We, at Windward Ltd., (or “us”, “we” or “our”), put great efforts in making sure that we secure the personally identifiable information related to you (“Personal Information”) and use it properly.

This policy (the “Privacy Policy”) explains our privacy practices for processing Personal Information related to you as a user of our services, solutions and products (the “Services”), or as a visitor to our website available at: https://windward.ai/,or any of its pages (respectively, the “User” and “Site”).

We process Personal Information subject to the terms of this policy.

The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy.

How do we collect the Personal Information? – We collect the Personal Information related to you, directly from you, and thorough the use of “cookies” on our Services and Site. Read more.

The purposes of use of the Personal Information – We collect the Personal Information related to you, for various business purposes as further detailed in ‘The purposes of use of the Personal Information’ section of this Privacy Policy. Read more.

Cookies– We use cookies to make it easier for you to log-in and to facilitate the Services and the Site activities. Read more.

Sharing Personal Information with third parties – We share information with our Vendors as necessary to facilitate our business. We will share information when we change our corporate structure, and we will share the information with our affiliated entities. Read more.

Cross-border transfer – We use cloud based services to store and process data in the European Union and in the United States and will store them at additional sites, at our discretion. These Vendors provide us adequate security and confidentiality commitments. Read more.

How do we secure the Personal Information? – We implement physical, electronic and organizational procedures to secure your Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Read more.

Aggregated and analytical information – Aggregated data is not identifiable. We use standard analytical tools for legitimate business purposes. Read more.

Your Choice – You may opt-out of our mailing lists and terminate your use of our Site. Termination of our Services is subject to the terms of the Customer’s services agreement with us. Our Services do not respond to Do Not Track (DNT) signals. Read more.

Accessing Personal Information related to you – At any time you can request access to Personal Information related to you. Read more.

Your EU data subject rights – If we process Personal Information related to you when you are in the EU, further terms apply to our processing in relation to your rights as a data subject under EU data protection laws. Read more.

Data retention– We retain different types of Personal Information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements. Read more.

Changes to this Privacy Policy – We will update this Privacy Policy from time to time after giving proper notice. Read more.

Contact us – Please contact us here or at our offices located in Mermaid House, 2 Puddle Dock, London, EC4V 3DB, UK.

Overview of our services

Our Services provide our “ Customers”, i.e. entities which engage in contractual relationship for the provision of our Services, whom primarily consist of governmental and corporation entities within the maritime ecosystem, decision supporting data analytics and insights in the maritime trade domain.

As a rule of thumb, the Personal Information we collect is related to our former and current employees, job candidates, and to the extent that our Customers have provided us with personal contact details, rather than corporate business contact information, then such personal contact details as well. As such, the Personal Information we collect primarily used for regulating our employment relationships, recruitment processes and business relationships with our Customers, and vendors and/or suppliers which engage with us for the provision of services, goods or assets (each a “Vendor”).

What type of Personal Information do we process?

You provide most of the Personal Information related to you through the registration and login processes to our Services and through the submission of your details on our Site. Note, that you are not required by law to provide us with any information about you.

1. Personal Information obtained from Users about our Customers and about our Users’ engagement with our Services and Site:

• Usernames;
• E-mail addresses;
• The time and date of the log in; and
• The Internet Protocol (IP) address used to connect your access device to the Internet;

As part of our Services, our Users may provide us with Personal Information regarding our Customers’ own vessels, which includes but is not limited to the vessel’s beneficial owner, commercial and technical managers, commercial controller, operator, and ISM manager.

Details about the device, operation system and browser used by the User, such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.

To the extent that a Customer, or anyone on its behalf, has provided us with personal contact details, rather than corporate business contact information (e.g., [email protected]), then the aforementioned information will constitute Personal Information of such User. Please note  that to the extent that contact details provided by the Customer contain corporate business contact information, this would not qualify as Personal Information.

2.Personal Information about our Vendors’ and Customers’ representatives that is required for the provision of our Services or for our business engagement with them, such as: names, e-mail addresses and phone numbers.

