Privacy Policy

1. Who we are

This Privacy Policy applies to Blue Ocean Breeze SPC ("Blue Ocean Breeze", "we", "us", or "our"). We're an industrial logistics and trade-support company, based in the Special Economic Zone at Duqm (SEZAD), Sultanate of Oman, working across international shipping lanes.

For privacy-related requests, contact us at [email protected]. Please include sufficient detail for us to verify and respond to your request.

2. Scope of this policy

This policy describes our practices when you visit websites and digital properties operated by Blue Ocean Breeze, submit an inquiry through our contact or trade-support channels, correspond with us by email, or otherwise engage with us in a capacity where personal information is involved. It does not replace confidentiality, data-processing, or security terms in a signed contract where those terms expressly govern.

Our services are directed at businesses and professional users. We do not knowingly collect personal information from children.

3. Categories of information we process

Depending on how you interact with us, we may process the following categories of information:

• Identity and contact: name, job title, employer, business email address, telephone number, postal or office address, and similar professional identifiers you provide.
• Inquiry and project: message content, technical specifications, commodity or equipment descriptions, shipment or routing preferences, and other details you choose to include in forms, RFQs, or email threads.
• Relationship and commercial: account references, contract or purchase order identifiers, invoicing references tied to shipment documentation, and records of meetings or service delivery consistent with operating an industrial logistics business. We do not process payments and do not hold financial-account data for our counterparties.
• Technical and usage: IP address, device and browser type, language settings, approximate location derived from IP, referring URLs, timestamps, and diagnostic data generated when you use our website or authenticated partner tools we may provide.
• Security: access logs, fraud-prevention signals, and authentication events used to protect our systems and counterparties.

4. How we use personal information

We process personal information for legitimate business purposes, including:

• Responding to inquiries and delivering trade support, quotations, and logistics coordination aligned with our services.
• Negotiating, performing, and administering contracts; managing shipments, documentation, and customs-related communications where you or your organization are a party or authorized representative.
• Operating, securing, and improving our website; analyzing aggregate traffic patterns; and troubleshooting technical issues.
• Complying with applicable law, regulatory requests, court orders, and reasonable compliance policies (including trade sanctions screening and record-keeping where required).
• Protecting the rights, property, and safety of Blue Ocean Breeze, our personnel, customers, and the public.

Where required by applicable data protection law, we rely on appropriate legal bases such as performance of a contract, legitimate interests (balanced against your rights), compliance with legal obligations, or consent when we expressly request it.

We only process personal data where there is a valid legal basis, including:

• your explicit consent — for example where you submit an enquiry, request information about our services, subscribe to updates, or allow us to contact you;
• taking steps at your request prior to entering into a contract, or to perform a contract with you or your organisation;
• compliance with legal and regulatory obligations to which we are subject, including anti-money laundering, sanctions, tax, accounting, and record-keeping requirements;
• other lawful grounds permitted by applicable law, such as protecting our systems and services, preventing fraud and abuse, and defending or establishing legal claims, in each case where this is allowed under the applicable data protection framework.

5. Cookies and similar technologies

Our site may use cookies, local storage, or similar technologies. We group them as follows:

• Strictly necessary: required to deliver the site (session integrity, security, request routing). Cannot be disabled without breaking the site.
• Preferences: remember non-essential choices such as theme or language. You can clear these through your browser at any time.
• Analytics: if enabled, aggregate traffic patterns and page performance. We use privacy-respecting providers and do not sell or rent the data generated.
• Security: help detect automated abuse, fraud attempts, or unauthorised access patterns.

You can control cookies through your browser settings. Disabling strictly necessary cookies will break core functionality. We do not use tracking technologies to build cross-site advertising profiles and do not sell personal information in the conventional sense of data brokerage.

6. Disclosure and international transfers

Because we coordinate maritime, multimodal, and cross-border industrial logistics, relevant information may be shared with:

• Service providers and subprocessors (e.g., hosting, email, analytics, customer-relationship tools) bound by contractual confidentiality and security obligations.
• Carriers, port agents, customs brokers, insurers, banks, and other counterparties strictly as needed to move goods, settle trade, or meet documentary requirements.
• Professional advisers, auditors, and insurers under duty of confidentiality.
• Authorities when required by law or when we reasonably believe disclosure is necessary to comply with legal process or protect vital interests.

Recipients may be located outside the Sultanate of Oman. Where cross-border transfers are subject to legal safeguards, we implement appropriate measures consistent with applicable law (such as contractual clauses or adequacy frameworks, where available).

You may contact us using the details below if you would like more information about how we handle cross-border transfers of your personal data.

7. Retention periods

We retain personal information only as long as necessary for the purposes described in this policy, including legal, accounting, and dispute-resolution requirements tied to industrial shipments. Indicative periods by data category:

• Enquiry contacts that do not convert into an engagement: up to 24 months from last contact, then deleted.
• Customer records tied to a commercial engagement: for the duration of the engagement and a further period consistent with applicable commercial, tax, and customs recordkeeping law — typically up to 10 years from contract closure.
• Shipment and customs documentation: retained for the statutory period required by the regulators in each jurisdiction of origin, transit, and destination, without prejudice to contractual retention asks.
• Website logs and security signals: typically 6–18 months, depending on the signal and the security posture in force at the time.
• Compliance and sanctions records: retained for the period required by applicable anti-money-laundering, sanctions, and export-control rules, which is commonly at least 5 years from the relevant event.

