OPX (2026) €172.80 $197,48 +1.05% to prev. month
EUA €68.86 $80.22 -0.86% to prev. day

Privacy Policy

Data Protection Policy

We are delighted that you have shown interest in our company and services. Data protection is a high priority for OCEANSCORE MADEIRA, LDA (ZONA FRANCA DA MADEIRA) (“OceanScore”).

OceanScore is a maritime technology company that helps shipping companies, freight operators, ports, banks, and investors measure, manage, and comply with carbon-emissions regulations. The use of any of our products or services, whether accessible via dedicated platforms or through our website, involves the processing of personal data. This privacy policy sets out the framework governing the nature, scope, and purpose of the personal data we collect and process.

1. Definitions

The data protection declaration of OCEANSCORE MADEIRA, LDA (ZONA FRANCA DA MADEIRA) is based on the terms used by the European legislator for the adoption of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, which enacted the General Data Protection Regulation (GDPR). Our data protection policy is legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used. In this data protection declaration, we use, inter alia, the following terms:

a. Personal Data

Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Data subject

Any identified or identifiable natural person whose personal data is processed by the controller.

c. Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d. Controller

The natural or legal person that determines the purposes and means of processing personal data.

e. Processor

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

f. Consent

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Controller

For the purposes of this Privacy Policy, OCEANSCORE MADEIRA, LDA (ZONA FRANCA DA MADEIRA), as Controller, is the entity responsible for ensuring that the processing of personal data related to the rendering of OceanScore services and products complies with the GDPR and with the applicable national data protection legislation, namely Law no. 58/2019 of 8 August.

OCEANSCORE MADEIRA, LDA (ZONA FRANCA DA MADEIRA) registered address is Rua da Alfândega, n.o 78, 3.o B, 9000-059 FUNCHAL, Madeira, Portugal. The entity is responsible for the operation of the website https://www.oceanscore.com/ (hereinafter, the “website”).

For any questions regarding the processing of your personal data or to exercise your rights, you may contact OceanScore at: office@oceanscore.com.

3. Collection of general data and information

The website collects general data and information when a data subject or automated system accesses the website. This general data and information are stored in server log files. The data collected may include: (1) the browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches our website (so-called referrers); (4) the sub-websites accessed; (5) the date and time of access; (6) an Internet protocol address (IP address); (7) the Internet service provider of the accessing system; and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

The use of this general data and information does not allow us to draw any conclusions about the data subject. Rather, this information is needed to: (1) deliver the content of our website correctly; (2) optimise the content of our website and its advertising; (3) ensure the long-term viability of our information technology systems and website technology; and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. OceanScore analyses anonymously collected data and information statistically, with the aim of increasing data protection and data security and ensuring an optimal level of protection for the personal data we process. The anonymous data from server log files is stored separately from all personal data provided by data subjects.

4. Processing of personal data

OceanScore, as Controller, may process your personal data. We collect the following personal data and process it for the following purposes:

4.1. For the purposes of OceanScore’s legitimate interests pursuant to Article 6(1)(f) GDPR, we process personal data in connection with the provision of our Products and Services as well as to respond to any business-related enquiries. This includes data relating to Clients’ signatories, administrators, and other employees, namely, their identity data (first and last name), contact data (e-mail address, telephone number, and business address) and professional data (job title and organisation). You have the right to object to such processing at any time, in accordance with Section 11(g) below.

4.2. For the purposes of the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to Article 6(1)(b) GDPR, as is the case of recruitment data. When applying for a position, we collect the Candidate’s first name and surname, phone number, e-mail address, gender identity, personal URL, cover letter, CV, profile picture and any other application-related information relevant to the applicable role.

This data is only shared with personnel involved in the hiring decision and, where necessary, with trusted service providers (e.g., platform provider, IT hosting). OceanScore uses Factorial, a cloud-based human resources management platform provided by Everyday Software, S.L., to manage HR and recruitment processes. Recruitment procedures conducted under Factorial are governed by a specific privacy policy, accessible here. A specific cookies policy also applies.

4.3. For the purposes of attendance of workshops and events. By registering for a workshop or event, you consent, pursuant to Article 6(1)(a) GDPR, to OceanScore collecting your first and last name and e-mail address for the purpose of managing your registration and providing access to the event. Some events may be recorded — if so, you will be notified in advance. You may withdraw your consent and cancel your registration at any time by clicking the “cancel your registration” link in the confirmation e-mail. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

4.4. For the purpose of receiving our newsletters and insights. By registering, you consent, pursuant to Article 6(1)(a) GDPR and Article 13-A of Law no. 41/2004 of 18 August, to OceanScore collecting your e-mail address for the purpose of sending newsletters and expert insights. You may withdraw your consent at any time, after which you shall no longer receive any newsletters or expert insights. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

5. Cookies

Our website uses cookies to enhance the browsing experience. Cookies are small text files placed on your device that help us recognise your browser and capture certain information. In accordance with Article 5 of Law no. 41/2004 of 18 August, as amended, the website uses the following types of cookies: (a) strictly necessary cookies, which are essential for the performance and operation of the website and do not require your consent; (b) analytical cookies, used to track and analyse how visitors use the website for statistical and engagement measurement purposes; and (c) functional cookies, which enable the website to remember choices you make and provide enhanced features or personalisation.

