How SailorDesk collects, stores and uses your personal data.
The data controller within the meaning of Art. 4(7) GDPR is:
Oleksiy Sukhovsky, handelnd unter "SailorDesk" (Einzelunternehmer)
Großstraße 46, 26789 Leer, Deutschland
Telefon: +49 176 51146772
E-Mail: hello [at] sailordesk.com
We have not appointed a Data Protection Officer (DPO) as we do not meet the thresholds set out in Art. 37 GDPR. For data protection inquiries, please contact us at the email address above.
Personal data you provide in the order form: full name, email address, phone number, desired position, questionnaire text, and optionally an uploaded CV file (PDF/DOCX).
Technical data: IP address, browser user-agent, and timestamps of access, collected automatically for security purposes.
Art. 6(1)(b) — Performance of a contract: we process your personal data to fulfil the mailing service you have ordered.
Art. 6(1)(f) — Legitimate interests: technical security data (CSRF tokens, access logs) is processed to protect the platform from abuse.
To distribute your seafarer profile and questionnaire to crewing agencies and shipowners on your behalf, using only their publicly listed recruitment contact addresses.
To send you a notification and discount code upon successful completion of the mailing.
To improve platform security and quality.
The CV file you upload may contain sensitive information beyond what is strictly necessary for our service: photographs (which carry biometric/visual identifiers), health records (medical certificates), criminal record extracts, ethnic or religious indicators (e.g., national identification documents), or family information.
We do not analyse or process the contents of your CV beyond transmitting it as an attachment to recipients.
We strongly recommend you remove unnecessary sensitive information before uploading your CV.
We retain the file only as long as required to perform the service, plus the legal retention period (3 years for accounting purposes per HGB §257).
The file is stored on disk on a server we operate ourselves; access is limited to the operator on a need-to-know basis.
5.1. Crewing agencies and shipowners (purpose of the service)
Your name, contact details, desired position, questionnaire content and any uploaded CV file are transmitted to crewing agencies and shipowners as part of the service. Our recipient list comprises crewing agencies and shipowners worldwide, including jurisdictions outside the European Economic Area (EEA). The list is updated regularly and reflects the current maritime recruitment market.
Legal basis for the international transfer: Art. 49(1)(b) GDPR — the transfer is necessary for the performance of the service contract you concluded with us. By placing your order, you instruct us to transmit your data to these recipients. We do not establish individual Standard Contractual Clauses (SCC) with each agency; the transfer is justified by contractual necessity.
You acknowledge that: (a) once your data has been sent to a recipient, we cannot recall it; (b) recipient handling of your data is governed by their own privacy practices, over which we have no control; (c) some destination countries do not provide a level of data protection equivalent to the EEA.
5.2. Stripe (payment processor)
Stripe Payments Europe Ltd. (Ireland) processes your payment as a separate data controller. Your card details are never accessible to SailorDesk. Stripe's privacy policy: https://stripe.com/privacy
5.3. Email infrastructure (self-operated)
We operate our own Postfix email server on a dedicated VPS hosted by Contabo GmbH (Aschheimer Weg 5, 85551 Kirchheim, Deutschland). The email server is exclusively under our control and we do not share email content with any third-party SMTP service. Sending domain: sailordesk.email.
5.4. Web hosting
The website (sailordesk.com) is hosted on a server operated by Hetzner Online GmbH (Industriestraße 25, 91710 Gunzenhausen, Deutschland). Server access logs (IP address, user-agent, request timestamps) are retained for security and operational purposes for up to 14 days, rotated daily, and then automatically deleted.
Order data (name, email, questionnaire) is retained for 3 years in accordance with German commercial law (HGB §257).
Mailing logs (delivery records, open tracking) are retained for 12 months.
You may request deletion of your data at any time by contacting hello [at] sailordesk.com. We will fulfil your request within 30 days.
Right of access (Art. 15): you can request a copy of the personal data we hold about you.
Right to rectification (Art. 16): you can request correction of inaccurate data.
Right to erasure (Art. 17): you can request deletion of your data where there is no legal obligation to retain it.
Right to data portability (Art. 20): you can request your data in a structured, machine-readable format.
Right to object (Art. 21): you can object to processing based on legitimate interests.
To exercise any right, contact: hello [at] sailordesk.com
You have the right to lodge a complaint with the German Federal Commissioner for Data Protection and Freedom of Information (BfDI): https://www.bfdi.bund.de
Necessary cookies (no consent required, ePrivacy Art. 5(3)): PHPSESSID for the order flow session, _csrf_* for CSRF protection.
Analytics: we use a self-hosted instance of Plausible Analytics, which is cookieless and does not use fingerprinting. IP addresses are processed only as a hashed input to anonymize visitor counts and are not stored in raw form.
Marketing: we do not currently use marketing or advertising cookies. If we add such technologies in the future, we will request your explicit consent before setting any non-essential cookies, in compliance with Art. 6(1)(a) GDPR and ePrivacy Art. 5(3).
For full details see our Cookie Policy.
SailorDesk · sailordesk.com · hello [at] sailordesk.com