Privacy Notice

In this notice, we inform you of how Foreship (as defined below) collects, uses, discloses and otherwise processes the personal data related to its customers and clients, including current and prospective ones as well as their contact persons, personnel and any other individuals acting on their behalf. The information below may also be relevant for you to the extent you disclose your data to us as a visitor to this website.

CONTROLLERS OF YOUR PERSONAL DATA

Foreship Group Oy, a company established in Finland, along with its subsidiaries¹ (hereinafter “Foreship” or “Foreship Companies”, collectively, and each individually a “Foreship Company”) are the joint controllers of the personal data processed as described in this notice. The Foreship Companies have established an arrangement determining their respective responsibilities for compliance with applicable data protection laws and regulations, and in particular, regarding the rights of the data subjects and the respective duties of the Foreship Companies to inform them of the processing of their personal data.

This notice includes pertinent information on the means and purposes of the above-mentioned personal data processing activities (as jointly determined and applied by the Foreship Companies). In accordance with the General Data Protection Regulation (2016/679) of the European Union (the “GDPR”), this notice also provides you with further details on, for example, the categories, retention, disclosure and transfer of the personal data in question. Any requests or other communications concerning the rights of the data subject in relation to the processing activities described here can be made through the primary contact point specified below.

CONTACT POINT AND EXERCISING YOUR RIGHTS

In general matters, Foreship, including individual Foreship Companies where relevant, can be contacted using the information provided on the website www.foreship.com.

The primary contact point for any requests and inquiries based on the GDPR, including those related to data subject rights, or otherwise related to the personal data processing activities covered by this notice, is the email address: privacy@foreship.com.

Also, please note that in addition to any other instructions we may have provided, you have the right, at any time, to withdraw any privacy-related consent you may have given to us by reaching out to the same primary contact point. Furthermore, the RINA Group, to which Foreship belongs, has appointed a Data Protection Officer who may also be contacted, where necessary, at the email address: rina.dpo@rina.org.

1. APPLICABILITY OF THE NOTICE AND TYPES OF PERSONAL DATA PROCESSED

Foreship processes your personal data (hereinafter, "data") if you are part of an existing contractual relationship or are potentially interested in products/services and have provided your personal data for this purpose (e.g., at an event/meeting, while browsing our websites, or registering for applications and/or collaborative platforms, hereinafter referred to as “Digital Services”).

If you are required to provide third-party personal data in your relationship with Foreship, please ensure you to inform those individuals of the communication of their personal data and invite them to read this privacy notice. Foreship will also inform them where possible.

The types of personal data processed for the purposes of this notice are:

  • identification, personal, and contact data (e.g., name, surname, email address);
  • economic, financial, and tax information (e.g., tax code, IBAN, and other data necessary for invoicing and credit recovery);
  • data collected from our interactions with you, including the use of our products/services (e.g., communications exchanged, including online, audit evidence collection, even remotely, or other supporting documentation, including special categories of data such as health certificates, if required by law or reference standards for the service);
  • data acquired by Foreship through consultations of publicly available databases, internet sources, media news, and other company information databases;
  • personal data contained in access logs, usage of Digital Services by registered users, related security functions, and data related to the devices you use (e.g., IP address and technical specifications of the device).

2. PURPOSES AND LEGAL BASES FOR PROCESSING

The data processing mentioned above will be carried out for the purposes described below:

  • pre-contractual activities aimed at formulating offers and establishing a contractual relationship for the provision of services offered;
  • identifying and preventing risks related to corporate liability, anti-corruption programs, and conducting ethical-reputational checks related to corporate social responsibility;
  • fulfilling contractual, administrative, and tax obligations arising from ongoing relationships or required services and/or binding accreditation and/or certification requirements;
  • ensuring access to Foreship-provided applications in the reserved area for consulting information/documents related to services provided by Foreship or connected to activities and/or initiatives proposed by Foreship;
  • ensuring participation in online collaborative activities, diversified on the basis of the assignment to specific business sectors.

Refusal to provide data will result in the inability to register your account or access certain applications, as well as the inability to benefit from the requested services.

The legal basis justifying this data processing lies in the execution of a contract you are a party to or pre-contractual measures taken at your request, as well as any applicable legal obligations.

