General Data Protection and Privacy Policy for MARPRO Group

1. Introduction
MARPRO Group is a specialized consulting firm operating primarily in the maritime sector, offering recruitment and related services.
This Privacy Policy explains how we collect, process, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection legislation.

MARPRO Group operates the following websites:

  • www.marprogroup.com
  • www.maritime-professionals.com
  • careers.marpro-group.com (operated via an external Applicant Tracking System)

We are committed to ensuring transparency and protecting personal data.

2. Data Controller
MARPRO Group is the data controller.

Contact:

Email: info@marprogroup.com
Address: Klostermosevej 140, 3000 Helsingør, Denmark

Data Protection Responsible:
Jakob le Fevre, Managing Director

3. Purpose of Processing

We process personal data for the following purposes:

Recruitment Services:

  • Matching candidates with job opportunities
  • Evaluating qualifications
  • Communicating during recruitment processes

Communication:

  • Responding to inquiries
  • Providing support

Marketing:

  • Sending newsletters, subject to consent
  • Website Improvement
  • Analytics and optimization

Legal & Administrative:

  • Compliance with legal obligations
  • Documentation and dispute handling

4. Legal Basis for Processing

We process personal data based on:

Article 6(1)(b) GDPR – Pre-contractual measures
→ When you apply for a job

Article 6(1)(a) GDPR – Consent
→ For marketing and for sharing beyond a specific recruitment

Article 6(1)(c) GDPR – Legal obligation

Article 6(1)(f) GDPR – Legitimate interests
→ Operating and improving services

5. Processing of Candidate Data and Presentation to Clients

Applications for Specific Positions

When you apply for a specific position via MARPRO Group:

We process your personal data as part of taking steps at your request prior to entering into a potential employment contract (Article 6(1)(b) GDPR).

As part of this process:

  • Your CV, application, and relevant information will be reviewed
  • Your profile may be presented to the client responsible for that specific recruitment assignment

Important clarification:

By applying for a specific position:

  • You acknowledge and expect that your application will be shared with the hiring client
  • This sharing is necessary to evaluate your candidacy
  • The client acts as an independent data controller

This means:

  • No separate consent is required for this specific purpose
  • The legal basis is contractual necessity (Art. 6(1)(b))

Sharing for Other Roles (Consent Required):

If we wish to:

  • Present your profile to other clients
  • Include you in general candidate searches or databases

We will only do so with your explicit consent (Art. 6(1)(a)).

You may withdraw this consent at any time.

6. Categories of Personal Data

We may process:

Candidate Data:

  • Name, email, phone
  • CV, work experience, education
  • Skills and qualifications
  • Interview notes

Technical Data:

  • IP address
  • Browser and device
  • Website usage

Communication Data:

  • Emails and correspondence

Sensitive data (if included in CVs) is processed only when voluntarily provided.

7. Data Collection

We collect data when you:

  • Apply for jobs
  • Submit forms
  • Contact us
  • Subscribe to newsletters
  • Use our websites

8. Recipients of Data

Your data may be shared with:

Clients (employers)

  • When applying for a specific role (no consent required)
  • For other roles (only with consent)

Service providers (data processors)

  • ATS, hosting, Mailchimp

Authorities where required by law

We do not sell personal data or share it for marketing without consent.

9. International Transfers

  • If data is transferred outside the EU/EEA:
  • We apply Standard Contractual Clauses (SCCs)
  • We ensure appropriate safeguards

10. Data Retention

We retain data only as long as necessary:

  • Candidates: up to 24 months after last interaction
  • Consent-based marketing: until withdrawal
  • Legal obligations: as required

11. Your Rights

You have the right to:

  • Access your data
  • Correct it
  • Delete it
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent

Contact us to exercise your rights.

You may also complain to:
Datatilsynet (Denmark)

12. Cookies and Analytics

We use cookies and analytics to:

  • Improve user experience
  • Analyze usage

You can control cookies via your browser.

13. Security Measures

We apply:

  • Encryption (SSL/HTTPS)
  • Firewalls and monitoring
  • Access controls
  • Staff training

In case of a breach:

  • Authorities are notified within 72 hours
  • Individuals are notified where required

14. Organizational Measures

We ensure:

  • Physical access control
  • Secure IT systems
  • Employee confidentiality
  • Secure handling of personal data

15. Data Minimization

We only process data that is:

  • Necessary
  • Relevant
  • Proportionate

16. Changes to This Policy

We may update this policy.

Updates will be published on our website.