What is crew management software?

Crew management software centralizes seafarer data, certifications, and deployment workflows to help shipping and crewing teams manage scheduling, compliance, and reporting in one place.

Does CMSPro support STCW compliance alerts?

Yes. CMSPro tracks STCW and non-STCW certificates, visas, and medicals, then sends automated expiry alerts so teams can maintain readiness before crew deployment.

How does AI crew screening work?

CMSPro uses OCR and AI to parse CVs and supporting documents, extract structured candidate data, and speed up shortlisting based on role, vessel type, certification, and readiness criteria.

Can CMSPro integrate with payroll and HR systems?

Yes. CMSPro supports custom integrations with payroll, HR, ERP, and external portals, plus automation for reminders and operational notifications.

Privacy Statement

Last updated: February 21, 2026

PT. Cipta Mitra Strategis Indonesia ("Company", "we", "us", or "our") operates the CMSPro maritime crew management platform ("Platform"). This Privacy Statement explains how we collect, use, store, share, and protect personal data in connection with the Platform, in compliance with Indonesia's Personal Data Protection Law (UU No. 27 Tahun 2022 tentang Pelindungan Data Pribadi / UU PDP) and other applicable data protection standards.

CMSPro is a business-to-business (B2B) platform. Our direct customers ("Subscribers") are crewing agencies (manning agencies) and shipping companies. Seafarers and crew members whose data is managed within the Platform are considered data subjects on whose behalf Subscribers act as data controllers. The Company acts as a data processor on behalf of Subscribers.

1. What Data We Collect

We collect and process the following categories of data through the Platform:

A. Subscriber (Company) Data

Company name, business registration details, and address.
Authorised contact persons: name, email, phone / WhatsApp number, and role.
Billing information and Subscription details.
Platform usage logs (login activity, module access, audit trails).

B. Seafarer & Crew Member Data (entered by Subscribers)

Personal identity: full name, date of birth, nationality, national ID (KTP/passport number).
Contact information: phone number, email address, home address.
Emergency contacts and family information.
Rank, vessel type experience, and full sea-service history.
STCW and non-STCW certificates (name, issuing authority, issue date, expiry date, document scans).
Medical certificates and health records (including fitness-for-duty status).
Visa and travel documents.
CV and application documents, including AI/OCR-extracted structured data.
Crew assignment records: vessel name, project, Principal, contract dates, and deployment status (shortlist → proposed → approved → joined).
Performance evaluations and rehire eligibility records (if entered by the Subscriber).

C. Technical Data

IP addresses and browser/device information collected during Platform access.
Session activity logs for security and audit purposes.
Error and performance telemetry used to maintain Platform stability.

2. How We Use Data

We process personal data only for the following purposes:

Platform delivery — Operating and maintaining all CMSPro modules including Candidate & Resources, Certificate & Compliance, Project & Assignment, Integration & Automation, Reporting & Management View, and Payslip & Invoicing.
Certificate compliance monitoring — Tracking STCW and non-STCW certificate expiry dates and triggering automated reminder notifications to Subscriber users via Email and WhatsApp.
AI & OCR processing (Professional Plan) — Automated reading and structured extraction of seafarer CVs and document scans to assist Subscribers in candidate shortlisting. This processing is performed on behalf of and under instruction from the Subscriber.
Integration & notifications — Facilitating integration with third-party payroll, HR, ERP systems, and crew portals as configured by the Subscriber, and sending automated notifications and reminders.
Support & onboarding — Providing technical support, onboarding sessions (online via Zoom/Teams or offline), and training using Subscriber contact data.
Security & audit — Maintaining access logs, audit trails, and detecting misuse or unauthorised access.
Legal compliance — Meeting obligations under Indonesian law and applicable maritime regulations.

We do not use seafarer personal data for advertising, profiling, or sale to third parties.

3. Legal Basis for Processing

Contract performance — Processing Subscriber company and billing data is necessary to fulfil the Subscription agreement.

Legitimate interests — Platform security, audit logging, and service improvement.

Data processor instruction — Seafarer and crew data is processed solely on the documented instructions of the Subscriber (data controller), who bears responsibility for the lawfulness of that processing, including obtaining the necessary consent from seafarers under UU PDP.

Legal obligation — Where required by Indonesian maritime authorities (DJPL / Kemenhub) or other applicable regulators.

4. Data Sharing & Disclosure

We do not sell personal data. Data may be shared only in the following circumstances:

With Principals — Crew assignment data (including seafarer profiles and certificates) may be shared with a Principal as configured and authorised by the Subscriber within the Platform.
With integrated third-party systems — Payroll, HR, ERP, or crew portal integrations enabled by the Subscriber. The Subscriber is responsible for ensuring such integrations are lawful.
With sub-processors — Infrastructure and cloud service providers used to operate and host the Platform. These providers are bound by confidentiality and data processing agreements consistent with UU PDP requirements.
For legal compliance — Where required by Indonesian law, court order, or a competent government authority.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Statement or as required by law. Upon termination of a Subscription, the Subscriber may request a structured export of their crew and compliance data within 30 days of termination. After this period, the Company may permanently delete all associated data from active systems. Anonymised or aggregated usage statistics may be retained indefinitely for service improvement.

6. Data Security

The Company implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:

Encryption of data in transit (TLS) and at rest.
Role-based access controls limiting user access within each Subscriber account.
Comprehensive audit logs of data access and changes within the Platform.
Regular security reviews of Platform infrastructure.

Subscribers are responsible for maintaining the security of their own account credentials and for ensuring that their users access the Platform only on authorised devices.

7. Rights of Data Subjects

Under UU PDP, seafarers and other individuals whose data is stored in the Platform have the right to:

Access

Request confirmation of whether their personal data is being processed and obtain a copy.

Rectification

Request correction of inaccurate or incomplete data.

Erasure

Request deletion of their personal data where no longer necessary or where consent is withdrawn.

Restriction

Request that processing be restricted in certain circumstances.

Portability

Receive their data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests.

Because the Company acts as a data processor, requests from seafarers regarding their data should be directed to the Subscriber (crewing agency / shipping company) that entered their data into the Platform. Where the Company receives such requests directly, we will forward them to the relevant Subscriber within a reasonable timeframe.

8. Automated Notifications

The Platform sends automated notifications via Email and WhatsApp to Subscriber users (e.g., upcoming certificate expiry alerts, crew change reminders, and system notifications). These messages are operational in nature and are not marketing communications. Subscriber contact data used for support, demo scheduling (Zoom / Microsoft Teams), and onboarding may be retained by the Company for the duration of the Subscription.

9. Cookies & Technical Data

The Platform uses strictly necessary session cookies to maintain authentication state. No third-party advertising or tracking cookies are used. Technical data such as IP addresses and access logs are retained for up to 90 days for security monitoring unless a longer retention period is required by law.

10. Cross-border Data Transfers

CMSPro primarily stores and processes data within Indonesia. Where data is transferred to sub-processors located outside Indonesia (e.g., cloud infrastructure providers), such transfers are made only where an adequate level of data protection is ensured, consistent with the requirements of UU PDP. A list of our key sub-processors is available upon written request.

11. Changes to This Privacy Statement

We may update this Privacy Statement periodically. Material changes will be notified to active Subscribers via email or in-platform notification at least 14 days before taking effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact & Data Inquiries

For any questions, data access requests, or concerns regarding this Privacy Statement or our data practices, please contact us:

PT. Cipta Mitra Strategis Indonesia

Indonesia Maritime System Specialist

Privacy inquiries: [email protected]

General: [email protected]

Website: www.cmspro.co