SPHI Foods Website Privacy Notice 

Effective Date: 1st March 2026 
Last Updated: 10th March 2026 

 

1. Who We Are 

SPHI Foods (“SPHI”, “we”, “our”, or “us”) provides onshore project catering, offshore catering and support services to marine, vessel, and offshore operations. 

We are committed to protecting personal data in accordance with: 

• The Brunei Darussalam Personal Data Protection Order (PDPO) 

• Other applicable data protection laws 

• Information security best practices aligned with ISO/IEC 27001 

This Privacy Notice explains how we collect, use, store, protect, and disclose personal data through: 

• Our website 

• Our onshore and offshore catering operations 

• Our recruitment process 

• Our business relationships 

 

2. Types of Personal Data We Collect 

We only collect personal data that is necessary and relevant for our operations. 

​

A. Business Contact Information 

• Full name 

• Job title 

• Company name 

• Email address 

• Phone number 

• Business address 

• Contract-related details 

 

B. Onshore / Offshore Operational Data 

Where required for onshore and offshore operations, we may process: 

• Crew names 

• Crew identification details (as required for site access) 

• Dietary requirements 

• Medical declarations relevant to catering safety (e.g., allergies) 

• Onshore and offshore project location personnel lists (if shared by client) 

We only process such information strictly for operational, safety, and contractual purposes. 

 

C. Recruitment Data 

If you apply for a position with SPHI Foods, we may collect: 

• CV / Resume 

• Employment history 

• Qualifications and certifications 

• Identification documents (if required) 

• References 

• Interview notes 

 

D. Website Usage Data 

When you visit our website, we may collect: 

• IP address 

• Browser type 

• Device information 

• Pages visited 

• Date and time of access 

This is used for security, analytics, and website performance improvement. 

 

3. Purpose of Processing 

We process personal data for the following lawful purposes: 

• Delivering onshore and offshore catering services 

• Managing onshore and offshore personnel support 

• Ensuring food safety and dietary compliance 

• Managing contracts and business relationships 

• Responding to inquiries 

• Recruitment and hiring 

• Compliance with maritime, health, safety, and regulatory requirements 

• Protecting SPHI’s legal and business interests 

• Improving our services and website security 

We do not sell personal data to third parties. 

 

4. Legal Basis for Processing (PDPO Compliance) 

Under the Brunei PDPO, we process personal data based on: 

• Performance of a contract 

• Legal and regulatory obligations 

• Legitimate business interests 

• Your consent (where required) 

Where consent is required, it may be withdrawn at any time by contacting us. 

 

5. Disclosure of Personal Data 

We may disclose personal data only where necessary to: 

• Clients and vessel operators (for service coordination) 

• Onshore and offshore operational management 

• Government authorities and regulators 

• Port authorities or maritime agencies (if legally required) 

• Professional advisors (auditors, insurers, legal advisors) 

• IT and cloud service providers supporting our systems 

All third parties are required to implement appropriate security and confidentiality measures. 

 

6. International Data Transfers 

Due to the nature of onshore, offshore, and marine operations, personal data may be transferred across borders. 

Where international transfers occur, SPHI ensures: 

• Appropriate safeguards are implemented 

• Secure transfer mechanisms are used 

• Data protection obligations under PDPO and other applicable laws are met 

 

7. Data Retention 

We retain personal data only for as long as necessary for: 

• Contractual obligations 

• Maritime and regulatory compliance 

• Legal record-keeping requirements 

• Audit and certification requirements  

• Recruitment consideration (for a reasonable period) 

When data is no longer required, it is securely deleted or destroyed. 

 

8. Information Security  

SPHI implements technical and organizational measures such as: 

• Controlled access to systems and documents 

• Role-based access control 

• Secure cloud storage environments 

• Encryption where appropriate 

• Secure data transfer methods 

• Regular security monitoring and review 

• Staff confidentiality obligations 

• Incident response and breach management procedures 

Despite these measures, no system can guarantee absolute security. 

 

9. Data Breach Management 

In the event of a personal data breach, SPHI will: 

• Assess and contain the incident promptly 

• Investigate the cause and impact 

• Notify relevant authorities where required under PDPO 

• Inform affected individuals if legally required 

• Implement corrective measures to prevent recurrence 

 

10. Your Rights 

Subject to applicable law, you may have the right to: 

• Request access to your personal data 

• Request correction of inaccurate information 

• Request deletion of personal data (where legally permissible) 

• Withdraw consent 

• Request information on how your data is processed 

Requests can be made to our Data Protection Officer via the contact details below. 

 

11. Third-Party Links 

Our website may contain links to external websites. 
SPHI is not responsible for the privacy practices of those websites. 

 

12. Updates to This Notice 

We may update this Privacy Notice from time to time to reflect: 

• Legal changes 

• Operational updates 

• Security enhancements 

• Certification requirements 

The latest version will always be published on our website. 

 

13. Contact Information 

If you have any questions about this Privacy Notice or wish to exercise your data rights, please contact our Data Protection Officer: 

 

Email: dpo@sphifoods.com 

Phone: +673 3 230642 

 

SPHI Foods 
#1 & 2, Block B, Ground Floor, Lot 2061 (Phase 2) 

Kg. Gana, Sg. Liang, Kuala Belait, KC1335 

Negara Brunei Darussalam