Privacy Policy.
Grandee Central East Shipping L.L.C is committed to protecting the privacy and security of personal data in accordance with applicable international data protection laws.
Introduction & Scope
This Privacy Policy applies to all personal data collected, processed, and stored by Grandee Central East Shipping L.L.C ("GCES", "we", "us", or "our") in the course of our business operations, including through our website, commercial engagements, vessel operations, and counterpart interactions. This policy reflects our commitment to transparency and compliance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, the EU General Data Protection Regulation (GDPR) where applicable, and other relevant international data protection frameworks.
Data We Collect
We collect and process personal data that is necessary for the legitimate operation of our business. This includes: (a) business contact information (names, titles, email addresses, telephone numbers) of representatives of our counterparties, partners, and vendors; (b) identification and verification documents required for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance; (c) vessel crew and personnel data as required by International Maritime Organization (IMO) and flag state regulations; (d) technical and navigational data related to vessel movements and cargo operations; (e) website usage data including IP addresses, browser types, and access logs for security and analytics purposes.
Legal Basis for Processing
We process personal data on the following legal bases: (a) performance of a contract or pre-contractual measures; (b) compliance with legal obligations, including maritime regulations, sanctions screening, and financial reporting requirements; (c) legitimate business interests, such as risk management, operational safety, and fraud prevention; (d) consent, where required by applicable law and explicitly obtained. We do not rely on consent as the sole legal basis for processing where the data subject is a child.
Data Sharing & Transfers
Personal data may be shared with: (a) regulatory authorities, port state control, and flag state administrations as required by law; (b) classification societies, insurers, and Protection and Indemnity (P&I) clubs for vessel certification and risk coverage; (c) vetted service providers and agents who support our operations under strict confidentiality agreements; (d) legal and financial advisors in connection with corporate transactions or dispute resolution. International data transfers are conducted with appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy decisions where required by the GDPR.
Data Security
GCES implements a comprehensive information security program aligned with ISO 27001 principles and maritime cybersecurity guidelines (IMO Resolution MSC.428(98)). Technical measures include encryption in transit and at rest, access controls, network segmentation, and regular vulnerability assessments. Organizational measures include staff training, incident response protocols, and periodic security audits. We maintain cyber insurance coverage commensurate with our operational risk profile.
Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Maritime operational records are retained in accordance with SOLAS, MARPOL, and flag state requirements, typically for a minimum of five years. Financial and compliance records are retained for periods required by tax, accounting, and sanctions regulations. Upon expiration of the retention period, data is securely deleted or anonymized.
Your Rights
Depending on your jurisdiction, you may have the right to: (a) access your personal data and obtain a copy; (b) request rectification of inaccurate or incomplete data; (c) request erasure of your personal data, subject to legal retention obligations; (d) restrict or object to processing in certain circumstances; (e) data portability where processing is based on consent or contract; (f) lodge a complaint with a supervisory authority. To exercise these rights, contact us at the address below.
Cookies & Tracking
Our website uses strictly necessary cookies required for core functionality, such as security and navigation. We do not use third-party advertising or profiling cookies. Analytics cookies, if deployed, are limited to aggregated, anonymized usage statistics and may be disabled through browser settings. By continuing to use our website, you consent to the use of necessary cookies.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through our website or direct notice where appropriate. The effective date at the top of this policy indicates the last revision.
Contact Us
For questions, concerns, or requests related to this Privacy Policy or our data practices, please contact our Data Protection Officer at: Grandee Central East Shipping L.L.C, Majuro, Republic of the Marshall Islands / Istanbul, Türkiye. Email: privacy@gces.llc