Privacy Policy for the Assessment Service

How the Service Works

1. For seafarers of our contractual clients (ship management companies)

1.1 Submission of seafarer data at OSIS

By completing seafarer data at the STS experts Portal or through the assessment service, you provide your consent in line with the applicable European General Data Protection Regulation (GDPR), for the collection, retention and processing of Personal Information.

1.2 Personal data at OSIS (for seafarers of our client Ship Owners)

We would like to inform you that we exercise our due diligence to retain your personal data and past STS experience safe. Our servers are hosted in cloud and access is restricted only to registered and screened users. Your data are not part of a public domain. The personal data submitted at OSIS consist of your Name, Surname, Rank (at the time of submission), nationality and date of birth (DOB). Nationality and DOB are collected in order to verify that your identity does not coincide with the identity of a seafarer with the same Name and Surname with yours. After registering you to OSIS we issue a unique onlineSTS ID number which is thereafter be utilized for identification purposes.

1.3 Why you submit above personal data (for seafarers of our client Ship Owners)

The reason for submitting above data is to collect, retain and process your STS experience in order to be utilized by your employer (Management Company) towards consolidating and generating STS experience Matrices, in case it will be requested, in future STS Operations. Furthermore, each seafarer has the right to access his personal data and STS experience through the service of DYNAMARINe. Upon registration of individual seafarers’, a certificate of past STS experience is available, as recorded at OSIS.

1.4 Data ownership

Each Seafarer is the sole owner of his data as recorded at OSIS. The decision for sharing these data with your contractor rests with you and unless you otherwise inform (by email to, DYNAMARINe shall share your past STS experience with your current contractor (Management Company).

1.5 How can you remove/amend all your personal data and past sts experience from OSIS?

In order to remove or amend your personal data, you have to register to, verify your identity and thereafter request deletion or amendment (by an email to of your profile from OSIS platform. Past STS experience data may still be available to your contractor (Management Company), as they consist part of the STS records. For further information please read our Terms and Conditions.

2. Privacy notice for POACs (STS Superintendents) (Please access here)

3. How the STS Service Works for POACs (STS Superintendents)

3.1 Description of the Service

The Service is entitled “Screening and Risk Assessment Service in STS operations”. It analyses the risk of STS elements during ship to ship transfer operations and maintains at OSIS database records associated with the past STS events between participating vessels including personal data for POAC. The service is provided to clients of DYNAMARINe who have a legitimate interest in STS operations. The service includes a process of POAC personal data (see section 3.5) in order to extract the risk profile of the individual in accordance with applicable legislation (see section 3.4) The service is innovative and currently offered globally to clients, only by DYNAMARINe, since 2011. To our knowledge, there is no other organization worldwide offering a similar service.

3.2 Due diligence

DYNAMARINe has exercised due diligence in developing the material of this content, by consulting our legal partners in Greece, UK, and SINGAPORE. We had also registered OSIS database since 2012 under the Hellenic Data Authorities from which we have had obtained the consent of operation. A relevant compliance note had been issued to DYNAMARINe from the authorities, which is available to its clients. DYNAMARINe has also received legal advice with respect to the GDPR compliance and we have made sure that our service is in accordance with the requirements of the European regulation. Furthermore, we have consulted IACS recognized organizations whose advice regarding the developed processes of the service, is consistent with the functions of OSIS database.

3.3 Purpose of the Service

The purpose is to provide service to clients.

3.4 Scope

The scope of the provided service is described within the following points:
  1. To provide a platform for record keeping as well as the statistical process of the records following the completion of an STS Operation
  2. To support clients with risk profile data of involved STS elements, including the POAC experience and his past assessment (PART C reports), towards ensuring that safety is not compromised by the involvement of third parties, not controlled by the client’s policies and procedures.

3.5 Personal data included at OSIS database of DYNAMARINe.

The personal data of the POAC are the following:
  1. The name/surname of the POAC
  2. POAC experience
  3. The assessment of his services by the Master. The assessment of the POAC consist of the master opinion with respect to the following:
    • Was the POAC fluent in communicating with officers? [YES/NO]
    • Has the master exercised his overriding authority towards POAC advice? [YES/NO]
    • Was the master satisfied from the POAC with respect to the following? [YES/NO]
      • Navigational Ability
      • Decision Making
      • Advisory initiative
      • Advice on coastal state rules and regulations

3.6 Are the personal data of section 1 sensitive data?

According to Article 4(13), (14) and (15) and Article 9 and Recitals (51) to (56) of the GDPR personal data of section 3.5 are not sensitive.

3.7 Collection of Personal data

Personal data are collected after the completion of the STS operation from the client of DYNAMARINe, through his master. The master is requested to submit to OSIS an assessment form of all STS elements including POAC personal data. It also possible to collect the same personal data of the POAC from the master of the participating vessel since the client invites the participating master, as a best practice, to submit his assessment for the STS operation at OSIS.

