test

Nothing matches your criteria

Nothing matches your criteria

EN
  • UK
  • RU
  • TR
  • ID
  • LV
  • KA
  • RO
  • DE
  • BG
  • FIL

Nothing matches your criteria

EN
  • UK
  • RU
  • TR
  • ID
  • LV
  • KA
  • RO
  • DE
  • BG
  • FIL
You have no notifications yet
  • Home
  • Privacy Policy

Privacy Policy

PRIVACY POLICY
 Last updated: March 30, 2026

This Privacy Policy (hereinafter referred to as the “Policy”) governs the terms and procedures for the processing of personal data that MARINE MAN Estonia OÜ (hereinafter referred to as the “Controller”)—the owner of https://jobmarineman.com/ (hereinafter referred to as the “Platform”) may receive from individual and legal persons (public authority or their authorized representatives) -users of the Platform -during their use of it, pursuant to the Constitution of the Republic of Estonia, the Law of the Republic of Estonia “On the Protection of Personal Data,” and the regulations of the Republic of Estonia (hereinafter referred to as the “Law”) and the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (EU General Data Protection Regulation – GDPR), hereinafter collectively referred to as the “Legislation.”

1. GENERAL PROVISIONS

1.1. This Policy informs Platform Users about the types of personal data collected by the Platform Administrator and their protection, the purpose of using such personal data, under what circumstances and to whom they may be transferred, as well as the means of contacting the Administrator in case of questions regarding the processing of personal data.

1.2. Definitions of terms used in this Policy:

(1) “Administrator” – Limited Liability Company “MARINE MAN Estonia” (MARINE MAN ESTONIA OÜ), registration code: 14251651, legal address: 11414, Harju County, Tallinn, Lasnamae District, Pae tn 25-47, and persons authorized by it to administer and manage the Platform.

(2) “Controller” – an individual or legal person (public authority or their authorized representatives) who, alone or jointly with others, determines the purposes and means of processing personal data. The controller of personal data is the “data controller” as defined by the legislation of the Republic of Estonia.

(3) “User” – any individual person (who has reached the age of 18) or legal entity with full legal capacity who uses the Platform via the Internet to search for necessary information and to meet their needs regarding services in the field of maritime employment and crewing

(4) “Advertisement” means a notice posted on the Platform by a User who has successfully completed Authorization, containing information regarding the User’s provision of services related to employment services or job search offers.

(5) “Processor” – a individual or legal person (public authority or their authorized representatives) who processes personal data on behalf of the controller. The personal data processor is a “personal data processor” as defined by the legislation of the Republic of Estonia.

(6) “Processing of personal data,” “Processing of personal data” means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, organization or combination, restriction, erasure, or destruction.

(7) “Personal Account” means the User’s electronic record (account) on the Platform, which has a unique ID number created as a result of the User’s authorization on the Platform and which contains personal information about such User.

(8) “Personal Data” means a set of information about a individual person - a Platform user - by means of which they can be identified.

(9) “Platform” - a combination of software and hardware in the form of an online service, located on the Internet at: https://jobmarineman.com/.

(10)“Profiling” means a form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a individual person, in particular, to analyze or predict aspects related to the data subject’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

(11)“Third Party” means a individual or legal person, public authority, or their authorized representatives who are not the data subject (User), the controller, and/or the processor, and who are authorized to process personal data.

1.3. This Policy applies to all Users’ personal data that may be obtained by the Administrator and processed by the Operator during the use of the Platform (including, but not limited to, when creating a Personal Account and Posting an Ad, etc.).

1.4. The controller of Users’ personal data within the meaning of the Legislation is the Platform Administrator—MARINE MAN Estonia Limited Liability Company (MARINE MAN ESTONIA OÜ)—and persons authorized by it to administer and manage the Platform.

1.5. The processor of Users’ personal data within the meaning of the Legislation is the cloud provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; CEO: Martin Hetzner, Stephan Konvickova, Günther Müller; Register Court: Registergericht Ansbach, HRB 6089; VAT Reg. No.: DE812871812

1.6. An integral part of this Policy is the Cookie Policy, which is available to all Users at: https://jobmarineman.com/cookies-policy/.

