External Privacy Notice
This Privacy Notice was last updated on 6 June 2023.
INFORMATION ABOUT US AND THIS NOTICE
- We are Ocean Infinity Group Limited (‘Ocean Infinity’, or ‘we’, ‘our’, or ‘us’). Our primary place of business and the location of our UK establishment is at 17 Grosvenor Street, London W1K 4QG.
- The following companies are part of our corporate group, and are owned by Ocean Infinity. Any references to us in this Privacy Notice are also references to these companies, and this Privacy Notice also applies the activities of these companies:
Name | Company number | Address | Country |
Ocean Infinity Group Limited | FC035804 | 17 Grosvenor Street, London W1K 4QG | United Kingdom |
Geowynd Ltd | 12842044 | ||
Ocean Infinity Group (UK) Ltd | 03072527 | Unit 1 Keel Road, Woolston, Southampton SO19 9UY | |
Ocean Infinity Innovations Limited | 13163626 | ||
Ocean Infinity (Portugal) SA | 510091083 | Rua Cândido dos Reis 1499 4460, Custóias | Portugal |
Ocean Infinity (Australia) Pty Ltd | 128 811 978 | 22-24 Hutchinson Street, Surry Hills NSW 2010 | Australia |
Ocean Infinity Group Holding (Sweden) AB | 556793-1224 | Sven Källfelts Gata 11, SE-426 71 Västra Frölunda | Sweden |
Ocean Infinity AB | 556679-4706 | ||
Ocean Infinity (Offshore) AB | 556866-4923 | ||
Ocean Infinity Nearshore AB | 556846-6030 | ||
Ocean Infinity Pte Ltd | 201811944M | 15 Scotts Road #04-01/03, 15 Scotts, 228218 | Singapore |
Ocean Infinity Operations Pte Ltd | 202228189W | ||
Ocean Infinity Inc | 6439509 | 10415 Morado Circuit Suite 3-300 Austin, TX 78759-6214 | United States |
Ocean Infinity America Inc | 7848388 | ||
Ocean Infinity (US) Inc | 7633983 | c/o Edelstein & Company LLP, 160 Federal Street, 9th floor, Boston, MA 02 110 | |
Ocean Infinity Solutions Corp | BC1363462 | PO Box 49314, Suite 2600, Three Bentall Centre, 595 Burrard Street, Vancouver, British Columbia V7X 1L3 | Canada |
Ocean Infinity (Norway) AS | 915 384 838 | Haraldsgata 116, 5527 Haugesund | Norway |
Geowynd SRL | 12143550965 | Via Agnello n. 6/1, 20121 Milano MI | ITALY |
- If you want to speak to someone about this Privacy Notice, your rights, your personal data, or something else related to privacy or data protection, you can email privacy@oceaninfinity.com or contact us at our above address.
- This Privacy Notice describes how we collect and use personal information about you before, during, or after we have an employment, contractual, or other relationship with you.
- We are a data controller because we decide how we obtain, keep, and use your personal data. We comply with the obligations placed upon data controllers by the UK GDPR and the Data Protection Act 2018, and other applicable data protection regimes.
- This Privacy Notice is not a contract, but we will comply with it. We may change this Privacy Notice at any time without notice to you.
WHO THIS PRIVACY NOTICE APPLIES TO
- This Privacy Notice applies to the following categories of people:
- private individuals who communicate with us in their personal capacities;
- contractors, employees, and other similar workers or representatives of businesses we interact with;
- visitors to our physical places of business, but only where we have exclusive control over who can access those places (and not where someone else controls who can access a building or office where we work);
- guests at events we organise or host; and
- job applicants or prospective employees:
- who have applied for a job we have advertised;
- who have submitted contact details, employment information and history, awards, or qualifications (collectively, ‘Employment Information’) as part of a general application to work for us (otherwise than in relation to a specific role);
- who have published Employment Information and other personal data on online professional and social networking platforms or forums; or
- whose Employment Information has been provided to us by a third party recruiting agency or similar organisation.
- If you are our employee, you can ask our People & Culture team, or email privacy@oceaninfinity.com for a copy of our Internal Privacy Notice which provides privacy information specific to employees.
