Alpha Green Ltd
(“Alpha Green”, “the Company”)
Effective Date: [Insert Date]
1. Purpose
This Data Processing Agreement (“DPA”) governs the processing of personal data by Alpha Green Ltd in connection with maritime brokerage, chartering advisory, sale and purchase (S&P) transactions, and commercial consultancy services.
This DPA forms part of, and supplements, any service agreement entered into between Alpha Green Ltd and its client (“Client”).
2. Roles of the Parties
Depending on the nature of the engagement:
Alpha Green Ltd may act as Data Controller, where it determines the purposes and means of processing personal data.
Alpha Green Ltd may act as Data Processor, where it processes personal data on behalf of the Client.
The specific role shall be determined by the underlying commercial relationship.
3. Scope of Processing
Personal data processed may include:
Identity and contact details
Corporate affiliation and professional position
Transaction-related commercial information
Compliance documentation (KYC/AML)
Contractual and operational communications
Processing activities may include:
Collection
Recording
Storage
Transmission
Review
Compliance screening
4. Lawful Basis
Processing shall be conducted under one or more of the following lawful bases:
Contractual necessity
Legal obligation
Legitimate interests
Consent (where required by applicable law)
5. Confidentiality
Alpha Green Ltd shall ensure that:
All personnel with access to personal data are subject to appropriate confidentiality obligations.
Access to personal data is restricted to authorised individuals only.
Personal data is handled in accordance with professional confidentiality standards applicable to international maritime brokerage and advisory practice.
6. Security Measures
Alpha Green Ltd implements appropriate technical and organisational measures, including:
Encrypted communications
Secure data storage systems
Role-based access controls
Internal compliance procedures
Due diligence on service providers
Security measures are reviewed periodically and updated where necessary.
7. Sub-Processors
Where necessary, Alpha Green Ltd may engage third-party service providers (including IT hosting providers, compliance screening providers, or professional advisers).
Alpha Green Ltd shall ensure that:
Sub-processors are subject to appropriate contractual safeguards.
Processing activities remain compliant with applicable data protection laws.
8. International Transfers
Due to the international nature of maritime trade, personal data may be transferred outside the United Kingdom or the European Economic Area (EEA).
Where such transfers occur, appropriate safeguards shall be implemented, including:
The UK Addendum to the Standard Contractual Clauses (SCCs)
EU Standard Contractual Clauses
Other legally recognised transfer mechanisms
9. Data Retention
Personal data shall be retained only for as long as necessary to:
Fulfil contractual obligations
Comply with regulatory requirements
Resolve disputes
Meet statutory record-keeping obligations
Retention periods may typically range between five (5) and seven (7) years, depending on regulatory and commercial requirements.
10. Data Subject Rights
Alpha Green Ltd shall:
Assist Clients in responding to data subject access requests (where acting as Processor).
Notify Clients of any direct data subject request received (where acting as Processor).
Cooperate in fulfilling obligations under UK GDPR and EU GDPR.
11. Data Breach Notification
In the event of a personal data breach:
Alpha Green Ltd shall assess the incident without undue delay.
Where legally required, affected parties and/or supervisory authorities shall be notified in accordance with applicable UK GDPR and EU GDPR requirements.
12. Termination
Upon termination of services, personal data shall be:
Securely deleted; or
Returned to the Client, where applicable and contractually required,
subject to any applicable legal or regulatory retention obligations.