1.7. The terms and conditions of use of the Platform by Users are governed by the User Agreement, which is available to all Users at: https://jobmarineman.com/terms-of-use/ (hereinafter the “Agreement”).

1.8. Upon their first visit to the Platform, the User voluntarily, knowingly, and after having read this Policy, agrees to the terms of this Policy and, accordingly, to the processing (processing) of Users’ personal data by clicking the “I agree” button and/or checking the corresponding box in the pop-up window in accordance with Appendix No. 1 to this Policy. If the User does not agree to the terms of this Policy, such User must leave the Platform.

1.9. By agreeing to the terms of this Policy, the User confirms that at the time of the collection and processing of personal data, they were informed of the scope and purpose of the processing of their personal data and of the parties to whom such data is transferred. By accepting the terms of this Policy and providing their personal data, the User guarantees that such data is provided with the consent of its owners and in accordance with applicable law.

1.10. The Platform Administrator does not verify the accuracy or validity of the personal data that the User provides to the Administrator, and is unable to verify the User’s full legal capacity; when processing personal data, the Platform Administrator assumes that the User acts in good faith and responsibly, provides accurate, reliable, and up-to-date personal data about themselves, and does not violate the rights of third parties.

1.11. The Controller, represented by the Platform Administrator, and the Operator shall take all necessary and sufficient organizational and technical measures to protect Users’ personal data from unauthorized or accidental access by third parties, destruction, distortion, copying, and dissemination of such data, as well as other unlawful actions.

1.12. The processing of the User’s personal data, including, but not limited to, data located within the European Union or pertaining to citizens of the European Union, is carried out in accordance with the requirements of the Law.

1.13. The User understands and agrees that when their personal data is transferred by responding to a job posting or granting access to their CV to an Employer, such Employer becomes the independent Controller of the received data. The Administrator is not liable for the Employer’s further processing of the data after its lawful transfer via the Platform.

2. PURPOSE OF PERSONAL DATA PROCESSING

2.1. Based on:

(1) the User’s consent to the terms of this Policy and, accordingly, to the processing of Users’ personal data (Article 6(1)(a) of the GDPR); and

(2) the conclusion and performance of a contract to which the User is a party or which is concluded in favor of the User, or for the purpose of taking steps prior to entering into a contract at the User’s request (Article 6(1)(b) of the GDPR); and

(3) for compliance with a legal obligation to which the Controller is subject (Article 6(1)(c) of the GDPR) and for the protection of the User’s interests (Article 6(1)(d) of the GDPR); and

(4) the need to protect the interests of the Controller or a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR).

2.2. The purpose of processing Users’ personal data is:

(1) to fulfill the obligations imposed on the Administrator under the Law;

(2) to authenticate (identify) Users and grant access to the Platform (including, but not limited to, creating a Personal Account and Postings, leaving comments on the Administrator’s posts on the Platform, and using other Platform features that require User identification);

(3) processing payments in accordance with the Agreement for financial reporting purposes;

(4) to comply with legal requirements, specifically to prevent or stop unlawful actions by Users;

(5) collecting information about User activity on the Platform, as well as their preferences, which helps meet Users’ needs, conduct marketing campaigns, and identify actions that may threaten User safety;

(6) sending (distributing) commercial (marketing) messages to Users, including electronic messages, containing information about the Platform’s features, updates, advertising and/or marketing information about the Administrator and/or its partners, offers to use new paid services, etc.;

(7) improving the technical structure and interface of the Platform to facilitate User interaction with the Platform and protect Users’ personal data;

(8) facilitating Users’ interaction with the Platform’s support team;

(9) verification of professional status, verification of Users’ IMO numbers and maritime documents.

(10) creating a vessel database and using depersonalized technical data about vessels provided by Users;

(11) operating the “Mentor” service to facilitate communication between experienced seafarers and other Users.

(12) ensuring the operation of a system of public ratings and reviews of vessels to foster a transparent labor market in the maritime industry;

(13) Administering appeal processes and moderating user-generated content to protect the rights of third parties and the business reputation of companies.

(14) Using artificial intelligence (AI) technologies and automated algorithms to analyze the User’s experience, provide relevant responses via an interactive consultant (AI Consultant), and improve the matching of job openings and candidates. The Administrator guarantees that AI does not make final, legally binding decisions regarding employment without human involvement.

