Octopus AIMaritime
← Back to Maritime

Privacy Policy

Last updated: February 14, 2026

1. Data Controller

Octopus AI ("we", "us") operates the Octopus AI Maritime platform. For data protection inquiries, contact: companies@octopus-ai.net

2. Data We Collect

When you apply through our maritime candidate intake, we collect:

  • Identity data: First name, last name
  • Contact data: Email address, phone number
  • Professional data: Seafarer rank, experience years, certificates held, English proficiency level
  • Assessment data: Interview responses, competency scores, decision outcomes
  • Source data: How you found us (referral channel)
  • Consent records: Timestamps and versions of consent given

3. Legal Basis for Processing

GDPR (EU/EEA Candidates)

We process your data based on your explicit consent (Article 6(1)(a) GDPR) provided during registration. You may withdraw consent at any time.

KVKK (Turkish Candidates)

We process your data based on your explicit consent under KVKK Article 5(1). Turkish data subjects have additional rights under KVKK Article 11.

4. How We Use Your Data

  • To conduct competency-based assessment interviews
  • To score and evaluate your suitability for maritime positions
  • To present your profile to potential employers (with your consent)
  • To communicate assessment results and job opportunities
  • To improve our assessment algorithms (using anonymized, aggregated data only)

5. Data Sharing

We share your assessment profile with potential employers only when you are presented as a candidate. Shared data includes: name, rank, experience, assessment scores, and English level. We never sell your personal data.

6. Data Retention

See our Data Retention Policy for detailed retention periods. In summary:

  • Active candidate data: retained while you are in the talent pool
  • Assessment data: retained for 24 months after last activity
  • Hired candidate data: retained for 36 months for outcome tracking
  • You may request deletion at any time

Data Retention Policy

7. Your Rights

Under GDPR and/or KVKK, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, email companies@octopus-ai.net with subject "Data Rights Request".

8. Security

We implement industry-standard security measures including encrypted data transmission (TLS 1.2+), access controls, structured logging without PII, and regular security reviews.

9. International Transfers

Your data is processed on servers located in the EU/Turkey. If data needs to be transferred outside these regions, we ensure appropriate safeguards are in place.

10. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated date. Significant changes will be communicated via email.

11. Contact

For privacy-related questions:

companies@octopus-ai.net