In accordance with EU General Data Protection Regulation (“GDPR”), as of 25th May 2018, the following constitutes St Kitts & Nevis International Ship Registry Data Protection Policy. St Kitts & Nevis International Ship Registry (SKANReg) intentions are to adopt and embrace the purposes, principals, obligations and rights in accordance with GDPR as mentioned below.

Purposes of GDPR

St Kitts & Nevis International Ship Registry recognise the purposes of GDPR which are an update of existing Data Protection Rules:

• An update of the existing Data Protection Rules
• Fix the shortcomings of data protection laws
• Update definitions of personal data
• Take a risk based approach

And the following principles of GDPR:

• Lawfulness, fairness and transparency
• Purpose limitation.
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality

And Obligations of GDPR:

• Breach Notifications
• Transparency
• Data Protection Officer

St Kitts & Nevis International Ship Registry recognises the following rights of the data subject according to GDPR:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to be forgotten
• Right to restrict processing
• Right to data portability
• Right to prevent automated individual decision making and profiling

The following has been undertaken by St Kitts & Nevis International Ship Registry to ensure that the above mentioned principals, obligations of GDPR and rights of the Data Subject are protected:

Who is our Data Protection Officer?

Tracy Newson, General Manager will act in this capacity.  The Data Protection Officer will be responsible for enforcing Data Protection Policy and will make all steps possible to ensure this complies with GDPR.

The Data Subjects (persons from whom St Kitts & Nevis International Ship Registry collect data for the purpose of issuing documents) will be notified of their rights and obligations of GDPR. In the case of a data breach then the ICO (Information Commissioners Office) will be contacted within 72 hours of the breach.

Seafarer Applications

For seafarers completing our A15 Application Form for seafarer documentation, you are agreeing to allow us to hold data belonging to you on our database that we use to issue your SKANReg documentation. We will hold this information as it will be used to verify the documents you are applying for/have been issued, by Owners / Managers & Port State Control.

Flag State Inspector, DPA & CSO Applications

For Flag State Inspectors (FSI’s), Designated Person Ashore (DPA’s), Company Security Officers (CSO’s) and individual owners of vessels, by completing our applications for vessel documents, you are agreeing to allow us to hold data belonging to you on our database that we use to issue your SKANReg documentation.

Exercising Your Rights

If you would prefer not to hear from us, or if you wish to exercise any of your rights under data protection law including the right to object, please tell us by email to GDPR@StKittsNevisRegistry.net or by phone on +44 (0)1708 380 400.

We do not share your information with any third party for marketing purposes.

Approved Service Providers

In line with GDPR, St Kitts & Nevis International Ship Registry have entrusted their IT Service Provider (Utilize) to provide a secure network which is protected through passwords, antivirus software, a dedicated managed firewall and is regularly backed up and monitored by Utilize. We have an incremental data back-up every 15 minutes. All data held off site is encrypted to an ISO 9001:27001 accredited datacentres and is FIPS 140-2 certified encrypted.

All data input to our BOSS software is held off site and on the servers of Fulcrum Maritime Systems who host a secure network which is protected through passwords, antivirus software, a dedicated managed firewall and is regularly backed up and monitored.

St Kitts & Nevis International Ship Registry shreds any personal or commercially sensitive documents through CSM Storage and Archives who have full adherence to European Standard EN15713, ISO9001 Quality Accredited, Members of BSIA (British Security Industry Association) & NAID Europe, Data Protection Act (1998) Principle 7 compliant, paper is shredded between 15mm to 4mm & cross cut in accordance with BSIA standards and all securely shredded documentation is transported to a UK recycling facility.

St Kitts & Nevis International Ship Registry does not purchase or sell any data about companies or individuals.

St Kitts & Nevis International Ship Registry does not purchase, sell or store data about members of the public who have not had any direct contact with St Kitts & Nevis International Ship Registry.

It is strictly forbidden for any St Kitts & Nevis International Ship Registry employee to release any data stored on the company server or company emails without prior written consent by a director of the company.