The user has the right to request human intervention in automated decision-making processes if such decisions have legal consequences for the user, by sending an email to the address specified in Section 9 of the Privacy Policy.

3. USERS’ PERSONAL DATA

3.1. The processing of Users’ personal data is carried out in accordance with the principles set forth in Article 5 of the GDPR and the lawfulness of such processing pursuant to Article 6(1) of the GDPR.

3.2. On the legal grounds specified in Section 2.1 of this Policy, and in accordance with the purpose of processing Users’ personal data, personal data is processed for the time necessary to provide Users with the ability to use the Platform, but no longer than permitted by the requirements of the Law.

3.3. The Platform Administrator, as part of providing services to Users, including access to the Platform for Users, processes the following Users’ personal data, which is stored on the Administrator’s server in Germany.

3.3. Data Categories and Retention Periods:

3.3.1. Technical data (Cookies): IP address, geolocation, browser type, session ID.

Retention period: Until the end of the session or in accordance with the terms specified in the Cookie Policy.

3.3.2. Personal Account and CV Data (Seafarers): Full name, photo, date of birth, citizenship, phone number, email, departure airport, position, work experience, digital copies of maritime documents and certificates.

Retention Period: For the entire duration of the Personal Account’s existence. If the account is deleted, the data is deleted, except in cases provided for in Section 3.6 of this Policy.

3.3.3. Employer Data: Name of the legal entity, IMO Number (DOC Holder), legal address, contact persons, official email addresses, fleet data.

Retention Period: For the duration of the cooperation and 7 years after the end of the fiscal year of the last transaction (as required by the Estonian Accounting Act).

3.3.4. The Platform uses technology solutions based on Coda (Coda Project, Inc.) to manage service payment processes, including CV uploads, job postings, verification of “Mentor” status, etc., as well as order tracking and the generation of financial reports.

(1) The Administrator does not collect, receive, or store Users’ full bank card details (card number, CVV code) directly on its servers; all payment transactions on are processed through third-party payment gateways (acquiring) integrated into the Coda environment, which comply with the PCI DSS security standard.

(2) By using the Platform, the User agrees that their financial and billing data is processed within the Coda infrastructure in accordance with its security policies; the Administrator receives only the transaction status, payment ID, and data necessary for generating invoices (full name, address, country, amount).

Retention Period: Information regarding payments, receipts, and invoices is retained in the accounting system for 7 years following the end of the fiscal year in which the transaction occurred, in accordance with the accounting and tax reporting laws of the Republic of Estonia.

3.3.5. Ships Database Data: Technical specifications of ships provided by Users.

Term: Indefinitely, but exclusively in a depersonalized form (without linking to the User’s identity).

3.3.6. Marketing data: Full name and email address for newsletters.

Term: Until the User revokes consent (by clicking the “Unsubscribe” button).

3.3.7. Review and rating data: Text content of reviews, ratings on a scale of 1 to 5 according to established categories, publication metadata (date, time), as well as Employers’ responses to such reviews.

Term: For the entire duration of the Personal Account’s existence. After a User’s account is deleted, their ratings (stars) may be retained in a depersonalized form to calculate the vessel’s overall rating, while the text of the review is deleted if it contains a full name or other personally identifiable information.

3.4. The Platform Administrator reserves the right to determine the list of mandatory personal data that Users must provide when interacting with the Platform in order to use all available Platform features (for example: when creating a Personal Account and an Ad, leaving comments on the Administrator’s posts on the Platform, and/or contacting Platform support). The mandatory list of Users’ personal data is displayed on the Platform in red when performing certain actions, with the field marked as required for completion. Pursuant to Article 13(2) of the GDPR, we inform you that if such data is not provided, the User may be restricted in their use of all functionalities available on the Platform.

3.5. In compliance with Article 6(4) of the GDPR, the Platform Administrator may retain Users’ personal data for a period exceeding that specified in subparagraphs 3.3.1–3.3.6 and 3.4 exclusively in the following cases:

(1) it is required by law;

(2) such personal data may and will be used in legal proceedings;

(3) for the purpose of establishing, exercising, and/or defending the Administrator’s legal rights.

3.7. The Platform Administrator guarantees that it does not process personal data relating to racial or ethnic origin, political or religious beliefs, membership in political parties and trade unions, criminal convictions, as well as data regarding health, sex life, and genetic data.

3.8. The Platform Administrator does not intentionally collect personal data from individuals under the age of 18; responsibility for the actions of minors, in accordance with the Law, rests with the parents, guardians, and/or custodians (representatives) of such individuals. If the Administrator discovers such processing, the Administration undertakes to immediately take all necessary measures to delete such data. If such processing is discovered by a User under the age of 18 or by one of their legal representatives, they may submit a request to the Administrator to delete such personal data.

4. CIRCLE OF PERSONS AUTHORIZED TO PROCESS PERSONAL DATA

4.1. Access to the personal data of Platform Users is granted to: the Controller, represented by the Administrator, and employees authorized by the Administrator (only in accordance with their professional, official, or employment duties); the Operator, represented by Hetzner Online GmbH; and other third parties who, pursuant to a contract, provide technical (software) support services for the Platform’s operation. Such third parties may access personal data only when necessary.

The Platform uses third-party technical solutions and services, including but not limited to: Google Analytics, Coda, payment gateways, and AI technology providers, whose servers may be located outside the European Economic Area (EEA), including the United States.

When transferring data to services outside the European Economic Area, the Administrator ensures the use of Standard Contractual Clauses approved by the European Commission or relies on the European Commission’s adequacy decision to ensure an adequate level of protection for your personal data in accordance with GDPR requirements.

4.2. The Administrator maintains a record of persons other than the Controller and the Operator who have access to Users’ personal data, ensuring compliance with confidentiality and personal data protection.

4.3. Additionally, upon request from government authorities or their authorized representatives based on a court order, inquiry, and/or directive (decision/order), the Administrator may provide Users’ personal data to government authorities or their authorized representatives.

4.4. Personal data that the User independently posts on the Platform (in CVs, Listings, or public reviews of vessels) is accessible worldwide via the Internet. The User understands that publishing a review makes their personal profile (or part of their data) visible to an unlimited number of people. The Administrator cannot prevent the copying or further use of such public data by third parties and bears no responsibility for this.

4.5 Given the specific nature of the maritime industry, the User consents to their personal data being transferred to Employers located in countries outside the European Economic Area (EEA), including countries that may not provide a level of data protection equivalent to the GDPR. In such cases, the Administrator takes reasonable measures to ensure confidentiality; however, the User assumes the risks associated with such a transfer, initiated by their own actions, namely by applying for a job opening.

5. COOKIES

5.1. Cookies (hereinafter “Cookies”) are small text files stored on the User’s device (phone, laptop, tablet, computer, or other technical devices) when the User visits the Platform.

5.2. When using Cookies, only statistical data about Users is collected, which helps improve the User’s experience with the Platform and ensures the Platform functions properly.

5.3. When the User uses the Platform, the following categories of cookies are used:

(1) Essential cookies – files that are necessary to ensure the functionality of the Platform and are stored on the User’s device for a certain period of time after the end of the Platform session.

(2) Functional cookies – files that help store information that modifies the User’s interaction with the Platform or the Platform’s interface and remembers the User’s preferences for future visits.

(3) Third-party cookies – third-party files used to collect non-personalized information about Users’ visits to the Platform, analyze its performance, and so on.

5.4. Management of cookie usage on the Platform is carried out via a corresponding form that appears during the User’s first interaction with the Platform. Upon their first visit to the Platform, the User consents to the Platform’s use of cookies by clicking the “Agree” or “I Agree” button and/or checking the box in the corresponding field of the pop-up window.

5.5. The User’s consent to the use of cookies allows the Platform to store information about the User’s session with the Platform, analyze Platform usage (e.g., selection of settings), authorization data, etc. If the User declines the use of cookies, some features of the Platform may be unavailable or may not function properly (or fully).

5.5. For detailed information on the list of cookies used, the purposes of their use and storage on Users’ devices, as well as how to disable and/or delete them (cookie management by Users), the User should refer to the Cookie Policy, available at: https://jobmarineman.com/cookies-policy/.

6. IMPLEMENTATION OF PERSONAL DATA PROTECTION

6.1. The processing of Users’ personal data is carried out exclusively in compliance with the requirements of Estonian law and the GDPR.