- Each of our websites has a Cookie Notice that describes the purpose and duration of cookies we set, and gives other details of personal data we collect when you visit.
PURPOSES OF DATA PROCESSING
- We may process your personal data for any of the following purposes:
- to communicate with you in relation to correspondence that you have requested or initiated, including via our website or social media, or by telephone, email, or letter;
- to facilitate our performance of a contract (including contracts with someone else) or our conduct of business, such as where you are an employee of a business we deal with or a contractor who works with us;
- to evaluate your suitability for employment by us, and to communicate with you about your job application or prospective employment;
- to highlight our business relationships, promote our brand, or undertake any other form of marketing; and
- to establish, exercise, or enforce our legal rights; perform our legal obligations; and to initiate, prosecute, or defend against legal proceedings.
LAWFUL BASIS FOR DATA PROCESSING
- If you are a person listed in section 2 and we are processing your data for a purpose listed in section 3, we will do so on the following lawful bases:
- consent: we have obtained your freely given, clear, specific consent to process your personal data;
- contract: we need to process your personal data to perform or conclude a contract with you, including, for example, where you are a contractor working with us, or where we are going to employ you;
- legal obligations: we need to process your person data to perform a non-contractual legal obligation, such as mandatory record-keeping, or compliance with court orders or a law that requires us to make a report to a government agency; and
- legitimate interests: we need to process your personal data for our or someone else’s legitimate interests and neither your interests nor your rights and freedoms override those interests.
- If we are processing your personal data for more than one purpose, more than one of the lawful bases listed above may be applicable.
TYPES OF PERSONAL DATA WE COLLECT AND PROCESS
- If you are a job applicant or prospective employee, we will process your personal data on the basis of our legitimate interest in comprehensively evaluating your candidacy and suitability for employment, and hiring and retaining skilled employees, and as you would reasonably expect as a job applicant or prospective employee. We will process the following kinds of personal data about you:
- your name;
- your contact details, including your phone number, and physical and email addresses;
- your qualifications, certifications, and awards;
- your employment history;
- the languages you speak and the proficiency with which you speak them;
- your indication that you have the right to work in the country in which a particular role is located; and
- personal data ancillary or incidental to the foregoing that you have supplied to us or which you have made publicly available and which you would reasonably expect us to collect and use to make employment decisions.
- If you are a job applicant, we will process the following kinds of personal data on the basis of our legal obligation to comply with the Equality Act 2010 (UK):
- information about your health, to the extent that we need that information to decide if you can carry out essential aspects of the role you are applying for; and
- information about whether you have a disability, to the extent that we need that information to determine whether we need to make reasonable adjustments to our recruiting process to avoid disadvantage that you otherwise may experience.
- If we invite you to attend an interview, we will process your personal data in accordance with our Internal Privacy Notice, and we will give you a copy.
- If you visit our physical places of business, we will process your personal data on the basis of our legitimate interest in maintaining the physical and information security of our premises, equipment, networks, and our proprietary and confidential information; and in protecting our staff, facilities, and other assets from damage and criminal wrongdoing. We will process the following kinds of personal data about you:
- your name and other information displayed on documents proving your identity;
- your employer or the person or entity on whose behalf you are visiting;
- details about your vehicle, if you have one with you;
- your physical likeness, captured as video footage by our CCTV security network; and
- technical details, such as a MAC address, obtained from devices that you connect to our network.
- If you are a private individual and:
- you communicate with us in your personal capacity, including by engaging with our social media content, we will process your personal data on the basis of our legitimate interest in promoting our brand and undertaking public marketing; or
- you communicate with us privately and directly to make a request to us or obtain information from us, we will process your personal data on the basis that you have consented to our use of it solely for the purpose of dealing with your communication,
- If you are a job applicant or prospective employee, we will process your personal data on the basis of our legitimate interest in comprehensively evaluating your candidacy and suitability for employment, and hiring and retaining skilled employees, and as you would reasonably expect as a job applicant or prospective employee. We will process the following kinds of personal data about you:
INTERNATIONAL TRANSFERS AND TRANSFERS TO OUR AFFILIATES
- We may transfer your personal data outside the country in which we collect it. We may need to do this because we use the services of data processors which are managed in other countries, and because we have a global workforce employed in other countries. We will only transfer your personal data to:
- countries that are deemed to afford you adequate protection by a decision made in accordance with Article 45 of the GDPR; and
- recipients whose processing of your personal data we can ensure is subject to appropriate safeguards, including standard contractual clauses that have been approved by data protection authorities in countries that are subject to the GDPR.
