INFO CENTER
Overview
Collection and Use of Personal Information
Collection
Use
Use of Payment Website
Non-Personal Information
Cookies and Other Technology
Disclosure to Third Parties
Disclosure to Service Providers
Disclosure to Others
Disclosure if Use Payment Website
Protection of Personal Information
Integrity and Retention of Personal Information
Access to Personal Information
Children and Education
Third Party Sites and Services
International Users
Commitment
Privacy Questions
Overview
Your privacy is important to The Trust Company of the Marshall Islands, Inc. (“TCMI”), which is the Republic of the Marshall Islands (“RMI”) Maritime Administrator and Registrar of Non-resident Domestic Entities, and International Registries, Inc. and its affiliates (“IRI”), which provide administrative and technical support to TCMI (collectively, the “Companies”). This Privacy Policy covers how the Companies collect, use, disclose, transfer, and store information. Please take a moment to familiarize yourself with these privacy practices and email dataprivacy@register-iri.com if you have any questions. The Companies are considered a data controller under the definition found in the European Union General Data Protection Regulation 2016-679 (“GDPR”).
This policy may be amended at any time by posting a revised version at www.register-iri.com. The revised version will be effective as of the time it is posted.
Collection and Use of Personal Information
Personal information is data that can be used to identify or contact a single person.
You may be asked to provide your personal information anytime you are in contact with the Companies. Sometimes the information collected may be either a statutory or contractual obligation of the Companies. The Companies may share this personal information with each other and use it in any manner that is consistent with this Privacy Policy. The Companies may also combine it with other information to provide and improve its services, content, and promotion. You are not required to provide the personal information that the Companies have requested, but if you chose not to do so, in many cases the Companies will not be able to provide you with their products or services or respond to any queries you may have.
In addition, you have rights regarding the information you provide to the Companies. These include the right to:
- Access any information you have provided to the Companies;
- Correct any information you have provided to the Companies;
- Delete any information you have provided to the Companies;
- Restrict the processing of any information you have provided to the Companies;
- Object to the use of information you have provided to the Companies; and
- Have information you have provided to the Companies transferred to another company or entity.
Please note that if your information is required for the Companies to provide a service and you wish to restrict or delete that data, it may impact the ability of the Companies to provide such service(s). You will be advised of this outcome in the event that it arises. If you wish to enforce any of the above rights, please contact the Data Privacy Team at dataprivacy@register-iri.com.
Personal Information the Companies Collect
When you apply for any service, the Companies may collect a variety of information including, but not limited to: name, mailing address, phone number, email address, contact preferences, or other banking information.
Sometimes, in order to process your request, the Companies may have to collect a government-issued identification (“ID”), photo, or other form of documentation to prove your identity and/or residence (which may include an ID, number, or other similar unique identifier). The Companies may also have to collect certain information pertaining to your age or date of birth, marital status, ethnic origin, education, health, or disciplinary history.
Some examples of the services the Companies provide where the collection of personal information occurs includes processing or the assistance in processing of:
- Seafarer documentation;
- Authorization of filing agents or qualified intermediaries;
- Formation, documentation, or other corporate services for an RMI non-resident domestic entity;
- A billing account or address of record;
- Registration, documentation, and other services related to RMI registered vessels, including investigations and inspections;
- Marketing;
- Billing; and
- Other activities in furtherance of or related to the above.
If you use the website at https://www.tcmi-inc.com (the “Payment Website”), then the following also applies:
TCMI may collect the Internet Protocol (IP) address and domain names of all visitors to the Payment Website in order to measure the Payment Website’s effectiveness and to determine ongoing improvements. TCMI may also collect the email addresses from email messages received. No IP addresses, domain names, or email addresses will be shared with or sold to any other company or individual.
If the Payment Website services are used, the following types of information may also be collected by the Companies or a contracted third party:
- Contact information – user name, address, phone, email, Skype ID, and/or other similar information; and/or
- Financial information – credit card numbers that the user has provided through the Payment Website.
