Privacy Policy

Last Updated: November 16, 2025

At Vesselstatement.com (registered in the Netherlands, CoC Number 92141838, located at Hegedyk 6, Boksum 9031XJ), we are committed to protecting your privacy and handling your personal data responsibly.

As a data controller under the EU General Data Protection Regulation (GDPR) and the Dutch General Data Protection Regulation (AVG), we process your data in a transparent, secure, and lawful manner. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website (www.vesselstatement.com) (www.vesselstatement.com) and services for generating annual renewable vessel statements for 0% VAT compliance on stores loaded in the Netherlands, in line with EU Directive 2006/112/EC and Dutch VAT laws.

By using our services, you consent to the practices described here. If you do not agree, please do not use our site or services. We may update this policy from time to time—changes will be posted on our homepage and key pages 30 days in advance, with email notification for material updates affecting registered users.

1. Information We Collect

We collect personal data necessary to provide our services. This includes:

  • Account and Contact Data: Name, email address, phone number, billing details (e.g., for subscriptions via Stripe), and username/password for user accounts.
  • Vessel and Operational Data: Vessel name, registration number, IMO number, owner/operator details, loading/store information, and any documents you upload or generate (e.g., statements).
  • Usage Data: IP address, browser type, access times, pages viewed, and device information (via log files for analytics and security).
  • Communication Data: Information from emails, support tickets, or inquiries you send us.

We do not collect sensitive data (e.g., health or biometric info) unless voluntarily provided in support contexts, and only with your explicit consent

2. How We Use Your Information

We use your data solely to fulfill our contractual obligations and improve services:

  • Provide and maintain the service (e.g., generate vessel statements, process payments.
  • Verify compliance with EU laws (e.g., sanctions screening).
  • Communicate service updates, invoices, or legal notices.
  • Analyze trends (anonymized) for site administration and troubleshooting.
  • Prevent fraud, abuse, or unauthorized access.
  • Comply with legal requirements (e.g., 7-year audit retention).

We do not use your data for marketing without consent.

3. Legal Basis for Processing

Our processing is based on:

  • Contract Performance (GDPR Art. 6(1)(b)): To deliver the service you request.
  • Legitimate Interests (GDPR Art. 6(1)(f)): For security, fraud prevention, and service improvements (balanced against your rights).
  • Legal Obligations (GDPR Art. 6(1)(c)): For VAT audits or sanctions compliance.
  • Consent (GDPR Art. 6(1)(a)): For non-essential cookies or optional communications (easily withdrawable).
4. Sharing Your Information

We do not sell, rent, or share your personal data with third parties for their marketing purposes. Sharing occurs only:

  • With service providers (processors) under strict contracts, e.g., Stripe (payments), EU-based hosting (e.g., via AWS EU), or analytics tools (e.g., Google Analytics Ireland). All use Standard Contractual Clauses (SCCs) for any non-EU transfers
  • As required by law (e.g., Dutch tax authorities or court orders).
  • With your explicit consent (e.g., for referrals).
  • Anonymized aggregate data for research (no re-identification).

Client records are confidential and align with GDPR/AVG obligations

5. Data Retention

We retain your data only as long as necessary:

  • Account and service data: For the duration of your subscription plus 7 years post-termination (for audit/tax compliance under Dutch law).
  • Usage logs: Up to 2 years for security/analytics
  • After retention periods, data is securely deleted or anonymized

You can request earlier deletion via your rights below.

6. Your Data Protection Rights Under GDPR/AVG, you have the following rights regarding your data. To exercise them, contact us at support@vesselstatement.com (response within 1 month; free of charge unless manifestly unfounded):
  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate data.
  • Restriction: Limit processing during disputes.
  • Portability: Receive data in a structured, machine-readable format (e.g., JSON/CSV).
  • Object: Oppose processing based on legitimate interests (e.g., analytics).
  • Withdraw Consent: At any time, without affecting prior processing.

We also handle complaints—escalate to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at https://autoriteitpersoonsgegevens.nl if unsatisfied.

7. Data Security and Breaches

We implement technical and organizational measures (e.g., encryption, access controls, regular audits) to protect your data from unauthorized access, loss, or alteration. Authorized employees access data on a strict need-to-know basis. Unauthorized access is a criminal offense under Dutch law, and we will pursue prosecution

Data Breach Notification: In the event of a personal data breach, we will notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware, unless the breach is unlikely to result in a risk to your rights. If high-risk (e.g., exposure of vessel/financial data), we will inform you without undue delay via email, including breach details, impacts, and mitigation steps (e.g., monitoring for identity theft). Report suspected breaches to support@vesselstatement.com—we maintain documented incident response procedures.

8. International Data Transfers

Our operations are EU-based, but subprocessors (e.g., Stripe) may involve non-EU entities. We ensure adequacy via EU-approved mechanisms like SCCs or Binding Corporate Rules. No data is transferred without safeguards.

9. EU Data Act Compliance

In compliance with the EU Data Act (Regulation (EU) 2023/2854, effective September 12, 2025), you have enhanced rights to access, port, and switch your data generated through our service (e.g., vessel statements, input details) in a structured, machine-readable format (e.g., JSON or CSV) at no additional cost. To request portability or switching assistance (e.g., to another provider), contact support@vesselstatement.com—we will provide the data within one month and support functional equivalence without undue delay. We do not impose unfair terms that hinder switching, such as proprietary formats. This complements GDPR portability (Art. 20).

10. Cookies and Tracking

We use cookies and similar technologies for functionality and analytics—see our Cookies Policy for details. Essential cookies do not require consent; others do (via banner). IP addresses in log files are anonymized and used only for administration (not linked to personal data without consent).

11. Children's Privacy

Our services are not directed at chiWe may update this policy to reflect legal changes or service evolutions. Continued use after posting constitutes acceptance. For major changes, we'll notify you by email.ldren under 18. We do not knowingly collect data from minors. If we become aware, we will delete it promptly.

12. Changes to This Policy

We may update this policy to reflect legal changes or service evolutions. Continued use after posting constitutes acceptance. For major changes, we'll notify you by email.

13. Contact Us

For questions about cookies, opt-outs, or concerns:

Email: support@vesselstatement.com

We will respond within 2 business days. This policy forms part of our Terms and Conditions

© 2026 Vesselstatement. All rights reserved.