External Privacy Notice

DOWNLOAD

This Privacy Notice was last updated on 6 June 2023.

INFORMATION ABOUT US AND THIS NOTICE

  • We are Ocean Infinity Group Limited (‘Ocean Infinity’, or ‘we’, ‘our’, or ‘us’). Our primary place of business and the location of our UK establishment is at 17 Grosvenor Street, London W1K 4QG.
  • The following companies are part of our corporate group, and are owned by Ocean Infinity. Any references to us in this Privacy Notice are also references to these companies, and this Privacy Notice also applies the activities of these companies:
 

Name

Company number

Address

Country

Ocean Infinity Group Limited

FC035804

17 Grosvenor Street, London W1K 4QG

United Kingdom

Geowynd Ltd

12842044

Ocean Infinity Group (UK) Ltd

03072527

Unit 1 Keel Road, Woolston, Southampton SO19 9UY

Ocean Infinity Innovations Limited

13163626

Ocean Infinity (Portugal) SA

510091083

Rua Cândido dos Reis 1499 4460, Custóias

Portugal

Ocean Infinity (Australia) Pty Ltd

128 811 978

22-24 Hutchinson Street, Surry Hills NSW 2010

Australia

Ocean Infinity Group Holding (Sweden) AB

556793-1224

Sven Källfelts Gata 11, SE-426 71 Västra Frölunda

Sweden

Ocean Infinity AB

556679-4706

Ocean Infinity (Offshore) AB

556866-4923

Ocean Infinity Nearshore AB

556846-6030

Ocean Infinity Pte Ltd

201811944M

15 Scotts Road #04-01/03, 15 Scotts, 228218

Singapore

Ocean Infinity Operations Pte Ltd

202228189W

Ocean Infinity Inc

6439509

10415 Morado Circuit Suite 3-300 Austin, TX 78759-6214

United States

Ocean Infinity America Inc

7848388

Ocean Infinity (US) Inc

7633983

c/o Edelstein & Company LLP, 160 Federal Street, 9th floor, Boston, MA 02 110

Ocean Infinity Solutions Corp

BC1363462

PO Box 49314, Suite 2600, Three Bentall Centre, 595 Burrard Street, Vancouver, British Columbia V7X 1L3

Canada

Ocean Infinity (Norway) AS

915 384 838

Haraldsgata 116, 5527 Haugesund

Norway

Geowynd SRL

12143550965

Via Agnello n. 6/1, 20121 Milano MI

ITALY

  • If you want to speak to someone about this Privacy Notice, your rights, your personal data, or something else related to privacy or data protection, you can email privacy@oceaninfinity.com or contact us at our above address.
  • This Privacy Notice describes how we collect and use personal information about you before, during, or after we have an employment, contractual, or other relationship with you.
  • We are a data controller because we decide how we obtain, keep, and use your personal data. We comply with the obligations placed upon data controllers by the UK GDPR and the Data Protection Act 2018, and other applicable data protection regimes.
  • This Privacy Notice is not a contract, but we will comply with it. We may change this Privacy Notice at any time without notice to you.

WHO THIS PRIVACY NOTICE APPLIES TO

  • This Privacy Notice applies to the following categories of people:
    • private individuals who communicate with us in their personal capacities;
    • contractors, employees, and other similar workers or representatives of businesses we interact with;
    • visitors to our physical places of business, but only where we have exclusive control over who can access those places (and not where someone else controls who can access a building or office where we work);
    • guests at events we organise or host; and
    • job applicants or prospective employees:
    • who have applied for a job we have advertised;
    • who have submitted contact details, employment information and history, awards, or qualifications (collectively, ‘Employment Information’) as part of a general application to work for us (otherwise than in relation to a specific role);
    • who have published Employment Information and other personal data on online professional and social networking platforms or forums; or
    • whose Employment Information has been provided to us by a third party recruiting agency or similar organisation.
  • If you are our employee, you can ask our People & Culture team, or email privacy@oceaninfinity.com for a copy of our Internal Privacy Notice which provides privacy information specific to employees.
  • Each of our websites has a Cookie Notice that describes the purpose and duration of cookies we set, and gives other details of personal data we collect when you visit.

 

PURPOSES OF DATA PROCESSING

  • We may process your personal data for any of the following purposes:
    • to communicate with you in relation to correspondence that you have requested or initiated, including via our website or social media, or by telephone, email, or letter;
    • to facilitate our performance of a contract (including contracts with someone else) or our conduct of business, such as where you are an employee of a business we deal with or a contractor who works with us;
    • to evaluate your suitability for employment by us, and to communicate with you about your job application or prospective employment;
    • to highlight our business relationships, promote our brand, or undertake any other form of marketing; and
    • to establish, exercise, or enforce our legal rights; perform our legal obligations; and to initiate, prosecute, or defend against legal proceedings.

 

LAWFUL BASIS FOR DATA PROCESSING

  • If you are a person listed in section ‎2 and we are processing your data for a purpose listed in section ‎3, we will do so on the following lawful bases:
    • consent: we have obtained your freely given, clear, specific consent to process your personal data;
    • contract: we need to process your personal data to perform or conclude a contract with you, including, for example, where you are a contractor working with us, or where we are going to employ you;
    • legal obligations: we need to process your person data to perform a non-contractual legal obligation, such as mandatory record-keeping, or compliance with court orders or a law that requires us to make a report to a government agency; and
    • legitimate interests: we need to process your personal data for our or someone else’s legitimate interests and neither your interests nor your rights and freedoms override those interests.
  • If we are processing your personal data for more than one purpose, more than one of the lawful bases listed above may be applicable.

 

TYPES OF PERSONAL DATA WE COLLECT AND PROCESS

    • If you are a job applicant or prospective employee, we will process your personal data on the basis of our legitimate interest in comprehensively evaluating your candidacy and suitability for employment, and hiring and retaining skilled employees, and as you would reasonably expect as a job applicant or prospective employee. We will process the following kinds of personal data about you:
      • your name;
      • your contact details, including your phone number, and physical and email addresses;
      • your qualifications, certifications, and awards;
      • your employment history;
      • the languages you speak and the proficiency with which you speak them;
      • your indication that you have the right to work in the country in which a particular role is located; and
      • personal data ancillary or incidental to the foregoing that you have supplied to us or which you have made publicly available and which you would reasonably expect us to collect and use to make employment decisions.
    • If you are a job applicant, we will process the following kinds of personal data on the basis of our legal obligation to comply with the Equality Act 2010 (UK):
      • information about your health, to the extent that we need that information to decide if you can carry out essential aspects of the role you are applying for; and
      • information about whether you have a disability, to the extent that we need that information to determine whether we need to make reasonable adjustments to our recruiting process to avoid disadvantage that you otherwise may experience.
    • If we invite you to attend an interview, we will process your personal data in accordance with our Internal Privacy Notice, and we will give you a copy.
    • If you visit our physical places of business, we will process your personal data on the basis of our legitimate interest in maintaining the physical and information security of our premises, equipment, networks, and our proprietary and confidential information; and in protecting our staff, facilities, and other assets from damage and criminal wrongdoing. We will process the following kinds of personal data about you:
      • your name and other information displayed on documents proving your identity;
      • your employer or the person or entity on whose behalf you are visiting;
      • details about your vehicle, if you have one with you;
      • your physical likeness, captured as video footage by our CCTV security network; and
      • technical details, such as a MAC address, obtained from devices that you connect to our network.
    • If you are a private individual and:
      • you communicate with us in your personal capacity, including by engaging with our social media content, we will process your personal data on the basis of our legitimate interest in promoting our brand and undertaking public marketing; or
      • you communicate with us privately and directly to make a request to us or obtain information from us, we will process your personal data on the basis that you have consented to our use of it solely for the purpose of dealing with your communication,

 

INTERNATIONAL TRANSFERS AND TRANSFERS TO OUR AFFILIATES

  • We may transfer your personal data outside the country in which we collect it. We may need to do this because we use the services of data processors which are managed in other countries, and because we have a global workforce employed in other countries. We will only transfer your personal data to:
    • countries that are deemed to afford you adequate protection by a decision made in accordance with Article 45 of the GDPR; and
    • recipients whose processing of your personal data we can ensure is subject to appropriate safeguards, including standard contractual clauses that have been approved by data protection authorities in countries that are subject to the GDPR.
  • We will only transfer personal data to the following categories of recipients in third countries:
    • third party data processors (such as cloud service providers) whose services we use to administer our business; and
    • other companies in our corporate group with whom we share internal services (such as our human resources, finance, and legal teams).
  • If you want to see the appropriate safeguards we have implemented to protect your personal data, you can email privacy@oceaninfinity.com.

