Austal Limited (Austal, we, us) respects the privacy of visitors to https://www.marinelinkfleet.com (the Site), users and subscribers of MarineLink Services (including MarineLink Fleet, MarineLink Sense and MarineLink Smart, as further described on our Site). This policy sets out how we collect, manage and use information we gather about you.
1. WHO WE ARE
4. THE INFORMATION WE COLLECT ABOUT YOU
We collect, use, store and transfer different kinds of personal information about you where appropriate and relevant, which we have grouped together as follows:
• Identity Information includes first name, last name, username, marital status, title, date of birth and gender and the organisation for which you work.
• Contact Information includes email address and telephone numbers and business address.
• Technical Information includes internet protocol (IP) address, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site and/or the MarineLink Services.
• Profile and Service Information includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, and any other information you give to us when communicating with us in connection with the Site and/or the MarineLink Services.
• Usage Information includes information about how you use our Site and/or the MarineLink Services.
• Marketing and Communications Information includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
5. IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
Where we need to collect personal information by law, or under the terms of a contract with you or the company you work for, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you or the company you work for (for example, to provide you access to our Site and/or MarineLink Services). In this case, we may have to suspend your access to our Site and/or MarineLink Services, but we will notify you if this is the case at the time.
6. HOW YOUR PERSONAL INFORMATION IS COLLECTED
There are a number of ways in which we may collect your personal information, including:
• Direct interactions. You may give us your Identity, Contact, Profile and Service and KYC Information by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
• register for a MarineLink Services account;
• request marketing to be sent to you;
• contact us, whether by phone, email, or other electronic means.
• Automated technologies or interactions. As you interact with our Site and/or MarineLink Services, we will automatically collect Technical Information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see section 8 below for further details.
• Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
• Technical Information from the following parties:
• analytics providers such as Google based outside the EU.
• Identity, Contact, Profile and Service Data from the organisation for which you work or its legal representatives.
• Identity and Contact Information from publicly available sources such as the United Kingdom Companies House and the Electoral Register based inside the EU, or the Australian Electoral Roll.
7. STORAGE OF PERSONAL INFORMATION
Austal has security measures in place to attempt to protect against the misuse, interference, loss and unauthorised access, modification or disclosure of personal information under our control. Austal presently stores all information on secure servers that are located either on site in Henderson or on proximate backup hardware. In addition, personal information relating to employment applications Austal does not currently store any information overseas however if in future Austal elects to transfer personal information to someone in a foreign country, this will be done in accordance with the requirements of the Australian Privacy Principles. It is likely that some of the entities which provide services to Austal store information overseas.
8. COOKIES AND OTHER TRACKING TECHNOLOGIES
The kinds of information that we may collect and hold about your visits to our website include your IP address, domain name, locality, operating system, browser type, referring website, search terms, pages and links accessed, and visit date and time. We may use this information for the purpose of maintaining and improving our website and enhancing your experience browsing our website.
We use the following kinds of cookies:
• Necessary cookies. Some cookies are required to provide core functionality. The website won't function properly without these cookies and they are enabled by default.
• Analytical cookies. Analytical cookies help us improve our website by collecting and reporting information on its usage. We will only set these on your device if you consent to us doing so through our cookie tool. You can select or change your choices at any time by clicking the "c" icon on the bottom left hand corner of our Site.
• Marketing cookies. Marketing cookies are used to track visitors across websites to allow publishers to display relevant ads. We will only set these on your device if you consent to us doing so through our cookie tool. You can select or change your choices at any time by clicking the "c" icon on the bottom left hand corner of our Site.
Cookies may also be disabled on your web browser if you do not wish us to collect information about your visits to Austal’s website, but some parts of the website may not function properly as a result.
9. HOW AND WHY WE USE YOUR PERSONAL INFORMATION
We only use your personal information where necessary for our business activities, where required or permitted by law. We set out below, in a table format, a description of the ways in which we use your personal information, and which of the legal bases under the GDPR we rely on to do so. We have set out our legitimate interests where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Generally, we do not rely on consent as a legal basis for processing your personal data, except to email or call you with marketing materials. You have the right to withdraw consent to marketing at any time by contacting us.
10. MARKETING AND PROMOTIONAL OFFERS FROM US
We will only send email or call you about our products or services if you have first given your consent.
If you change your mind, and do not want to receive marketing from us any more, please contact Marketing Manager at firstname.lastname@example.org.
11. CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
12. DISCLOSURE OF PERSONAL INFORMATION
We may share your personal data, where relevant and necessary, with the parties set out below for the purposes set out in the table in section  above. In all cases we take reasonable steps to keep your personal information confidential and secure.
• Other entities in the Austal Limited corporate group.
• Organisations which process information on our behalf, such as information collection contractors, website and data hosting providers, and technology service providers.
• Law enforcement, government, tax or regulatory bodies.
• Fraud prevention and detection organisations.
• Our advisors and auditors, such as our legal advisors and accountants.
• Our insurers and insurance brokers.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
13. INTERNATIONAL TRANSFERS
Austal is established in Australia, which is outside of the European Economic Area (EEA), although it does have some limited presence in the United Kingdom through one of its subsidiaries.
Please note that all information which is collected through the Site and the MarineLink Services is hosted on to the virtual private cloud of Austal Limited on Amazon Web Services servers in Australia. Although Australia has its own privacy and data protection laws, these are not currently as comprehensive as the data protection laws of the European Union or the United Kingdom.
Whilst we strive to comply with the GDPR, please note that if you are located in the EEA and want to use the MarineLink Services or our Site, your data protection rights may not have the same protection as they enjoy in the EEA.
14. INFORMATION SECURITY AND BREACH REPORTING
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Our security measures include, where appropriate:
- The pseudonymisation and encryption of personal data.
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We have in place a data breach response plan intended to enable us to contain, assess and respond to data breaches in a timely manner, and to help mitigate potential harm to individuals.
Where required by the Act or the GDPR, Austal will notify any affected individuals or corporations, as well as the Office of the Australian Information Commissioner (or relevant EEA data protection authority), in respect of notifiable data breaches which occur.
15. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means. We also consider the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal information are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see section  below for further information.
16. ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
In certain circumstances, you have legal rights in relation to your personal information.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons. If so, we will tell you at the time of your request if we can.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
• If you want us to establish the information’s accuracy.
• Where our use of the information is unlawful but you do not want us to erase it.
• Where you need us to hold the information even if we no longer require it as you
need it to establish, exercise or defend legal claims.
• You have objected to our use of your information but we need to verify whether we
have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our Marketing Manager at email@example.com.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
17. COMPLAINT PROCESS
We hope that you will contact us first, but you also have the right to complain to the relevant data protection authority. In the United Kingdom this is the Information Commissioner, who can be contacted at https://ico.org.uk/make-a-complaint/. For details of relevant EEA data protection authorities please see details on the European Data Protection Board website here: https://edpb.europa.eu/about-edpb/board/members_en.
18. CONTACT US
Austal can be contacted regarding privacy issues by email sent to firstname.lastname@example.org
Version 1, 5 October 2019