Privacy Policy

1 Who We Are

Koris Maritime Ltd is a private limited company registered in England and Wales, providing marine engineering consultancy, crew management, vessel surveys, maritime training, and educational outreach services.

• Company Name: Koris Maritime Ltd
• Registered Address: Dawlish, Devon, England
• Email: [email protected]
• Data Controller: The Founder — Koris Maritime Ltd

As a small business, Koris Maritime Ltd is the Data Controller for all personal data collected through this website and through our business operations. We are not required to appoint a Data Protection Officer (DPO), but the founder acts as the primary point of contact for all data protection matters.

2 What Personal Data We Collect

We collect personal data in the following circumstances:

When you contact us through our website enquiry form

• First name and last name
• Email address
• Organisation name (if provided)
• The content of your message
• The service you are enquiring about

When you engage us commercially

• Name, job title, and organisation
• Contact details — email address, telephone number, postal address
• Details of the services requested
• Financial information necessary for invoicing and payment (processed securely)

When you engage with our Educational Outreach Programme

• Name and contact details of the teacher or school administrator we work with
• School name and address
• Relevant safeguarding documentation (handled under our Safeguarding Policy)
• We do not collect personal data directly from children — see Section 10

Automatically collected data

• Basic website analytics — pages visited, time on site, browser type, and approximate location (country/region level) — collected via cookies if you consent. See Section 8.

We do not collect any special category data (such as health information, racial or ethnic origin, or biometric data) through this website.

3 How We Use Your Data

We will never sell, rent, or trade your personal data to any third party. We will never use your data for unsolicited marketing without your explicit consent.

4 Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Performance of a Contract (Article 6(1)(b)): where processing is necessary to provide you with the services you have requested
• Legitimate Interests (Article 6(1)(f)): where we have a genuine business reason to process your data that does not override your rights — for example, responding to enquiries and managing client relationships
• Legal Obligation (Article 6(1)(c)): where we are required by law to process data — for example, for HMRC tax records or safeguarding obligations
• Consent (Article 6(1)(a)): where you have given clear, freely given consent — for example, for website analytics cookies
• Vital Interests (Article 6(1)(d)): in safeguarding situations where the processing is necessary to protect someone's life

5 How Long We Keep Your Data

After the applicable retention period, data will be securely deleted or anonymised so that it can no longer be associated with you.

6 Who We Share Your Data With

We do not sell or trade your personal data. We may share your data only in the following limited circumstances:

• Service providers: We may use third-party tools such as email hosting, website hosting, or accounting software to operate our business. These providers are required to process data only on our instructions and in accordance with UK GDPR.
• Professional advisers: Our accountant or legal advisers may have access to relevant financial or contractual data as required.
• Statutory authorities: We may disclose data to HMRC, the DBS, or law enforcement agencies where required by law or where necessary to protect a child's safety.
• Safeguarding referrals: In a safeguarding situation, we may share relevant information with the school's DSL, the Local Authority Designated Officer (LADO), or the police.

All third-party service providers we use are selected on the basis that they meet UK GDPR compliance standards. We do not transfer personal data outside of the UK or the European Economic Area.

7 Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within one month.

Please note that some of these rights are not absolute and may be subject to exemptions — for example, where we have a legal obligation to retain certain data. We will always explain our reasons if we are unable to fulfil a request.

8 Cookies

Our website may use cookies to improve your experience and to collect basic analytics data. We distinguish between:

• Strictly necessary cookies: Essential for the website to function. These do not require your consent.
• Analytics cookies: Used to understand how visitors interact with our site. These are only set with your consent.

You can manage or withdraw your consent to analytics cookies at any time through your browser settings. Withdrawing consent will not affect data already processed. For more detail, please see our Cookie Policy.

We do not use advertising cookies, tracking pixels, or third-party behavioural advertising.

9 Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include:

• Secure, encrypted email communication
• Password-protected and encrypted storage of client and business records
• Limited access to personal data — only those who need it for their role have access
• Regular review of security practices and procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify affected individuals without undue delay.

10 Children's Privacy

Koris Maritime Ltd is committed to protecting children's privacy in all aspects of our operations. In relation to our Educational Outreach Programme:

• We do not collect personal data directly from children (under 18) through our website or outreach activities
• All contact relating to school visits is conducted with teachers, administrators, or other responsible adults — not with pupils directly
• We do not photograph, film, or record pupils without prior written consent from the school and, where required, parents or guardians
• Any safeguarding-related records involving a child are handled under strict confidentiality in accordance with our Safeguarding Policy and statutory guidance
• If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will delete it promptly

If you are a parent or guardian with a concern about data relating to a child, please contact us immediately at [email protected].

11 Changes to This Policy

We review this Privacy Policy at least once a year and whenever there are changes to relevant legislation, our services, or the ways in which we process data. The current version and its effective date are shown at the top of this page.

We will notify users of any material changes by posting a notice on our website. Continued use of our website after changes have been posted constitutes acceptance of the updated policy.

This policy was last reviewed and updated in April 2026. The next scheduled review is April 2027.

12 Contact and Complaints

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we have handled your personal data, please contact us: