Skippermind Organise sailing trips digitally
Open app
← Back to homepage

Privacy Policy

Last updated: 2026-03-11

1. Controller

Skippermind is operated by the following controller within the meaning of the GDPR:

  • Company: Kambrium Software GmbH
  • Address: Haardtstrasse 15, 67117 Limburgerhof, Germany
  • E-Mail: support@kambrium.gmbh
  • Website: https://kambrium.gmbh

2. Scope

This Privacy Policy explains how personal data is processed when you use the Skippermind web application and the related public pages.

3. What Skippermind Processes

Depending on how you use the service, we may process the following categories of personal data:

  • Account and profile data, such as account ID, e-mail address, display name, first name, last name, username, profile picture, and authentication identifiers
  • Contact and identity data, such as phone number, address, date of birth, place of birth, ID document details, insurance details, and bank details
  • Trip and planning data, such as trip names, locations, dates, assigned crew, assigned vehicles, and trip conditions
  • Vehicle data, such as vehicle names, manufacturer, model, size, berths, cabins, availability, and charter links
  • Uploaded content, such as licence documents, trip documents, and trip images
  • Technical and session data required to operate the application, such as login state, HTTP requests, and security-related processing
  • Support communications when you contact us

4. Purposes of Processing

We process personal data for the following purposes:

  • Providing login-protected access to Skippermind
  • Managing user accounts, crew members, trips, vehicles, and related assignments
  • Storing and displaying documents and images uploaded by users
  • Exporting crew lists and related trip data in formats such as PDF or Excel
  • Ensuring application security, session management, and error handling
  • Handling support requests and enforcing contractual or legal obligations

5. Legal Bases

Where GDPR applies, processing is based in particular on:

  • Art. 6(1)(b) GDPR for providing the service and performing the user or customer relationship
  • Art. 6(1)(f) GDPR for secure and reliable operation of the application, abuse prevention, and defense of legal claims
  • Art. 6(1)(c) GDPR where processing is required to comply with legal obligations
  • Art. 6(1)(a) GDPR where consent is obtained for optional processing

If you upload documents containing sensitive or special-category data, you are responsible for ensuring that you are authorized to do so and that an appropriate legal basis exists.

6. Authentication and External Identity Providers

Skippermind uses a login flow based on OpenID Connect. As part of authentication, data required to identify and sign in users is processed.

If federated login options are used, for example via Google through the configured identity provider, the respective provider also processes personal data under its own privacy policy.

7. Recipients and Third Parties

We disclose personal data only where necessary to provide the service or where legally required. Depending on the specific deployment and usage, recipients may include:

  • Authentication and identity management providers
  • Hosting, infrastructure, storage, and backup providers
  • Appointed processors that support operation of Skippermind
  • Authorities or courts where there is a legal obligation

Data entered into Skippermind may also be disclosed to other authorized users of your organization where this is inherent to the service, for example for trip planning, crew management, or shared records.

8. Cookies, Local Storage, and Session Data

The web application uses browser-based storage and session-related processing as required for login and operation.

This may include:

  • Cookies or equivalent session mechanisms for authenticated access
  • Local storage entries required to keep login state or user session information in the browser

These technologies are used primarily for technical functionality and security.

9. Transfers to Third Countries

If service providers or identity providers process data outside the EU/EEA, such transfers take place only on the basis of applicable legal safeguards, such as an adequacy decision or standard contractual clauses, where required.

10. Storage Duration

We store personal data only as long as necessary for the respective purposes.

In particular:

  • Account, trip, vehicle, crew, and uploaded content may be stored for as long as the account or customer relationship exists
  • Support communications may be stored for as long as needed to handle the request and any follow-up obligations
  • Data may be retained longer where statutory retention periods or legal claims require this

Specific retention periods may depend on the contractual setup of the respective customer or organization.

11. Security

We apply appropriate technical and organizational measures to protect personal data, including access control, authenticated access, and safeguards against unauthorized processing.

12. Your Rights

Subject to applicable law, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure
  • Request restriction of processing
  • Receive data portability where applicable
  • Object to processing based on Art. 6(1)(f) GDPR
  • Withdraw consent at any time with effect for the future, where processing is based on consent
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact: support@kambrium.gmbh

13. Supervisory Authority

You have the right to lodge a complaint with a competent data protection supervisory authority. A competent authority in Rhineland-Palatinate is:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
https://www.datenschutz.rlp.de/

14. Changes to This Policy

We may update this Privacy Policy if the service, legal requirements, or processing activities change. The current version is published on the relevant Skippermind page.

Go to imprint Open app