6.2. The Administrator complies with the requirements for the destruction or anonymization of personal data whose processing and storage period has expired.

6.3. The processing of Users’ personal data is directly linked to the protection of confidential information, which the Administrator undertakes to ensure.

6.4. The personal data protection system includes organizational, technical, and/or software measures designed to address current and potential threats to the security, integrity, and confidentiality of personal data and technologies. The Administration regularly updates its security measures as needed and implements additional safeguards.

6.5. The exchange of personal data during its processing is carried out exclusively through communication channels protected by technical information security measures.

6.6. The User is obligated to keep their login credentials (username and password used to log in to their Personal Account on the Platform) secure and protect them from unauthorized access by third parties, and is solely responsible for their safekeeping. If such unauthorized access is detected, the User shall immediately notify the Platform Administrator by contacting support in accordance with the terms and conditions of the Agreement.

6.7. Personal information remains confidential, subject to the settings of the software and/or technologies of the web resource used by the User, which provide for the open exchange of data with other Users of web resources via the Internet.

By uploading documents to the Platform, including but not limited to: maritime certificates, passports, etc., the User consents to their processing. The User understands that upon publication of a resume (CV), some of this data becomes available to potential Employers worldwide. The Administrator is not liable for the copying or unauthorized use of this data by third parties who have gained access to it within the scope of the Platform’s functionality.

7. USER RIGHTS

7.1. In accordance with the Law, the User has the right:

(1) withdraw consent to the processing of personal data (Art. 7 GDPR) – The User may at any time withdraw their consent to the processing of their personal data by submitting a request in accordance with the procedure set forth in sections 7.3–7.6 of this Policy;

(2) to be informed of the information that must be provided when personal data is collected (Articles 13 and 14 of the GDPR and paragraphs 1 and 2 of Part 2 of Article 8 of the Law) – The User may always review the current version of the Privacy Policy at the link: https://jobmarineman.com/privacy-policy/, which lists the personal data that is collected and processed, as well as to submit a request to the Administrator in accordance with the procedure set forth in Sections 7.3–7.6 of this Policy;

(3) access to their personal data (Article 15 of the GDPR and paragraph 3 of Part 2 of Article 8 of the Law) – The User has constant access to their personal data stored in the Personal Account and/or published on the Classifieds Platform; in other cases, the User may submit a request, in accordance with the procedure set forth in sections 7.3–7.6 of this Policy, to the Administrator to determine whether their personal data is being collected;

(4) Rectification of personal data (Article 16 of the GDPR) – The User has full access to correct their personal data stored in the Personal Account and/or published on the Classifieds Platform; in other cases, the User may submit a request, in accordance with the procedure set forth in sections 7.3–7.6 of this Policy, to the Administrator;

(5) erasure of their personal data (Article 17 of the GDPR) – The User may submit a request, in accordance with the procedure set forth in sections 7.3–7.6 of this Policy, to the Administrator to have their personal data erased;

(6) restriction of the Administrator’s processing of their personal data (in cases provided for in Article 18 of the GDPR and paragraph 10 of Part 2 of Article 8 of the Law) – if the User has identified one of the grounds provided for in Article 18 of the GDPR, the User may submit a request, in accordance with the procedure set forth in subparagraphs 7.3. – 7.6. of this Policy, to the Administrator;

(7) data portability (Article 20 of the GDPR) – if the User needs to receive certain personal data in a structured, commonly used, machine-readable format and transfer it to another data controller, the User may submit a request, in accordance with the procedure set forth in subparagraphs 7.3. – 7.6. of this Policy, to the Administrator;

(8) Objection to data processing (including profiling) (Article 21 of the GDPR and paragraphs 6 and 12 of Part 2 of Article 8 of the Law) – The User may object to the processing of their data at any time by submitting a request, in accordance with the procedure set forth in paragraphs 7.3. – 7.6. of this Policy, to the Administrator;

(9) not to be subject to automated decision-making, including profiling (Article 22 of the GDPR and paragraph 13 of Part 2 of Article 8 of the Law) – The User may submit a request, in accordance with the procedure set forth in paragraphs 7.3. – 7.6. of this Policy, to the Administrator.

