Data Processing Agreement
Last updated: 7 June 2026
This page summarises the Data Processing Agreement (DPA) that governs how Magnor Vessels LLC processes personal data on behalf of its customers. Where a customer uploads crew, vessel and operational personal data, the customer acts as the data controller and Magnor Vessels acts as the data processor. When executed, the full DPA forms part of our Terms of Service.
Controller and processor roles
For account and billing data we are the controller (see our Privacy Policy). For customer content — including crew personal data, certificates, rest-hour logs, documents and operational records — the customer is the controller and we process that data only on the customer's documented instructions.
What the DPA covers
The DPA is intended to address the matters required by Article 28 of the GDPR, including:
- Subject matter & duration — processing for the term of the subscription.
- Nature & purpose — to provide the compliance platform and its features.
- Types of personal data & categories of data subject — crew and personnel records, and other individuals identified in vessel and operational data.
- Confidentiality — personnel authorised to process data are bound by confidentiality obligations.
- Security measures — appropriate technical and organisational measures (see our Security page).
- Sub-processors — engaged under written terms; our current list is on the sub-processors page, with prior notice of changes.
- International transfers — safeguarded by Standard Contractual Clauses (and the UK Addendum) where applicable.
- Assistance to the controller — supporting you with data-subject requests, security, breach notification and data protection impact assessments.
- Personal data breaches — we notify customers without undue delay after becoming aware of a breach affecting their data.
- Return & deletion — on termination, we return or delete customer content in line with the DPA.
- Audits & information — we make available the information reasonably necessary to demonstrate compliance.
Requesting and executing the DPA
A counter-signable DPA will be made available to customers on request. The finalised DPA terms are [• to be confirmed with legal counsel]. To request or execute a DPA, contact privacy@magnorvessels.com.
Contact
For questions about data processing or to request the DPA, contact privacy@magnorvessels.com.