Privacy Policy

Introduction

At Records Marine, Inc. (“Records Marine“, “we“, “us“, or “our“), we prioritize your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, www.recordsmarine.com  (the “Site“), or any related services. It also outlines your privacy rights and how applicable laws protect you. We have designed this Policy to comply with all relevant data protection laws, prioritizing the United Arab Emirates' data protection law, as well as the European Union's General Data Protection Regulation (GDPR), and other global privacy frameworks. By using our Site, you agree to the practices described in this Policy. If you do not agree with any part of this Policy, please refrain from using our Site or services.

Who We Are

The Site is operated by RECORDS MARINE – FZCO, a UAE-based entity licensed to use and manage the intellectual property of RECORDS MARINE IP HOLDINGS LTD (ADGM), which is the principal rights holder and the designated data controller for all personal data collected via the Site.

Registered Office:

RECORDS MARINE IP HOLDINGS LTD

Cloud Desk D08, 11th Floor,

Al Sarab Tower, Abu Dhabi Global Market Square,

Al Maryah Island, Abu Dhabi,

United Arab Emirates

Contact: legal@recordsmarine.com

We are committed to safeguarding your personal data and handling it transparently and securely in accordance with applicable UAE data protection regulations and, where applicable, the General Data Protection Regulation (GDPR).

Personal Data We Collect

We collect and process various types of personal data about you when you interact with our Site or use our services. This personal data may include:

• Identity and Contact Information: For example, your name, date of birth, company or organization name, job title, postal address, email address, and telephone number. If you register an account, we will also collect login credentials (such as your username and password).
• Professional Details: If you create a business profile or claim a company listing on our platform, we may collect information related to your company and your role (such as company details, your title or position, and business contact information).
• Usage Data: Information on how you use our Site and services. This includes technical data like your IP address, browser type and version, device type, operating system, time zone setting, and platform. It also includes data about your activity on the Site (e.g. pages viewed, features used, links clicked, search queries, and the dates/times of your visits).
• Preferences and Communication Data: Your marketing and communication preferences (such as whether you wish to receive marketing emails or newsletters from us) and any other information you provide when communicating with us. This can include the content of emails or inquiries you send us, feedback you provide, or other records of your correspondence with us.
• Third-Party Sources: We may receive information about you from third parties in some cases. For example, if you choose to sign in or authenticate through a third-party platform (such as a social network or single sign-on service), or if a business partner or referral source provides us your details, we will collect the information they pass to us (subject to your agreements with those parties). We may also collect personal data made publicly available (for instance, business contact information on your company's website) for the purpose of populating our directory of maritime service providers.

We do not intentionally collect any sensitive personal data (such as information about health, race, religion, or biometric data) through the Site, and we ask that you do not provide this type of information to us via our platform. Our services are intended for adults and business entities; we do not knowingly collect personal data from children under the age of 18. If you believe a minor has provided us personal data, please contact us so we can remove it.

Cookies and Tracking Technologies

Like most websites, we use cookies and similar tracking technologies to collect information automatically from your device. These technologies help us understand how you use our Site, personalize your experience, and improve our services. The types of technologies and data collection methods we use include:

