Company Data Protection Policy
This Data Protection Policy (hereinafter “the Policy”) accounts for the personal information collected, processed and used by “Empire Bulkers Ltd.”(hereinafter “the Company” or “We”) in compliance with the provisions of Regulation 2016/679 of the European Parliament and Council of the European Union (also known as the General Data Protection Regulation or GDPR, hereinafter “GDPR”).
[ For more information on our data protection policies and procedures, you can always directly contact us at firstname.lastname@example.org ]
1. Our Company as a Data Controller
Our Company processes Personal Data (as defined in GDPR) as an employer, prospective employer, as a supplier of services, for marketing related purposes and in the course of its operations, its standard business as a ship management company and a company employing crew on ships managed by the Company. It also collects personal information when co-operating with third parties / partners and with respect to the visits of this website as well as in compliance with the Company’s legal obligations or for other legitimate reasons or for reasons of public interest.
2. How we collect Personal Data
The Company collects personal information:
(i) directly from the data subject; or
(ii) indirectly, either from internal sources, including the Departments of the Company; other entities affiliated with the Company, if any; or third parties, including but not limited to agents, intermediaries, suppliers, business partners etc.
3. What kind of data we process
We process Personal Data that includes but is not limited to:
(a) information referring to a subject’s name, contact details (full address, email address, phone number, IP address, social media posts), date and place of birth, gender, bank or payment details, marital and family status, passport, visas and ID numbers, tax and social security numbers, medical history for assessment of fitness to work (as also defined below), or other Special Categories of data as defined in the GDPR,as well as information on previous experience, references, diplomas and degrees and professional certificates, correspondence with or about the data subject, the contract of employment and any amendments thereof, as well as all information needed for the performance of a contract of employment, as amended in the case of the Company’s shore-based employees;
(b) information referring to a subject’s name, contact details (full address, email address, phone number) and emergency or next of kin contact details, date and place of birth, gender, bank and payment details, marital and family status, passport, visas and ID numbers, tax and social security numbers, as well as information on previous sea services and references, qualifications, training, certificates and diplomas, certificates of service on ships managed by the Company, medical history, pre-employment medical examinations or other medical information for the assessment of fitness to work of any Seafarer to be employed on ships managed by the company (as also defined below), biometric or genetic data or drug and alcohol tests, or other special categories of data as defined in the GDPR, the respective contract of employment and any amendments to it, correspondence with or about the data subject, and, where appropriate, disciplinary and complaint records, as required prospective crewmembers to be employed on ships managed by the Company
(c) information referring to a subject’s name, gender, identity card number or passport number, tax and social security numbers, bank details, date and place of birth, mailing address, telephone numbers, email address and other contact details, resume, educational qualifications, professional qualifications and certifications and employment references, as well as employment and training history or pictures/photographs, if any,included in an application, as in the case of job applicants to the Company;
(d) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, social security numbers, payment details, job title and role/function; delivery information; scanned version of invoices, billing and similar documents, as is the case with our suppliers and our suppliers’ personnel and representatives, including trainers, technicians, lawyers, law firms, accountants, auditors and other service providers;
(e) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, payment details, job title and role/function, as is the case with our agents and our agents’ personnel and representatives; etc.
4. Special categories of data
Where necessary, the Company may keep information relating to a subject’s health, which could include reasons for absence and /or accident reports and notes, as well as medical records, as is the case with crewmembers joining vessels managed by the Company [a per para 3(b) above].
This information is used solely in order to comply with our health safety and occupational health obligations, including in order to consider how a subject’s health affects the ability to work and fulfil the respective employment obligations, as well as to comply with our statutory obligations and applicable legislation with regard to recruitment, employment, other requirements set, from time to time, by the Ships’ flag or local legal requirement with respect to occupational medicine and, to protect a subject’s vital interests as is the case when protecting the safety and integrity of the crews employed on board ships managed by the Company at sea and the visitors or service providers onboard.
All above data and any other data constituting Special Categories of data, including references to a subject’s ethnic origin /nationality/other data of a sensitive nature are lawfully collected and processed by the Company and, unless this is not authorized or required by law or such information is required to protect the subject in an emergency, obtains the subject’s explicit consent.
5. Why we process Personal Data
Personal Data is processed by the Company, as necessary, for the performance of a contract to which the data subject is a party (as is the case with our employees, crewmembers and third-party associates), as well as for the Company’s compliance with legal obligations. We also process Personal Data for the Company’s legitimate interests and for protecting the Company’s legal position in the event of legal proceedings and/ or insurance claims and/or for protecting the Personal Data of the subject and consequently his/her vital interests.
When we need to process Personal Data to pursue our legitimate business interests, for example to prevent fraud or potential crimes, for administrative purposes or to protect the Company’s and its affiliated entities’ assets and to improve our efficiency, we exercise best efforts to avoid processing a subject’s data where these interests are overridden by the subject’s own interests and we use only procedures and technologies which are necessary, proportionate and implemented in the least intrusive manner, by appropriate procedures that ensure a balance with the subject’s fundamental rights and freedoms.
6. How we use and protect Personal Data
When processing Personal Data, we do not collect more information than needed, in order to fulfil the purposes for which we process Personal Data.
We hold accurate and up to date Personal Data in the appropriate manner reasonably ensuring suitable security thereof, protection against unauthorized and/or unlawful processing, accidental loss, destruction or damage.
We restrict physical access to authorized persons (cognizant of the Company’s strict policies and procedures), we further maintain and use appropriate technical and organizational procedures and specified technological solutions as well as suitable IT systems to protect the integrity, safety, security and availability of the Personal Data we process.