7.2. The Platform Administrator, in exercising Users’ right to be informed of the information that must be provided when personal data is collected, provides the User with a list of such information as defined in subparagraphs 3.3.1–3.3.4 of this Policy.

7.3. The User, on their own initiative and in the exercise of their rights, may contact the Platform Administrator by sending an email to the address specified in Section 9 of this Policy.

7.4. In the request (inquiry), the User shall provide the following information:

(1) for an individual applicant: last name, first name, and patronymic; User’s Personal Account ID (if created) of the person submitting the request; for a legal entity—the applicant: name, legal entity identification code, location of the legal entity submitting the request, position, last name, first name, and patronymic of the person certifying the request;

(2) the purpose and legal grounds for the request (an example of legal grounds is provided in Section 7.1 of this Policy);

(3) last name, first name, and patronymic, as well as other information enabling the identification of the individual person/legal entity regarding whom the request is made;

(4) details and a list of personal data being requested/corrected/deleted (destroyed)/restricted in processing.

7.5. The period for reviewing the User’s request to determine whether to grant it shall not exceed ten business days from the date of receipt. The request shall be granted within thirty calendar days from the date of receipt. If necessary, given the complexity and number of requests, this period may be extended by two additional months, provided the User is notified of such an extension.

7.6. If necessary, the Platform Administrator may send a request to the applicant for additional information required to verify the applicant’s identity.

7.7. In the event of revoking their consent to the processing and handling of personal data, the User agrees to cease using the Platform, as the proper and full provision of services by the Administrator—including granting the User access to the Platform and its functionalities—requires the User, in the cases specified in subclauses 3.3.1. – 3.3.7. and section 3.4., provides the Administrator with personal data.

7.8. If, after deleting data or withdrawing consent, the User continues to use the Platform or creates a new Listing, this is considered to be the provision of new consent to the processing of personal data under the terms of this Policy.

7.9. In accordance with the legal grounds mentioned above (Section 2.1 of this Policy) and the purposes of data collection and processing (Section 2.2 of this Policy), in the event of the User’s continued use of the Platform (creating/editing a Personal Account/Listings and/or leaving comments on the Administrator’s posts on the Platform and/or contacting support) after withdrawing their consent to the collection and processing of personal data and/or the deletion/restriction of such processing – The User confirms that, having reviewed this Policy and the Agreement, they once again consent to the processing of their personal data.

8. CHANGES TO THE PRIVACY POLICY

8.1. This Policy may be amended or terminated by the Administrator unilaterally without prior notice of such changes to Users, including if required by law. The current version of the Policy is always available at: https://jobmarineman.com/privacy-policy/.

9. CONTACT INFORMATION

To contact the Administrator regarding the processing of personal data, the User may send a request (inquiry) to the email address: [email protected]

Integral parts of this Policy:

  1. Appendix No. 1 – Additional Statement Regarding the California Consumer Privacy Act (CCPA).
  1. Cookie Policy.

“I CONSENT TO THE COLLECTION AND PROCESSING OF MY PERSONAL DATA AND CONFIRM THAT I HAVE READ THE TERMS OF THE USER AGREEMENT AND THE PRIVACY POLICY”

1. By clicking the “Agree” button and/or checking the corresponding box in the pop-up window, or by registering (creating a Personal Account) on the website at: https://jobmarineman.com/ (hereinafter – the Platform), the User – the subject of personal data – voluntarily, knowingly, and after having previously reviewed the Privacy Policy, which is available at: https://jobmarineman.com/privacy-policy/, the Cookie Policy, and the Public Offer for the Provision of Online Services, agrees to the terms of these documents and accordingly consents to the processing of their personal data by the Controller (Owner)—MARINE MAN Estonia Limited Liability Company (MARINE MAN ESTONIA OÜ), registration code: 14251651, legal address: 11414, Harju County, Tallinn, Lasnamae District, Pae tn 25-47, and its authorized representatives for the administration and management of the Platform in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. I, the Platform User, hereby give my voluntary and informed consent to the processing of my personal data (collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, arrangement or combination, restriction, erasure, or destruction) by the Controller (Data Controller) in the person of MARINE MAN Estonia and its authorized representatives, for the purposes specified in Section 2 of the Privacy Policy, including but not limited to the following:

2.1. Identifying me as a User to provide full access to the Platform’s functionality, including creating a Personal Account and managing my profile.

