Privacy Policy

This document sets out the rules for processing and protecting users' personal data and describes the rights available to data subjects.

§1. General provisions

This Privacy Policy explains how the crewingbay.com portal (the "Portal") processes and protects users' personal data.
Data processing takes place in accordance with applicable law, in particular the GDPR (EU 2016/679) and regulations on electronic service provision. This Policy supplements the Portal Terms of Service and describes user rights and the Administrator's data protection practices.

§2. Scope and purpose of data processing

Types of processed data:
1. Identification data (e.g. first name, last name, company name)
2. Profile and application data (e.g. CV, experience, photos if provided)
3. Contact data (email address, phone number, correspondence address)
4. Payment and accounting data where required by law
5. Technical data (IP address, device identifiers, browser information, server logs, cookies)
Purposes of data processing:
1. Providing Portal services such as account registration, profile handling, posting offers, and applications
2. Ensuring the security and integrity of the system
3. Communicating with users about the Portal
4. Marketing and informational activities based on consent or another legal basis
5. Fulfilling legal obligations such as accounting and archiving
6. Statistical analysis and optimisation of Portal performance
Legal bases for processing:
1. Necessity for contract performance (Article 6(1)(b) GDPR)
2. User consent (Article 6(1)(a) GDPR)
3. Legal obligation of the Administrator (Article 6(1)(c) GDPR)
4. Legitimate interest of the Administrator (Article 6(1)(f) GDPR), e.g. security, anonymised analytics, or claims handling
The primary source of data is the user through forms, profiles, applications, and messages. In justified cases, data may also come from third parties such as recruitment partners, provided it was obtained in accordance with applicable law.

§3. Data recipients and processors

Data may be shared with:
1. Payment system operators where applicable
2. Hosting service providers
3. Analytics tool providers
4. Emailing system providers
5. Marketing partners, only after obtaining the required consents
Data is entrusted to third parties on the basis of processing agreements defining obligations and security measures. Data may also be disclosed to public authorities to the extent required by law.

§4. Transfers outside the EEA

Data is not transferred outside the European Economic Area unless required for service provision. Where transfers take place, legal safeguards such as Standard Contractual Clauses (SCCs) are applied. Information on transfers is available on request.

§5. Data retention

Data is retained only for as long as necessary for processing purposes and is then deleted or anonymised unless longer retention is required by law.

Examples of retention periods:

Accounting data - as required by law, e.g. 5 years for tax purposes
User account data - until account deletion or for the protection of claims
Logs and technical data - usually up to 12 months
Application data/CVs - typically 24 months after the end of recruitment, with a possible extension based on user consent
Marketing data - until consent is withdrawn, up to 3 years after the last contact unless the user agrees to longer processing

§6. Rights of data subjects

The user has the right to:
1. Access data
2. Rectify data
3. Delete data ("right to be forgotten")
4. Restrict processing
5. Data portability
6. Object to processing based on legitimate interest or profiling
7. Withdraw consent at any time
8. Lodge a complaint with the supervisory authority
Requests should be sent to privacy@crewingbay.com.
The Administrator may request additional information to verify identity.

§7. Profiling

The Administrator may use analytical tools to improve services, for example by matching offers more effectively. Profiling does not result in automated decisions with legal effects without human involvement.
Where decisions rely on consent or profiling, the user may object and request human intervention.

§8. Cookies

The Portal uses cookies to:
1. Remember settings and preferences
2. Ensure proper website operation
3. Run statistical analyses
4. Adjust content and marketing activities with user consent
Users can manage cookies in their browser settings. Disabling some cookies may limit website functionality.

§9. Data security and incidents

The Administrator applies:
1. Access control and authorisations
2. Transmission encryption (TLS/HTTPS)
3. System monitoring and incident detection
4. Regular backups
Despite these safeguards, the risk of external attacks cannot be completely eliminated. In the event of a data breach, the Administrator acts in accordance with the law and, where required, informs users and the supervisory authority.
If an incident occurs, the Administrator assesses the risk, reports the incident to the relevant authority, and where there is a high risk to users, informs the affected persons.
Contact: privacy@crewingbay.com

§10. Procedure for exercising rights

Requests should be submitted in writing or by email and include identification data and the scope of the request. The Administrator responds within the legal deadline, usually 1 month. In justified cases, this period may be extended by 2 months together with information on the reason for the delay.

§11. Contact and Data Protection Officer

General contact: privacy@crewingbay.com
If a Data Protection Officer has been appointed, their contact details are available on the Portal.
If you have concerns or believe your rights were violated, you may submit a complaint to the competent supervisory authority.

§12. Changes to the Privacy Policy

The Administrator may amend this Policy by publishing a new version on the Portal. Users are informed about material changes. Changes enter into force 14 days after publication.
Continued use of the Portal means acceptance of the new version of the Policy.