Privacy Notice
1. Data Controller
Ocean Voyager Marine Electronics A.Ş. ("Ocean Voyager", "we", "us" or "our") is the data controller responsible for personal data collected through the Ocean Voyager Partner Portal and the public website located at oceanvoyagermarineelectronics.com.
Registered address: Kocaeli, Turkey.
Privacy contact: cooperation@oceanvoyagermarine.com
2. Information We Collect
When you register as an authorised partner or submit documents through the Partner Portal, we collect the following categories of personal and organisational data:
2.1 Account Registration Data
- Full name (contact person)
- Business email address
- Phone number
- Country of incorporation
- Password (stored as a bcrypt hash — we do not store plaintext passwords)
2.2 Company Profile Data
- Official company name and trade name
- Tax / VAT identification number
- Country, region and city of business
- Names and Engineer ID numbers of registered trained personnel
2.3 Submitted Documents and Records
- Installation reports
- Annual Performance Test (APT) reports
- Service reports
- Certification records and Certificates of Compliance (CoC)
- Supporting photographs, technical logs and checklists
2.4 Vessel and Equipment Data
- Vessel name and IMO number
- Flag state and class society
- VDR / S-VDR model and serial number
2.5 Technical and Audit Data
- IP address captured at registration for audit trail purposes
- Timestamps of account creation, consent acceptance and document submissions
- Session authentication tokens (stored as a secure HTTP-only cookie)
3. Why We Collect This Data (Legal Basis)
We process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Partner account registration and authentication | Contractual necessity (GDPR Art. 6(1)(b)); Consent (KVKK Art. 5(1)) |
| Processing and reviewing submitted installation, APT and service documents | Contractual necessity; Legitimate interests |
| Issuing Certificates of Compliance (CoC) | Contractual necessity; Legal obligation (maritime safety regulations) |
| Audit trail and consent records | Legal obligation; Legitimate interests (compliance documentation) |
| Communication regarding submissions and certificate status | Contractual necessity |
| Security monitoring and fraud prevention | Legitimate interests (GDPR Art. 6(1)(f)) |
4. How We Store and Protect Your Data
All personal data is stored in a PostgreSQL database hosted on a dedicated Virtual Private Server (VPS) located in the European Union / Turkey data centre. We implement the following security measures:
- TLS 1.2 / 1.3 encryption in transit for all HTTP traffic
- bcrypt (cost factor 12) hashing for all account passwords
- JWT authentication tokens signed with a 256-bit secret, stored as HTTP-only, Secure, SameSite=Lax cookies
- Role-based access control — admin and partner data are strictly separated
- VPS-level firewall restricting database access to localhost only
- Regular automated backups
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account registration data | Duration of partnership + 5 years after account closure |
| Submitted documents and service records | 10 years (required by maritime regulations) |
| Certificates of Compliance (CoC) | 10 years from issue date |
| Consent and audit records | 10 years (legal compliance) |
| Session tokens | Expire after 7 days of inactivity; deleted on logout |
| Password reset tokens | 1 hour from generation; deleted after use |
6. Data Sharing
We do not sell, rent or trade your personal data. Data may be shared in the following limited circumstances:
- Vessel owners and flag state administrations: Certificates of Compliance may be shared with vessel owners or flag administrations as required by IMO / SOLAS regulations.
- Legal compliance: We may disclose data if required by applicable law, court order or regulatory authority (Turkish law, EU regulations, or flag state requirements).
- Infrastructure providers: Hosting and email delivery services process data as data processors under appropriate data processing agreements.
7. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion, subject to legal retention obligations
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior lawful processing
To exercise any of these rights, contact us at cooperation@oceanvoyagermarine.com. We will respond within 30 days.
If you are in the European Economic Area, you also have the right to lodge a complaint with your national data protection supervisory authority. If you are in Turkey, you may apply to the Kişisel Verileri Koruma Kurumu (KVKK).
8. GDPR Compliance (EU/EEA Users)
For users located in the European Union or European Economic Area, our processing is governed by Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR). Our lawful bases for processing are set out in Section 3 above. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place.
9. KVKK Compliance (Turkish Users)
For users in Turkey, our processing is governed by Kanun No. 6698 — Kişisel Verilerin Korunması Kanunu (KVKK). Ocean Voyager Marine Electronics A.Ş. is registered as a veri sorumlusu (data controller). You may exercise your rights under KVKK Article 11 by contacting us at the address above.
10. Cookies
We use a minimal number of strictly necessary cookies. For details, please see our Cookie Policy.
11. Changes to This Notice
We may update this Privacy Notice from time to time. When we do, we will revise the version number and effective date at the top of this page. For material changes, we will notify registered partners by email. Continued use of the Partner Portal after notification constitutes acceptance of the updated notice.