When retention ends we delete, anonymise, or archive the record to a form that no longer identifies individuals, unless longer retention is required by law or by a documented legal claim.

8. Security

We implement administrative, technical, and organizational measures appropriate to the sensitivity of the information we handle, including access controls, encryption in transit where standard for web services, and vendor diligence. No method of transmission or storage is completely secure; we encourage counterparties to use business email and approved channels when exchanging sensitive operational data.

9. Your rights and how to exercise them

Depending on your location and applicable law, you may have rights to:

• Access the personal information we hold about you and receive a copy.
• Correct inaccurate or incomplete information.
• Delete information we no longer have a lawful basis to retain.
• Restrict or object to certain processing, including processing based on legitimate interests.
• Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
• Portability of information you provided where applicable law grants that right.
• Complain to a competent supervisory authority in your jurisdiction. In the Sultanate of Oman this is the authority responsible for the Personal Data Protection Law; elsewhere it is the data-protection regulator applicable to you.

To exercise any of these rights, email [email protected]with the subject line "Data subject request" and a clear description of your request. We will acknowledge within a reasonable period and aim to respond within one calendar month, subject to extensions permitted by applicable law for complex or voluminous requests. We may need to verify your identity before releasing information; this is a protection for you, not a delay tactic.

If the Oman PDPL applies to the processing of your personal data, you may, in addition to any rights described above and subject to applicable conditions:

• withdraw your consent to the processing of your personal data, without affecting the lawfulness of processing carried out before such withdrawal;
• request correction, updating, or blocking of your personal data if it is inaccurate, incomplete, or not processed in accordance with applicable law;
• obtain a copy of your personal data that we process;
• request deletion of your personal data where there is no lawful basis to continue processing;
• object to, or request restriction of, certain processing activities where such rights are provided under applicable law;
• lodge a complaint with the competent authority in the Sultanate of Oman in relation to the processing of your personal data.

10. Visitors to our offices, CCTV, and call recording

Visitors to our offices or operational sites may be asked to sign a visitor register for security and health-and-safety reasons. Where CCTV is in use, notices are posted in the relevant areas. Recordings are retained for a limited period proportionate to their security purpose and reviewed only for incident investigation, law-enforcement requests, or demonstrable safety concerns.

Telephone calls with our operational team may be recorded to confirm shipping instructions, dispute resolution, and training — where required by law we will tell you at the start of the call. Recordings are stored with the same access controls as other commercially sensitive records.

11. Automated decision-making and profiling

We do not make decisions that produce legal or similarly significant effects about individuals based on automated processing alone. Where screening tools or risk scoring are used — for example in sanctions diligence — the outputs are treated as one input among others, and material decisions are taken by qualified personnel with documented justification.

12. Special categories and sensitive data

We do not seek special categories of personal data (for example, data revealing health, religion, political opinions, or trade-union membership) in the ordinary course of our business. If such information is incidentally provided to us, we will handle it in line with applicable law and will delete it where retention is not necessary for a legitimate purpose.

13. Third-party sites and embedded content

Our website may link to third-party resources such as maps, document previews, or partner services. Their privacy practices are governed by their own policies; we are not responsible for content or data handling on external sites. Where we embed third-party content on our pages (for example, a maps widget) that provider may receive information such as your IP address and browser fingerprint when the page loads.

14. Data breach response

We maintain an incident-response process for suspected or confirmed compromises of personal data. Where a breach is likely to result in risk to the rights and freedoms of individuals, we will notify affected parties and competent supervisory authorities in accordance with applicable law and within the timelines that apply to us. Incident records, remediation actions, and lessons learned are retained for audit and for process improvement.

15. Supervisory authorities and complaints

If you are not satisfied with how we have handled your personal information, please raise it with us first at [email protected]. You also have the right to complain to the data-protection supervisory authority competent for your situation. In the Sultanate of Oman this is the authority designated under the applicable Personal Data Protection Law; individuals in other jurisdictions may contact their local regulator.

16. Contact and data-protection point

Privacy and data-protection enquiries should be sent to [email protected]. For hard-copy correspondence, write to us at our registered office marked for the attention of the Privacy function. Where applicable law requires us to designate a formal Data Protection Officer or local representative, we will publish those contact details here.

17. Data controller and Oman PDPL contact

Blue Ocean Breeze SPC is the controller responsible for the processing of personal data collected through this website for the purposes described in this Privacy Policy, unless we inform you otherwise for specific processing activities.

If you have any questions about how we process personal data, or if you wish to exercise your rights under applicable data protection law (including the Oman PDPL where applicable), you can contact us at:

• Email: [email protected]
• Postal address: Special Economic Zone at Duqm (SEZAD), Al Wusta Governorate, Sultanate of Oman

18. Updates to this policy

We may revise this Privacy Policy to reflect operational, legal, or regulatory changes. The updated version will be posted on this page with a revised last-reviewed date. Material changes may be highlighted through notices on our site or direct communication where appropriate. Where a change materially reduces your rights under this policy, we will explain the change and, where required, seek renewed consent.

19. Related information

For regulatory expectations, documentation standards, and trade support, see our Compliance overview, Terms of Use, and Trade Support page.