Guidance

Short course approvals privacy information notice

Updated 5 September 2025

1. How we use your Information

This privacy notice describes how we collect and use personal information about you, when you seek or gain approval from us to deliver Maritime and Coastguard Agency (MCA) approved training courses.

The data controller for your personal information is the Maritime and Coastguard Agency.

This notice sets out how your data will be used and your rights under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The MCA will use the information that you give us in order to fulfil our duties of approving persons providing training or assessment of seafarers, as stated in Regulation 48 of The Merchant Shipping (Standards of Training, Certification and Watchkeeping) Regulations 2022 and The International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW) 1978, as amended.

We use your information in the following ways:

1.1 Requesting course approvals:

  • to maintain a list of requests and to contact you should we wish to progress your request

1.2 Training providers:

  • to contact you to arrange an audit or about any issues, concerns or complaints
  • to maintain a public list of approved training providers, including contact details

1.3 Instructors and/or assessors:

  • to assess your suitability to act as an instructor and/or assessor

2. The type of personal information we collect

The MCA will collect and process the following personal information:

2.1 Requesting course approvals:

  • your email address
  • business name
  • your first and last name (if the company is not yet registered)

2.2 Training providers:

  • your first and last name
  • your job title
  • your email address
  • business name, address and postcode
  • business contact number(s)

2.3 Instructors and/or assessors:

  • your first and last name
  • business name
  • business contact number and email address
  • your employment history and teaching experience
  • your qualifications
  • your signature

3. How we get the personal information and why we have it

The personal information that we process is provided by you to the MCA directly for the purpose of approving you as a certified seafarer training or assessment provider.

Under the UK General Data Protection Regulation (UK GDPR), the MCA will only process your personal data where we have a lawful basis to do so.

We process your personal data for this purpose in accordance with the lawful basis identified below:

  • Article 6(1)(e) UK GDPR: We need it to perform a public task, namely, our regulatory duties as a flag state administrator.

4. How we store and ensure the security of your personal information

Your information is securely stored in our UK-hosted Short Course Database, which is provided hosted, supported and maintained by a third-party processor.

We do not routinely transfer data overseas but when this is necessary, we will ensure that we have the appropriate safeguards in place.

5. How long we retain your personal information

We retain information on approved persons and providers for a maximum period of 12 years after our relationship with you has ended.

If you are person who has not been approved to provide training, we retain your data for a maximum of one year.

6. Who will we share your information with?

We will not share your personal information with third parties unless required or permitted to do so by law.

7. Your data protection rights

Information on how the MCA looks after personal data, your rights, how to contact our data protection officer and how to complain about processing of your personal data can be found on our personal information charter.

We do not use automated decision making or profiling when using your data.