• Cookies: Cookies are small text files placed on your browser or device. We use cookies for various purposes. For example, we use essential cookies to enable core site functionality (such as keeping you logged in to your account and remembering items in your request or inquiry forms). We also use analytics cookies to understand user behavior on our Site, which helps us improve content and usability. Cookies may collect identifiers and usage information such as your device's IP address, browser type, and pages visited. You can control or delete cookies through your browser settings. However, note that if you disable certain cookies, some features of our Site may not function properly.
• Web Beacons and Pixels: Our emails and website pages may contain small electronic files known as web beacons or pixel tags. These are used to count users who have visited those pages or opened an email and for other related website statistics (e.g., verifying system and server integrity). For instance, if we send marketing emails, we may use pixels to track whether you open the email or click on links, helping us gauge campaign effectiveness.
• Analytics Tools: We use third-party analytics services such as Google Analytics to collect information about Site usage and performance. Google Analytics uses cookies and similar technologies to gather data about our Site visitors (for example, pages you visit, how long you stay, how you arrived at the Site, and your general location). This information is provided to us in aggregate form to help us understand traffic patterns and user interactions. Google Analytics may collect your IP address and information about your device; however, we have configured this tool to anonymize IP addresses where possible. Data collected by Google Analytics may be transferred to and stored on Google's servers (for example, in the United States or other countries). You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, or by disabling analytics cookies as noted above.
• Tag Management: We use a tool like Google Tag Manager to manage the various scripts and tags on our Site. Google Tag Manager helps deploy other analytics or marketing tags. The tool itself does not collect personal data; it simply makes it easier for us to manage and update our other tracking tools. Any data collected via tags managed by Google Tag Manager (for example, Google Analytics or others) is governed by the respective tool's policies.
• User Behavior Analytics: We may use services such as Hotjar or similar user experience analytics tools. These tools help us understand how users interact with our Site through features like heatmaps, session recordings, and surveys. For example, Hotjar can record anonymized video of user sessions, tracking clicks, taps, and scrolling behavior (but it hides or masks keystroke data so that sensitive information is not recorded). These tools may collect information such as your device's IP address (in anonymized form), device type, browser information, and usage patterns. This insight helps us identify usability issues and improve the functionality of our platform. Data collected is stored and analyzed by the third-party tool provider (e.g., on Hotjar's servers in the EU) and is only used by us to enhance the user experience.
• Advertising and Social Media Pixels: If we engage in advertising or social media campaigns, we might use tracking pixels provided by platforms like LinkedIn, Facebook, or other advertising networks. For example, the LinkedIn Insight Tag or Facebook Pixel can be embedded on our Site to track visits and actions for advertising analytics. These pixels collect information such as your IP address, browser type, and interactions on our Site, and they may use cookies to recognize you. This information helps us measure the effectiveness of our ads and, in some cases, enables us to show you relevant Records Marine advertisements on those platforms. Any data collected via these pixels is pseudonymized and we do not see your personal identities from it. The use of such pixels is subject to the privacy policies of the respective platforms. You can often opt out of interest-based advertising through your account settings on those platforms or via industry websites (such as the Digital Advertising Alliance's opt-out page).
• Cloud Hosting and Services: Our website and databases are hosted on third-party cloud infrastructure (for example, Amazon Web Services). When you use the Site, your personal data is transmitted and stored on servers operated by these cloud service providers. These providers may automatically collect certain technical information for security and performance monitoring (such as server access logs including IP addresses, timestamps, and errors). We have agreements in place with our cloud providers to ensure your data is protected with high security standards and used only for providing the hosting service.
• Web Application Frameworks: We build our Site using modern web development frameworks and libraries (for instance, JavaScript-based frameworks and UI libraries) to deliver a fast and interactive user experience. These frameworks may use your browser's local storage or similar technologies to store data on your device for functional purposes. For example, we might temporarily store your session token, user preferences (such as interface language or other settings), or cache certain data in your browser to reduce load times. This client-side storage helps the Site function smoothly and does not send your information back to us unless necessary for the service. You can clear your browser's cached data and local storage at any time via your browser settings.
• Security Tools: To protect our Site and users, we employ security technologies. For example, we may use CAPTCHA services (such as Google reCAPTCHA) on forms to distinguish between human users and bots. These services may analyze your interactions with the Site (e.g., mouse movements or IP address) to determine whether an input is made by a human. This can involve sending some information to the CAPTCHA provider for analysis. Any data collected in this process is used solely for security verification. We also use firewall and monitoring services (which might be provided by our hosting platform or a content delivery network) that automatically screen traffic for malicious activity. Such services may log device identifiers and IP addresses when protecting our Site, but this data is typically only used for security purposes.

Your Choices: Where required by law, we will obtain your consent before using non-essential cookies or tracking tools (for instance, if you are in the EU/EEA, our Site will seek your consent for analytics cookies via a cookie banner). You can also control cookies through your browser settings and other tools as described above. Note that some tracking technologies (like analytics or pixels) can be disabled by using browser extensions or privacy settings. Keep in mind that disabling certain functional cookies or scripts may impact your experience of our Site. For further details on our use of cookies and how to manage them, please refer to our Cookies section or contact us if you have specific questions.

