Who we are
RiteCrew Apply (this portal) is operated by Rite Software OÜ, an Estonian company governed by EU data protection law. We act as the data controller for the personal data you submit through this portal, on behalf of the maritime operators we manage crewing for.
For privacy questions, write to privacy@ritecrew.net. We respond to verified requests within one month.
What we collect
We only ask for what crewing recruiters genuinely need to assess your file and bring you into the RiteCrew CRM after you're approved:
- Identity. Legal name, date and place of birth, nationality, citizenship, gender, a passport-style photo.
- Contact. Email and (optionally) phone number, both verified by one-time code.
- Professional history. Rank applied for, total months at sea, sea-service records (vessel name, flag, dates, rank held).
- Documents. CV, STCW and competency certificates, medical certificates, passports, references, flag-state endorsements, and any free-form documents you attach.
- Emergency contacts. Names and phone numbers you list so we can reach in case of an emergency at sea.
- Operational metadata. Account creation date, last sign-in.
We do not collect cookies for advertising or run third-party analytics on this portal.
Why we process it
Your data is processed on the lawful bases of contract (we cannot match you to a vessel without it) and consent (you tick the GDPR box when you register). You can withdraw consent at any time by emailing us; we then delete your file.
Where it lives
All applicant data is hosted on AWS infrastructure in the European Union. Uploaded files (passports, certificates, CV, photo) are stored on encrypted S3 buckets with private access. Daily encrypted backups are taken and retained for 30 days.
Database access is restricted to RiteCrew operations staff under a least-privilege policy. Every status change and every recruiter who opens your file is recorded in an immutable audit log, attributed to a named admin account.
Who sees it
After submission, only approved RiteCrew recruiters authorised on the application can review it. Once an admin approves your application, your details are imported into the RiteCrew CRM so the operating company you're assigned to can issue contracts and arrange travel.
We do not sell, share, or commercially exchange applicant data with third parties. The only subprocessors that touch your data are infrastructure providers we contractually require to be GDPR-compliant:
- Amazon Web Services EMEA - hosting, file storage, encrypted backups (EU-only).
- Resend or your operator's SMTP provider - transactional email (verification codes, status updates).
- Twilio or GatewayAPI - SMS verification codes (when SMS verification is enabled).
How long we keep it
Draft applications - kept while you're still working on them. If you don't sign in for 24 months we send a reminder; after 30 days of no response, the draft is deleted.
Submitted but not yet approved - kept for up to 12 months after submission so recruiters can return to the file. You can ask us to delete it sooner.
Approved applicants - data is transferred to the operator's CRM under their own retention policy, and the portal copy is deleted within 12 months.
Your rights
Under the GDPR you can ask us to:
- Access a copy of your data (export as JSON + file bundle).
- Correct anything inaccurate - or simply edit it yourself while your application is in draft.
- Delete your account, application, and all attached files. Email privacy@ritecrew.net from the address on your account; we complete deletion within 30 days.
- Restrict or object to processing, including opting out of any non-essential communications.
- Port your data to another crewing system in a machine-readable format.
- Complain to the Estonian Data Protection Inspectorate or your local supervisory authority if you believe we're mishandling your data.
Security
All traffic between your browser and the portal is encrypted in transit (TLS 1.2+). Uploaded files are encrypted at rest. Access is passwordless for applicants - we never store applicant passwords - and admin access uses email + password plus session expiry. We never email your password or share verification codes over voice channels.
Children
The portal is intended for working seafarers aged 18 or over. We do not knowingly collect data from anyone under 18. If you believe a child has registered, please contact us and we will delete the account.
Changes to this notice
We update this notice when we change how we process applicant data. The current version applies from the date at the top of this page. If a change materially affects you (e.g. a new subprocessor), we notify you by email before it takes effect.
Contact
For data protection queries, requests, or complaints:
privacy@ritecrew.net
Rite Software OÜ, Tallinn, Estonia. General contact form.