Privacy policy & GDPR

Effective from 1st July 2023

OceanTech Jobs Ltd is registered in England and Wales under company number 14831256, with the registered office address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

OceanTech Jobs is a recruitment agency and a global online job board business that operates online job portals to accurately match candidates with companies.

We take data protection very seriously and understand the importance of protecting your privacy and Personal Information. “Personal Information” is information that identifies you as an individual such as your name, date of birth, email address, IP address and CV.

 How do we collect information from you?
We collect and use your Personal Information in accordance with our Privacy Policy, this includes information you provide to us when you give us your CV or job cover letter to a job application.

Please do not submit such Personal Information to us if you do not wish us to collect it.

Please be aware that we may also infer certain information about you from your expressed search preferences. We also collect from:

  • our websites (the “Websites”);

  • the software applications made available by us for use on or through computers and mobile devices (the “Apps”);

  • Applicant Tracking Systems;

  • cookies (“Cookies”);

  • publicly available information; and,

  • other tools and applications (our “Online Content”).

 What Personal Information do we collect?
Personal Information we collect about you may include the following:

  • General identification and contact information, for example: your name; address; email; IP address; telephone details; gender; marital status; family status; date and place of birth and/or physical attributes.

  • A photograph if you choose to add one to your profile (this will not be visible to other people).

  • Other sensitive information: trade union membership, religious beliefs, political opinions or racial or ethical origin, and criminal record.

  • Information enabling us to provide products and services: age, location, whether or not you hold a driving licence and/or other information about your job preferences that enable identification of job search (for example, post code or job role).

  • Marketing preferences: for example a sales promotion, or your response to a voluntary customer satisfaction survey.

  • Statistical information: aggregate statistical information about site visitors and users for internal use and for other lawful purposes e.g. Salary averages. We provide this information to customers, advertisers, suppliers and other reputable third parties. Where we provide such information we will provide this in an anonymous format and not include any Personal Information.

  • Information from Apps: submit comments to the Site, participate in message boards, blogs, send us emails or any other user-generated content facility.

  • Publicly available information in relation to professional history: educational background; employment history; skills and experience; professional licenses and affiliations; educational and professional qualifications.

  • Application status: information about the application sent by the recruiter (For example, Application received, Qualified, Hired and/or Rejected).

What legal basis do we rely on to process your Personal Information?

Consent
On some occasions, OceanTech Jobs Ltd processes your data with your consent. For example, we rely on consent when we send promotional material or when you create a login account on our websites. We also obtain your consent prior to using your location data to target specific job advertisements. You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

The processing is necessary to fulfil a contract
OceanTech Jobs Ltd may process your data when we need to do this to fulfil a contract with you, such as to send your CV to a prospective employer for a job application.

Legitimate Interest
OceanTech Jobs Ltd also processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights. Our legitimate interests include:

  • ensuring the security and integrity of our Services and ensuring that our Websites and Apps operate effectively;

  • selling and supplying goods and services to our customers;

  • protecting customers, employees and other individuals and maintaining their safety, health and welfare;

  • promoting, marketing and advertising our products and services;

  • sending promotional communications which are relevant and tailored to individual customers;

  • understanding our customers’ behaviour, activities, preferences, and needs;

  • improving existing products and services and developing new products and services;

  • handling customer contacts, queries, complaints or disputes; and,

  • fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.

The processing is necessary because of a legal obligation that applies.  OceanTech Jobs Ltd may process your data to comply with our legal and regulatory obligations, e.g. preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.

Who do we share your Personal Information with?

Recruiters and other agents
In the course of our business to help you search for and get a job, OceanTech Jobs Ltd may make Personal Information available to third parties such as recruiters and other intermediaries and agents and other business partners.

Our service providers
This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.

Generative AI Model Providers
Some of our services may be developed or provided using Generative AI models (e.g., like ChatGPT) provided by, including but not limited to, Microsoft, Open AI and other (“Model Providers”). This may involve their AI model processing some of your Personal Information. Model Providers will not use your data to develop or “train” their AI model. However, it may retain your Personal Information in encrypted form for (a) debugging purposes in the event of a failure, and (b) investigating patterns of abuse and misuse to determine if the service is being used in a manner that violates the applicable product terms.

Stripe
OceanTech Jobs Ltd uses third parties to conduct and handle payments, in particular Stripe. All personal information relating to payment card and banking information is handled by our third-party providers and will be subject to Stripe’s privacy policies and terms of use which are available on theStripe website – https://stripe.com/gb/privacy

All card and/or banking information are stored at any stage of the process on the third party’s computer systems. The payment transactions are handled by Stripe’s secure servers. If you have any further questions on how they store or process your personal information, you may find more information within the link above. Their contact details can be found within the policies.

