Legal

Privacy Policy

Last Updated: November 16, 2025

At Vesselstatement.com (registered in the Netherlands, CoC Number 92141838, located at Hegedyk 6, Boksum 9031XJ), we are committed to protecting your privacy and handling your personal data responsibly.

As a data controller under the EU General Data Protection Regulation (GDPR) and the Dutch General Data Protection Regulation (AVG), we process your data in a transparent, secure, and lawful manner. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website and services for generating annual renewable vessel statements for 0% VAT compliance, in line with EU Directive 2006/112/EC and Dutch VAT laws.

By using our services, you consent to the practices described here. We may update this policy from time to time — changes will be posted on our homepage 30 days in advance, with email notification for material updates affecting registered users.

1. Information We Collect

We collect personal data necessary to provide our services:

  • Account and Contact Data: Name, email address, phone number, billing details (e.g., for subscriptions via Stripe), and username/password.
  • Vessel and Operational Data: Vessel name, registration number, IMO number, owner/operator details, loading/store information, and any documents you upload or generate.
  • Usage Data: IP address, browser type, access times, pages viewed, and device information (via log files for analytics and security).
  • Communication Data: Information from emails, support tickets, or inquiries you send us.

We do not collect sensitive data (e.g., health or biometric information) unless voluntarily provided in support contexts, and only with your explicit consent.

2. How We Use Your Information

We use your data solely to fulfil our contractual obligations and improve services:

  • Provide and maintain the service (e.g., generate vessel statements, process payments)
  • Verify compliance with EU laws (e.g., sanctions screening)
  • Communicate service updates, invoices, or legal notices
  • Analyse trends (anonymised) for site administration and troubleshooting
  • Prevent fraud, abuse, or unauthorised access
  • Comply with legal requirements (e.g., 7-year audit retention)

We do not use your data for marketing without consent.

4. Sharing Your Information

We do not sell, rent, or share your personal data with third parties for their marketing purposes. Sharing occurs only:

  • With service providers (processors) under strict contracts, e.g., Stripe (payments), EU-based hosting (e.g., via AWS EU), or analytics tools (e.g., Google Analytics Ireland). All use Standard Contractual Clauses (SCCs) for any non-EU transfers.
  • As required by law (e.g., Dutch tax authorities or court orders).
  • With your explicit consent (e.g., for referrals).
  • Anonymised aggregate data for research (no re-identification).

5. Data Retention

We retain your data only as long as necessary:

  • Account and service data: For the duration of your subscription plus 7 years post-termination (for audit/tax compliance under Dutch law).
  • Usage logs: Up to 2 years for security/analytics.

After retention periods, data is securely deleted or anonymised. You can request earlier deletion via your rights below.

6. Your Data Protection Rights

Under GDPR/AVG, you have the following rights regarding your data. To exercise them, contact us at support@vesselstatement.com (response within 1 month; free of charge unless manifestly unfounded):

Access

Request a copy of your personal data we hold.

Rectification

Correct inaccurate or incomplete data.

Erasure

Request deletion of your personal data.

Restriction

Limit processing during disputes.

Portability

Receive data in a machine-readable format (JSON/CSV).

Object

Oppose processing based on legitimate interests.

We also handle complaints — escalate to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl if unsatisfied.

7. Data Security and Breach Notification

We implement technical and organisational measures (e.g., encryption, access controls, regular audits) to protect your data. Authorised employees access data on a strict need-to-know basis.

In the event of a personal data breach, we will notify the Autoriteit Persoonsgegevens within 72 hours. If high-risk (e.g., exposure of vessel/financial data), we will inform you without undue delay via email. Report suspected breaches to support@vesselstatement.com.

8. International Data Transfers

Our operations are EU-based, but subprocessors (e.g., Stripe) may involve non-EU entities. We ensure adequacy via EU-approved mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules. No data is transferred without appropriate safeguards.

9. EU Data Act Compliance

In compliance with the EU Data Act (Regulation (EU) 2023/2854, effective September 12, 2025), you have enhanced rights to access, port, and switch your data generated through our service (e.g., vessel statements, input details) in a structured, machine-readable format at no additional cost.

To request portability or switching assistance, contact support@vesselstatement.com — we will provide the data within one month. We do not impose unfair terms that hinder switching, such as proprietary formats.

10. Cookies and Tracking

We use cookies and similar technologies for functionality and analytics. Essential cookies do not require consent; others do (via banner). IP addresses in log files are anonymised. See our Cookies Policy for full details.

11. Children's Privacy

Our services are not directed at children under 18. We do not knowingly collect data from minors. If we become aware of such collection, we will delete it promptly.

12. Changes to This Policy

We may update this policy to reflect legal changes or service evolutions. Continued use after posting constitutes acceptance. For major changes, we'll notify you by email at least 30 days in advance.

13. Contact Us

For questions about this Privacy Policy, your data, or to exercise your rights:

Email: support@vesselstatement.com

We will respond within 2 business days. This policy forms part of our Terms and Conditions.