2.2. Processing data regarding my qualifications, copies of maritime certificates, diplomas, seafarer’s passports (for Seafarers), or verification of the IMO number and company registration details (for Employers).

2.3. Public display of my profile (full name, photo, position, work experience, departure airport) within the Platform for searching for job openings or candidates, as well as sharing contact information with potential Employers/Seafarers.

2.4. Processing data to facilitate payments for Paid Services (posting Job Listings, verifying Mentors, etc.) and preparing accounting documents (invoices) in accordance with Estonian law.

2.5. Use of the technical information about vessels provided by me (without linking it to my personal data) to populate and update the “Ships Database” section.

2.6. Receiving system, marketing, and commercial messages at the email address or phone number provided during registration.

3. By giving this consent to the processing of my personal data, I confirm that I have read the Privacy Policy and its Annexes and have been informed of and agree to:

1. The purpose, procedure, and legal basis for the processing of my personal data, as well as the list of such data;

2. The fact that the Administrator processes my data in accordance with the requirements of the GDPR and the California Consumer Privacy Act (CCPA);

3. The list of required personal data, failure to provide which may result in restrictions on the use of the Platform’s features;

4. The period for which my personal data is processed, as well as the Administrator’s right to retain data beyond the specified period if required by law or necessary to protect the Administrator’s legitimate rights;

5. The group of persons authorized to process my personal data (the Operator and other third parties);

6. The Cookie Policy: the purposes of their use, a list of cookies, and how to manage them;

7. The procedure for exercising my rights under the GDPR and CCPA to protect them, including the right to withdraw consent and delete data.

4. By consenting to the processing of my personal data, I also warrant:

1. That I am at least 18 years old (or have the legal capacity required to accept the terms of this Agreement);

2. To keep my login credentials (username and password) for the Personal Account secure and protect them from unauthorized access;

3. I am fully responsible for providing accurate, truthful, and up-to-date information about myself when creating my Personal Account and using the Platform’s Services.

4. I confirm that I have been informed about the inclusion of my information in the personal data database for the aforementioned purpose, as well as about my rights as defined by the GDPR and CCPA.

Appendix No. 1 to the Privacy Policy
ADDITIONAL STATEMENT REGARDING THE CALIFORNIA CONSUMER PRIVACY ACT (CCPA/CPRA)

Revised on March 30, 2026

The Administrator publishes this Additional Statement to describe how the Administrator collects, uses, discloses, and otherwise processes information that identifies, describes, or is reasonably capable of being associated with California residents (hereinafter “Users”), as well as the rights they may have under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the California Online Privacy Protection Act (CalOPPA) (collectively, the “California Laws”).

The terms used in this Addendum correspond to the terms used in the Platform’s Privacy Policy and supplement it.

Notice Regarding Data Collection and Processing Under the CCPA

The processing of Users’ personal data is carried out in accordance with the Privacy Policy and in compliance with the California Laws.

The Administrator collects personal information from California Users only when necessary to provide the Services and access to the Platform (including, but not limited to: registration, creation of a Seafarer or Employer profile, payment for services, and contacting support). The Administrator may collect the following data automatically or directly from Users in California:

  1. First name, last name, email address, IP address, Personal Account ID, maritime document data.
  1. History of job/vessel views, search history, information about interaction with the Platform (based on cookies).
  1. Approximate location based on IP address and selected departure airport.
  1. Records of purchased Paid Services, Tariff Plans, or the cost of profile verification.

Anonymization and Data Retention The Administrator undertakes not to retain Users’ personal information for longer than is necessary to achieve the processing purposes set forth in the Policy and this Addendum, or in accordance with the requirements of California law, and to destroy and/or anonymize it upon the expiration of such period.

Purpose of Data Processing The purpose of processing data from California Users corresponds to the purposes specified in Section 2 of the Privacy Policy and includes:

  1. Providing access to the Platform and its Services, including the publication of Seafarers’ CVs and Employers’ Job Postings.
  1. Maintaining financial records, processing payments, and verifying professional status (IMO number).
  1. Collecting analytical data on User activity to improve functionality, security, and the user interface.
  1. Sending notifications about updates, new job openings, and offers (with consent).
  1. Ensuring security: Verification of documents and prevention of illegal activities.