In most cases the contact details information that we hold about our Vendors will not constitute Personal Information, whether because our Vendors are not individuals or because the information provided does not contain direct identifiers.

3.Personal Information related to employees and candidates.

As part of our ongoing employment relationship with our employees, we collect Personal Information regarding current and former employees, through our HR systems, as further detailed in our Employees Privacy Notice.

We collect Personal Information from job candidates, who can submit their application for certain available positions through the ‘Careers’ webpage on our Site. For further information please see our Candidates Privacy Notice.

4.Personal information we obtained from third parties data sources:

Such Personal Information comprised of name, identification number, address, vessel ownership data and business contact details and is being provide to our Customer through our Services.

5.We also offer, through the ‘Sign UP’ button on our Site, the opportunity to participate in our events, like webinars, through the ‘Subscribe’ button on our Site the opportunity to subscribe to our news-letters, and through the ‘Contact Us’ form and links to our corporate email address available on the Site, the opportunity to reach out to us. The Personal Information collected by us through these, will only be used for the purpose of evaluating the subject matter of such form and contacting the person who sent it.

The Services and Site are not directed to children under 16 years of age and we do not intentionally or knowingly collect Personal Information on such Users.

How do we collect the Personal Information?

We collect the Personal Information related to you, directly from you, when you log in to our Services, fill in a form on our Site or otherwise contact us through our Site.
We use a third party payment processor to process payments made to us. In connection with the processing of such payments, we will only receive your payment transaction details (for example, your name, the amount paid and the date of payment) and we will not collect your bank account details or credit card number, credit card type and expiration date. This information is stored only with our third party processor, Stripe, whose use of Personal Information related to you is governed by their privacy policy, which may be viewed at:  https://stripe.com/privacy.

Like many sites and services, we use “cookies” (for further information about cookies – see below), and we obtain information on your use of our Site and Services.

Processing Personal Information related to you is necessary in order to enable you to use the Site.

The purposes of use of the Personal Information

We use the Personal Information we collect for all of the following purposes:

• To provide and improve our Services;
• To send Service-related updates, notices and announcements;
• To maintain our Services;
• To study and analyze the functionality of the Service and Users’ activities;
• To provide Customer support;
• To manage our relationships with our employees and job candidates;
• To Manage business relationships with our Vendors and Customers;
• To comply with court orders and warrants, and assist law enforcement agencies and to take any action in any legal dispute and proceeding;
• For our record keeping and protection of our legal rights;
• For analytics purposes;
• For marketing analysis and marketing performance optimization; and
• To prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Services;

Subject to your consent, if such is required under applicable law, to send you e-mail or other messages and/or newsletters about us or our products and services, including through one of our service providers. At any time, you can unsubscribe from our mailing list by clicking on the unsubscribe link on the message;

We commit to process Personal Information solely for the purposes described  in  this  Privacy  Policy. To the extent relevant and possible, we will make efforts to maintain the Personal Information accurate, complete and up-to-date.

Cookies

We use cookies and similar tracking technologies to make sure that our Service is continuously improved and meets your needs.

Please view our Cookies and Similar Tracking Technologies Policy for more information on our use of cookies.

Sharing Personal Information with third parties

In certain instances, Windward will share Users’ Personal Information with third parties, such as:

