breach Notification
16.1 Definition of Breach
A personal data breach is any security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
16.2 Notification Procedures
Report breach internally within 24 hours
Assess severity and likelihood of risk to rights
Notify ICO within 72 hours if required
Inform affected Data Subjects promptly when required
17. Minors
The website is not intended for individuals under 16. Personal data from minors will not be knowingly collected without parental or guardian consent.
18. Automated Decision-Making
The Company does not undertake fully automated decision-making with legal or significant effects on Data Subjects without explicit consent.
19. Links to Other Websites
The Company’s website may contain links to third-party websites. The Company is not responsible for their privacy practices.
20. Policy Changes
This Privacy Policy may be updated periodically. Updates will be published on the website, with the latest effective date clearly indicated.
21. Contact Information
Data Protection Officer: [Insert Name]
Email: privacy@vivanmaritime.com
Phone: [Insert Number]
Registered Address: [Insert Address]
22. Schedule A – Cookie Types
Essential Cookies – Required for website functionality
Analytical Cookies – Track site performance
Marketing Cookies – For advertising and retargeting
Third-Party Cookies – From trusted partners
23. Schedule B – Third-Party Processors
[Processor Name 1]: Payment processing
[Processor Name 2]: Logistics coordination
[Processor Name 3]: Email marketing and analytics
24. Schedule C – Retention Periods
Financial records: 7 years
Marketing consent: 5 years
Cookies: 12 months
Transactional data: Until contractual obligations fulfilled
25. Schedule D – ICO Guidance References
ICO GDPR Guidance: https://ico.org.uk/
UK Data Protection Act 2018
Guidance on Consent, Cookies, Data Breach Notification