How the Companies Use Your Personal Information
The Companies may use your personal information, including date of birth, to assist with identification and to comply with local and international laws, trade regulations, and other similar obligations.
The Companies may also use personal information to help create, develop, operate, deliver, and improve services and advertising, and for loss prevention and anti-fraud purposes.
The Companies may also use personal information for internal and administrative purposes such as auditing, data analysis, and research to improve the Companies’ services and customer communications.
From time-to-time, the Companies may use your personal information to send important notices, such as communications about current services and changes to our terms, conditions, and policies.
How Personal Information May Be Used If You Use the Payment Website
The primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience.
Personal information may be used to:
- Provide the requested TCMI services and customer support;
- Process transactions and send notices about user transactions;
- Resolve disputes, collect fees, and troubleshoot problems;
- Prevent prohibited or illegal activities;
- Customize, measure, and improve TCMI services and the content and layout of the Payment Website and applications; and/or
- Compare information for accuracy and verify it with third parties when necessary.
Collection and Use of Non-Personal Information
The Companies also collect data in a form that does not, on its own, permit direct association with any specific individual. The Companies may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that the Companies collect and how the Companies may use it:
- The Companies may collect information such as occupation, language, zip code, and area code so that the Companies can better understand customer behavior and improve their products, services, and advertising.
- The Companies may collect information regarding customer activities on their websites. This information is aggregated and used to help the Companies provide more useful information to customers and to understand which parts of the website and services are of most interest. Aggregated data is considered non-personal information for the purpose of this Privacy Policy.
- The Companies may collect and store details of how you use their services, including search queries. This information may be used to improve the relevancy of results provided by their services. Except in limited instances to ensure quality of the Companies’ services over the Internet, such information will not be associated with your IP address.
If the Companies do combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.
The Companies process your personal information within the scope of the following purposes:
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (personal and work email, phone, and email, mailing address) • Date of birth (“DOB”) • Nationality • Residence • Birthplace • Passport/National ID • Gender • Licenses/Certificates • Payment information | Corporate services (e.g. entity formations, filings, recordations, submissions, and related services) | Public Task and Legal Requirement including:
• the RMI Associations Law, Maritime Act, Maritime Regulations, and other similar RMI rules and regulations; • the OECD Global Forum on Transparency and Exchange of Information for Tax Purposes the Global Forum tax transparency standards: (1) availability of information; (2) appropriate access to information; (3) existence of exchange of information mechanisms; • Tax Information Exchange Agreements (TIEAs), the multilateral Convention on Mutual Administrative Assistance in Tax Matters, and other similar international agreements and conventions concluded between the RMI and other jurisdictions; and • UNCLOS. In particular, the Companies process personal data to assess applications from non-Marshall Islands entities to qualify as Marshall Islands Foreign Maritime Entities (“FMEs”), satisfying the RMI vessel ownership requirements. Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (personal and work email, phone, and email, mailing address) • DOB • Nationality • Residence • Birthplace • Passport/National ID • Gender • Licenses/Certificates • Emergency contact(s) • Payment information | Special Agent appointments | Public Task and Legal Requirement including the RMI Associations Law, Maritime Act, Maritime Regulations, and other similar RMI rules, regulations, and conventions.
Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (personal and work email, phone, and email, mailing address) • DOB • Nationality • Residence • Birthplace • Passport/National ID • Height • Weight • Distinguishing marks • Gender • Medical records • Licenses/Certificates • Emergency contact(s) | Seafarer documentation and Filing Agent applications | Contract Performance
Legal Requirement and Public Task including: • the RMI Maritime Act and Maritime Regulations; • the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (“STCW” 1978); and • related International Maritime Organization (“IMO”) resolutions. Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (personal and work email, phone, and email, mailing address) • Nationality • Passport/National ID | Vessel registration and mortgage recordations | Contract Performance
Legal Requirement and Public Task including the RMI Maritime Act and Maritime Regulations and the United Nations Convention on the Law of the Sea, 1982 (“UNCLOS”). Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (personal and work email, phone, and email, mailing address) • Passport information • DOB • Nationality • Licenses/Certificates • Banking information | Vessel support such as inspections and audits | Contract Performance
Legal Requirement and Public Task including: • the RMI Maritime Act and Maritime Regulations; and • international conventions, rules, and standards such as UNCLOS, International Safety Management (“ISM”) Code, International Convention for Safety of Life at Sea (“SOLAS”) Chapter XI-2, the International Ship and Port Facility (“ISPS”) Code and Maritime Labor Convention, 2006 (verification that on-board certificates issued pursuant are in conformity with the above). Legitimate Interest to verify qualifications, generate flag state inspector and/or auditor identification cards for vessel boarding and port entry and to coordinate vessel inspections with vessel owners, operators, local vessel agents, and flag State Administrators. Note: names and contact information of local vessel agent(s) and/or DPA(s) may be shared with contracted inspectors and auditors for scheduled inspections to facilitate communication in case of delay or otherwise. This processing is done under both Legitimate Interest and Public Task. Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (personal and work email, phone, and email, mailing address) • Passport number • DOB • Nationality • Licenses/Certificates • Banking information | Maritime investigations | Legal Requirement and Public Task including in accordance with international conventions (UNCLOS, SOLAS, the International Convention for the Prevention of Pollution from Ships (“MARPOL”) and IMO Resolution MSC.255(84) (“Casualty Investigation Code”)).
Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (work email, address, phone number) | Designated Person Ashore (“DPA”) | Legal Requirement and Public Task including the RMI Maritime Act and Maritime Regulations and the ISM Code.
Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (work: email, address, phone number) | Company Security Officer | Legal Requirement and Public Task including the RMI Maritime Act and Maritime Regulations and to comply with special measures for enhancing maritime security provided for in SOLAS Chapter XI-2 and the ISPS Code.
Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (work and possibly personal email, phone, and email, mailing address) • Banking information | Billing and accounting | Legal Requirement and Legitimate Interest for business functions.
Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact Details (personal and work email, phone, and email, mailing address) • DOB | Providing marketing communications | Legitimate Interest (see below) for business purposes and to provide updates to Legal Requirements (including the RMI Maritime Act and Maritime Regulations, Associations Law, and other international regulations and conventions).
Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Any of the above information plus additional information as needed, and as specified | Trade Compliance | Legal Requirement and Legitimate Interest to protect against fraud and other unlawful practices and to comply with national and international trade restrictions. |
| Personal Data Collected | Purposes of Processing | Legal Basis |
|---|---|---|
| • Name
• Contact details (home/business address, home/business email, home/business phone number • Date of birth • Nationality • Residence • Birthplace • Passport • Height • Weight • Distinguishing marks • Gender • Medical records • Government or other licenses • Emergency contact • Payment information |
Providing corporate services (entity formations, filings, recordations, submissions, and related services) | Contract Performance and Legal Requirement (per the Marshall Islands Association Law); Public Task |
| Seafarer documentation | Contract Performance and Legal Requirement (per the Marshall Islands Maritime Act and Regulations); Public Task including compliance with the requirements of the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (“STCW” 1978) and related International Maritime Organization (“IMO”) resolutions prior to issuing seafarer certificates;
Personal data is also used to protect against fraud and other unlawful practices |
|
| Vessel registration and mortgage recordations | Contract Performance, Legal Requirement/Public Task (per the Marshall Islands Maritime Act and Regulations) and including the United Nations Convention on the Law of the Sea, 1982 (“UNCLOS”)
Personal data is also used to protect against fraud and other unlawful practices |
|
| Vessel support such as inspections and audits | Contract Performance and Legal Requirement (per the Marshall Islands Maritime Act and Regulations); Public Task including
Personal data is also used to protect against fraud and other unlawful practices. |
|
| Billing and accounting | Legal Requirement and Legitimate Interest
Personal data is also used to protect against fraud and other unlawful practices |
|
| Conducting trade compliance | Legal Requirement and Legitimate Interest
Personal data is also used to protect against fraud and other unlawful practices |
|
| Providing marketing communications | Legitimate Interest
Personal data is also used to protect against fraud and other unlawful practices |
If you provide sensitive personal information, the Companies rely on the above applicable legal bases and explicit consent which is obtained via a consent form.
Cookies and Other Technologies
The Companies’ websites, online services, email messages, and advertisements may use cookies and other technologies such as pixel tags and web beacons. These technologies help the Companies better understand user behavior, tell which parts of the Companies’ websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. Cookies may be used for other purposes such as authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data. Cookies may be encrypted for information privacy and data security purposes. Cookies may be set by the server with or without an expiration date. If permitted by the user’s browser, cookies may be declined. However, website functionality as identified above may no longer be available.
Cookies may be encountered from third parties via links made available on the Payment Website which cannot be controlled by TCMI (for example, if a user views a website created by a third party or uses an application developed by a third party, there may be a cookie placed by that webpage or application).
The Companies treat information collected by cookies and other technologies as non-personal information. However, to the extent that IP addresses or similar identifiers are considered personal information by local law, the Companies also treat these identifiers as personal information.
As is true of most Internet services, the Companies gather some information automatically and store it in log files. This information includes IP addresses, browser type and language, Internet service provider (“ISP”), referring and exit websites and applications, operating system, date/time stamp, and clickstream data. The Companies may use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve their products and services, and to gather demographic information about their user base as a whole.
In some email messages, the Companies may use a click-through uniform resource locators (“URL”) linked to content on the Companies’ websites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on the website. The Companies may track this click-through data to help determine interest in particular topics and measure the effectiveness of customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Pixel tags enable the Companies to send email messages in a format users can read, and they tell whether mail has been opened. The Companies may use this information to reduce or eliminate messages sent to users.
Disclosure to Third Parties
At times the Companies may make certain personal information available to strategic partners or concerned parties that work with the Companies to provide products and services, or that help the Companies market to customers.
For example, if you serve on board an RMI flagged vessel, you authorize the Companies to share your information with other concerned parties, which may include other flag States or governments.
Personal information will only be shared by the Companies to provide or improve products, services, and/or advertising; it will not be shared with third parties for their marketing purposes.
Disclosure to Service Providers
The Companies may share personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products, managing and enhancing customer data, providing customer service, assessing interest in products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever the companies operate.
It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for the Companies to disclose your personal information. The Companies may also disclose information about you if the Companies determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
The Companies may also disclose information about you if the Companies determine that disclosure is reasonably necessary to enforce their terms and conditions or protect operations or users. Additionally, in the event of a reorganization, merger, or sale, the Companies may transfer any and all personal information the Companies collect to the relevant third party.
Disclosure to Third Parties if You Use the Payment Website
Personal information may be shared with:
- Service providers who support TCMI services such as fraud prevention, bill collection, marketing, and technology services, among others. These service providers may only use user information in connection with TCMI services they perform and not for their own benefit;
- Credit bureaus to report account information, as permitted by law;
- Banking partners as required by credit card association rules; and/or
- Law enforcement, government officials, or other third parties when:
- TCMI is compelled to do so by a subpoena, court order or similar legal procedure;
- It is necessary to comply with the law or credit card rules;
- Disclosure is necessary to prevent physical harm or financial loss or to report illegal activity; and/or
- The user consents or directs TCMI to do so.
TCMI will not sell or rent any personal information to third parties for their marketing purposes and only shares personal information with third parties as described in this policy.