• Vendors, business partners and our affiliates. We engage trusted third-party companies and individuals to facilitate or provide services on our behalf or to perform Site-related services and analysis for the purpose of providing and operating our Services. Such engagement will be only to the extent necessary and we require that such third parties comply with privacy and data protection.
• If you attend a webinar or event organized by us in collaboration with a third-party, e.g. a co-host or a sponsor, we may share your Personal Information with the co-host or the sponsor of the event. Only such information shared with us in connection with signing up to the webinar or event is shared. In such circumstances, your information will be subject to the co-hosts’ or sponsors’ own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to register for such jointly offered events.
• We use analytics tools (“Tools”) including “Google Analytics”, “MixPanel” and “Hubspot” to collect information about the use of our Site and Your  engagement  with these Tools through the Services and Site is governed by the privacy policies of the applicable third party.
  • Google’s ability to use and share  information  collected  by  Google  Analytics about your visits to the Services and Site is restricted by the  Google  Analytics Terms of Use located at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy located at http://www.google.com/policies/privacy/.
  • Mixpanel analytics  services and features that we use, are subject to Mixpanel’s relevant policies and agreements available here: https://mixpanel.com/legal/privacy-policy/.
  • Hubspot’s marketing services and features that we use, are subject to Hubspot’s relevant policies and agreements available here: https://legal.hubspot.com/privacy-policy.
• We share marketing conversion events with “Google ads” and “LinkedIn Ads” for marketing analysis and marketing performance optimization. We can use tracked conversions to measure the effectiveness of our ads, set custom audiences for ad targeting, dynamic ads campaigns, and analyze the effectiveness of our website’s conversion funnels. Such Personal Information shared with third parties is governed by the privacy policies of the applicable third party. This processing is only carried out with your consent in accordance with Art.6 para.1 of the GDPR.
  • Google’s ability to use and share information collected by Google Ads about your visits to the Services and Site is restricted by the Google Privacy Policy located at http://www.google.com/policies/privacy/. 
  • LinkedIn’s ability to use and share information collected by LinkedIn Ads about your visits to the Services and Site is restricted by the LinkedIn Privacy Policy located at https://www.linkedin.com/legal/privacy-policy.   
• We would disclose or use Users’ Personal Information to defend or enforce our legal rights and in accordance with any applicable law.
• We will  disclose,  share  or  transfer  Users’  Personal  Information  in  connection  with  a merger, acquisition, reorganization or sale of our assets or in the event of bankruptcy.

Cross-border transfer

We store and process information in various sites throughout the globe, including on sites operated and maintained by cloud-based service providers. If you are a resident in a jurisdiction where the transfer of your personal information to another jurisdiction requires your consent, then by agreeing to comply with this Privacy Policy, you provide us your express and unambiguous consent to such transfer.

Whenever we transfer Personal Information related to you to third parties based outside of the country you live in, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer Personal Information related to you to countries that have been deemed to provide an adequate level of protection for Personal Information by the European Commission or relying on another suitable legal basis.
• Where we use Vendors based in the US or a third country, we ensure that there is a lawful basis for the transfer (such as Standard Contractual Clauses as adopted by the European Commission, or a certification under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework), in order to safeguard the transfer of Personal Information we collect from the European Economic Area, the United Kingdom (the “UK”), and Switzerland.

How do we secure the Personal Information?

We maintain the confidentiality of Personal Information related to you and we take reasonable steps to ensure that the Information is accurate, complete, current and reliable for its intended use. We take reasonable measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

We have put in place appropriate physical, electronic and organizational procedures to safeguard and secure Personal Information related to you from loss, misuse, unauthorized access or disclosure, alternation or destruction.

These measures provide sound industry  standard  security.  However,  although  we  make  efforts to protect your privacy, we cannot guarantee that the Services or Site will be immune from cyber-attacks, malicious activities, malfunctions, honest mistakes or other types of abuse and misuse.

Aggregated and analytics information

We may use anonymous, statistical and aggregated data that we derive from the Personal Information related to you, to drive insights, statistics, trends and predictions for our internal use and may share it with our Customers, Vendors and business partners for lawful business purposes.

What are your choices?

At any time, you may opt-out of our mailing list, or request that the Personal Information related to you will not be shared with our affiliates, business partners, and Vendors, by contacting us. It may take up to ten (10) business days for your opt-out request to take effect. Please note that certain opt-out requests may require us to terminate your user account, for example, if transferring your personal details to a Vendor is essential to provide the Services.

You can exercise your choices by contacting the privacy team here.

Termination of the Services is subject to the terms of the Customer’s services agreement with us. We request and collect Personal Information that we need for the purposes described in this Privacy Policy. At any time, you can stop using the Site. Thereafter, we will stop collecting any respective Personal Information related to you.

However, we may store and continue using or making available certain Personal Information related to you. For further information, please read the Data Retention section in this Privacy Policy.

Some web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on the Service or through cross-site user tracking. Our Service and Site do not respond to DNT signals.

