• crew@quarterdeck.boats
Quarterdeck Quarterdeck
  • Quarterdeck Home
  • Pricing
  • Help
  • Online (Demo)

Quarterdeck

Privacy Policy

Effective date: 25 May 2026 · Version 1.0 · GDPR Compliant

Quarterdeck is designed with crew privacy in mind. This policy explains what personal data is collected, why it is collected, how long it is kept, and the rights of every crew member whose data is held within the system. Quarterdeck is a locally installed application — your data lives on your vessel or your chosen hosting, not on our servers.

Section 01

Who we are

Quarterdeck is developed and maintained as an independent software product. References to "we", "us", or "our" in this policy refer to the developer of Quarterdeck.

For the purposes of GDPR and applicable data protection law, the vessel operator — the company or individual responsible for operating the vessel on which Quarterdeck is installed — is the data controller in respect of all crew personal data held within their Quarterdeck installation. Quarterdeck, as a software provider, acts as a data processor where we have temporary access to data during a hosted trial period.

Contact: crew@quarterdeck.boats

Section 02

Where your data lives

Quarterdeck is designed to run locally aboard the vessel or on hosting infrastructure chosen and controlled by the vessel operator. This means:

  • Your crew data is held on your own systems — not on Quarterdeck's servers
  • We do not have ongoing access to your crew data once Quarterdeck is installed on your own infrastructure
  • You are responsible for the security, backup, and integrity of your own installation
Trial period exception: During a free trial, your Quarterdeck installation may be hosted temporarily on our servers. In this case, we have access to the data as a data processor on your behalf. At the end of the trial, a complete backup is provided to you and we do not retain copies of your data.

Section 03

What personal data is collected

Quarterdeck collects and stores the following categories of personal data about crew members:

Data categoryExamplesPurpose
Identity dataFull name, position/rank, profile photoCrew board, muster list, ID card
Contact dataEmail address, phone numberAccount access, notifications
Operational dataOn/off board status, boarding timesCrew board, muster list, safety management
Compliance dataHours of Rest records, work/rest logs, digital signaturesMLC 2006 / STCW compliance
Transport dataCar pool bookings, journey detailsCrew transport management
Safety dataMuster station assignments, drill participation recordsSafety management, emergency preparedness

We do not collect sensitive personal data such as medical records, financial information, or passport/identity document numbers unless these are voluntarily entered by the vessel operator into free-text fields.

Section 04

Legal basis for processing

The vessel operator, as data controller, processes crew personal data on the following legal bases under GDPR Article 6:

  • Legal obligation — Hours of Rest records are required by MLC 2006 and STCW. Processing this data is necessary to comply with applicable maritime law.
  • Legitimate interests — Crew boarding logs, muster lists, and transport bookings are necessary for the safe and lawful operation of the vessel.
  • Contract — Processing crew contact and identity data is necessary to manage the employment or engagement of crew members.

Section 05

Data retention

Different data categories are retained for different periods, reflecting operational needs and legal requirements:

Data categoryRetention periodReason
Hours of Rest recordsMinimum 2 yearsRequired by MLC 2006 Regulation 2.3 and Standard A2.3
Crew identity & contact dataUntil account deletionDeleted immediately upon crew member request
Boarding / muster recordsUntil account deletionOperational records, removed with crew account
Transport bookingsUntil account deletionOperational records, removed with crew account
Safety drill recordsUntil account deletionRetained for safety audit purposes while crew is active
Hours of Rest retention: MLC 2006 requires that Hours of Rest records be retained for a minimum of two years. When a crew member deletes their account, their personal identifying information (name, email, phone number, photo, signature) is permanently deleted. However, their Hours of Rest records are retained in anonymised or de-identified form for the legally required period. This is a regulatory obligation and cannot be waived.

Section 06

Account deletion and the right to erasure

Every crew member with a Quarterdeck account may delete their own account at any time from within the application. Upon account deletion, the following personal data is permanently and immediately deleted:

  • Full name
  • Email address
  • Phone number
  • Position / rank
  • Profile photograph
  • Digital signature

As noted above, Hours of Rest records are retained for the legally required minimum period of two years but are de-identified upon account deletion so they cannot be linked back to the individual.

Account deletion requests are processed immediately within the system. Deleted data cannot be recovered.

Section 07

Your rights under GDPR

Where GDPR applies, crew members whose personal data is held in Quarterdeck have the following rights. These rights should be exercised by contacting the vessel operator (data controller) directly:

  • Right of access — You may request a copy of the personal data held about you
  • Right to rectification — You may request correction of inaccurate personal data
  • Right to erasure — You may delete your own account and personal data at any time within the application, subject to the Hours of Rest retention requirement above
  • Right to restriction — You may request that processing of your data be restricted in certain circumstances
  • Right to data portability — You may request your data in a portable format
  • Right to object — You may object to processing based on legitimate interests

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with your national data protection supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

Section 08

Data security

Because Quarterdeck runs on vessel or operator-controlled infrastructure, the security of crew data is primarily the responsibility of the vessel operator. We recommend:

  • Restricting access to the Quarterdeck admin panel to authorised personnel only
  • Using strong passwords for all crew accounts
  • Ensuring the server or device running Quarterdeck is kept up to date with security patches
  • Taking regular backups and storing them securely
  • Using HTTPS if Quarterdeck is accessed over a network

During any trial period hosted on our infrastructure, we apply appropriate technical and organisational security measures to protect your data.

Section 09

Data sharing and third parties

We do not sell, rent, or share crew personal data with third parties for marketing or commercial purposes.

Crew data may be shared in the following limited circumstances:

  • With port state control authorities or flag state inspectors during an inspection, as required by law
  • With the vessel's management company, owner representative, or DPA, to the extent this is part of normal vessel operations
  • Where required by law, court order, or regulatory obligation

Quarterdeck software does not include any third-party analytics, advertising, or tracking tools that transmit crew data to external parties.

Section 10

Cookies and tracking

Quarterdeck uses session cookies solely to maintain login state within the application. These cookies:

  • Are strictly necessary for the application to function
  • Do not track behaviour across sessions
  • Are not shared with any third party
  • Expire at the end of the browser session or upon logout

No advertising cookies, analytics cookies, or third-party tracking scripts are used in Quarterdeck.

Section 11

Children's data

Quarterdeck is intended for use by professional crew members aboard commercial vessels. We do not knowingly collect personal data from anyone under the age of 16. If you believe data relating to a minor has been entered into the system in error, please contact the vessel operator immediately.

Section 12

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the software, applicable law, or our practices. Where changes are material, we will notify vessel operators by email at least thirty (30) days before the changes take effect.

The current version of this policy, including the effective date, is always published on our website.

Section 13

Contact

For any questions about this Privacy Policy or how personal data is handled in Quarterdeck, please contact us:

Email: crew@quarterdeck.boats

Product: Quarterdeck Crew Management Suite

For requests relating to your personal data held within a specific vessel's installation, please contact the vessel operator or management company directly, as they are the data controller for that data.

© 2026 Quarterdeck · A KiS project Privacy Policy · Terms of Use ·
  • Quarterdeck Home
  • Pricing
  • Help
  • Online (Demo)