Privacy Policy

Privacy Policy 

LAST UPDATED: 19 September 2025

Who we are. Polstrom Limited (trading as Polstrom) (“we”, “us”, “our”). Registered  in New Zealand. NZBN [9429053048127].

Contact: contact@polstrom.com 

We respect your privacy and are committed to protecting personal information. This policy explains how we collect, use, disclose, and safeguard information when we recruit, place, and (where applicable) employ seafarers across New Zealand and Australia.

1) Scope & who this covers

This policy applies to:

  • Crew / candidates / seafarers (including referees you nominate)

  • Clients / operators / suppliers (business contacts)

  • Employees / contractors of Polstrom

  • Website users of www.polstrom.com 

We handle information under the New Zealand Privacy Act 2020 and the Australian Privacy Act 1988 (Cth) (including the Australian Privacy Principles).

2) What we collect

We collect the minimum information necessary to provide services and meet legal/industry requirements.

Identity & contact: anime, date of birth, nationality, contact details, address, emergency contacts, next of kin.

Work & credentials: CV, qualifications/CoCs (e.g., STCW; AMSA/MNZ), sea-service records, licences/passes (e.g., MSIC) induction/training records (e.g., BOSIET/HUET/FOET).

Right-to-work & checks: visa/entitlements (VEVO/VisaView), identity verification, reference checks; background checks where lawful and required.

Health information (sensitive): medical fitness certificates (e.g., AMSA/OGUK) and test results only where required for a role or by law.

Assignment & Payroll (if we employ you): rosters, timesheets, travel and expenses, bank details, tax and super/Kiwisaver details, incident reports.

Client/operator data: company details, contact roles, project/vessel requirements, purchase orders, billing details.

Website/IT: IP address, device/browser data, cookies/analytics, security logs.

We collect information directly from you, from referees you nominate, from public sources (e.g., maritime registers), and from service providers (e.g., medical, training, right-to-work, and background check providers).

3)How we use information 

  • Recruitment & placement:  assessing suitability, submitting you to roles discussed, coordinating interviews/offers.

  • Onboarding & assignment administration: credential verification, mobilisation/demobilisation, travel, inductions.

  • Employment & payroll (if applicable): paying wages and entitlements, STP/payday filing, super/KiwiSaver, tax, workers’ compensation/ACC.

  • Compliance & safety: meeting legal, regulatory and industrial obligations (MLC, STCW, WHS/HSW), incident reporting and investigation.

  • Business operations: billing and collections, insurance, audits, quality/security improvement, training, and record keeping.

  • Communications & marketing: contacting you about suitable roles or updates (you can opt out at any time).

  • Website/IT security: operating and improving our site and systems.

No fees to seafarers (MLC RPS). We do not charge seafarers any recruitment or placement fees. See our Complaints Procedure for concerns.

4) Legal bases for processing

Depending on the context, we rely on one or more of:

  • Consent (e.g., contacting referees; sharing your CV with named client(s)l certain health data)

  • Contract (to take steps at your request prior to entering a contract and to perform a contract with you)

  • Legitimate interests (running a recruitment/crew-management business, ensuring safety/security) balanced against your rights

  • Legal obligations (employment, tax, super/KiwiSaver, health & safety, immigration, workers’ compensation/ACC)

Where required, we’ll obtain explicit consent for sensitive information and you may withdraw consent at any time (this may affect our ability to progress your applicaiton).

5) Disclosing your information

We disclose information only as needed for the purposes above, including to:

  • Client operators for roles we have discussed with you.

  • Service providers under contract: medical and testing providers, training centres, background/ID/RTW check providers, travel and accommodation partners, payroll/HR systems, cloud/IT vendors.

  • Regulators and insurers where required e.g., AMSA, Maritime NZ, immigration and tax authorities, ACC, state workers’ compensation regulators (and Seacare where applicable), and our insurers/brokers.

  • Professional advisors (legal, accounting, auditors).

  • Group entities (if any) for administration under equivalent safeguards.

We do not sell personal information. We require service providers to protect information and use it only for our purposes.

6) Overseas transfers

We may store or process information in New Zealand, Australia, and other countries where our trusted cloud and service providers operate (e.g., Google Workspace, payroll platforms). When information is transferred overseas, we take reasonable steps to ensure appropriate protections are in place (e.g., contractual data-processing terms, access controls, encryption).

7) Retention

We keep information only as long as necessary for the purposes collected and to meet legal/insurance obligations, then securely delete or de-identify it. Typical retention periods:

  • Recruitment/placement records: up to 7 years after last activity.

  • Payroll/HR and safety records: as required by law (jurisdiction-specific).

  • Medical/test results: minimum period required for legal/insurance purposes.

8) Security

We maintain administrative, technical and physical safeguards aligned with ISO 27001 principles (e.g., MFA, role-based access, encryption provided by vendors, secure backups, incident response). No system is perfect; if a notifiable privacy breach occurs, we will follow applicable NZ/AU notification requirements.

9) Your rights

Subject to law, you can request access, correction, deletion or restriction/objection to certain processing, and you can opt out of direct marketing at any time.

  • New Zealand: if unresolved, you can contact the Office of the Privacy Commissioner (privacy.org.nz).

  • Australia: if unresolved, you can contact the Office of the Australia Information Commissioner (oaic.gov.au).

To exercise your rights, email contact@polstrom.com 

10) Cookies and analytics

We use cookies to help our site function and to understand usage (e.g., Google Analytics, LinkedIn Insight Tag). You can adjust preferences via our Cookie Settings link or your browser. See our Cookies Notice for details.

11) Direct marketing

We send job alerts or updates with your consent or as otherwise permitted. You can email contact@polstrom.com to unsubscribe.

12) Complaints

If you have a privacy concern, contact our Privacy Officer at contact@polstrom.com. We aim to acknowledge within 2 working days and respond within 10 working days (or we’ll let you know if more time is needed). If you’re not satisfied, you can contact the regulator listed under Your rights.

13) Changes to this policy

We may update this policy from time to time. The latest version will always be available on our website with the effective date shown at teh top.

14) How to contact us

All enquiries: contact@polstrom.com