Legal

Privacy Policy

ACOSTS — ASEAN Council for Offshore Safety and Training Standards

Last updated: 10 June 2026

This Privacy Policy should be read together with any other privacy notice, data protection notice, learner declaration, centre agreement, certification policy, complaints policy, website terms, cookie policy or contractual terms that may apply to a specific service or relationship.

Introduction

ACOSTS — ASEAN Council for Offshore Safety and Training Standards — is committed to protecting personal data and maintaining the confidentiality, security, integrity and lawful use of information entrusted to us. This Privacy Policy explains how ACOSTS collects, uses, stores, discloses, transfers and protects personal data in connection with its website, digital platforms, learner records, certificate validation systems, centre approval processes, standards administration, audit activities, training and assessment quality assurance, stakeholder engagement, recruitment, supplier management, office visits and other related services.

Meaning of Personal Data

Personal data means any information relating to an identified or identifiable living individual. This may include name, contact details, identity details, learner records, certificate details, employment information, training records, assessment results, online identifiers, images, documents, correspondence and any other information that can directly or indirectly identify a person. Certain categories of personal data may require additional protection, such as medical information, biometric information, criminal background information, passport or government identity documents, religious or ethnic information, health and safety records, disciplinary records or other sensitive information. ACOSTS processes such information only where necessary and lawful.

Who We Are

In this Privacy Policy, "ACOSTS", "we", "us" or "our" refers to ASEAN Council for Offshore Safety and Training Standards, including its authorised operating entities, regional offices, representatives, digital platforms and administrative functions.

Regional Office for ASEAN
Astra Navis Maritime LLP, Mohali, Punjab, India
General email
info@acosts.org
Data protection / privacy
privacy@acosts.org
Centre support
centres@acosts.org
Learner support
learners@acosts.org
Employer support
employers@acosts.org
Whistle-blowing
whistle@acosts.org

Scope of This Privacy Policy

This Privacy Policy applies to personal data relating to:

  • Learners, trainees, delegates and certificate holders.
  • Approved centres and applicant centres.
  • Instructors, assessors, invigilators, auditors and technical experts.
  • Employers, operators, contractors and industry stakeholders.
  • Business contacts and professional contacts.
  • Individuals using ACOSTS applications, portals or certificate verification tools.
  • Individuals who contact us with questions, complaints, appeals, feedback or reports.
  • Recruitment applicants, consultants and prospective staff.
  • Suppliers, vendors, subcontractors and service providers.
  • Visitors to ACOSTS or regional offices.
  • Visitors to the ACOSTS website.

Lawful Basis for Processing

ACOSTS processes personal data only where it has a lawful basis to do so. Depending on the circumstances and applicable law, we may rely on one or more of the following:

Consent
Where an individual has given clear permission for a specific purpose.
Contractual necessity
Where processing is necessary to enter into or perform a contract.
Legal obligation
Where processing is necessary to comply with applicable law, regulation, reporting duties, audit obligations or statutory requirements.
Legitimate interests
Where processing is necessary for legitimate business, safety, certification, verification, quality assurance, fraud prevention, stakeholder management, website security or governance purposes.
Public interest
Where processing supports offshore safety, workforce competence assurance, emergency response training, safety-critical certification or the integrity of training standards.
Vital interests
Where processing is necessary to protect life, health or safety in an emergency.

Personal Data We Collect

The personal data collected by ACOSTS may include information across the following categories:

Identity and contact information

Name, title, gender where required, date of birth, nationality, country of residence, photograph, signature, postal address, email address, telephone number, emergency contact details, employer details, organisation name and professional title.

Identification and verification information

Passport details, national identification documents, seafarer identification details, visa information, government-issued ID numbers, registration numbers, learner ID, system-generated unique identifiers, photographs, scanned documents and verification records.

Learner and certificate information

Course registration details, training centre, course title, standard completed, assessment result, certificate number, certificate issue date, certificate expiry date, attendance records, practical training records, assessment evidence, resit records, certificate status, suspension or withdrawal records and training history.

Centre approval and quality assurance information

Applicant centre details, centre management information, ownership or control information, centre staff details, instructor and assessor qualifications, facility records, equipment records, audit reports, non-conformity records, corrective action plans, approval status, renewal records, complaints, appeals, monitoring records and investigation records.

Website and technical information

IP address, browser type, device type, operating system, location data at country or city level where available, pages visited, referral source, session information, cookie identifiers, form activity, access logs, security logs and analytics data.

Cookies

ACOSTS uses cookies and similar technologies to operate the website, improve user experience, understand website usage, secure systems and provide relevant functionality.

Strictly necessary
Required for website operation, forms, login areas, certificate validation and security.
Performance & analytics
Used to understand website traffic and improve performance.
Functionality
Used to remember user preferences.
Security
Used to detect spam, misuse, unauthorised access or cyber threats.
Third-party
Used where the website includes embedded tools, maps, videos, forms, analytics or external integrations.

Users can manage cookies through browser settings. Disabling cookies may affect website functionality. Further details are provided in the ACOSTS Cookie Policy.

Security of Personal Data

ACOSTS takes the security of personal data seriously. We use reasonable technical, organisational, administrative and physical safeguards to protect personal data. Security measures may include:

  • Access controls and role-based permissions.
  • Password protection and authentication measures.
  • Secure hosting and system monitoring.
  • Data backup and recovery measures.
  • Confidentiality obligations for personnel and contractors.
  • Security reviews and risk assessments.
  • Restricted access to learner and certificate records.
  • Audit trails for certificate and centre approval systems.
  • Incident response and breach management procedures.

Individual Rights

Depending on applicable law and the nature of processing, individuals may have certain rights in relation to their personal data:

  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restrict processing.
  • Right to data portability.
  • Right to object.
  • Right to withdraw consent.
  • Right to avoid or challenge certain automated decision-making.
  • Right to raise a complaint or grievance.

To exercise any rights, please contact privacy@acosts.org or call +91-7087011176.

Data Retention

ACOSTS retains personal data only for as long as necessary for the purpose for which it was collected, including legal, regulatory, contractual, audit, certification, verification, safety and dispute-resolution purposes.

Learner and certificate records

May be retained for extended periods because they support safety-critical verification, employment eligibility, offshore access, historical training records, fraud prevention and certification integrity.

Recruitment records

Unsuccessful recruitment applicant data will normally be retained for up to 6 months after the recruitment process unless a longer retention period is required or permitted.

Business contact records

Retained for as long as ACOSTS maintains a relationship with the individual, organisation or stakeholder, and for a reasonable period thereafter.

No Sale of Personal Data

ACOSTS does not sell personal data to third parties. ACOSTS does not release personal data to third parties for the purpose of allowing them to market their products or services unless the individual has given specific consent or the sharing is otherwise lawful and clearly explained.

Changes to This Privacy Policy

ACOSTS may update this Privacy Policy from time to time to reflect changes in law, technology, website functionality, services or data protection practices. The latest version will be published on the ACOSTS website with the updated date. Users are encouraged to review this Privacy Policy periodically.

Contact Information

For privacy questions, data rights requests, correction requests, complaints or general enquiries about this Privacy Policy, please contact:

Regional Office for ASEAN
Astra Navis Maritime LLP, Mohali, Punjab, India
Data protection / privacy
privacy@acosts.org
General email
info@acosts.org