Leos Maritime Preloader

Leos Maritime Solutions Pvt Ltd Offshore Underwater Specialist ISO 9001:2015, 14001, 45001, 24803 Certified Organization

Privacy & Cybersecurity Policy

Leos Maritime Solutions Pvt Ltd

1. Introduction

Leos Maritime Solutions Pvt Ltd (“Company,” “we,” “our,” or “us”) is committed to protecting personal, operational and digital information in compliance with applicable Indian Cyber Laws, International Maritime Cybersecurity Standards, and Global Data Protection Regulations.

This combined Privacy & Cybersecurity Policy ensures the protection of personal data, vessel systems, and digital infrastructure from cyber threats, while also maintaining transparency in how information is collected, used and secured.

2. Information We Collect

  • Personal Data: Name, contact details, ID proofs, seafarer certificates, employment history, and financial information.
  • Health & Safety Data: Medical fitness records and emergency contact details.
  • Operational Data: Vessel details, crew deployment, underwater project documentation.
  • Technical Data: IP addresses, system access logs, communication records, and cybersecurity alerts.

3. Purpose of Data Collection

  • Recruitment, training, and management of crew.
  • Compliance with DG Shipping, IMO, and port authority regulations.
  • Enhancing operational safety, efficiency, and cybersecurity.
  • Fulfilment of contracts with clients and stakeholders.
  • Legal compliance under Indian IT Act, 2000 & IT Amendment Act, 2008 and international frameworks (GDPR, IMO MSC.428(98)).

4. Legal Framework & Compliance

  • Indian IT Act, 2000 & Amendment Act, 2008 - addressing cybercrime, hacking, identity theft, and data protection.
  • CERT-In Guidelines (2022 onwards) - mandatory cyber incident reporting.
  • IMO Resolution MSC.428(98) - maritime cyber risk management.
  • GDPR (EU Regulation 2016/679) - for handling EU citizen data in global operations.
  • ISO/IEC 27001 & NIST Cybersecurity Framework - for IT and OT systems security.

5. Data Sharing & Disclosure

  • To regulatory authorities (DG Shipping, IMO, Port Authorities, Classification Societies).
  • To CERT-In and law enforcement agencies during cybercrime investigations.
  • To contractors and service providers under strict confidentiality agreements.
  • Never for sale or unauthorized commercial use.

6. Data Retention

Data is retained only as long as required for operational, legal, or contractual obligations. Once the purpose is fulfilled, data is archived or securely destroyed.

7. Data Security & Maritime Cybersecurity Controls

  • Data encryption and secure storage.
  • Multi-factor authentication and access controls.
  • Firewalls, anti-malware systems, and intrusion detection.
  • Regular audits and penetration testing.
  • Crew and employee cyber awareness training.
  • IMO-compliant controls for navigation, propulsion, cargo, and underwater systems.

8. Your Rights

  • Access and review their personal data.
  • Request corrections, updates, or deletion (subject to legal limitations).
  • Restrict or object to certain processing activities.
  • File complaints with CERT-In (India) or International Data Protection Authorities.

9. International Data Transfers

  • GDPR-approved safeguards (Standard Contractual Clauses).
  • IMO cybersecurity requirements.
  • Secure transmission and encryption protocols.

10. Cyber Incident Response Policy

Objectives:

  • Protect IT & OT systems from cyber threats.
  • Minimize disruption to vessel and shore operations.
  • Comply with CERT-In reporting requirements and IMO MSC.428(98).
  • Respond effectively to cybercrime (hacking, ransomware, phishing, data breaches).

Scope: Applies to all employees, crew, contractors, IT systems (servers, emails, databases) and OT systems (navigation, propulsion, underwater equipment).

Incident Classification:

  • Low Severity: Suspicious emails, phishing attempts.
  • Medium Severity: Unauthorized access attempts, small data leaks.
  • High Severity: Ransomware, navigation/propulsion system compromise, large-scale breaches.

Incident Response Process:

  1. Identification & Reporting - Immediate reporting to the Cybersecurity Officer (CSO).
  2. Containment - Isolating affected systems and restricting access.
  3. Eradication - Removing malware, patching vulnerabilities, resetting access.
  4. Recovery - Restoring from backups, resuming operations.
  5. Notification & Reporting - To CERT-In, Flag State, Classification Societies, and Clients.
  6. Post-Incident Review - Root cause analysis, reporting, and updates to policies.

Roles & Responsibilities:

  • Cybersecurity Officer (CSO): Lead incident response.
  • Incident Response Team (IRT): IT, operations, compliance staff.
  • Crew & Employees: Report suspicious activity immediately.
  • Management: Provide resources and enforce compliance.

Training & Awareness:

  • Regular cyber drills and simulations.
  • Phishing and ransomware awareness.
  • Updates on latest maritime cyber threats and legal obligations.

Continuous Improvement: The policy will be reviewed annually or after every major incident to adapt to evolving cybercrime and maritime security challenges.

11. Updates to This Policy

We may revise this policy to reflect changes in law, technology, or operations. Updates will be posted on our website and communicated where required.

12. Contact Us

Leos Maritime Solutions Pvt. Ltd.
Location : Plot A/2/3/A/A Opp. INS Valsura Road Bedi, Bedeshwar Jamnagar
Email : dive@lmsplindia.com , ops@lmsplindia.com , info@leosmaritimesolutions.com , Phone :+91 8452889907

Leos Maritime whatsapp Icon

WE PROVIDE RELIABLE MARITIME SOLUTIONS WITH SAFETY AND
A COMMITMENT TO EXCELLENCE

Leos Maritime Solutions Pvt Ltd Offshore Underwater Specialist ISO 9001:2015, 14001, 45001, 24803 Certified Organization