Securmark Data Protection Declaration

Securmark Data Protection Declaration

1. Introduction – Overview

Securmark respects and safeguards the privacy of all our customers and other persons who contact us to notify a change of ownership or theft. In this document you will learn when, how and why we process personal data about you. Furthermore, this document constitutes binding guidelines for anyone who processes personal data on behalf of Securmark, such that all processing of personal data about all our customers must be done in accordance with these provisions.

2. Who are we? Contact information

The “Data Controller” for our processing of personal data is:

Securmark Scandinavia AS:

PO box 1881 Stoa, 4858 Arendal, business reg. no. 948 582 171.

If you have any questions or requests related to our processing of personal data, please contact us at:

3. What kind of personal data do we have about you?

We register the following information about our customers: Name, address, email, phone number and other contact information, your username and password, information about the boats and engines you have registered, which dealer may have registered the boat on your behalf, as well as the date of the boat’s registration and deregistration. We may also record the activities and events associated with the registration, including notifications of ownership change, that the boat is lost or stolen, invoicing and payment of annual fees, payment history, ordering and delivery of cards and signs from us, that you have sent us a request or otherwise communicated with us, sent us feedback, complaints etc. We process no sensitive personal data (special categories) about our customers.

If you notify a change of ownership or theft to Securmark, we will process the personal data about you that accompany the notification. These will typically be your contact information and information that is evident from the purchase contract or equivalent documentation.

The source of the data we have about you will usually be yourself, in that you have provided us with information when registering online or otherwise. The information may also be submitted to us from someone you have bought/sold a boat from/to, or a boating association that requires anti-theft marking.

4. The purpose of the processing – what the data is used for

We process personal data about our customers in order to fulfil all aspects of the service of anti-theft marking and registration for our customers. By using anti-theft marking or registering a boat or other asset with Securmark, you make it easier to uncover thefts and to return stolen assets to you.

The purpose of processing personal data in Securmark’s anti-theft marking system and database is also so that certain information about boats and their owners shall be available to others in different contexts, including in particular in connection with rescue operations, the purchase and sale of boats, insurance policy contracting, registration of berths with boating associations and harbours, as well as the tracing of owners when, for example, a boat has slipped its moorings or been stolen, is badly moored, sinks or is mislaid or theft is suspected. The personal data in the register is processed such that these are available for the purposes named.

Furthermore, the data is used in order for us to administer and operate Securmark’s database, including in order for us to communicate with and follow up on owners and be able to invoice. We may also use your personal data to send newsletters and other relevant marketing materials.

5. Legal basis

Securmark will not process personal data unless we have grounds for this in law. The processing of personal data for our customers is based primarily on the fact that this processing is necessary to fulfil our agreement with you. The processing therefore has a legal basis in GDPR article 6(1)(b).

If you notify a change of ownership or theft to Securmark, the processing of your personal data will be necessary to complete the theft or change of ownership notification (a contract under GDPR article 6(1)(b)).

The processing will also have a legal basis in GDPR article 6(1)(f) (legitimate interests). The interests pursued by the Securmark are given in the statement of purpose in clause 4 above.

6. Who can access the data?

To ensure effective anti-theft marking that makes it easier to detect theft and to return assets, access to the anti-theft marking databases is granted to police, border police and customs agencies, including foreign entities. This is done in order that these can uncover criminality and quickly identify assets, reveal theft and identify legitimate owners. Access to these devices is part of the preventive effect that anti-theft marking from Securmark provides.

Special access to the database of anti-theft markings and registered owners is also given to, among others, authorised dealers, police, the Norwegian Society for Sea Rescue, insurance companies, boat manufacturers, selected small marinas, and others who reasonably require this in their operations.

Beyond this, access to personal data will be limited to those persons in Securmark who have an “operational” need for such access based on the purposes listed in clause 4 above. Securmark may also, in certain cases where the operation of our business necessitates this, share this information with our data processors and our providers, including our advisers, consultants, lawyers and auditors.

7. Transfer abroad and use of data processors

Securmark will not transfer personal data registered in the database to countries outside the EU/EEA. However, we may use providers (data processors) located in countries outside the EU/EEA to assist us in processing the personal data in our database. This may, for example, be due to the fact that parts of IT operations or back-up copying of the registry may be outsourced to an external provider. An overview of Securmark’s use of data processors in relation to the Securmark database will be provided upon request.

8. How long do we store the personal data?

The information in our database on anti-theft marking and owners is stored for as long as the customer has registered a boat with us. If you no longer have an asset registered with us, the data is stored in a historical archive that can be used to obtain information about previous owners. Any other data about owners, such as, for example, correspondence between Securmark and a boat owner, will be deleted when the information is no longer needed for the stated purposes.

Personal data collected in connection with notifications to Securmark of change of ownership or theft will be deleted after 60 days.

9. Use of cookies

Securmark’s website uses cookies. Information on this use is provided in a separate document posted on our website.

10. Your rights

As a data subject with individual personal data stored by Securmark you have certain rights under the law. You are, among other things, entitled to learn what information we process about you and in certain instances may demand erasure or rectification of such information. Other rights may apply regarding the transfer of this personal data to others (data portability) or to object to, or require restriction of, the processing of the personal data. Such claims may be lodged as set out in clause 2 above. If you disagree with our processing of your personal data, you may also complain to the Norwegian Data Protection Authority.