How We Use Your Personal Data

We use the personal data we collect for the following purposes, in accordance with applicable law:

• Providing and Improving Services: To deliver our services to you and ensure the Site functions correctly. For example, we use your information to create and manage your user account, enable you to search for and connect with maritime suppliers and service providers, process any requests or inquiries you make (such as requesting a quote from a vendor), and generally facilitate the services offered through our platform. We also use data to personalize your experience (such as remembering your preferences and settings) and to develop new features, products, or offerings that enhance our services.
• Communication: To communicate with you about your account or any services you use. This includes sending administrative or transactional communications (like confirmations, invoices, technical notices, updates, security alerts, and support messages). We may also respond to your inquiries, support requests, or feedback. If you provide your contact information to request information about our services or partnerships, we will use your details to respond to you.
• Marketing and Newsletters: To send you news, updates, marketing communications, and other information about our services or related opportunities if you have consented to receive such communications  or if otherwise permitted by law. For example, we might email you our newsletter or inform you of new features, special offers, or events that may interest you in the maritime industry. You can opt out of marketing emails at any time by clicking the “unsubscribe“ link in those emails or contacting us directly. We will not send you promotional communications if you opt out, and we do not sell or rent your personal data to third-party marketers.
• Analytics and Service Improvement: To analyze and understand how users interact with our Site and services. We use analytics data and user feedback to troubleshoot issues, perform research and development, and improve the functionality, security, and user-friendliness of our platform. This helps us refine our product, optimize content, and enhance your overall user experience.
• Fraud Detection and Security: To maintain the safety and security of our platform. Personal data (particularly usage and technical data) is used to monitor for suspicious or fraudulent activity and to detect, prevent, and address potential threats, abuse, or violations of our terms and policies. For instance, we may use certain information to verify accounts and identities, investigate suspicious behavior on the Site, or prevent unauthorized access to accounts.
• Legal Compliance: To fulfill our legal and regulatory obligations. We process personal data where we are required to by applicable laws — for example, complying with finance and tax regulations, maintaining required business records, responding to lawful requests by public authorities, or complying with court orders. If necessary, we may use your data to enforce our Terms & Conditions or to protect our rights, privacy, safety, or property, as well as those of our users, customers, or others.
• Other Purposes with Consent: If we intend to process your personal data for a purpose that is not outlined in this Privacy Policy, we will explain that purpose at the time of collection and, if required by law, obtain your consent. For example, if we ever wanted to use your testimonial or profile in a public-facing way, we would ask for your permission. You have the right to decline or withdraw your consent at any time.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible purpose and that purpose is permitted by law. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so or seek your consent.

Legal Bases for Processing Personal Data

We process your personal data under different legal bases, depending on the context and the type of data involved. Specifically, our processing is justified by one or more of the following legal grounds:

• Consent: In certain situations, we rely on your consent to process your personal data. For example, we will obtain your consent before sending you marketing emails (where required by law) or before using certain cookies and analytics on your device (in jurisdictions that require opt-in consent for such activities). If we ask for your consent, you have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred before the withdrawal.
• Contractual Necessity: We process personal data that is necessary to enter into or perform a contract with you. When you sign up for our services or request a quote through our platform, a contract is formed (or steps are taken at your request before entering into a contract). We must process your personal data (such as your account details, contact information, and request details) to fulfill our obligations under that contract – for example, to provide you with the services you requested, to facilitate communications between you and a service provider, or to otherwise carry out our contractual duties and exercise our contractual rights. Without this information, we would not be able to provide the requested services to you.
• Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation to which we are subject. This includes laws and regulations of various jurisdictions. For instance, we may need to retain certain transaction records for tax or accounting purposes, or provide information to authorities if required by law (such as fulfilling a subpoena or an order from law enforcement). When we process data to meet a legal obligation, we do so only to the extent required by the relevant law or regulation.
• Vital Interests: Although unlikely, there could be situations where processing is necessary to protect someone's vital interests – essentially, to prevent an imminent threat of serious harm to life or health. For example, in a very extreme scenario, if we became aware that a user was in immediate danger, we might process or disclose personal data to law enforcement to help prevent harm. This is a rare basis and would only apply in critical emergency circumstances.
• Public Interest / Official Authority: This basis applies when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. As a private company, Records Marine generally does not carry out tasks in the public interest or act on behalf of a governmental authority. Therefore, this legal basis is not commonly applicable to our processing. We would rely on it only if a specific situation arose where we were legally authorized to perform a task for the public good that required processing personal data.
• Legitimate Interests: We may process personal data as necessary for our legitimate business interests, provided such processing is fair, balanced, and does not unduly impact your rights or freedoms. For example, it is in our legitimate interest to process certain data to secure our website, prevent fraud, improve our services, understand how customers use our platform, and market our services to business users. We may also rely on legitimate interests for certain routine business purposes like internal analytics or enhancing product features. Whenever we process personal data on this basis, we carefully consider and balance our interests against your right to privacy, to ensure we're not overriding your rights. Important: We will not rely on the legitimate interests basis in jurisdictions where that legal ground is not permitted. For instance, under the UAE's data protection law, processing based purely on a controller's “legitimate interests“ is generally not recognized. In such cases, we ensure another valid legal basis (such as consent or contractual necessity) applies to the processing. If you have any questions about the specific legal basis for any processing of your personal data, please contact us and we will provide additional information as needed.

