SeaLex Privacy Policy

Effective Date: 21-Feb-2026

Last Update: 21-Feb-2026

1. Introduction and Scope

This Privacy Policy explains how SeaLex collects, uses, stores, discloses, and otherwise processes personal data in connection with the use of the SeaLex digital platform, website, applications, and related functionalities (collectively, the “Platform”).

This Privacy Policy applies to:

• registered users and members,
• trial users,
• visitors to the Platform,
• and any individual who communicates with SeaLex in connection with the Platform
  (each referred to as a “User”).

This Privacy Policy governs only the processing of personal data carried out by SeaLex in its capacity as a data controller. It does not regulate contractual matters, the nature of services accessed through the Platform, or relationships between Users and third parties.

This Privacy Policy must be read together with the SeaLex Terms & Conditions and the Cookie Policy, which govern other aspects of the use of the Platform. 

By accessing or using the Platform, Users acknowledge that they have read and understood this Privacy Policy. The processing of personal data is carried out in accordance with the legal bases described herein.

2. Data Controller

For the purposes of applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), SeaLex acts as the data controller with respect to the personal data processed under this Privacy Policy.

Data Controller: SeaLex doo Bar
Registered address: Vladimira Rolovica F2, 85000 Bar, Montenegro
Email address: General contact form

SeaLex determines the purposes and means of processing personal data in accordance with this Privacy Policy and applicable law.

3. Categories of Personal Data Processed

SeaLex processes personal data in a manner that is adequate, relevant, and limited to what is necessary in relation to the purposes described in this Privacy Policy. The categories of personal data processed depend on how Users interact with the Platform and which functionalities they choose to use.

3.1 Personal Data Provided Directly by Users

SeaLex processes personal data that Users voluntarily provide in the course of creating and managing accounts, subscribing to memberships or trial access, communicating with SeaLex, or otherwise interacting with the Platform.

Such data typically includes basic identification and contact information, account and membership-related details, and information necessary for authentication and access management. Where applicable, this may also include billing-related information, which is processed through third-party payment service providers, as well as identification data submitted for verification purposes in connection with compliance or security requirements.

For the purposes of identity verification and compliance checks, SeaLex may require Users to submit copies or images of official identification documents, such as passports or national identity cards. Such verification is carried out solely to confirm the identity of Users and to comply with applicable legal, security, or contractual requirements.

Users may also voluntarily submit communications, documents, or other information through the Platform. The scope and content of such information are determined solely by the User.

Where Users choose to submit a request to be connected with or assisted by independent third parties through the Platform, SeaLex may process additional case-related information voluntarily provided by the User. This information may relate, for example, to the User’s position, rank, and duties on board a vessel; details concerning a vessel (such as its name, flag, type, or operational status); information relating to shipowners, operators, managers, employers, or other commercial entities; and contractual, employment, incident-related, or factual background information relevant to the User’s matter.

The provision of such case-related information is not mandatory. However, the extent and quality of the information voluntarily provided by the User may affect the ability of independent third parties to assess the matter and provide assistance.

3.2 Personal Data Collected Automatically

When Users access or use the Platform, SeaLex automatically collects certain technical and usage-related data generated through the interaction between the User’s device and the Platform.

This data may include information such as IP addresses, device identifiers, browser type and version, operating system, access timestamps, usage logs, and similar technical data. Such information is processed to ensure the proper functioning, security, and performance of the Platform, as well as to detect and prevent misuse or unauthorized access.

Information collected through cookies and similar technologies is addressed separately in the Cookie Policy.

3.3 Case-Related and Communication Data

In connection with the operation of the Platform, SeaLex may process information submitted by Users through contact forms, questionnaires, or intake forms made available on the Platform. These forms are designed to allow Users to voluntarily provide information that may be relevant to their request for assistance or communication with independent third parties.

SeaLex may also process communications and documents transmitted through Platform functionalities where such transmission is initiated by the User. The completion of contact forms, questionnaires, and the submission of documents or messages through the Platform are entirely voluntary.

SeaLex processes this information strictly for platform-operational, administrative, and technical purposes, including enabling the transmission of information in accordance with the User’s instructions. SeaLex does not assess, verify, or determine the legal relevance, accuracy, or completeness of the information provided, nor does it participate in any substantive evaluation of the User’s matter.

3.4 Special Categories of Personal Data

In limited circumstances, personal data processed through the Platform may include special categories of personal data within the meaning of Article 9 GDPR.

Such data is processed only where it is necessary for the establishment, exercise, or defense of legal claims, or where processing is otherwise permitted under applicable law. In all cases, SeaLex applies appropriate safeguards and limits the processing of such data to what is strictly necessary for the relevant purpose.

4. Purposes of Processing

SeaLex processes personal data solely for specified, explicit, and legitimate purposes, and only to the extent necessary to operate and maintain the Platform and its related functionalities.

Personal data is processed in order to enable Users to create and manage accounts, access membership features, and use the technical and administrative functionalities made available through the Platform. This includes the administration of subscriptions, access rights, point-based systems, and other membership-related features, as well as the handling of communications between Users and SeaLex.

Where Users voluntarily choose to submit information through contact forms, questionnaires, or intake forms, SeaLex processes such information for the purpose of facilitating communication and the transmission of information to independent third parties designated by the User. The submission of such information is optional and initiated at the discretion of the User. SeaLex does not evaluate, verify, or determine the substantive relevance of the information provided, nor does it participate in or influence any subsequent assessment performed by independent third parties.