 

HOW LONG WE WILL KEEP YOUR DATA

  • We will retain personal data that we collect and process for the period specified in the table laid out below:

    Category of data subject 

    Section of this privacy notice

    Categories of personal data

    Retention period

    Unsuccessful job applicants

     

    Prospective Employees

    ‎5.1 // ‎5.2

    All collected

    Twelve months from data received 

    Visitors to our physical places of business 

    ‎5.3

    All collected

    Twelve months from data of visit 

    Private individuals via social media 

    5.4

    All collected

    Duration of retention by social media platform

    Private individuals by private direct communication

    ‎5.4

    All collected

    Six months from the date on which we notify you that we regard your communication as dealt with, unless we notify you otherwise

    Contractors and employees or representatives of business we work or interact with

    ‎5.5 // ‎5.6

    All collected

    Six years from the conclusion of our business relationship unless litigation is commenced or anticipated during that period

    People who register to attend our events

    ‎5.7

    All collected

    Two months from the date on which the event is held

    People who attend our events

    ‎5.8

    Name, contact details, and record of attendance

    Two months from the end of the calendar year during which the event is held

    People who attend our events

    ‎5.8

    Photographs taken during our events

    Duration of marketing campaign in which your likeness is displayed

YOUR RIGHTS

    • The GDPR affords you a range of rights that you can read about on the Information Commissioner’s Office (ICO) website.
    • ICO is the supervisory authority in the UK that you can complain to about a breach of data protection law or your rights under the GDPR. You can contact the ICO:

    The European Data Protection Board maintains a list of supervisory authorities for each of the other countries that are subject to the GDPR, and you can complain to one of those authorities, too.

    • You have a right of access to personal data that we hold about you, and if you ask us, we must tell you whether we hold your personal data, and if we do, we must provide it to you along with details about what we do with it, who we share it with (if anyone), and how long we are going to keep it for.
    • We must answer you within one month of your request.
    • You can tell us to rectify inaccurate personal data or complete incomplete personal data we hold about you.
    • You can ask us to erase the personal data we hold about you. We do not have to do this in all circumstances, and we will tell you if we are not going to comply with your request. If we have processed your personal data on the basis of your consent, you may withdraw it freely and at any time, and in such circumstances, we must erase your personal data.
    • If we are processing your personal data and:
      • you think your data is recorded inaccurately;
      • we are doing so unlawfully but you do not want us to erase that data;
      • we no longer need it, but you need it for legal proceedings; or
      • you have objected to that processing and you believe that our legitimate interests do not outweigh your own interests, rights, and freedoms,

    you can tell us to restrict our processing, and we will not process your personal data except with your consent unless the GDPR permits us to continue doing so, in which case we will tell you why. We will resolve your claim and we may, once we have told you about that resolution, start processing your personal data again.

    • If we are processing your personal data on the basis of our legitimate interests, you can object to that processing. If we can demonstrate to you:
      • the compelling legitimate grounds that we have for processing your data and which outweigh your interests, rights, and freedoms; or
      • that we need your personal data to prosecute or defend legal proceedings,

    we may refuse to comply with your objection. If we cannot demonstrate either of these grounds for processing, we must stop processing your data.

    • If your request is manifestly unfounded or excessive, we may charge you a reasonable fee to deal with your request, or refuse to do what you have requested. We will tell you if we believe these options are open to us.
    • There are some circumstances in which we can rely on an exemption contained in the GDPR or Data Protection Act 2018 which may prevent you from exercising some of the rights described above. If we rely on an exemption, we will tell you why.