GDPR Compliance

Last updated: January 15, 2025

1. Introduction

Global Maritime Calendar is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This document outlines how we comply with GDPR requirements and your rights as a data subject under GDPR.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you create an account and use our Service, you consent to the processing of your personal data as described in our Privacy Policy.
  • Contract Performance: Processing is necessary to provide the Service you have requested, including calendar and event management functionality.
  • Legitimate Interests: We process data to improve our Service, ensure security, prevent fraud, and analyze usage patterns.
  • Legal Obligations: We may process data to comply with legal requirements, such as responding to lawful requests from authorities.

3. Your Rights Under GDPR

3.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not your personal data is being processed, and access to your personal data. You can view most of your data through your account settings, or request a complete copy by contacting us.

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your profile information directly through your account settings at any time.

3.3 Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

You can delete your account and all associated data through your account settings or by contacting us.

3.4 Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. You can request an export of your data at any time.

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

3.7 Rights Related to Automated Decision-Making (Article 22)

Global Maritime Calendar does not use automated decision-making, including profiling, that produces legal effects or significantly affects you.

3.8 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Use your account settings to access, update, or delete your data
  • Contact us directly at the email addresses provided in Section 8
  • Submit a formal data subject request

We will respond to your request within one month (may be extended to two months for complex requests). We may request verification of your identity before processing your request.

5. Data Processing Details

5.1 Data Controller

Global Maritime Calendar acts as the data controller for personal data processed through our Service.

5.2 Data Processors

We use the following data processors:

  • Google Firebase: Authentication and related services
  • MongoDB Atlas: Database hosting and storage
  • Other service providers as necessary for Service operation

All processors are bound by data processing agreements and GDPR-compliant practices.

5.3 Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes outlined in our Privacy Policy, or as required by law. When you delete your account, we delete your data in accordance with our data retention policies, typically within 30 days.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

8. Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not addressed your concerns adequately. You can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

9. Contact Information

For GDPR-related inquiries, data subject requests, or to exercise your rights, please contact:

Data Protection Officer:
Email: dpo@maritimecalendar.com

General Inquiries:
Email: privacy@maritimecalendar.com
(Please update with your actual contact information)