Governmental authorities and third parties involved in court action
OceanTech Jobs Ltd may share Personal Information with governmental or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.

Other third parties
Occasionally, we may share Personal Information with other third parties. We will always do this under contract and in accordance with your instructions.

How do we use your Personal Information?
We use Personal Information to do some or all of the following:

  • Communicate with you as part of our business;

  • Send you important information regarding changes to our policies, other terms and conditions, the OceanTech Jobs Websites or Apps and other administrative information;

  • Provide improved quality, training and security and manage other commercial risks;

  • Carry out market research and analysis, including satisfaction surveys;

  • To understand and analyse customer engagement with our Site, content and emails.

  • Provide marketing information to you (which could include information about other products and services offered by third-party partners)

  • Personalise your experience on our Website of Apps

  • Develop and improve our Websites, Apps and Services (where possible we will anonymise your information before we do this);

  • The CV used to apply is evaluated automatically against the job advert using real recruiters’ assessments on various candidates as a point of reference.

  • Allow you to participate in contests, prize draws and similar promotions, and to administer these activities.

  • Facilitate social media sharing functionality;

  • Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;

  • Resolve complaints, and handle requests for data access or correction;

  • Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence);

  • Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.

International Transfers of Personal Information
Personal Information which you supply to us is generally stored and kept inside the European Economic Area.

However, due to the nature of our global business and the technologies required, your Personal Information may be transferred to third party service providers outside the EEA, in countries where there may be a lower legal level of data protection. Therefore, as far as you make your profile searchable to recruiters, a recruiter could also be located outside of the EU/EEA. That means that as part of the contract between you and us, it might be necessary that your profile is accessed from a country that does not have the same level of data protection as the EU or EEA. In such situations, we transfer the minimum amount of data necessary, anonymise it where possible and enter legal contracts to aim to ensure these third parties handle your Personal Information in accordance with this Privacy Policy and the European levels of data protection.

How can you manage or delete Personal Information?
When you access our website online, we store some information about you. This is anonymous and used for statistical purposes.

When you create an account and log-in, this is password protected and may only be accessed by you. You can manage the content and information in your Account at any time, by logging in.

Your CV can be viewed by OceanTech Jobs Ltd customers.  This is the default setting. Further, when your profile is searchable your application activity (e.g. number of applications, job titles, locations & salaries) may be visible to OceanTech Jobs Ltd and our customers. Such visibility can also be provided through browser plugins or other software that we or our group companies offer if our customers visit certain social media websites about you. This is also the default setting.

As a registered candidate, if you decide to exercise your right to erasure under Article 17 of General Data Protection Regulation, we will remove your data stored and processed by us, including any applications made or saved for recruiters to view. This would mean there is a chance that the application(s) or any supporting material(s) provided by you for a particular job advert will not be viewed by the recruiter.

Please note that we reserve the right to remove from our database, CVs which include any content that we consider to be illegal or offensive, or for any other reason as determined by us.

If you would like to permanently delete your account, you can send an email to our Data Protection Officer (DPO) via contact@oceantechjobs.com with the subject line “Permanently delete my information and account”. Please do not forget to tell us who you are.

It is important for you to protect against unauthorised access to your password and to your computers, devices, and applications. Be sure to sign off when you finish using a shared computer.

Security
OceanTech Jobs Ltd is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold.

Our security measures include:

  • encryption of our services and data;

  • review our information collection, storage and processing practices, including physical security measures;

  • restrict access to personal access to personal information to Stepstone Group UK employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations; and

  • internal policies setting out our data security approach and training for employees.

Online drives
If you enable us, we access the following Services for the limited purpose of helping us to upload or otherwise access your CV, cover letters or any other documents you provide us to assist you apply for jobs. The Services we use are:

  • Google Cloud

  • OneDrive

  • iCloud

  • Vincere

  • WhatsApp

Like many websites, we also store small data files on your computer. The purpose of these are to improve our services and your experience using the software, please read our cookie policy to understand further.

Statistical information
We provide aggregate statistical information about users of the Software and their use. We may provide this information to customers, advertisers, suppliers and other reputable third parties. This will not include any information that enables them to identify individuals.

Delete cookies and all site data
To prevent new cookies from being installed and delete existing cookies which are placed on your browser, you by changing your browser settings.