List of Persons Authorized to Process Data Access to Users’ personal data is granted to: the Administrator, employees authorized by the Administrator, and the Operator, who provide technical (hosting, analytics) and software (payment systems) support for the Platform’s operation. The Administrator does not sell information about California residents for money. However, the Administrator may provide access to certain automatically collected data (IP address, activity data) to analytics and marketing partners. According to the CCPA definition, such an action may be considered a “disclosure” or “sale” (in the context of sharing for targeted marketing).

The Administrator collects maritime document data and copies of passports solely for the purpose of verifying professional status and facilitating employment. The Administrator does not use or disclose sensitive personal information for purposes other than those provided for by law (provision of services, security, verification).

CCPA (CPRA) Privacy Policy: Categories of Processed Data Below are the categories of personal information defined by the CCPA that the Administrator may have collected about California residents over the past 12 months:

| Category of Personal Information (as defined by the CCPA) | Examples of Data Collected on the Platform | Sources | Has it been “sold” or “shared” with third parties?
| A. Identifiers | Full name, email address, IP address, unique profile ID, phone number. | Directly from the User; automatically via the browser. | Yes (to marketing and analytics partners for Platform optimization).
| B. Professional and employment information | Position, work experience, maritime certification details, copies of seafarer’s passports, diplomas, IMO company number. | Directly from the User (when creating a CV or company profile). | No (Disclosure to Employers/Seafarers only at the User’s initiative).
| C. Commercial Information | Records of purchased Paid Services (verification, ad promotion), transaction history. | Directly from the User and via payment gateways. | No.
| D. Internet Activity | Job search history, interaction with the interface, clickstream data. | Automatically via cookies and trackers. | Yes (to analytics services, such as Google Analytics).
| E. Geolocation Data | Approximate location (city, country) based on IP address. | Automatically upon logging into the Platform. | Yes (For regional labor market analytics).
| F. User content and ratings | Text reviews of vessels, ratings by category (Internet, Food, Safety, etc.). | Directly from the User. | Yes (Review data is public and accessible to all Internet users).

Rights and Their Exercise Under the CCPA/CPRA

As a California user, you have the following rights under California law:
 Rights of California Users and How to Exercise Them:

1. Right to Know

Description: Request information about the categories of personal data collected, the sources, the commercial purposes of collection/sale/disclosure, and the categories of third parties to whom the data has been disclosed.

How to exercise this right: Send a request to the Administrator’s email address listed in the “Contact Information” section.

2. Right to Delete

Description: Request the deletion of your data, except in cases provided for by law (for example, to fulfill financial obligations or comply with Estonian tax accounting requirements).

How to exercise this right: Send a request to the Administrator’s email address listed in the “Contact Information” section.

3. Right to Correct

Description: Request the correction of inaccurate personal information (e.g., data regarding work experience or the validity period of maritime certificates).

How to exercise this right: The user may correct the data independently in the Personal Account or send a request to the Administrator’s email address.

4. Right to Opt-Out

Description: The right to opt out of the “sale” or “sharing” of your data (as defined by the CCPA/CPRA) with third parties for marketing or analytics purposes.

How to exercise this right: Send a request to the Administrator’s email asking to restrict the transfer of data and cease use of the Platform.

5. Right to Limit Use

Description: The right to limit the use of sensitive information (passport details, diplomas) solely to the purposes necessary for providing services (employment).

How to exercise this right: Send a request to the Administrator’s email address requesting that the use of sensitive data be restricted.

6. Right to Non-Discrimination

Description: The right to equal treatment by the Administrator and to unchanged service costs when exercising your privacy rights.

How to exercise this right: This right is exercised automatically; the Administrator guarantees continued access to services.

“Do Not Track” Signal (CalOPPA)
 The Platform may not respond to “Do Not Track” (DNT) signals, as a single, universally accepted standard for DNT has not yet been established. However, the User can always control data collection via cookies (in accordance with the Cookie Policy).

Changes

The Administrator may unilaterally amend this Addendum.
It is the User’s responsibility to review policy updates.

Means of Communication
 Contact Information (for CCPA/CPRA Requests):
Email: [email protected]