NAPA values the privacy of your personal data
Napa Ltd. (“NAPA”) aims to provide highly specialized and targeted products and services to maritime industry. To achieve this, we make features and data available to end users through our website, mobile and desktop applications, API access or other consultancy work (“Services”).
Personal data means information which allows us to identify you, such as your name, contact details and information about your access to our website, mobile app and other NAPA Services.
We may collect personal data from you when you use our products, you register with us, purchase any of our Services, or when being in contact with our personnel. We may also collect personal data either directly or indirectly through our trusted third-party partners.
What type of personal data is collected?
Registration and log-in information
We collect the information you provide while interacting with NAPA employees, in the registration to our website or when signing up an account to our Services. In order to become a registered user of NAPA you need to provide us your name, business email address and password in order to create your own personal account.
We collect the information you provide while subscribing to a newsletter or while registering an account to our website or to our Services. In order to become a registered user of NAPA Services you need to provide us your name, business email address and password in order to create your own personal account. For example, we collect email address, company name and telephone numbers when visitors fill our contact form and request any information on our Services, or the information they provide us when they apply for a vacant position in our company.
Employee, human resources and recruitment data
NAPA collects your personal data during the recruitment process mainly directly from you. We may also collect information about you from other available sources to the extent relevant and permitted by applicable law, such as your referees, NAPA employees with whom you have interviewed, and employment background check providers.
The categories of personal data NAPA may collect about you are (local country specific restrictions may apply)
- applicant data: name, contact information (telephone number, email address), employment and educational history, training, licenses and certificates, competences and qualifications, personal identification information
- recruitment information: CVs and applications, references, background check information
- communication: telephone recordings, video recordings, voice mails, emails
- other information is collected only if that is necessary for making recruitment decisions or for some local country specific processes that demand it or the information that the applicant provides on his/her initiative
NAPA processes your personal data only for its legitimate business purposes, including
- identifying and evaluating candidates for potential employment
- keeping the records in relation to recruiting and hiring
- conducting background checks as permitted by applicable law
We may also wish to retain your personal data to consider you for future employment opportunities. In such case, we will seek your consent. We always request your consent to perform any background checks. NAPA has screening and selection procedures in place for third-party service providers to guarantee secure processing of personal data. After submitting your application, only recruitment-related personnel will have access to your personal data.
Our job application project management system is Teamtailor (“Teamtailor AB”). Data collected through Teamtailor is stored and processed inside the EU / EEA, or in countries that are considered to have an adequate level of protection by the European Commission, or by suppliers that have entered into binding agreements that fully comply with the lawfulness of third-country transfers (Privacy Shield). The application data of those persons who have not been employed by NAPA is stored for two years by default.
If you accept an offer of employment with us, any relevant personal data collected during the recruitment process will become part of your employee records and will be retained in accordance with country-specific requirements.
Use of services
We collect information when you use NAPA website or NAPA Services. We collect information about what and how you use the Services, such as duration of the activity, vessel types or routes that are being analyzed. This can also include information you give, such as name of a vessel or port, used fuel quality or a notification setting. We may log when you use the service or we may log when you install a NAPA mobile app, etc.
When you access our website and mobile apps or open electronic correspondence from us, our servers may record data regarding your device and the network you are using to connect. We collect information from or about the computers, phones or other devices where you access or install our Services, such as the operating system and hardware version you use, device settings such as screen resolution. We also collect information about your connection such as your internet service provider or your mobile operator, browser type, language and time zone, mobile phone number and IP address.
Information about payments
When you purchase our Services, we collect only the necessary information such as payment amount and contact details regarding this purchase. If making an online purchase, NAPA does not collect any of your credit or debit card details.
Information from third – parties
We may collect information about your activities from third-party partners, such as information from a partner when we offer our Services jointly or from an advertiser about your experience or interaction with them.
How the personal data is used?
We may use the personal data in the following way:
- storing your personal data in databases for proper execution of our Services to you
- delivering, developing and improving our Services
- communicate with you about our Services and to inform about changes in our policies and terms
- internal accounting and administration
- complying with our legal obligations, for example regarding labor or tax law
- research and analysis in relation to our business and Services, including but not limited to trends and preferences in sales and use of our website and Services
- involving you in market research and seeking feedback regarding our relationship with you and/or the service we have provided;
- targeted marketing communications relating our products and Services (and those of third parties) that we think may interest you, in case you have expressly requested and/ or consented to receiving such actions from us.
We process your information only if you have previously given your consent to such processing (which you may withdraw at any time in the future), or in case the processing is necessary to provide our Services to you; or for compliance with our legal obligations; and/or the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal information; or according to our contractual arrangement.
Disclosing of information to third parties
We take the privacy of personal data seriously and we do not sell or otherwise provide your personally identifiable information to third parties, except as described in this policy. We may disclose personal data for the purposes to:
- our employees on a need to know basis in order to meet business purposes or according to the contractual obligations
- our contractors and service providers who assist NAPA in providing our Services
- external business advisers such as lawyers or external auditors
- CRM, marketing and market research and analysis companies (such as Netsuite, Hubspot, Salesforce, Google Analytics)
- public authorities in order to comply with a valid and authorized request, including court order or other valid legal process
Data retention and security
We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements. Non-personally identifiable and aggregated information may be stored indefinitely.
Napa Ltd. has implemented necessary technical solutions to protect the data both in transit and in storage. Log files of processing activities are retained for at least three (3) months and therefore, Napa Ltd. has the possibility to verify if data has been misused or processed against the internal processing policies for up to three (3) months after the processing has been conducted.
The environment in which personal data is processed is also monitored systematically to detect any data breaches or security violations. Napa Ltd. follows the regulation and has a breach notification policy to inform the affected entities within 72 hours of the notification of the breach.
Depending on the type of personal data, Napa Ltd. might be using a third party platform to process and manage the personal information related to an individual.
Napa Ltd. has necessary contracts with these providers to ensure a third party is not accessing data without the prior approval of Napa Ltd or utilizing the data stored in the system for their own benefits.
We might also use third-party cookies, mainly from Google Analytics, in order to enhance your experience or improve our understanding of the use of our products. Google Analytics provides NAPA only personally unidentifiable information, such as when a user arrived to our Services, if the user has visited the site before, how long time is spent on each page. They also tell things like what browser / device the Service is being accessed with and from which geographical area. This information helps NAPA to improve our Services.
You can at any time remove or block cookies using the settings in your browser, but in some cases doing so may prevent NAPA website or Services from fully functioning. Unless you remove or block cookies, as mentioned above, we will retain the information we receive for as long as your account is active or you make use of our Services.
GDPR Compliance Statement
This statement defines how the requirements of Regulation (EU) 2016/679 / General Data Protection Regulation (GDPR) have been taken into account at Napa Ltd and its subsidiaries.
This statement is a general statement, it is not specified to any particular entity and is not a binding legal document between Napa Ltd and any particular entity.