Sharing Your Personal Data with Third Parties

We do not sell your personal data to third parties. However, in the normal course of operating our business and providing our services, we may share your personal data with certain trusted third parties. We disclose data only as necessary and in accordance with the safeguards described in this Policy. The types of third parties with whom we may share information (and the reasons for sharing) include:

• Service Providers and Data Processors: These are third-party companies that help us run our business and provide the Services on our behalf. They include cloud hosting providers, technical infrastructure providers, database and storage providers, analytics services, email and communication service providers, customer support tools, and other IT or security vendors. For example, we may use a cloud hosting service to store data, an email delivery service to send out newsletters or transaction emails, or an analytics provider to analyze website traffic. These service providers are bound by contracts that require them to only use your personal data in accordance with our instructions and to protect it in line with applicable privacy laws.
• Maritime Service Providers (Platform Users): A core purpose of Records Marine is to connect maritime industry buyers and suppliers. If you use our platform to request a quote or information from a third-party supplier or service provider listed on Records Marine, we will share the personal data necessary to fulfill that request. For example, if you request a quote from a shipyard or supply company through our Site, we will transmit the contact and request details you provided (such as your name, company, email, phone, and the contents of your request) to that chosen service provider so they can respond to you. Likewise, if you are a supplier claiming your company profile on our platform, information you provide (like your business contact details and any verification information) may be visible to our platform administrators or used to validate your identity. Note: Any third-party service providers who receive your personal data in this context are independent data controllers of the data you provide to them (e.g., the vendor who receives your quote request will handle your data according to their own privacy practices). We recommend that you review the privacy policies of any third-party providers you engage with through our Site.
• Affiliates and Corporate Group: We may share your personal data with our current or future affiliated companies (for example, parent company, subsidiaries, joint ventures, or other companies under common control). If applicable, these entities will either follow practices consistent with this Privacy Policy or will ask for your consent if required. Any access to your personal data within our corporate group is on a need-to-know basis and subject to strict confidentiality obligations.
• Business Partners: In certain cases, we may partner with other organizations to offer combined or co-branded services (for example, co-hosting an industry event or joint marketing communications). If you choose to engage with these services, we may share information about you with our relevant partner, but only with your knowledge or as part of the service you're using. Those partners will be contractually required to respect privacy laws, and if they are acting as a data controller in their own right, they'll be responsible for informing you about their use of your data.
• Legal Compliance and Protection: We may disclose your personal data if we in good faith believe such action is necessary to: (a) comply with a legal obligation or applicable laws (such as to comply with a subpoena, court order, or other legal process); (b) respond to valid requests by public authorities (including to meet national security or law enforcement requirements); (c) protect and defend our rights, interests or property, or that of our users, partners or others; (d) prevent or investigate possible wrongdoing in connection with the Services (such as fraud or security incidents); or (e) act in urgent circumstances to protect the personal safety of users of the Site or the public. In these cases, we will only share the data that is necessary and will take steps to ensure any requesting parties understand the sensitive nature of the data.
• Business Transfers: As our business grows, we might buy, merge with, or be acquired by another company. Alternatively, we might sell some assets or restructure. In any such transaction, personal data may be among the transferred assets. For example, if all or part of Records Marine is acquired by a third party, customer information (including your personal data) would likely be one of the assets transferred to or reviewed by the buyer. In such cases, we would ensure the recipient of your data commits to privacy protections substantially consistent with those set forth in this Policy. Similarly, if we ever enter bankruptcy or any similar proceeding, your personal data may be transferred as part of that proceeding subject to applicable law.

