This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer", "Controller") and Prime Calibre Pty Ltd (ABN 76 678 167 407, Australia), trading as Strait Up Maritime ("Processor", "Reseller"), and governs the processing of personal data in connection with the Service. The Service platform is owned and operated by Prime Calibre Limited (Hong Kong) ("Product Owner"), which acts as a sub-processor under this DPA.
"Personal Data", "Processing", "Controller", "Processor", and "Data Subject" have the meanings given in the UK GDPR / EU GDPR as applicable.
We process personal data solely to provide the Service as described in our Privacy Policy. The categories of data and processing activities are:
| Category | Data | Purpose | Retention |
|---|---|---|---|
| Account data | Name, email, company | Authentication, communication | Duration of account. Deleted within 30 days of account termination. |
| Usage logs | Endpoints accessed, timestamps, vessel IDs screened | Service delivery, abuse prevention, audit | 12 months from creation, regardless of account status, then deleted. |
| Session data | Session tokens, IP addresses | Authentication, security | Duration of session + 30 days, then deleted. |
| Uploaded documents | Files attached to vessel records | Storage and retrieval for Customer | Until deleted by Customer. Deleted within 30 days of account termination. |
| Payment data | Processed by Stripe (we do not store card details) | Billing | Per Stripe's retention policy. |
Third-party personal data in documents. Uploaded documents may contain personal data relating to third parties (e.g., beneficial owners, directors, crew lists of screened vessels). The Customer is the Controller for this data and is responsible for ensuring they have a lawful basis for providing it. The Processor will process such data solely for storage and retrieval as part of the Service.
We use the following sub-processors to deliver the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Prime Calibre Limited | Platform owner, IP principal, product operation, data infrastructure | Hong Kong |
| Railway | Application hosting, database, object storage | Singapore |
| Cloudflare | CDN, DNS, DDoS protection | Global edge network |
| Stripe | Payment processing | Australia / US |
| Resend | Transactional email delivery | US |
We will notify you by email at least 14 days before adding a new sub-processor. You may object by contacting us within that period.
In the event of a personal data breach, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, categories and approximate number of records affected, likely consequences, and measures taken to address it.
Your data is hosted in Singapore (Railway) and processed by Prime Calibre Limited in Hong Kong. Neither Singapore nor Hong Kong has an EU adequacy decision. For transfers of personal data from the UK/EEA to these jurisdictions, we rely on:
Copies of the executed SCCs are available on request. We have conducted a Transfer Impact Assessment for each transfer destination and determined that the combination of SCCs, encryption in transit and at rest, and access controls provides an adequate level of protection.
We will assist you in fulfilling data subject requests (access, rectification, erasure, portability, restriction, objection) to the extent technically feasible. Requests can be submitted to privacy@straitupmaritime.com.
This DPA is effective for the duration of your use of the Service. Upon termination, we will delete all personal data in accordance with the retention schedule in Section 2. Account data and uploaded documents are deleted within 30 days. Usage logs are retained for the remainder of their 12-month retention period for abuse prevention and audit, then deleted.
This DPA is governed by the laws of New South Wales, Australia, consistent with the governing law of the Terms of Service. To the extent this DPA relates to the processing of personal data of UK or EU/EEA data subjects, the applicable data protection law (UK GDPR or EU GDPR) takes precedence over any conflicting provision.
Data protection enquiries: privacy@straitupmaritime.com