3.8 Information conveyed to the individual (POAC) after collection of his personal data

It is not possible to inform the individual (POAC) after collecting his personal data since we do not have his contact details. Instead, DYNAMARINe informs his principals (STS Service Provider) who in return have the POAC contact details. We also provide instructions on how they can gain access to the data we have at OSIS and provide them also the option to register their feedback/opinion about the assessment received. Information about the personal data of POAC is passed to the principals (STS Service Provider) of the POAC in less than 30 days from the collection of data. Usually the notice is sent within 7-10 days after the completion of the STS operation. In case you wish to be informed timely, please register with the STS Experts and we shall contact you immediately when we receive an assessment for your valuable services delivered to our clients.

3.9 How personal data are being utilised and when

POAC personal data collected by the client are not disclosed to any third party, other than the principal of the POAC (STS Service Provider) as outlined at section 3.8. POAC personal data are available, through OSIS, to the client who provided the data. Each client has access to his own data as part of the record keeping process. DYNAMARINe processes the personal data of a POAC, when requested by the client, in order to produce an assessment form (PART C) with respect to his experience and performance for the scope mentioned at 3.4. Such assessment form provides an aggregated analysis of all personal data available at OSIS, without disclosing the raw data.

3.10 Duration of personal data kept at OSIS

The duration of personal data kept at OSIS is 10 years. These personal data are utilised for estimation of POAC experience and risk. Basically, the risk assessment process (PART C) is concerned with observing the client’s activities and STS operations, identifying what might go wrong, and deciding upon what should be done in order to mitigate the risk and/or comply with the applicable regulations. According to the International Maritime Organization (IMO), risk is the "combination of the frequency and the severity of the consequence". DYNAMARINe considers that 10 years is an adequate period to retain personal data of POAC to have an adequate sample for the "frequency" element of the risk assessment.

3.11 Deletion of Personal data

Personal data are automatically being deleted after the period mentioned at 3.10.

3.12 Access to personal data

Should it be requested, the POAC may be granted access to his personal data at OSIS. There are provisions within the processes of DYNAMARINe to provide such access, subject to prior verification of the POAC identity. In order for the POAC to access his personal data, he has to follow the process described at If a request of contact for a POAC is made by a third party organization we require the following:
  • Authenticated letter from the POAC mentioning the request and the relation with the third party.
  • Authenticated proof of the relation

3.13 Registered processes at OSIS

The following paragraphs describe the existing processes associated with POAC personal data.
  1. Collection of personal data from the client and or the participating vessels’ master.

    Personal data are collected directly from the client’s Master and/or the Master of the participating vessel along with the assessment form that follows the completion of the STS operation. The assessment forms have a unified format and arrive by email.

  2. Registering of personal data at OSIS

    Registration of assessment forms take place through a semi-automated process, undertaken by DYNAMARINe employees which includes a validation process of the provided data.

  3. Notifying the STS Service Provider

    After the assessment form is registered at OSIS, the platform informs the STS Service provider of the outcome of the assessment of provided services, including POAC personal data. In case the Name/ Surname of the POAC is not spelt correctly, there is a process in place to correct it. The process of section 3.8 takes place at this stage.

  4. Access at OSIS to the Client

    Clients are granted access at OSIS when they sign up to the service described at 3.1. Clients have access to their own records as part of the scope described at section 3.4-1.

  5. Access at OSIS to the STS Service Provider

    The STS service provided has the option, at his discretion, to obtain access to OSIS data. The process of doing so is explained at the message conveyed, as described in paragraph 3.8.

  6. Access at OSIS to the POAC

    Should the POAC requests access to his OSIS data, there are provisions in allowing him to do so according to provisions of section 3.12.

  7. Deletion of Personal Data

    Personal data are automatically being deleted after the duration mentioned in section 3.10

3.14 Security of Personal Data

Personal data are stored online at cloud servers with restricted access. All users have their own credentials to have access to a personal workstation, corporate software. Access is granted only from the IT department. We have made every possible effort to utilise the latest technology security to keep your data safe. We have implemented processes, developed (or purchased) state of the art security protocols/means/software for all relevant processes shown, without being limited to the following:
  1. User Logon ID's;
  2. Employee confidentiality agreement;
  3. Antivirus software;
  4. Web server security;
  5. HTTPS Protocol for secure communication over the internet;
  6. Database information/ Personal data/ encryption;

3.15 Impact Assessment on the POAC personal data

(a) What happens when the aggregated POAC experience conveyed through OSIS to the client, does not satisfy the requirements of reference of MARPOL?

The STS Service provider is requested to submit POAC complete past STS experience, as this will include records beyond those included at OSIS. OSIS includes only the records of the enrolled clients and some of the participating vessel’s client.

This process does not affect the rights and freedom of POAC.
Many POACs are already registered with the stsexperts service and have made use of OSIS database. The system also provides tools for your personal benefit and development of your CV and future carrier. While considering that the provisions of this service include a process to limited personal data of yours, in-line with the provisions of GDPR, think of the benefits this service introduces to this industry, when it sets standards towards isolating and avoiding substandard practices.

For further inquiries on how the service operates please contact us at

We thank you for reading this self-explanatory document.

Last updated: Wednesday 11th December 2019