Legal & Privacy Policy

Privacy Policy (UK GDPR) 

Last updated: 01 April 2026 

1. Introduction

 This Policy covers the below Companies, hereinafter called the “Viking Maritime Group”: 

• Viking Crew: Covers recruitment and crew management of crew to the entire maritime industry of all ranks incorporating the requirements of the International Labour Organisation’s Convention, 2006 (MLC 2006) including flights, ground transport and hotel bookings for managed clients and crew. 

• The Maritime Skills Academy: Covers the provisions of training services to the merchant navy, including hotel bookings for managed clients. It also covers non-marine training to shore based personnel such as but not limited to Health & Safety courses. 

Viking Maritime Group Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

This policy applies to personal data relating to our customers, clients, suppliers, employees, contractors, job applicants, and website visitors within the United Kingdom. 

2. Data Controllers 

Viking Maritime Group Ltd is the Data Controller for the purposes of UK data protection law. 

• Registered office: Viking House, Beechwood Business Park, Menzies Road, Dover, Kent, CT16 2FG 

• Registered in England: 2340526 

• Contact details:  
  Email: info@vikingmsa.com  
  Telephone: 0044 (0) 300 303 8191 

The Maritime Skills Academy Ltd is the Data Controller for the purposes of UK data protection law. 

• Registered office: Menzies Road, Dover, Kent, CT16 2FG 

• Registered in England: 0792032 

• Contact details:  
  Email: info@vikingmsa.com  
  Telephone: 0044 (0) 300 303 8393 

3. Data Protection Officer 

A Data Protection Officer (DPO) is responsible for oversight and compliance of the data protection within the Viking Maritime Group and should take steps to promote compliance to employees with regards to Data Privacy Policy and the regulations. 

Any requests, questions, or concerns regarding compliance with the Data Privacy Policy should be addressed to the Data Protection Officer: Mark Jaenicke Operations Director markj@vikingmsa.com 

4. Personal Data We Collect 

We may collect and process the following personal data: 

• Identity data (name, title, company name) 

• Contact data (email address, postal address, telephone number) 

• Financial data (payment or billing details where applicable) 

• Technical data (IP address, device type, browser information) 

• Usage data (use of our website or services) 

• Employment and recruitment data (where applicable) 

We only collect personal data that is adequate, relevant, and limited to what is necessary. 

5. Lawful Basis for Processing 

We process personal data under one or more of the lawful bases set out in Article 6 of UK GDPR, including: 

1. Consent 
2. Contractual necessity 
3. Legal obligation 
4. Legitimate interests, provided they do not override your rights 
5. Vital interests (where applicable) 
6. Public task (where applicable) 
7. How We Use Personal Data 

Personal data is used to: 

• Provide and manage our products or services 

• Communicate with customers, suppliers, and stakeholders 

• Administer contracts and accounts 

• Process payments and invoices 

• Improve our website and customer experience 

• Conduct recruitment and manage employment 

• Fulfil legal and regulatory requirements 

• Maintain security and prevent fraud 

6. Sharing Personal Data 

We do not sell personal data. 

We may share personal data with trusted third parties such as: 

• Professional advisers (legal, financial, IT) 

• Payment service providers 

• IT and cloud service providers 

• HMRC, regulators, or law enforcement where legally required 

All third parties are contractually required to protect personal data and use it only for specified purposes. 

7. Data Storage and Transfers 

Personal data is primarily stored and processed within the United Kingdom. 

Where personal data is transferred outside the UK, appropriate safeguards are applied in accordance with UK GDPR, including: 

• UK adequacy regulations 

• UK International Data Transfer Agreements (IDTAs) 

• Approved UK addenda to Standard Contractual Clauses 

8. Data Retention 

Viking Maritime Group will not retain Personal data for longer than it is required or without a legitimate business purpose. 

Viking Maritime Group will retain Personal data for the period required to comply with legal obligations and the defined periods set out within the company procedures which are reviewed annually. 

9. Data Security 

We implement appropriate technical and organisational measures to protect personal data, including: 

• Secure systems and access controls 

• Encryption and password protection 

• Policies and staff training 

• Regular security reviews 

10. Your Data Protection Rights 

Under UK GDPR, you have the right to: 

• Access your personal data 

• Correct inaccurate or incomplete data 

• Request erasure of your data 

• Restrict processing 

• Object to processing 

• Request data portability 

• Withdraw consent at any time 

Requests can be made by contacting: markj@vikingmsa.com  

11. Complaints 

If you believe we have not handled your data properly, you have the right to complain to the UK supervisory authority: 

Information Commissioner’s Office (ICO) 
Website: https://www.ico.org.uk  
Telephone: 0303 123 1113 
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 

We encourage you to contact us first to resolve any concerns.  Please refer to our complaints policy. 

12. Cookies 

Our website uses cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allows us to improve our site. 

We use the following cookies: 

Strictly necessary cookies - These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. 

Analytical/performance cookies - These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. 

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate.

  

AMP_TOKEN 30 seconds to 1 year Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. 

_gac_UA-106489671-190 days Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. 

13. Changes to This Policy 

We may update this Privacy Policy from time to time. Updates will be published on our website and take effect from the date shown above.