The deployment of analytical and functional cookies depends on the user’s express prior consent, in accordance with Article 5(1) and (2) of Law no. 41/2004 of 18 August. You can give or withdraw your consent to the deployment of non-essential cookies at any time through the cookies banner presented each time you access the website. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

NameTypeProviderMaximum Storage Duration
cookieyes-consentnecessaryCookieYes1 year
Pum-7308FunctionalPopup Maker1 month
_gaanalyticalGoogle2 years
_ga_DLYTHPBK6HanalyticalGoogle1 year

6. Categories of Processors

When using OceanScore website or any of our products or services, we may share your personal data with the following categories of recipients: (a) processors, including service providers who support our day-to-day operations, such as IT infrastructure, hosting, payment processing, and analytics providers; (b) professional advisors, such as lawyers, auditors, and accountants, who may act as independent controllers or processors depending on the nature of the engagement; (c) business partners, where necessary for the performance of our services; and (d) potential acquirers or investors in the event of a sale, merger, or reorganisation of our business, who may act as independent controllers or joint controllers.

All processors with whom we share your personal data are required to comply with applicable data protection standards and Article 28 GDPR. Processors may only process your personal data for specified purposes, in accordance with our documented instructions, and are subject to confidentiality obligations.

7. International Data Transfers

We may transfer your personal data to recipients located outside the European Economic Area (EEA) in connection with the operation of our business. When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with Chapter V of the GDPR (Articles 44 to 49). Such safeguards may include: (a) reliance on an adequacy decision pursuant to Article 45 GDPR, regarding transfers to countries that have been recognised by the European Commission as providing an adequate level of data protection; (b) the use of Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Article 46(2)(c) GDPR; or (c) other appropriate safeguards as provided for under Article 46 GDPR.

You may request a copy of the safeguards we have put in place for international data transfers at office@oceanscore.com.

8. Usage of Artificial Intelligence

OceanScore may use general-purpose AI systems (“GPAI Systems”) within the meaning of Regulation (EU) 2024/1689 of 13 June 2024 (the “AI Act”) in connection with the provision of the OceanScore Products and Services, as well as in the context of recruitment. For the purposes of the AI Act, OceanScore acts as a deployer of such GPAI Systems, using GPAI Systems under its authority, as defined in Article 3(4) of the AI Act. The deployment of any GPAI System shall be preceded by the conclusion of a data processing agreement with the relevant GPAI System provider, in accordance with Article 28 GDPR.

When deploying GPAI Systems, data, including your personal data, may be transferred outside the EEA. In this regard, the developer of the GPAI System shall be considered a processor for the purposes of Section 6, and international data transfers shall take place in accordance with the safeguards set out in Section 7. Any personal data used or prompted shall be processed in accordance with the principle of data minimisation pursuant to Article 5(1)(c) GDPR.

OceanScore may deploy AI systems for recruitment and selection of candidates, namely, for the purpose of analysing and filtering job applications as well as to evaluate candidates, including through scoring, ranking and predicting models. Such use is classified as high-risk under Article 6(2) and Annex III, point 4, of the AI Act. Prior to deploying any such high-risk AI system, OceanScore shall carry out a Data Protection Impact Assessment pursuant to Article 35 GDPR. In such cases, OceanScore shall, in accordance with Article 26 of the AI Act and Articles 13, 14, and 22 GDPR:

  • a) inform candidates, prior to any decision, that a high-risk AI system is being used;
  • b) ensure human oversight by qualified personnel with authority over such decisions;
  • c) ensure that input data is relevant and representative for the intended purpose;
  • d) monitor operations and retain system logs for a period of 6 months;
  • e) provide candidates with meaningful information about the logic and consequences of automated decision-making; and
  • f) guarantee the right to human intervention and to contest decisions.

9. Period of storage. Routine erasure and blocking of personal data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, in accordance with the principle of storage limitation set out in Article 5(1)(e) GDPR. The criteria used to determine the period of storage include: (a) the duration of the contractual relationship; (b) applicable statutory retention periods (e.g., 10 years for tax and commercial law requirements, or for any other sector-specific regulatory compliance); (c) the nature and sensitivity of the personal data; (d) the purposes of processing (e.g. 30 days for workshops and events-related data, 1 year for contact data, counting from the day of your last interaction with OceanScore and 6 months after the conclusion of a recruitment process, unless consent to longer retention for consideration in future opportunities) and (e) anti-money laundering requirements (e.g., 7 years).

