1. WHO IS RESPONSIBLE FOR YOUR DATA?
LISCR, LLC (together with its subsidiaries, affiliates and representatives hereinafter referred to as “LISCR”), whose principal place of business is 22980 Indian Creek Drive, Suite 200, Dulles, VA 20166, United States, is appointed by the Government of the Republic of Liberia as exclusive agent for the administration of Liberia’s Maritime Program. LISCR also administers the Liberian Corporate Registry, which offers a variety of corporate services to non-resident entities. The Registry provides, through The LISCR Trust Company, exclusive registered agent service for all Liberian non-resident corporate entities.
LISCR is a “data controller” within the meaning of the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) or “personal information handler” within the meaning of China’s (only for the purpose of this Privacy Policy, “China” means the Mainland of the People’s Republic of China, excluding the Special Administrative Regions of Hong Kong and Macau, or the Province of Taiwan) Personal Information Protection Law (“PIPL”). LISCR controls how your personal data is collected and the purposes for which it is used.
2. PERSONAL DATA THAT WE COLLECT ABOUT YOU
“Personal data” (for the purposes of GDPR) means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, genetic, mental, economic, cultural, or social identity.
“Personal information” (for the purposes of the PIPL) which is the similar concept to the personal data as defined under the GDPR, means various information related to an identified or identifiable natural person recorded electronically or by other means, but does not include anonymized information.
We collect and process personal data or personal information to provide effective and professional ship and corporate registry services. The personal data categories detailed below are submitted to us by clients in the course of our daily business and may be collected from publicly available sources including websites, search engines and social media profiles. Collection and processing of personal information as detailed below could be necessary for compliance with LISCR’s legal obligations under applicable laws. Furthermore, to the extent permitted by applicable laws, by requesting, accepting and using LISCR services and otherwise contracting with LISCR where such services or contracting requires collection and processing of personal information by LISCR, you are considered to have expressly consented to such collection and processing, including processing by LISCR affiliated entities that shall be personal information handlers for the purpose of the PIPL (see the list of entities and their details
here).
2.1. SEAFARER’S CERTIFICATION
Personal Data
Names, contact details (home address, email, phone), date of birth, nationality, residence, birthplace, passport number, height, weight, distinguishing marks, gender, physical, maritime status, training qualifications, licenses, emergency contact.
Legal Basis
Public task: We process personal data as is necessary to perform legal responsibilities or obligations pursuant to International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (“STCW”), 1978, as amended, and related International Maritime Organization (“IMO”) resolutions prior to issuing seafarers’ certificates and documents. The personal data is also used to safeguard against fraud and other unlawful practices involving seafarers’ certificates and endorsements.
2.2. VESSEL REGISTRATION, MORTGAGE AND DELETION
Personal Data
Names, contact details (home address, business address, employer, office and home phone numbers, work email) and identification details (date of birth, passport or Identity card number and job title).
Legal Basis
Public task: We process personal data to perform legal responsibilities and obligations to establish compliance with the conditions fixed by Liberia Maritime Law for the grant of nationality to ships, for the registration of ships and for the right to fly the Liberian flag, pursuant to the United Nations Convention on the Law of the Sea, 1982 (“UNCLOS”). We also process personal data for the registration and enforcement of mortgages in the Liberian public register in accordance with Liberian Maritime Law and the International Convention on Maritime Liens and Mortgages, 1993.
2.3. INSPECTIONS AND AUDITS
Personal Data
Names, contact details (email, phone, home address), passport number, date of birth, nationality, license(s), and banking information.
Legal Basis
Public task: We employ inspectors and auditors on a contractual basis to verify compliance of Liberian flagged ships with applicable international conventions and flag State requirements.
The processing is necessary to enter into or perform a contract to which the inspector/auditor is a party, and their Personal data is processed to verify qualifications (based on legitimate interest in delivering quality and secure services when performing our public tasks), generate flag state inspector and/or auditor identification cards for vessel boarding and port entry and to coordinate vessel inspections with owners, operators, local vessel agents and Port State Control. Banking information is processed for inspector and auditor payments.
We also process personal data of flag inspectors and auditors for purposes of ISM, ISPS, and MLC 2006 training and courses in keeping with The International Safety Management (ISM) Code, International Ship and Port Facility Security (ISPS) Code, and the Maritime Labor Convention.
We may share names and contact information of local vessel agent(s) and/or DPA(s) with contracted inspectors and auditors for scheduled inspections to facilitate communication in case of delay or otherwise. This processing is done in the legitimate interest of fulfilling our public task.
2.4. SAFETY AND SECURITY
Personal Data
Designated Person Ashore (DPA) names and contact phone details, phone number(s), work email, and office address.
Company Security Officer (CSO) names and contact details (work phone, cell phone, office fax, work email, telex numbers and after hours contact number).
Other vessel management representatives names and contact details (work phone, cell phone, office fax, work email, telex numbers and after hours contact number).
Legal Basis
Public task: We process and maintain DPA records of vessels registered in the Liberian Ship Registry, which is necessary to perform legal responsibilities and obligations that fall within the scope of the ISM Code. This information enables direct and immediate contact at all times with the flag State. DPA information is collected through Form RLM-297. DPA data is also used to schedule flag State inspections, surveys, and verification to ensure compliance with international conventions and Liberia Maritime Law and Regulations.
Public task: We process personal data to comply with legal responsibilities and obligations to adhere to maritime security measures in accordance with SOLAS Chapter XI-2 and the ISPS Code. Every ship to which the ISPS Code applies must, amongst other things, have a CSO. LISCR processes the personal data of CSOs detailed in the Declaration of Company Security Officer for each vessel.
We process personal data when vetting ISPS Code-mandated Ship Security Plans of Liberian flagged vessels for approval. We also process personal data to verify summaries submitted as documentary evidence of ISPS-mandated security exercises performed on Liberian flagged vessels at least once each calendar year, with no more than 18 months between exercises. The summary provides a list of all parties involved including the designated CSO and the names, ranks and dates of birth of any seafarers participating in the exercises.
Public task: We process personal data to comply with legal responsibilities and obligations to adhere to maritime regulations in accordance with the ISM Code, the ISPS Code and MLC.
2.5. INVESTIGATIONS
Personal Data
Names, home address, date of birth, place of birth, seafarer certificates and qualifications, experience, credit card information through payment confirmations and autopsy reports.
Names, home address, country of residence, citizenship, seafarer’s identification number.
Legal Basis
Public task: We process personal data as our legal responsibilities and obligation to conduct investigation into marine casualties involving Liberian flagged vessels in accordance with the IMO Code of the International Standards and Recommended Practices for a Safety Investigation into a Marine Casualty or Marine Incident (“Casualty Investigation Code”), adopted through Resolution MSC 255(84), and mandated by the SOLAS Convention.
Public task: We process personal data to issue Certificates of Compliance or Tax Letters pursuant to the 1970 Double Taxation Avoidance Agreement (DTAA) between the Republic of Liberia and Federal Republic of Germany.
2.6. MARITIME OPERATIONS
Kind of Personal Data
Names,, date of birth, passport numbers, place of employment, name of the employer, date of services provided.
Legal Basis
Public task: We process personal data of third-party service providers including, but not limited to, Lifeboat Service Providers, Hazardous Material Service Providers, and Private Security Service Provider’s, as our legal responsibilities and obligation, in the course of vetting and approval process of service providers pursuant to Maritime laws and regulations.
2.7. CORPORATE
Personal Data
Names, home address, date of birth, birthplace, citizenship, nationality, passport information, Identity card, driver’s license number and related information.
Names, home address, date of birth, birthplace of birth; country of citizenship; nationality; passport number and related information;
Identity card and driver’s license number and related information
Names, home address, date of birth, birthplace, citizenship, nationality, passport information, Identity card, driver’s license number and related information.
Legal Basis
Public task: We process personal data as our legal responsibilities and obligation in accordance with Tax Information Exchange Agreements (TIEAs) concluded between Liberia and other jurisdictions and in compliance with The OECD’s Convention on Mutual Administrative Assistance in Tax Matters and is bound by the Convention’s requirements ratified by Liberia.
Public task: We process personal data of Special Agents as our legal responsibilities and obligation in order for individuals, empowered by the Liberian Maritime Authority, to act as Special Agents to effectively acknowledge the identity of persons signing documents submitted for filing, legalize the authenticity of the signature on documents, and affix apostilles to public documents issued by the Registry in accordance with applicable international conventions.
Public task: We process personal data as part of our legal responsibilities and obligation to register Liberian non-resident legal entities as well as non-Liberian entities as Liberian Foreign Maritime Entities (“FMEs”) under the Liberian Business Corporation Act.
2.8. COMMERCIAL AND ADMINISTRATIVE INFORMATION
Personal Data
Names, email, phone number, title, employment
Legal Basis
Legitimate interest: We process personal data to personalize and improve customer experience when providing marketing materials and provide awareness of products and services which facilitate regulatory compliance.
We process your personal data based on legitimate interest in running our daily business and performing public tasks which facilitate regulatory compliance and are also legal obligations to improve safety, security, and the protection of the marine environment.
We may occasionally need to contact you by email or phone for administrative or operational reasons. For example, to update you on the status of your company, vessel, invoices, payment confirmation, product delivery, or provide notice of legislative and regulatory updates, operational and security changes, and related developments. These communications are not made for marketing purposes.
2.9. ACCOUNTING
Personal Data
Names, home address, date of birth; bank account and related payment information.