  • sending newsletters, promotional material for services, or engagement in initiatives similar to those related to the contract/service or measuring satisfaction with the quality of products/services through surveys or requests via email or phone;
  • ensuring the possibility of securely accessing your reserved area and preventing unauthorized activities, such as potential access to protected areas of the portal by unauthorized persons (log files);
  • guaranteeing the exercise of Foreship's right to defense in legal proceedings.

The legal basis for these processes lies in Foreship 's legitimate interest in improving the quality of services, maintaining the established contractual relationship, keeping you updated, providing support, and ensuring a secure service. You can object to this purpose at any time by requesting the deactivation of your account as outlined in point 6 of this notice.

  • sending newsletters, promotional materials, or engagement in initiatives for individuals without an established contractual relationship or communications about services not similar to those already purchased.

The legal basis for these processes is your consent, which you are free to withdraw as outlined in paragraph 6 of this notice. Refusal to consent will only result in the inability to receive newsletters, promotional material, or engagement in collaborative initiatives.

3. DATA PROCESSING METHODS AND RETENTION

Processing can be carried out in paper or electronic format.

The data processed in the execution of the contract/service will be retained for the time strictly necessary to achieve the purposes indicated in this notice and, in any case, no later than 10 years after the termination of the contractual relationship or 2 years from collection for marketing or engagement purposes, unless consent is renewed.

The data with which you registered on Digital Services will be processed for two years from your last access; after this period, your profile will be deleted.

Navigation/log data will be deleted within six months of the event that generated them.

In exceptional and properly documented cases, data may be retained for longer periods to protect your or Foreship 's rights, limiting access to the legal office only.

4. DATA RECIPIENTS

In addition to Foreship's authorized data processors, your data may be made accessible, for the purposes of paragraph 2, to the following recipients:

  • other companies of the RINA Group;
  • companies or other third parties (suppliers, professional firms, consultants, partners, financial institutions, e-payment service providers, insurance companies for providing insurance services, etc.) that Foreship relies on, bound by specific legal agreements, including data processors;
  • public bodies, supervisory authorities, judicial and regulatory authorities, accreditation or notification bodies, auditing firms, etc., for fulfilling legal or regulatory obligations.

5. DATA TRANSFER

As a rule, personal data are stored on servers located within the European Union. However, should it become necessary, Foreship may transfer personal data to non-EU countries, including without limitation where the personal data is to be processed by a Foreship Company established outside the European Union (such as in the United Kingdom or the United States). In such cases, the transfer of data outside the EU will be in accordance with applicable legal provisions, including standard contractual clauses established by the European Commission and the adoption of binding corporate rules for intra-group transfers.

6. DATA SUBJECT RIGHTS

As a data subject, you have the right to:

  1. obtain confirmation of the existence or otherwise of processing of your personal data, as well as a copy of such data;
  2. obtain details of: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in cases of electronic processing; d) Foreship's identification details, the data processors, and the data protection officer; e) the entities or categories of entities to whom personal data may be communicated or who may become aware of it as designated representatives within the state, data processors, or individuals in charge;
  3. obtain: a) the updating, correction, or integration of data; b) the deletion, anonymization, or blocking of data processed unlawfully; c) certification that the operations referred to in a) and b) have been notified, including as regards their content, to those to whom the data has been communicated or disseminated, unless this proves impossible or involves a disproportionate effort; d) obtain from Foreship, in a structured, commonly used, and intelligible format, the personal data concerning you and, where technically feasible, obtain the direct transmission of such data from one controller to another;
  4. object: a) to the processing of your personal data, even if relevant to the purpose of collection; b) to the processing of your personal data for sending advertising material or commercial communications via e-mail;
  5. withdraw consent previously given.

As a data subject, you also have the right to file a complaint with the competent supervisory authority. 

¹Including Foreship Ltd. (Finland), Foreship OÜ (Estonia), Foreship GmbH (Germany), Foreship UK Ltd. (United Kingdom) and Foreship LLC (USA).

------

PRIVACY NOTICE UPDATE

This notice was updated in October 2025.

Foreship reserves the right to further update this notice to reflect changes in applicable privacy regulations and internal data protection procedures. Foreship encourages to periodically consult the website www.foreship.com for information on any changes.