Marketing and Advertising
We may use tracking pixels in our marketing emails. These pixels tell us if, and when, you opened an email from us. We use this information to better understand how customers engage with our content and to analyse the effectiveness of our marketing campaigns. You can disable tracking pixels by changing your email settings to block the loading or display of external images.

You have the following rights

  • the right to ask what personal data that we hold about you at any time;

  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you; and

  • (as set out above) the right to opt out of any marketing communications that we may send you.

  • If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Children and minors
OceanTech Jobs Ltd Websites, Apps are Services are not directed towards individuals under the age of eighteen (18), however we are aware due to the nature of some of the job offerings, those between 14 and 18 may use the Services.

Individuals under the age of thirteen (13) are expressly prohibited from using OceanTech Jobs Ltd Websites, Apps and Services, unless parental consent is provided and we are notified.

Third Party Privacy Practices
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties to which the OceanTech Jobs Ltd Website or Apps link. The inclusion of a link on the Website or App does not imply endorsement of the linked site or service by us or by OceanTech Jobs Ltd. Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organisations or any other software application developer or provider, social media platform, operating system or wireless service provider, or device manufacturer, including any Personal Information you disclose to other organisations through or in connection with our Websites, Apps or our Social Media Pages.

Please note that although we require customers who use our services, such as employers seeking to recruit staff, to agree to use the information made available solely for recruitment-related purposes, we do not control their use of any information that they have access to as part of receiving our services. Please be aware your current employer may be a customer of of OceanTech Jobs Ltd, or a client of one of our job boards. Although it is a requirement of our Contract and Terms and Conditions of OceanTech Jobs Ltd Website and other job boards not to use Personal Information for any purpose other than to obtain a job, we cannot restrict the customers who access profiles on our database and cannot be held responsible for any eventuality.  You are under no obligation to create a Log In account or Profiles with us to use our services.

Who to contact about your Personal Information
The data controller responsible for your information is OceanTech Jobs Ltd. If you have any questions about this policy or our use of your Personal Information you can email: contact@oceantechjobs.com  or write to the Data Protection Officer, OceanTech Jobs Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. If you do not think we are handling your Personal Information adequately, you have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, are available at ico.org.uk

Changes to Privacy Policy
We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements. We will place updates on our website in a timely manner. Please view the “Effective from” date at the top of these terms to see when it was last revised.

The Site is operated by OceanTech Jobs Ltd (“We”, “Our” or “Us”). We are registered in England and Wales under company number 14831256 with the registered office address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Please also see our GDPR FAQs for more information.

GDPR FAQs
Initially, we recommend you look at the ICO website. https://ico.org.uk/ Please be aware, whilst OceanTech Jobs is doing everything it can to assist you, as our customer, we are a recruitment business not legal advisors, and we recommend you seek independent legal advice to ensure you are compliant with GDPR.

1. What does GDPR stand for?

GDPR is short for the ‘General Data Protection Regulation'. It looks like a law set to overhaul Europe's, and as a result the world's, entire data privacy framework. GDPR comes into force on the 25th May 2018.

2. What are the GDPR requirements?
GDPR is a key piece of legislation for Europe and subsequently, the rest of the world. All organisations and businesses need to consider the legislation in the whole and conduct an analysis of the impact of GDPR on their activities. Some of the most significant requirements are as follows:

  • Many organisations and businesses will need to appoint a Data Protection Officer. This applies to those companies who regularly and systematically process personal data or monitor data subjects.

  • Transparency is vital. You are under a duty to be upfront with customers, employees and others about how their data is processed. This means you have to know what you do and why, and be able to convey that in a clear and comprehensive manner.

  • Data Privacy Impact Assessments (DPIAs) will become a fact of life. Where any new or existing data processing activity will result in a high risk to the rights and freedoms of individuals, companies will be required to carry out a systematic review of how best to safeguard those rights.

  • Deletion and portability. Businesses and organisations need to be able to delete data when no longer necessary, and transfer it elsewhere if requested by the people it refers to. You will need to ensure that your systems designed to make that possible.

  • Privacy by design and default. These are safeguards to ensure the protection of personal data is hardwired into your processes and systems.

  • Accountability. Being compliant isn't enough. You have to show that you are abiding by the rules. This includes maintaining an up-to-date register of data processing activities. In the event of a security breach, it also involves being able to give a full account of what happened and the preventative measures you had in place when reporting that breach.

