Privacy Policy
USV MARIX — Privacy Policy
Last updated: · Contact: info@usvmarix.com
This Privacy Policy explains how we collect, use, share, and protect personal data in accordance with the UK GDPR and the Data Protection Act 2018.
1) Who we are (Controller) & How to contact us
USV MARIX is the trading name of [insert legal entity name] (the Controller), registered in England and Wales under [Company No.] with registered office at [Registered Address].
Primary contact for privacy queries: info@usvmarix.com.
Data Protection Officer (DPO) / Privacy Lead: [Name or “Not appointed”], email: [dpo@usvmarix.com].
ICO registration number: [insert ICO registration number].
2) Scope
This Policy applies to: (i) website visitors; (ii) prospective and existing business customers and operators; (iii) suppliers and partners; (iv) job applicants; and (v) individuals whose data appears in logs, diagnostics, or safety records generated by our unmanned surface vessels (USVs), platforms, or software.
3) What data we collect
- Identity and contact data: name, job title, employer, postal address, email, phone.
- Business relationship data: enquiries, proposals, contracts, orders, invoices, payments, support tickets, training records.
- Device, usage & website analytics: IP address, device/browser info, pages viewed, referrers, cookie identifiers and preferences (see our Cookie Notice).
- USV telemetry & mission data: configurations, mission plans, logs, diagnostic telemetry, timestamps, GNSS position, AIS and collision-avoidance data, vessel state (e.g., speed, heading), sensor metadata (e.g., radar/LiDAR/IMU), and event/fail-safe records.
- KYC/AML & compliance data: due-diligence information, identity documents, end-use/end-user declarations, licensing documentation (export controls/sanctions).
- Marketing preferences: opt-ins/opt-outs, interactions with campaigns.
- Recruitment data: CV, cover letter, qualifications, interview notes, right-to-work information.
- Public & third-party sources: company registries, sanctions lists, maritime authority publications, and business intelligence providers.
4) How we use data & lawful bases
We process personal data only where there is a lawful basis under the UK GDPR:
- Contract: responding to enquiries, pre-contract steps, contract formation, delivery, commissioning, support, and training.
- Legal obligation: tax/accounting, export-control and sanctions screening, maintaining safety/incident records where required by law or regulators.
- Legitimate interests: improving and securing our platforms and Site; analysing usage; maintaining and evidencing product safety; preventing misuse or diversion; B2B marketing to corporate subscribers; protecting our legal rights. We balance these interests against your rights.
- Consent: non-essential cookies/analytics; direct marketing to individuals where consent is required; releasing media or testimonials when permission is sought.
- Vital interests (rare): sharing data to protect life in emergency or distress situations.
Where we rely on consent, you may withdraw it at any time (it will not affect processing already performed).
5) Important contexts
5.1 KYC/Export controls
We conduct due diligence and screening to comply with the Export Control Order 2008, UK Strategic Export Control Lists, and the Sanctions and Anti-Money Laundering Act 2018. Lawful basis: legal obligation and legitimate interests.
5.2 Telemetry, autonomy & safety
To ensure safety and reliability, our platforms may generate diagnostic telemetry and event logs (including positional and vessel-state data). We use these to deliver support, investigate incidents, improve autonomy, and meet compliance obligations. Lawful basis: legitimate interests and, where mandated, legal obligation.
5.3 Cookies & analytics
We use essential cookies for core site functions and, with your consent, analytics/marketing cookies. Manage preferences via the cookie banner or your browser. See our separate Cookie Notice for details.
5.4 Marketing
We may send B2B updates to corporate subscribers under legitimate interests. Individuals can opt out at any time via unsubscribe links or by emailing info@usvmarix.com. Where consent is required, we will obtain it first.
5.5 Recruitment
Applicant data is used to assess suitability, verify information, and manage the hiring process. Unsuccessful candidate data is typically retained for [6–12 months] unless you ask us to keep it longer.
7) International transfers
Where data is transferred outside the UK (or to countries without UK adequacy regulations), we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, and additional technical/organisational measures where appropriate. Copies of key safeguards can be requested via info@usvmarix.com.
8) Data retention
We retain personal data only for as long as necessary for the purposes described above, including to comply with legal/accounting/reporting requirements. Typical periods are:
- Contracts, orders, invoices, support tickets: 6 years (Limitation Act) from the end of the contract.
- KYC/AML records: 5 years from the date the relationship ends or the transaction completes.
- USV telemetry and incident logs: [12–36 months] (longer if required for safety, warranty or disputes).
- Website analytics (non-essential, with consent): [up to 26 months].
- Recruitment (unsuccessful): [6–12 months].
- Marketing preferences: until you opt out or your account becomes inactive for [24 months].
9) Your rights
Subject to conditions and exemptions under the UK GDPR, you have the right to:
- access your personal data and receive a copy;
- rectify inaccurate or incomplete data;
- erase data (right to be forgotten);
- restrict processing;
- data portability (to move, copy, or transfer your data);
- object to processing based on legitimate interests and to direct marketing;
- withdraw consent at any time where we rely on consent.
To exercise your rights, email info@usvmarix.com. We may need to verify your identity. We aim to respond within one month.
10) Security
We apply technical and organisational measures appropriate to risk, including access controls, encryption in transit, network segregation, secure development practices, logging/monitoring, vulnerability management, and supplier due diligence. No system is perfectly secure; we continuously improve our controls.
11) Children
Our Site, platforms, and services are intended for professionals and are not directed at children. If you believe a child has provided us with personal data, contact info@usvmarix.com so we can take appropriate action.
12) Changes to this Policy
We may update this Policy from time to time. The “Last updated” date at the top reflects the latest version. Material changes will be communicated where appropriate.
13) Questions & complaints
If you have questions or concerns, contact us at info@usvmarix.com. You also have the right to complain to the UK regulator:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 · ico.org.uk
Publisher’s checklist (remove before publishing):
- Insert legal entity name, company number, registered office, DPO/Privacy Lead details, and ICO registration number.
- Add/Link your detailed Cookie Notice and cookie banner preferences centre.
- Confirm retention periods for telemetry, analytics, and support data match your engineering and warranty policies.
- Insert your actual international transfer mechanisms (IDTA/UK Addendum) and list core processors (e.g., hosting/CRM providers) if you plan to name them.
Promotional offer
Don't miss out on the chance to save while enjoying the quality and service you love. Keep an eye on this space for the latest updates and grab these amazing deals while they last!