- We will only transfer personal data to the following categories of recipients in third countries:
- third party data processors (such as cloud service providers) whose services we use to administer our business; and
- other companies in our corporate group with whom we share internal services (such as our human resources, finance, and legal teams).
- If you want to see the appropriate safeguards we have implemented to protect your personal data, you can email privacy@oceaninfinity.com.
HOW LONG WE WILL KEEP YOUR DATA
We will retain personal data that we collect and process for the period specified in the table laid out below:
Category of data subject
Section of this privacy notice
Categories of personal data
Retention period
Unsuccessful job applicants
Prospective Employees
5.1 // 5.2
All collected
Twelve months from data received
Visitors to our physical places of business
5.3
All collected
Twelve months from data of visit
Private individuals via social media
5.4
All collected
Duration of retention by social media platform
Private individuals by private direct communication
5.4
All collected
Six months from the date on which we notify you that we regard your communication as dealt with, unless we notify you otherwise
Contractors and employees or representatives of business we work or interact with
5.5 // 5.6
All collected
Six years from the conclusion of our business relationship unless litigation is commenced or anticipated during that period
People who register to attend our events
5.7
All collected
Two months from the date on which the event is held
People who attend our events
5.8
Name, contact details, and record of attendance
Two months from the end of the calendar year during which the event is held
People who attend our events
5.8
Photographs taken during our events
Duration of marketing campaign in which your likeness is displayed
YOUR RIGHTS
- The GDPR affords you a range of rights that you can read about on the Information Commissioner’s Office (ICO) website.
- ICO is the supervisory authority in the UK that you can complain to about a breach of data protection law or your rights under the GDPR. You can contact the ICO:
- by telephone: 0303 123 1113
- online via ICO’s complaint form or live chat
- via the form or at the physical addresses listed on its ‘Contact us’ page.
The European Data Protection Board maintains a list of supervisory authorities for each of the other countries that are subject to the GDPR, and you can complain to one of those authorities, too.
- You have a right of access to personal data that we hold about you, and if you ask us, we must tell you whether we hold your personal data, and if we do, we must provide it to you along with details about what we do with it, who we share it with (if anyone), and how long we are going to keep it for.
- We must answer you within one month of your request.
- You can tell us to rectify inaccurate personal data or complete incomplete personal data we hold about you.
- You can ask us to erase the personal data we hold about you. We do not have to do this in all circumstances, and we will tell you if we are not going to comply with your request. If we have processed your personal data on the basis of your consent, you may withdraw it freely and at any time, and in such circumstances, we must erase your personal data.
- If we are processing your personal data and:
- you think your data is recorded inaccurately;
- we are doing so unlawfully but you do not want us to erase that data;
- we no longer need it, but you need it for legal proceedings; or
- you have objected to that processing and you believe that our legitimate interests do not outweigh your own interests, rights, and freedoms,
you can tell us to restrict our processing, and we will not process your personal data except with your consent unless the GDPR permits us to continue doing so, in which case we will tell you why. We will resolve your claim and we may, once we have told you about that resolution, start processing your personal data again.
- If we are processing your personal data on the basis of our legitimate interests, you can object to that processing. If we can demonstrate to you:
- the compelling legitimate grounds that we have for processing your data and which outweigh your interests, rights, and freedoms; or
- that we need your personal data to prosecute or defend legal proceedings,
we may refuse to comply with your objection. If we cannot demonstrate either of these grounds for processing, we must stop processing your data.
- If your request is manifestly unfounded or excessive, we may charge you a reasonable fee to deal with your request, or refuse to do what you have requested. We will tell you if we believe these options are open to us.
- There are some circumstances in which we can rely on an exemption contained in the GDPR or Data Protection Act 2018 which may prevent you from exercising some of the rights described above. If we rely on an exemption, we will tell you why.