Protection of Personal Information
When users visit the Payment Website or send an email to the Companies, technology is used to prevent unauthorized third parties from viewing and downloading user information. The Companies processes personal information on servers in the United States and Canada and protects it by maintaining physical, electronic, and procedural safeguards such as: firewalls, secure sockets layer (“SSL”) encryption, URL data encryption, file access privileges, physical server access controls, and authorizing access to personal information only for employees who require it to fulfill their job responsibilities. When your personal data is stored by the Companies, the Companies use computer systems with limited access housed in facilities using physical security measures.
No data transmission over the Internet can be guaranteed to be 100% secure. As a result, the Companies cannot ensure or warrant the security of any information transmitted over the Internet. The Companies make every attempt to ensure the security of all information collected.
Integrity and Retention of Personal Information
The Companies make it easy for you to keep your personal information accurate, complete, and up-to-date. The Companies will retain your personal information, which may include all emails or similar correspondence, for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
Access to Personal Information
You can help ensure that your contact information and preferences are accurate, complete, and up-to-date by sending an email to dataprivacy@register-iri.com. For other personal information the Companies hold, the Companies will provide you with a copy for any purpose including to request that the Companies correct the data if it is inaccurate or delete the data if the Companies are not required to retain it by law or for legitimate business purposes. The Companies may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. Request for information, correction, portability, or deletion can be made by emailing dataprivacy@register-iri.com.
Children and Education
The Companies understand the importance of taking extra precautions to protect the privacy and safety of children using the Companies’ services. Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are not permitted to use the Companies’ services, unless their parent provided verifiable consent.
If the Companies learn that they have collected the personal information of a child under 13, or equivalent minimum age depending on the jurisdiction, without verifiable parental consent (C-4001B), the Companies will take steps to delete the information as soon as possible.
If at any time a parent needs to access, correct, or delete data associated with their child’s information, they may email dataprivacy@register-iri.com.
Third Party Sites and Services
The Companies’ websites, products, applications, and services may contain links to third party websites, products, and services. The Companies products and services may also use or offer products or services from third parties. The inclusion of any link does not imply the Companies’ endorsement of any other company, its products, services, or privacy practices. Furthermore, the Companies are not responsible for personal information voluntarily disclosed by users to third parties that are contacted through links on any website.
Information collected by third parties, which may include such things as location data or contact details, is governed by their privacy practices. The Companies encourage you to learn about the privacy practices of those third parties.
International Users
All the information you provide may be transferred or accessed by entities around the world as described in this Privacy Policy including to carry out administrative purposes. This includes the transfer to and accessibility by all of the Companies’ locations and any required third party, and to their respective Information Technology (“IT”) servers.
The Companies, as global companies, have a number of affiliated legal entities in different jurisdictions which are responsible for the personal information which they collect and which is processed on their behalf. The Companies employ appropriate technological and physical safeguards to keep information secure. However, please be aware that these safeguards may not meet the same standards as is required by the country in which you reside.
Commitment to Your Privacy
To make sure your personal information is secure, the Companies communicate their privacy and security guidelines to their employees and strictly enforce privacy safeguards.
Privacy Questions
If you have any questions or concerns about this Privacy Policy or data processing or if you would like to make a complaint about a possible breach of local privacy laws, please use the contact information below.
When a privacy question or access/deletion request is received, the Companies have a dedicated team which seeks to address the specific concern or query which you are seeking to raise. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. Upon request, the Companies will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.
This Privacy Policy may be updated from time-to-time. When the policy changes in a material way, a notice will be posted on the Companies’ websites along with the updated Privacy Policy.
Data Controller/Processor
Attn: Data Privacy Team
11495 Commerce Park Drive, Reston, Virginia 20191
United States
Telephone: +1 703 620 4880
Email: dataprivacy@register-iri.com
EXPLORE
Subscribe to our Newsletter
Receive recent news and never miss an update.