Whenever we share your personal data with third parties, we take steps to protect it. Where those third parties act as our data processors, they are subject to security and confidentiality obligations via data processing agreements. In cases where third parties are controllers (such as a service provider you connect with through our platform or a government authority), we will only disclose the information that is necessary and ensure there is an appropriate legal basis for the disclosure. If you have questions about the third parties with whom we share data, you may contact us for more information.

Data Retention

We retain your personal data only for as long as it is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. The exact duration for which we keep your data may vary depending on the type of information and the reason we have it. We consider the following criteria to determine retention periods:

• Operational Needs: We keep your personal data while we are using it to provide services to you. For example, account information and profile data are retained for as long as you maintain an active account. If you close your account or it becomes inactive, we will remove or anonymize that data within a reasonable time after account closure or inactivity (unless we need to keep it longer for legal reasons, as described below).
• User Requests and Transactions: If you submit requests through our platform (such as quote requests to suppliers) or otherwise interact with vendors, we may retain records of those transactions and communications for a reasonable period of time. This allows us to have an accurate history of your dealings in case of any follow-up, dispute, or customer service needs. Typically, such data is retained for the duration needed to conclude the request and then archived for a period for record-keeping.
• Marketing Data: We retain information used for marketing (such as your email address for our newsletter) until you opt out or unsubscribe from marketing communications. Once you unsubscribe, we will stop sending you marketing emails, but may keep your contact details on a suppression list to ensure we honor your opt-out going forward.
• Legal and Compliance: We may need to retain certain data for longer periods if required by law or to resolve disputes. For instance, financial records, invoices, and payment transactions  (if any) may be retained for a legally mandated period (for example, for tax or audit purposes). Likewise, if we are involved in litigation or receive a legal order to preserve data, we will retain the relevant information for as long as needed to comply with those requirements.

In all cases, when we have stored personal data beyond the period of active use, we will either securely erase it or anonymize it so that it no longer can be associated with you. For example, we may aggregate or de-identify usage data for analytical purposes once it's no longer needed in identifiable form. We also periodically review the data in our possession; if we find data that is no longer necessary, we ensure it is safely deleted or anonymized.

Data Destruction: When disposing of personal data, we take appropriate measures to ensure it is done securely. This may involve permanent deletion from our active systems, secure wiping of storage devices, and/or destruction of physical documents so that the information cannot be reconstructed or read.

If you have questions about our specific data retention practices for any particular type of personal data, you can contact us for more detail. In some cases, due to legal or technical constraints, we may not be able to immediately remove data from backup systems or archives, but if we have archived data, we will continue to protect it and isolate it from active use until deletion is possible.

Data Security

We take the security of your personal data very seriously. Records Marine has implemented a variety of technical and organizational measures to protect your personal information from unauthorized access, use, alteration, loss, or disclosure. These measures include:

• Encryption: We use encryption protocols to protect data in transit. For example, our Site is accessible only over HTTPS, which means that information transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS). Where appropriate, we also encrypt sensitive personal data at rest on our systems or databases, adding an extra layer of protection.
• Access Controls: We limit access to personal data to those employees, agents, contractors, and service providers who have a business need to know such information. Staff access to systems containing personal data is controlled through role-based access controls, strong password policies, two-factor authentication where possible, and regular access reviews. Our team members are trained on the importance of confidentiality and privacy, and they are contractually bound to protect personal data.
• Secure Infrastructure: Our Site and databases are hosted on secure servers with robust firewall protection and real-time monitoring. We utilize reputable cloud service providers that implement high levels of physical and network security. Security patches and software updates are applied regularly to protect against vulnerabilities. We also employ malware protection and intrusion detection systems to guard against threats.
• Testing and Auditing: We periodically test and evaluate the effectiveness of our security measures. This includes conducting security assessments, vulnerability scans, and penetration testing on our applications and infrastructure. We also review our data handling practices and this Policy regularly to ensure we maintain high standards of privacy and security.
• Organizational Policies: Internally, we have put in place privacy and security policies to guide our operations. We minimize the amount of personal data we collect and keep, and we enforce practices like pseudonymization or anonymization of data where feasible. Our incident response plan ensures that if a security issue or data breach is suspected, we can quickly investigate and mitigate it.

Despite all our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that affects your personal data, we will act promptly to mitigate the impact and will notify you and the relevant authorities as required by law. We also encourage you to play a role in keeping your data secure: use unique and strong passwords for your account, keep your login credentials confidential, and notify us immediately if you suspect any unauthorized access to your account or any security vulnerability on our Site.