Accessing Personal Information related to you

If you find that the Personal Information that we keep about you is not accurate, complete or up-to-date, please provide us the necessary information to correct it.

At any time, you can contact us here and request to access the Personal Information that we keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under applicable law, will make good-faith efforts to locate the Personal Information that you request to access.

If you are eligible for the right of access under applicable law, you can obtain confirmation from us of whether we are processing Personal Information about you, and receive a copy of that data, so that you could:

• verify its accuracy and the lawfulness of its processing;
• request the correction, amendment or deletion of the Personal Information we keep about you, if it is inaccurate or if you believe that the processing of the Personal Information we keep about you is in violation of applicable law.

We will use judgement and due care to redact from the data which we will make available to you, Personal Information related to others.

Your rights as an EU data subject

Under EU data protection laws, Windward, will be considered a Data Controller as such term is defined therein, with respect to its Services and Site. We base our processing of Personal Information as a Data Controller on the following lawful grounds:

• All processing of Personal Information related to you which are not based on the lawful grounds indicated below, are based on your consent.
• We will process Personal Information related to our Customers’ end Users to perform the contract with Customers.
• We process your Personal Information as a preliminary necessary step prior to initiate an engagement with You.
• We will process Personal Information related to you to comply with a legal obligation and to protect your and others’ vital interests.
• We will rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
  • Communications with you, including direct marketing where you are a Customer’s end-User, or where you make contact with us through our Site and other digital assets;
  • Cyber security;
  • Support, customer relations, service operations;
  • Enhancements and improvements to yours and other Customers’ and Customers’ end-Users’ experience with our services;
  • Fraud detection and misuse of our Site and Services.

At any time, you can contact our Data Protection Team here and request to exercise your rights in accordance with the provisions provided by law:

• You are entitled to access the Personal Information that we keep about you. We may need to ask you to provide us certain credentials to make sure that you are who you claim you are. If you find that the Personal Information related to you is not accurate, complete or updated, then please provide us the necessary information to correct it.
• You can contact us if you want to withdraw your consent to the processing of Personal Information related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
• You are entitled to request to delete or restrict access to Personal Information related to

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions under the law, you are entitled to request to be informed that third parties that hold Personal Information related to you, in accordance with this Privacy Policy, will act accordingly.

• You are entitled to request the transfer of Personal Information related to you in accordance with your right to data portability.
• You are entitled object to the processing of Personal Information related to you for direct marketing purposes.
• You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting You.
• You have a right to lodge a complaint with a data protection supervisory authority.
• We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this Privacy Policy, to update the Privacy Policy when needed, and to verify that the Privacy Policy is displayed properly and accessible.
• If you have any concerns about the way we process Personal Information related to you, you are welcome to contact our Privacy Team here or write to us to: Windward Ltd., Mermaid House, 2 Puddle Dock, London, EC4V 3DB, UK,

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.

Data retention

We retain different types of Personal Information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements.

We will maintain your contact details, to help us stay in contact with you. At any time before or   after the termination of the Services, you can contact our Privacy Team here and request to delete your contact  details.  Note that we may keep your details without using  them unless necessary, and for the necessary period of time, for legal requirements and proceedings.

We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable Personal Information, when we no longer need to process the information.

In any case, as long as you use the Services, we will keep information about you, unless the law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this Privacy Policy.

Changes to this Privacy Policy

From time to time, we will need to update this Privacy Policy. If the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Services’ platform and/or Site, or after we send you the notice through email. Substantial changes will be effective 30 days after we initially posted our notice.

Until the new policy takes effect, you can choose not to accept it and terminate your use of the Service or Site. Continuing to use the Service or Site after the new Privacy Policy takes effect means that you agree to the new Privacy Policy. Note that if we need to adapt the Privacy Policy to legal requirements, the new Privacy Policy will become effective immediately or as required.

Contact Us

To address any questions, comments, or concerns related to this Privacy Policy, please send a detailed message to the Windward privacy team. You can also contact our EU representative or our UK representative.

This Privacy Policy was last updated on September 10, 2024