Hub Privacy Policy
Last updated: February 26th, 2026
Data Controller: Marine Information Solutions Limited (Company Registration No. 08082437)
Contact: info@mismarine.com
Service: Marine Data Hub (operated by Marine Information Solutions Limited)
1. Introduction
Marine Information Solutions Limited ("we", "us", "our") is committed to protecting the personal data of individuals who use the Marine Data Hub platform ("the Services"). This Privacy Notice explains what personal data we collect, why we collect it, how we use it, and your rights under applicable data protection law.
This notice is provided in accordance with our obligations under the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, and the Data Protection Act 2018. Where users access the Services from outside the United Kingdom, we also aim to meet equivalent international standards including the EU GDPR where applicable.
This Privacy Notice should be read alongside our End User Licence Agreement, which incorporates this notice by reference at clause 9.1.
2. Who We Are
The data controller for personal data processed through the Services is:
Marine Information Solutions Limited
Company Registration No. 08082437.
Registered Address: 3 Devon Way, Longbridge, Birmingham, B31 2TS
Contact Email: info@mismarine.com
3. What Personal Data We Collect
We collect and process the following categories of personal data in connection with the Services:
Account and registration data: organisation name, corporate email address, and, where a user opts to provide it, their real name. Job title or role may also be collected where provided.
Usage and access data: login activity, session data, and records of actions taken within the platform, used for security, audit, and service improvement purposes.
Uploaded documents: users may upload documents relating to vessel inspections, company certifications, or similar maritime industry records (for example SIRE 2.0 or HVPQ6 inspection reports). These documents may contain the names or other personal data of third-party individuals such as surveyors, officers, or crew members. See Section 8 for further information on this.
Industry-sourced data: vessel ownership, operator, and charterer relationships are ingested from third-party industry data providers. Where this data contains personal data relating to named individuals, we process it solely as provided by those sources and do not independently verify or supplement it.
Technical and analytics data: device and browser information, IP addresses, and behavioural analytics data collected via Microsoft Clarity operating in Cookieless mode. No persistent cookie identifiers are used for this purpose. See Section 6 for further detail.
Transactional communications data: email addresses and communication records associated with system-generated notifications and transactional emails delivered via SendGrid (Twilio Inc.).
We do not intentionally collect special category personal data (such as health, biometric, or criminal conviction data) and ask users not to upload documents containing such data except where strictly necessary for a legitimate maritime compliance purpose.
4. How and Why We Use Your Personal Data
We process personal data on the following lawful bases under UK GDPR Article 6:
Performance of a contract (Article 6(1)(b)): We process account and registration data to create and manage user accounts, authenticate access, and deliver the Services as described in the EULA.
Legitimate interests (Article 6(1)(f)): We process usage data and analytics data to maintain platform security, prevent fraud, monitor service performance, and improve the Services. We have assessed that these interests are not overridden by your rights and freedoms, given the professional and B2B context of the platform.
Legal obligation (Article 6(1)(c)): We may process and retain data where required to comply with applicable UK law, including financial record-keeping obligations and responses to lawful regulatory or law enforcement requests.
We do not use your personal data for marketing purposes without your separate consent, and we do not sell or rent your personal data to any third party.
5. Third Parties and Data Sharing
We share personal data with third parties only in the following circumstances:
SendGrid (Twilio Inc.): We use SendGrid to deliver transactional emails (such as account verification, password reset, and system notifications). SendGrid processes email addresses on our behalf as a data processor. Twilio Inc. is a US-based company; see Section 7 on international transfers.
Microsoft Clarity (Microsoft Corporation): We use Microsoft Clarity in Cookieless mode to collect behavioural analytics data including device information, IP addresses, and user interaction data. Microsoft processes this data on our behalf as a data processor. Microsoft Corporation is a US-based company; see Section 7 on international transfers.
Legal and regulatory disclosure: We will disclose personal data to courts, regulators, or law enforcement bodies where we are legally required to do so, or where we believe in good faith that disclosure is necessary to comply with applicable law or protect the rights, property, or safety of the Services, our users, or others.
We do not share personal data with any other third parties without your knowledge except as described above.
6. Cookies and Similar Technologies
6.1 What Are Cookies
Cookies are small text files placed on your device by websites or applications you visit. They are widely used to make services function correctly, to improve efficiency, and to provide analytics information to site operators. Some cookies are set directly by us (first-party cookies); others are set by third-party services we use (third-party cookies).
The Services use only essential cookies that are strictly necessary for the platform to function. No analytics or tracking cookies are used.
6.2 How We Use Cookies
We use cookies for the following purposes:
Essential cookies are strictly necessary for the Services to function. They enable core features such as authentication, session management, and security. These cookies cannot be disabled without significantly impairing your ability to use the platform. No consent is required to set these cookies under UK PECR.
