Privacy statement for Unspoken

’Unspoken’ is a website on which seafarers can share their stories anonymously.

Privacy statement

Last updated: March 18, 2026





1. Who we are

Unspoken is a website on which seafarers can anonymously share their stories with unwanted sexual behaviours at sea. The platform is an initiative developed and operated by:

Global Maritime Forum (GMF)
Amaliegade 33B,1256 Copenhagen
Denmark
CVR: 38864122
Email: unspoken@globalmaritimeforum.org

Global Maritime Forum is the data controller responsible for the processing of personal data described in this Privacy statement.

If you have questions about this policy or your data, you can contact us at: unspoken@globalmaritimeforum.org.

You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet): https://www.datatilsynet.dk.


2. Purpose of the website ‘Unspoken’

Unspoken provides a secure platform where individuals can share anonymised lived experiences of sexual misconduct at sea.

Unspoken is not a platform for reporting cases of sexual misconduct at sea, and submitting a story does not trigger a formal investigation or legal process.

The purpose of the platform is to:

  • Collect anonymised stories of sexual misconduct at sea

  • Use the anonymised stories to develop a framework to strengthen prevention and response to sexual misconduct at sea for maritime companies (in the future)

  • Raise visibility, awareness and understanding about patterns and systemic challenges of sexual misconduct at sea

  • Offer information about organisations providing support and helplines for seafarers who have experienced sexual misconduct at sea.

The Global Maritime Forum does not investigate individual incidents or allegations submitted through the website. Stories shared on the platform are used solely for awareness and research purposes and will not trigger an investigation.

If you wish to report an incident or seek formal action, please do so through the relevant authorities or the appropriate reporting channels within the company involved. Information about organisations that can provide confidential support and guidance is available here.


3. What data we collect

We are committed to data minimisation, thereby ensuring that the data collected and processed serves clearly defined and specific purpose(s) and is proportional and relevant to those purposes and the aim of the platform Unspoken.

A. Story submissions

If you choose to submit a story, we collect:

  • The free-text content you provide

  • Structured responses to questions (e.g. gender, rank, vessel type, crew size), most of which are optional

We do not collect names, contact details, or other personal direct identifiers.

We strongly encourage users not to include names or identifying details in their free-text content, and we will remove all personal data or personal identifiable information from the stories submitted to ensure anonymity.

All stories are reviewed by the Unspoken team and anonymised (ensured via the 6-eyes principle) before publication on the platform.

B. Technical and usage data
We use Google Analytics (GA4) to collect limited technical data about website usage. We use this technical and usage data to analyse website usage and understand website activity.

This includes:

  • IP address (used to derive approximate geographic location and not stored)

  • Browser type

  • Device type

  • General geographic region (country-level)

  • Pages visited and time spent on the site


4. What data we do not collect

We do not collect:

  • Names

  • Email addresses

  • Phone numbers

  • Home addresses

  • Employment identifiers

  • Vessel names

  • Other personal identifiable information


If such information is included in free-text submissions, it will be removed before publication, and no data, naming persons, companies or other identifiable markers, will be stored anywhere.


5. Legal basis for data processing

We process the data on the platform on the following legal basis: Consent that is freely given, informed, specific and unambiguous.

A. Consent (Article 6(1)(a) GDPR)

Story submissions are processed based on your freely given, informed, specific and unambiguous consent.

Before submitting a story, you will be asked to confirm that you consent to the processing of your submission for the purposes described in this Privacy statement.

You can withdraw your consent at any time by contacting us at unspoken@globalmaritimeforum and providing your submission reference number, which you will receive after you submit your story. Access to the project email inbox is restricted to one Unspoken team member. This team member communicates only the reference number to a second team member who has access to the submission database. Through this separation of duties, the link between communications and submissions is controlled, further strengthening security and protecting contributor anonymity.

B. Special category data (Article 9(2)(a) GDPR)

Stories shared on this platform may include information relating to sexual life, health, or trauma, which constitutes special category data under GDPR.