7. Monitoring – Ship tracking – CCTV surveillance
While onboard, geolocation of a subject is obviously monitored/tracked. In certain cases, computer and telephone/mobile telephone use are also monitored. The same applies while ashore, when and to the extent installation of a CCTV system is installed and operated in our premises due to reasons relating to the subject’s personal safety and health and as precautionary/preventive measures against piracy or other potential dangers while trading at sea; to protect our Company’s assets and resources; and, mainly, to ensure the life, the safety and health of our people.
8. E-mail correspondence
Any Personal Data (name, address, title/position, contact details or information of a sensitive nature) we send and/or receive in our e-mail systems or other electronic correspondence is duly processed in compliance with the GDPR and any other applicable law and/or regulation.
Our Company uses the Personal Data contained therein and any attachments thereto lawfully, duly and in a transparent manner; for specified, explicit and legitimate purposes at all times.
Our correspondence recipients are duly informed that they have all rights and freedoms provided for by any applicable legislation regarding their Personal Data.
9. Who has access to Personal Data
A subject’s information is disclosed, as the case may be, only to appropriate Company’s personnel, including, obviously , the Master/Officers of the ships managed by the Company.
We may also disclose Personal Data to port, State or other competent authorities if this disclosure is mandatory under applicable laws or regulations.
Disclosure to tax authorities and to internal and/or external auditors is included.
We also disclose Personal Data to service providers onboard or ashore, as well as to our charterers, port and other agents, external consultants, training providers, business partners and/or associates and professional advisors, including but not limited to lawyers, legal counsels, law firms, insurance institutions and accountants, as well as accredited clinics and/or doctors or medical organisations (including telemedicine centers, the Red Cross or similar health organisations) performing medical exams and/or prescribing medication to our crews prior to or during their recruitment) and to other third parties, if we are legally obliged to do so (flag requirements included) or where we need to comply with our contractual duties to the data subject, for instance where we may need to pass certain information on to our port agents responsible for the transportation, boarding and any other related function from and to ports or other destinations or to our insurance or other associates in case of an accident or illness as the case may be.
In all such cases, we act in the most reasonable manner and only in accordance with local laws, regulations and requirements and we exercise best efforts in order to ensure at all times that such third parties have been invited to adopt appropriate data processing procedures thus preserving the security and confidentiality of the subject’s data.
Due to our global shipping activities and the nature of our business as a ship management company and a company employing crew on ships managed by the Company, personal information may be transferred outside the E.E.A. when we need to comply with our legal and/or contractual requirements. We do so only where an adequate level of protection is ensured or where we have in place safeguards including the use of standard contractual terms, to preserve the security of a subject’s data in case of these transfers as far as it is practically possible.
We might also transfer a subject’s Personal Data to companies affiliated with the Company, if any, for purposes connected with the management of the Company’s business.
10. When we assign Personal Data processing
Where the Company relies on a third-party Personal Data Processor, to execute processing on its behalf, the Company will choose one (to the extent practically possible under the prevailing circumstances on each separate occasion) who provides adequate security level and procedures as well one that undertakes reasonable steps to ensure compliance of the Personal Data processor with such procedures .
11. Duration of retaining
The Personal Data are stored by the Company for no more than it is necessary, solely for processing purposes as per the applicable legislation.
For as long as the Personal Data are retained by the Company, we implement and have in force at all times appropriate technical and organizational procedures as required by the law or existing regualtions, in order to safeguard the rights and freedoms of the data subjects.
When we process Personal Data based on the subject’s consent, this consent remains valid until such time it is withdrawn by the subject, as the case may be, subject to the Company’s right to maintain the Personal Data after the termination of the employment for legitimate purposes. In such case, the Company shall notify the subject accordingly (as promptly as possible following the subject’s written request) and reasonably provide an estimate as to the time necessary for maintaining such Personal Data.
12. Future use and update
In the event that the Company will intend in the future to process Personal Data for a purpose other than the one this has been collected for, we shall make sure to provide the subject with relevant information thereto, as well as any other relevant information if such purpose is not consistent with the initial purpose.
13. The subject’s rights
If and to the extent that we process a subject’s Personal Data based on his/her consent, the subject may withdraw his/her consent and request the Company to stop using processing and/or disclosing such personal data for any or all of the purposes for which consent has been granted to the Company. This may be done by submitting a request in writing, via email, to our authorized person in charge (with copy to the DPO). The Personal Data Subject will have at any time access to the data, right to rectification or erasure or destruction (“right to be forgotten”), restriction of the processing, objection to the processing, objection to automated decision making and right to the data portability.
Upon receipt of such written request to the Company withdraw the consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the subject) for the subject’s request to be processed and for us to notify him/her of the consequences of our acceding to the same, including any legal consequences which may affect his/her rights and liabilities to the Company. In general, we seek to process and respond to a subject’s respective request within 30 days of receiving it.
A subject is also entitled to request access to his/her Personal Data, as well as rectification, erasure, destruction or restriction of processing, as the case may be, to object to our processing, if and as the case may be, as well as to receive the Personal Data in machine-readable format.
14. Changes to this Policy
The Company reserves its rights to make changes to this Policy from time to time. Regularly reviewing our website ensures that a subject is always aware of the updated version.
If we make material changes to this Policy, we will promptly provide notification via prominent notice on the Company’s Website.
15. Contact in case of queries
For more information on our Personal Data policies and procedures and for guidance on privacy related issues, as well as for requests for access, rectification, erasure, etc. as above, you can contact our data protection organizer (email@example.com / 0030-2111024000), who can also answer all your queries on how the Company is processing personal data.