SeaLex also processes personal data for operational and security-related purposes, including maintaining the functionality, integrity, and security of the Platform, preventing fraud, misuse, or unauthorized access, and monitoring compliance with applicable policies and terms. In addition, personal data may be processed to respond to inquiries, provide user support, improve Platform performance, and comply with applicable legal and regulatory obligations.

SeaLex does not process personal data for purposes that are incompatible with those described above.

5. Legal Bases for Processing

SeaLex processes personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and relies on one or more lawful bases set out in Articles 6 and, where applicable, Article 9 GDPR.

In most cases, processing is necessary for the contract governing access to and use of the Platform, or in order to take steps at the request of the User prior to entering into a contract. This includes the creation and management of user accounts, administration of memberships and subscriptions, and provision of access to Platform functionalities.

Certain processing activities are carried out in order to comply with legal obligations to which SeaLex is subject, including obligations relating to accounting, taxation, regulatory compliance, and lawful requests from competent authorities.

SeaLex may also process personal data where such processing is necessary for the purposes of its legitimate interests, provided that those interests are not overridden by the fundamental rights and freedoms of Users. Legitimate interests may include ensuring the security and integrity of the Platform, preventing fraud or abuse, improving Platform functionality, and managing internal administrative and operational processes.

Where required by applicable law, SeaLex processes personal data on the basis of the User’s consent. Where processing is based on consent, Users have the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

In limited circumstances, SeaLex may process special categories of personal data in accordance with Article 9 GDPR. Such processing is carried out only where it is necessary for the establishment, exercise, or defense of legal claims, or where otherwise permitted under applicable law, and is subject to appropriate safeguards.

6. Sharing of Personal Data and Recipients

SeaLex does not sell personal data and does not disclose personal data to third parties for their own independent commercial purposes.

Personal data may be shared or disclosed by SeaLex only where necessary for the operation of the Platform, for the fulfillment of User instructions, or in order to comply with applicable legal obligations. Any such disclosure is carried out in accordance with this Privacy Policy and applicable data protection laws.

Where Users choose to use Platform functionalities that involve communication or the transmission of information to independent third parties, SeaLex may disclose personal data to such third parties solely in accordance with the User’s instructions. In such cases, SeaLex acts only as a technical and administrative intermediary and does not control how independent third parties subsequently process the data received.

SeaLex may also share personal data with trusted service providers that support the operation of the Platform, such as hosting providers, information technology service providers, payment processors, or identity verification providers. These service providers act on behalf of SeaLex and process personal data only in accordance with SeaLex’s instructions and applicable data processing agreements, which impose appropriate confidentiality and data protection obligations.

In addition, SeaLex may disclose personal data where such disclosure is required by law, regulation, or a valid request from a competent public authority.

7. International Data Transfers

SeaLex is established in Montenegro, which is not a member of the European Economic Area (EEA). The operation of the Platform and the nature of its Users mean that personal data may be processed, accessed, or transmitted across multiple jurisdictions.

In particular, Users of the Platform may be located in different countries or regions around the world, including while working at sea or temporarily present in ports or offshore locations. As a result, personal data may be transmitted between Montenegro, the EEA, and other jurisdictions depending on the User’s location, the location of independent third parties designated by the User, and the technical infrastructure used to operate the Platform.

Where personal data is transferred from the EEA to Montenegro or to any other jurisdiction outside the EEA, SeaLex ensures that such transfers are carried out in accordance with applicable data protection laws and subject to appropriate safeguards. These safeguards may include the use of Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms recognized under the GDPR.

SeaLex does not engage in international or cross-border processing of personal data unless such processing is permitted under applicable data protection laws and appropriate safeguards are in place.

8. Data Retention

SeaLex retains personal data only for as long as necessary to achieve the purposes for which the data was collected and processed, as described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

Account-related and membership data is generally retained for the duration of the User’s account or membership relationship with SeaLex and thereafter for any applicable statutory retention periods. Case-related information and communications submitted through the Platform are retained only to the extent necessary for Platform operation, the fulfillment of User instructions, or compliance with legal or regulatory obligations.

Certain categories of data, such as billing and financial records, may be retained for longer periods where required by accounting, tax, or other mandatory legal requirements.

When personal data is no longer necessary for the purposes for which it was processed, SeaLex takes appropriate measures to securely delete, anonymize, or otherwise render such data inaccessible.

9. User Rights

Users have certain rights in relation to the personal data processed by SeaLex, in accordance with applicable data protection laws, including the GDPR.

Subject to the conditions and limitations set out in applicable law, Users have the right to request access to their personal data and to obtain information about how such data is processed. Users may also request the rectification of inaccurate or incomplete personal data, the restriction of processing in certain circumstances, or the erasure of personal data where there is no longer a lawful basis for its processing.

Where applicable, Users have the right to object to the processing of their personal data or to request the portability of personal data that they have provided to SeaLex. Where processing is based on consent, Users may withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.

Requests relating to the exercise of User rights may be submitted by contacting SeaLex at support@sea-lex.com. SeaLex may take reasonable steps to verify the identity of the requesting individual before responding to such requests.

Users also have the right to lodge a complaint with a competent supervisory authority if they believe that their personal data has been processed in violation of applicable data protection laws.

10. Data Security

SeaLex implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration, including access controls, encryption, and secure infrastructure.

While SeaLex strives to protect personal data, no system can be guaranteed to be fully secure.