3. What happens if my company is not compliant with GDPR?
Please be aware, whilst OceanTech Jobs Ltd is doing everything we can practicably do to assist you, as our customer, we are not a law firm and highly recommend you seek legal advice to ensure you are compliant with GDPR. For serious breaches (e.g. a major security breach where the organisation had woefully inadequate protective measures in place), the maximum administrative fine is up to 4% of global turnover or EUR 20 million, whichever is higher. For other breaches (e.g. inadequate record keeping or failure to report a breach), regulators will have the power to issue penalties of up to 2% of global turnover or EUR 10 million. Also, there is a direct right of action for data subjects to claim compensation from the data controller or processor. So, if data has been incorrectly held or used and the individual has suffered damage, firms could find themselves being hit by legal action. Finally, there is the possible reputational repercussions of non-compliance. Sanctions and major fines issued by the regulator will be information in the public domain. Staying compliant is crucial for any business seeking to maintain their reputation as a safe pair of hands in the digital marketplace.

4. Who does GDPR apply to?
GDPR applies to natural or legal persons, public authorities, agencies or other bodies processing personal data (processing in the course of exclusively personal/household activities is excluded). How GDPR in detail affects you depends on the nature of your processing activities, but regardless of size and shape of your business, chances are you are in scope. If you are not sure whether GDPR applies to you, it is best to assume that it does and seek legal advice.

5. How does GDPR impact businesses outside of the EU?
Businesses based outside the EU need to comply with GDPR if they process, manage or store personal data related to data subjects in EU, or if they process personal data on behalf of EU businesses. So, no matter where you are based, if you do business in or with people and organisations in the EU, you need to ensure your business is GDPR compliant.

6. How should my business prepare for GDPR?
Becoming compliant does not happen overnight. This is especially the case if you need to put new procedures in place. Steps you can take include:

  • Build awareness. From board level to on-the-ground IT, ensure that decision makers and key staff are aware that the law is changing. All individuals involved in the GDPR-readiness project should be aware of their responsibilities – what they need to do and when. This will help avoid a last minute scramble as the implementation date approaches.

  • Map your data. What personal data do you hold? What is its purpose? Where is it stored? Where did it come from and who do you share it with? For this type of fundamental data audit, having the right tool in place to help you map, visualise and manage your data can make life so much easier.

  • Appoint or designate a Data Protection Officer. Decide who will take responsibility for compliance and where this role will sit within your organisational structure. For larger organisations this will involve appointing at least one DPO, for smaller organisations, this will involve formally designating a Data Protection Officer, for one-man band businesses, you will need to start to understand GDPR.

  • Review your security breach prevention procedures. This will involve a security audit to ensure that the data protection measures you have in place are adequate. Make sure you have the right procedures in place to detect, respond to and report breaches in accordance with the Regulation.

  • Review and refresh your consent procedure. Look at how you obtain, record and manage consent. Consider whether any changes will be needed to your existing procedures in good time for GDPR implementation. The same applies to your current privacy notices.

  • Give consumers their rights to data. You will have to provide certain information to the individuals if you process personal data about them and you will have to facilitate the ability of individuals to exercise their rights. If a customer asks for a copy of the data you hold on them, will you be able to provide it? What happens if someone asks you to delete or transfer their data to another party? Review your infrastructure and procedures to ensure that if you receive such requests, you are able to comply.

GDPR and OceanTech Jobs

1. Who is responsible for complying with GDPR?
Initially, OceanTech Jobs Ltd is a data controller and we are responsible for the data processing on our websites. Candidates search our website and provide us with GDPR-applicable “consent” (by way of contract, legitimate interest or consent) to us to contact the candidate for the specific job listing or to access their CV from our databases. When we contact candidates to help them apply for a job, we are the data controller. At this point we as data controller are required to comply with GDPR and will also have to ensure that you give the individuals their rights.

2. Do we have adequate GDPR consent?
There are many grounds of processing. You will see in our Privacy Policy we use contract, consent, legitimate interest and necessary legal reasons. When you use our listings to help candidates get jobs, or you access our database to see a candidates' CV, you can rely on our grounds of processing to contact the user for the purpose of filling a specific vacancy. For anything beyond this point you need to obtain additional “consent” and request their permission to use their personal information.

3. Where do we store users' data?
We are a company based in England, United Kingdom.  We store our databases on cloud software platforms provided by independent global software businesses.

4. What security measures do we have in place?
All data is stored in a secure web hosting environment with restricted access. We have regular risk reviews and internal audits.

5. Do you have any other questions?
Don't hesitate to contact us by email contact@oceantechjobs.com or write to the Data Protection Officer, OceanTech Jobs Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ and we will endeavour to answer any additional questions.

Please note that we are unable to offer legal advice of any kind.