6.3 Cookie Inventory
The following table sets out the specific cookies used on the Services:
Cookie Name | Set By | Purpose | Type | Duration |
|---|---|---|---|---|
_RequestVerificationToken | Marine Data Hub | Anti-forgery token cookie that protects against cross-site request forgery (CSRF) attacks. | Essential | Session |
ASP.NET_SessionId | Marine Data Hub | Standard ASP.NET session management cookie. | Essential | Session |
6.4 Analytics Without Cookies
Behavioural analytics are conducted via Microsoft Clarity operating in Cookieless mode. No analytics cookies are set for this purpose; however, usage data including IP addresses and device information is still collected and transmitted to Microsoft. This processing is carried out under our legitimate interests lawful basis as described in Section 4. See Section 5 for further detail on Microsoft Clarity and Section 7 for international transfer information.
7. International Transfers of Personal Data
Some of our third-party service providers are based outside the United Kingdom. Where we transfer personal data to countries not covered by a UK adequacy regulation, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V.
SendGrid (Twilio Inc., USA): Transfers are made under the UK International Data Transfer Agreement (IDTA) or equivalent Standard Contractual Clauses as adopted for UK transfers. Further information is available in Twilio's privacy documentation at https://www.twilio.com/en-us/legal/privacy.
Microsoft (Clarity, USA): Microsoft participates in the UK-US data bridge and transfers are made under appropriate UK transfer mechanisms. Further information is available in Microsoft's privacy documentation at https://privacy.microsoft.com.
You can request further information about the specific transfer mechanisms in place by contacting us at the address in Section 2.
8. User-Uploaded Documents and Third-Party Personal Data
Where users upload documents to the Services — such as inspection reports, certificates, or other maritime compliance records — those documents may contain personal data relating to third parties (for example, named surveyors, vessel officers, or company representatives).
By uploading such documents, users represent that they have a legitimate basis for sharing that data through the Services and that doing so is consistent with their own data protection obligations. Users should not upload documents containing special category personal data unless strictly required for a legitimate compliance purpose.
Marine Information Solutions Limited processes such documents solely to provide the storage, retrieval, and sharing functionality of the Services, and does not use the contents of uploaded documents for any other purpose.
9. Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law and regulation. The following retention principles apply to the categories of data we process:
Account and registration data is retained for the duration of an active account. Following account closure, core account data is retained for as long as is necessary to meet our contractual, legal, and regulatory obligations and to facilitate any dispute resolution that may arise in connection with the Services.
Usage and audit logs are retained for as long as is necessary to meet our legal, regulatory, and contractual obligations, and to defend against any legal claims that may arise in connection with the Services. Given the nature of maritime industry data and the applicable liability periods within the maritime sector, this may constitute an extended retention period. We review retained audit data periodically to assess whether continued retention remains justified.
Uploaded documents are retained in accordance with the user's account settings and our standard data lifecycle policy. Users may request deletion of uploaded documents subject to any applicable legal hold obligations. Where documents form part of an audit trail relating to vessel inspections, certifications, or regulatory compliance, extended retention may apply on the same basis as audit logs above.
Industry-sourced data relating to vessel ownership, operator, and charterer relationships is retained in accordance with the update cycles of our industry data providers and our contractual obligations with those providers. Where this data forms part of an audit or compliance record, the extended retention principles above apply.
Transactional communications data including records of system-generated emails is retained for as long as is necessary for audit, legal, and dispute resolution purposes.
Where we determine that personal data is no longer necessary for any of the purposes described above, we will securely delete or anonymise it. Where full deletion is not immediately possible due to technical constraints, we will ensure the data is isolated from further processing until deletion can be completed.
If you have questions about our retention practices or wish to request deletion of your personal data, please contact us at info@mismarine.com. Requests will be considered in accordance with your rights under Section 10 of this notice and any applicable legal obligations that may require us to retain the data.
10. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
Right to erasure: You may ask us to delete your personal data where there is no longer a legitimate reason for us to hold it.
Right to restriction: You may ask us to restrict processing of your personal data in certain circumstances.
Right to data portability: Where processing is based on your consent or a contract, you may request that we provide your data in a structured, commonly used, machine-readable format.
Right to object: You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at info@mismarine.com. We will respond within one calendar month as required by UK GDPR Article 12.
11. Right to Complain
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Telephone: 0303 123 1113 Website: ico.org.uk
Users based in EU member states also have the right to lodge a complaint with their local supervisory authority under EU GDPR.
12. Changes to This Notice
We may update this Privacy Notice from time to time. Where changes are material, we will notify registered users by email or via a prominent notice within the Services. The date at the top of this notice indicates when it was last revised.