Legal Basis
Legitimate interest: We process your personal data to fulfill our legal obligation, to fulfil a contract, for administrative purposes, to protect our business interests and fulfill your purchase and service orders. The business purposes for which we will use your information include, but are not limited to, accounting, billing and audit, credit or other payment verification, fraud screening, and legal purposes. This includes collection and processing of registration fees, taxes and other fees related to the Liberian Ship and Corporate Registry. We only handle personal data that is necessary to process payments submitted to us by our clients, or outgoing payments.
3. OTHER DATA PROTECTION RIGHTS
You benefit from certain legal rights under the GDPR and PIPL, which you can enforce against LISCR. A summary of these rights is provided below. For more complete information, please see Sections 3-5 of the GDPR and Chapter IV of the PIPL:
- Right to object to our processing your personal data on grounds relating to your specific situation. For example, you may object to receive our marketing material and we will delete you from our marketing database immediately.
- Right of access entitles you to confirmation that we process your personal data. If we do process your data, you are entitled to, amongst other things, be informed of the processing purpose, categories, and the parties we have or will be sharing your personal data with, and for how long your data will be stored. You may also request access to your personal data to be aware of and verify the lawfulness of the processing.
- Right to rectification to correct inaccurate personal data collected about you.
- Right to erasure entitles you, in certain cases, to submit a request for us to delete your data, for example when such data is no longer needed for the purpose it was collected. The right to erasure does not apply for any personal data processed on the basis of public task, as outlined above, where processing is necessary to comply with a legal obligation or for the establishment, exercise, or defense of legal claims.
- Right to restrict processing of your information where you have a particular reason. For example, you may contest or wish to verify the accuracy of your data.
- Right to data portability entitles you to receive personal data provided to us in a structured, commonly used, and machine-readable format. You can also request your personal data to be transferred to another controller. The right to data portability does not however apply to personal data processed on the basis of public task, as outlined above.
- Right to lodge a complaint with a supervisory authority where you believe your personal data has not been processed in accordance with applicable laws.
4. SECURITY OF YOUR PERSONAL DATA
We employ technical and organizational security measures to ensure your data is processed securely, to guard against the risk of accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access, and to offer technical support if requested.
LISCR is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection.
5. DATA RETENTION
LISCR retains your personal data for as long as it is necessary to fulfill our purposes set out in this Privacy Policy. We may also save your personal data for a longer period of time where necessary to fulfill a legal obligation or to establish, enforce or defend against legal claims.
6. CROSS-BORDER PROCESSING AND TRANSFER OF YOUR PERSONAL DATA OUTSIDE EU / EEA AND CHINA
As a global company headquartered in the United States, your data will be processed in our global offices, including the EU/EEA, the United States and China. List of our global offices can be verified
here. If your data is sent by email to any of LISCR Global Offices, such data is automatically transferred outside EU/EEA and China to LISCR headquarters in the United States.
7. SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
To the extent permitted by applicable laws, we may also share your personal data with the following third parties:
- Authorities on whose behalf we exercise official authority or specific tasks in the public interests laid down in law. We may also disclose your personal data when required to do so by law or court order of any jurisdiction that we are subject to, except where expressly prohibited by applicable laws. This includes reporting obligations to the International Maritime Organization and International Labor Organization.
- Suppliers we use to provide day-to-day services. Where applicable, any personal data shared with third parties is limited to that required to assist us in the provision of our services. Such providers include CorpKit, DHL, USPS, UPS, and others.
- Third party providers we use to guarantee that all technical, legal, and organizational measures have been taken to ensure that your data is processed securely, with adequate level of protection and mechanisms against accidental loss, destruction, or damage to such data in place.
- Banks with whom we share your personal data including information regarding payment methods and related accounting details as well payment processing service providers.
8. AUTOMATED PROFILING
We do not process your information on an automated basis.
9. COOKIES
In order to improve our services, tailor our content to your needs, and analyze how visitors use our website, we may use website cookies. Cookies are small text files which are stored on your computer in order to recognize your computer during recurring visits. Cookies cannot retrieve information from your computer and cannot carry any virus or other damaging files. The cookies used on our websites are placed by LISCR and their contents will never be disclosed to third parties. Any information stored within cookies is encrypted and does not contain any personal information. We only use cookies for the purpose of enabling the auto-login feature on specific websites that require log-in (“Sea System” and “eCorp”). Cookies are required to utilize the auto-login feature; however, the use of the auto-login feature is entirely optional and is merely intended as a convenience for the user and has no other effect on the operation of the site. You may remove any cookies created by LISCR websites at any time by following your browser’s guide to disable or delete cookies.
10. CONTACT INFORMATION
Questions, comments, and requests regarding this Privacy Policy are welcomed and should be addressed to info@liscr.com
11. UPDATES TO OUR PRIVACY POLICY
We may make changes to this Privacy Policy from time to time. Any updates will be published on our website. Last updated 2/23/2024