Such data is processed solely on the basis of your explicit consent.

All submissions are stored in Google Cloud Firestore, a database service provided through Firebase by Google Cloud via Firebase. As part of standard infrastructure operations, Google Cloud Firestore may process IP addresses in server logs. These logs are not connected to Firestore submission records, and no connection is made between technical data and submitted content.

Google acts as a data processor under the EU General Data Protection Regulation (GDPR) and provides Data Processing and Security Terms governing the processing of personal data. Read more here: https://cloud.google.com/terms/data-processing-terms

C. Analytics data

Analytics cookies are processed based on your consent through our cookie banner. You may refuse or withdraw consent at any time.

Website usage data is processed through Google Analytics 4 (GA4), an analytics service provided by Google. IP addresses are used by GA4 for processing purposes (such as determining approximate location) but are not stored or included in analytics reports. Google acts as a data processor under the EU General Data Protection Regulation (GDPR) and provides Data Processing and Security Terms governing the processing of personal data. Read more here: https://business.safety.google/adsprocessorterms/.


6. How we use your data

We use collected data to:

  • Review and anonymise submitted stories

  • Publish anonymised stories (when consent is provided)

  • Analyse aggregated patterns and trends of sexual misconduct at sea

  • Inform the development of a framework to strengthen prevention and response to sexual misconduct at sea for maritime companies

  • Improve website functionality and usability


7. Data sharing and third parties

Global Maritime Forum is the data controller responsible for the processing of personal data described in this Privacy Statement and does not share any personal data or anonymised stories with third parties for their own purposes.

However, certain technical service providers process data on our behalf in order to operate and maintain the website. These include:

  • Netlify (website hosting)

  • Google Cloud/Firestore (Cloud Firestore database hosting)

  • Google Analytics 4 (website analytics)

These providers act as data processors and process data under Data Processing Agreements in accordance with GDPR.

8. International data transfers

Some analytics data processed via Google Analytics may involve transfers outside the European Union.

Where such transfers occur, appropriate safeguards are in place, including data processing agreements or equivalent mechanisms required under EU law.


9. Data retention

We retain data only as long as necessary for the purposes described in section 2 above.

  • Story submissions are retained for 2 years unless deletion is requested.

  • Analytics data is retained for 14 months.

You can request the deletion of your submission at any time by providing the submission reference number after story submission. Given the anonymity of submitters, the submission reference number is the only way to identify your submission.


10. Your rights under GDPR

You have the right to:

  • Access your data

  • Request correction

  • Request deletion

  • Restrict processing

  • Withdraw consent

  • Lodge a complaint with Datatilsynet

To exercise your rights, contact: unspoken@globalmaritimeforum.org

Because submissions are anonymous, you need to provide your submission reference number for us to delete your story.


11. Data security measures

We implement appropriate technical and organisational measures to safeguard your data, including:

  • Restricted access to submissions. Only three Unspoken team members have access to story submissions, and further access will not be extended.

  • Anonymisation before publication – ensured by 6-eyes principle

  • Secure hosting within the EU

While we take strong precautions, no online system can guarantee absolute security. In the event of a data breach, our incident management procedures ensure breaches are identified and addressed promptly, and that relevant parties are notified where required. Where an incident constitutes a personal data breach, we will comply with the obligations set out in applicable data protection laws and any relevant data processing or data sharing agreements.


12. Cookies

We use cookies for:

  • Essential website functionality

  • Analytics (with your consent)

You can manage your cookie preferences via the cookie banner.


13. Changes to the privacy statement

This Privacy Statement will be reviewed and updated on a yearly basis. Updates will be published on this page with the revision date.


This privacy statement has been reviewed by Katrine Starup, an independent consultant specialised in human rights, protection, including prevention and protection from gender-based violence and sexual exploitation, abuse and harassment (PSEAH), and in safe, ethical, effective and responsible management of data.