International Data Transfers

Records Marine is based in the United States, and the personal data we collect from you will generally be stored and processed on servers located in the United States. However, by the very nature of our services and the technologies we use, your personal data may be transferred to, stored in, or accessed from  multiple countries, including countries outside of your own. In particular:

• Transfers from the UAE: If you are located in the United Arab Emirates, please be aware that your personal data may be transferred outside the UAE for processing (for example, to our servers or to our service providers in other countries such as the US or EU). The UAE's data protection law imposes certain conditions on cross-border data transfers. We will only transfer your data out of the UAE in compliance with those legal requirements. This may include transferring data to countries that the UAE deems to have an adequate level of data protection, or implementing specific safeguards (like obtaining your explicit consent for the transfer or entering into agreements with the recipient to ensure data protection).
• Transfers from the European Economic Area (EEA), UK, or Switzerland:  If you are in the EEA, UK, or Switzerland, your personal data may be transferred to countries that are not deemed to provide an equivalent level of data protection (such as the United States). In such cases, we take additional steps to ensure your data remains protected. For instance, we rely on the European Commission's Standard Contractual Clauses (SCCs)  or other approved contractual mechanisms as a legal transfer tool. These are standard data protection clauses that legally bind the recipient of the data to protect it in line with EU GDPR standards. We may also rely on other safeguards where applicable, such as an adequacy decision (if the destination country has been officially recognized as having adequate protections) or, in limited cases, a derogation (such as your consent or necessity for contract performance).
• Other International Access: The nature of modern cloud services means that data might transit through or be temporarily stored in other jurisdictions (for example, content delivery networks or global infrastructure might route information through servers worldwide). Additionally, our team or authorized contractors might occasionally need to access data remotely (for example, a support engineer traveling in another country). In all such scenarios, our data protection measures and this Privacy Policy apply equally, regardless of location. We ensure that anyone handling your data, anywhere in the world, is bound to protect it.

We understand that different countries have different data protection laws. When we transfer personal data internationally, we assess the risks and implement appropriate safeguards to protect your information in the destination country. If a third-party service provider processes data in a country that does not have robust privacy laws, we will contractually require that provider to adhere to high standards of privacy and security similar to those required by GDPR or UAE law.

Your Rights Regarding International Transfers: If you are protected by GDPR or similar laws, you may have the right to request details about the safeguards we have in place for transfers of your personal data to another country. For instance, you can ask for a copy of the relevant contractual clauses (such as SCCs) we use. We may need to redact some contractual terms for confidentiality, but we will provide you with as much information as possible. If you wish to know more about international data transfers or obtain such documentation, please contact us.

By using our Site or submitting your personal data to us, you acknowledge that your data may be transferred to and processed in countries other than your own. However, this will always be done in compliance with this Policy and applicable law, with your data safeguarded to the highest standard we can provide.

Your Rights and Choices

You have important rights regarding your personal data. Records Marine is committed to respecting these rights and has processes in place to enable you to exercise them. Your rights under the GDPR, UAE data protection law, and other applicable privacy laws may include:

• Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to ask for a copy of the personal data we hold about you. We will provide you with a copy of your data, along with information about how we use it, who we share it with, how long we store it, and the purposes for processing, subject to any exceptions under law.
• Right to Rectification: If any of your personal data we have is incorrect or incomplete, you have the right to request that we correct or update it. For example, if you change your email address or notice an error in your profile information, you can ask us to fix it. We encourage you to keep your account information up to date, and you may do so at any time by editing your profile or contacting us for assistance.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data in certain circumstances. You can ask us to erase your personal data, for instance, if it is no longer necessary for the purposes for which it was collected, if you have withdrawn your consent (where the processing was based on consent) or objected to the processing (and we have no overriding legitimate grounds to continue), or if your data has been unlawfully processed. We will honor valid deletion requests and will also direct any service providers processing your data on our behalf to delete your information, provided there is no lawful reason for us to retain it (such as a legal obligation or the establishment, exercise, or defense of legal claims).
• Right to Restrict Processing: You have the right to ask us to restrict (pause) the processing of your personal data under certain conditions. This means we would still store your data but would temporarily stop any other processing activities. You might request restriction if you contest the accuracy of the data (while we verify it), if our processing is unlawful but you do not want the data erased, or if you have objected to processing and await our verification of overriding grounds. When processing is restricted, we will inform you before lifting the restriction.
• Right to Object: You have the right to object to our processing of your personal data in certain situations. Direct Marketing: You can object at any time to the use of your personal data for direct marketing purposes, and we will promptly stop using your data for those purposes. Legitimate Interests: If we are processing your data based on our legitimate interests (or those of a third party), you can object to this processing if you feel it impacts your fundamental rights and freedoms. We will then reconsider our processing and, unless we demonstrate compelling legitimate grounds that override your interests, or the processing is needed for legal claims, we will cease the processing you objected to.
• Right to Data Portability: You have the right, in certain cases, to receive your personal data that you have provided to us in a structured, commonly used, machine-readable format  and to have that data transmitted to another data controller where technically feasible. This right applies when the processing is based on your consent or on a contract with you, and is carried out by automated means. For example, if you provided us with a set of data and want to transfer it to a different service provider, we will assist in making that data portable for you.
• Right to Withdraw Consent: If we rely on consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. For instance, you can withdraw your consent to receive marketing emails by unsubscribing, or withdraw consent for cookies by changing your cookie settings. Once you withdraw consent, we will stop the processing that was based on it. Please note that withdrawing consent does not affect the lawfulness of processing done prior to withdrawal, and it may not affect processing under other legal bases.
• Right Not to Be Subject to Automated Decision-Making:  You have the right not to be subject to a decision based solely on automated processing, including profiling, if that decision produces legal effects or similarly significant effects on you, unless it is necessary for entering into or performing a contract, is authorized by law, or you have given explicit consent. In practice, Records Marine does not make any solely automated decisions that have a significant impact on individuals. We do not use algorithms to, for example, deny services or offer different terms without human involvement. If this changes in the future, we will update this Policy and ensure all legal requirements are met, including informing you of the logic involved and your rights relating to such processing (such as the right to request human intervention).
• Right to Complain to a Supervisory Authority: If you believe we have infringed your privacy rights or violated applicable data protection laws, you have the right to lodge a complaint with a data protection authority. For individuals in the EU/EEA, this is typically your local supervisory authority (in your country of residence or work, or where the alleged infringement occurred). If you are in the UAE, you can file a complaint with the UAE Data Office (the national data protection regulator) once it becomes fully operational for handling complaints. For residents of other jurisdictions (for example, the UK's Information Commissioner's Office, or other country-specific authorities), you may contact the relevant regulator in your jurisdiction. We encourage you, however, to first reach out to us so we can address your concerns directly – we value your privacy and will do our best to resolve any issue.

Exercising Your Rights: You may contact us at any time to exercise the above rights. Our contact details are provided in the “Contact Us“ section of this Policy. For security and identification purposes, we may need to request specific information from you to help us confirm your identity before fulfilling your request. This is to ensure that your personal data is not disclosed to anyone who does not have the right to receive it. We will respond to your request within the timeframe required by law (for example, under GDPR we generally have one month to respond, with the possibility of an extension in certain complex cases). There is no fee for exercising these rights unless the requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

Additional Rights for Certain Jurisdictions: We aim to respect privacy rights globally. If you reside in a region that provides additional rights not listed above, we will honor those rights in accordance with applicable law. For example, residents of some U.S. states (such as California) have rights to know specific details about data disclosures or to opt-out of certain data sharing. While Records Marine does not “sell“ personal information as defined by the California Consumer Privacy Act (CCPA), we will adhere to applicable provisions of such laws. If you have any questions or require further assistance regarding your privacy rights, please let us know.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Privacy Policy on this page and update the policy's effective date. Any updated Policy will be effective when posted (unless a later date is indicated). We encourage you to review this page periodically to stay informed about our privacy practices.

If we make any material changes to this Privacy Policy (for example, if we start processing your personal data for new purposes that we haven't previously disclosed), we will take additional steps to notify you. This might include prominently posting a notice of changes on the Site, or, if appropriate and required by law, directly notifying you via email or through your account. We will also indicate the date of the latest revision at the top of the Policy.

Your continued use of the Site or our services after any changes to this Privacy Policy have been posted will signify your acceptance of those changes. However, if a change requires your consent (such as for new uses of personal data), we will obtain that consent as necessary. If you do not agree with the changes, you should discontinue use of the Site and can contact us regarding removal of your personal data as outlined in Your Rights  above.