After expiration of the applicable retention period, the corresponding data shall be deleted or irreversibly anonymised.

10. Technical and Organisational Measures

As the controller, OceanScore has implemented appropriate technical and organisational measures, in accordance with Article 32 GDPR, to ensure a level of security appropriate to the risk involved in the processing of personal data through this website and its products and services. These measures include data minimisation, pseudonymisation, transparency regarding data processing and ensuring an ongoing improvement of data security processes and procedures. OceanScore also ensures that any third-party applications or services used in the course of its business comply with applicable data protection requirements.

11. Rights of the data subject

The GDPR grants data subjects a number of rights. To exercise any of these rights, please contact OceanScore at office@oceanscore.com. OceanScore will respond to any such request without undue delay and, in any event, within one (1) month of receipt of the request. This period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests, in accordance with Article 12(3) GDPR. OceanScore shall inform you of any such extension within one (1) month of receipt of the request, together with the reasons for the delay. For specific information on each right, please refer to the information below:

a. Right of confirmation

You have the right to obtain confirmation as to whether your personal data is being processed.

b. Right of access

You have the right to obtain from the controller information about your personal data stored at any time, as well as a copy of this information, free of charge (under certain conditions, costs might apply). You may request information on, for example, the purposes of the processing, the period for which your personal data will be stored and the recipients or categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries.

c. Right to rectification

You have the right to obtain the rectification of inaccurate personal data and with regards to incomplete data, to have it completed.

d. Right to erasure (Right to be forgotten)

You have the right to obtain the erasure of your personal data, provided there are no valid grounds for its retention, such as when required to comply with a legal obligation or where legal proceedings are ongoing.

If OceanScore has made personal data public, we will take reasonable steps to inform other controllers that you have requested erasure of your data.

e. Right of restriction of processing

You have the right to obtain restriction of processing where: (a) you contest the accuracy of the data; (b) the processing is unlawful but you oppose erasure; (c) OceanScore no longer needs the data but you require it for legal claims; or (d) you have objected to processing pending verification of legitimate grounds.

f. Right to data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format. You may also request OceanScore to transmit said data to another controller, however, only if technically feasible.

g. Right to object

You have the right to object to processing based on legitimate interests or public interest grounds, including profiling. If you object, OceanScore will stop processing unless there are legitimate grounds that override your interests, for example, the exercise of legal claims.

h. Automated individual decision-making, including profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you, in accordance with Article 22 GDPR. Where OceanScore deploys AI systems in the context of recruitment, as described in Section 8, the safeguards set out therein shall apply, including the right to obtain human intervention, to express your point of view, and to contest the decision.

i. Right to withdraw data protection consent

You have the right to withdraw your consent to processing of your personal data at any time, for example, for marketing purposes. Withdrawing consent does not compromise the lawfulness of the processing previously carried out.

j. Right to lodge a complaint before a supervisory authority

You have the right to lodge a complaint before a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR or any other applicable legal provisions.

In Portugal, the competent supervisory authority is: Comissão Nacional de Proteção de Dados (CNPD). Av. D. Carlos I, 134 – 1.º, 1200-651 Lisboa, Portugal, website: www.cnpd.pt.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or for other operational reasons. We will notify you of any material changes by posting the updated policy on our website with a revised “Last Updated” date. We encourage you to review this Privacy Policy periodically.

13. Use of OPX

The OceanScore Pool Price Index (OPX) is made available for general information purposes only and does not constitute legal, financial, investment, regulatory, or commercial advice. OPX is not intended to serve as a guaranteed settlement price or binding market quotation. OPX is calculated on the basis of aggregated market data and methodological assumptions, which may involve estimations and editorial judgment.

Although OceanScore applies reasonable care in the preparation and publication of OPX, no representation or warranty, express or implied, is given as to its accuracy, completeness, reliability, availability or fitness for a particular purpose. Market data may be incomplete, inaccurate, delayed or subject to subsequent correction. Published index values may be revised or restated at any time. Any use of or reliance upon OPX, including its incorporation by reference into contracts, is undertaken solely at the user’s own risk. OceanScore is not a party to agreements referencing OPX and assumes no responsibility for pricing decisions, settlement calculations or contractual disputes arising from such use. To the extent legally permissible, OceanScore excludes liability for damages arising from the use of or reliance upon OPX. This exclusion does not apply in cases of intent, gross negligence, injury to life, body or health, or where liability is mandatory under applicable law.

Last updated on July 1st, 2026