Company policy for personal data protection
COMPANY POLICY FOR PERSONAL DATA PROTECTION
This company policy („Policy“) describe the way, Global Crewing Ltd („Company“) collects, records, organizes, stores, transfers, combines, rectifiess, erases or processes by any other mean personal data for the purpose of the Company activity.
The Policy is established in compliance with the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
This Policy applies to:
- Principles and procedures of processing of personal data;
- Procedures for reporting to supervisory authority in case of breach of security;
- Procedures for establishing a system to enable and facilitate the requests from data subjects.
- Persons in charge of data processing and their responsibilities;
- Regulations for transferring of personal data to third parties;
- Technical and organization measures for protection of personal data;
Terms and definitions used in this Policy:
- Data subject – a natural person whose personal data is processed by a controller or processor.
- Personal Data – any information related to a natural person or ‘data subject’, that can be used to directly or indirectly identify the person.
- GDPR- General Data Protection Regulations- regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal darta and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- CPDP – Commission for Personal Data Protection
- Administrator and data processing officer– In this Policy, administrator and data protection officer mean Company.
- Job seeker – any person looking for job and using the services of the Company as a provider of intermediary activities on employing of seafarers and workers for employment abroad.
- Data processing – any operation performed on personal data, including collection, recording, use, storing, editing and erasing. The transfer of personal data to third parties is also included in the data processing.
- Processing: any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
- Pseudonymisation –processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural.
- Consent – any freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
DATA SUBJECTS AND PERSONAL DATA CATEGORIES
Company collects and processes only personal data required, in order to perform its activities as a provider of intermediary services in compliance with the national and international laws and regulations.
PURPOSE AND PRINCIPLES IN DATA PROCESSING
Purpose of data processing:
- Contracting and performance of agreements with Job seekers and Shipowners/ operators for providing intermediary activities.
- Contracting and performance of agreements with service providers;
Personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject, in accordance with the following principles:
- Data subject is informed about his personal data processing;
- Personal data is collected only for the performance of recruiting and placement services provided by the Company. Personal data is not used for any other incompatible and unlawful purposes;
- Personal data is relevant to the purposes, which it is collected for;
Data processing is performed in lawful manner if Company complies with one of the below conditions:
- Data subject has given his consent;
- Data processing is required for executing an employment agreement of data subject;
- Data processing is necessary to comply with a legal obligation that applies to the data administrator.
Data subject consents with the data processing, if a specific and free indication of his agreement is given- by signing of “Declaration of consent”
Data subjects can withdraw their consent at any time.
PERSONAL DATA PROCESSING PROCEDURES
Personal data relating to Job seekers is collected during and on the occasion of concluding a contract for provision of intermediary services. Personal data is processed and stored on technical or/and paper basis, as required.
Data processing officer shall take all organizational and technical measures for their storage and protection, including restriction of access of unauthorized persons.
BREACHES OF SECURITY
When identifying indications of a breach of data security, the Person responsible for personal data shall immediately check the alert by attempting to determine whether a security breach has occurred and which data is affected and shall take measures to prevent or reduce the consequences of the breakthrough and the possibilities for data recovery.
If the breach of security creates a risk for the rights and freedoms of the data subjects who are affected, the Person responsible for the personal data shall organize the notification to the CPDP and affected individuals.
PROVIDE PERSONAL DATA TO THIRD PARTIES
The Company may, if necessary, provide personal data to third parties acting as processors on the basis of performance of crew management and personnel selection contracts.
Processing of personal data by processors outside the EU / EEA is permissible only when:
The data subject has given his explicit consent to the transfer after being informed of the possible risks, or
The destruction of the personal data shall be carried out by the Company without prejudice to the rights of the persons to whom the data subject to the destruction refer and in compliance with the provisions of the relevant normative acts.
PERSONS RESPONSIBLE FOR COLLECTING, PROCESSING AND STORING PERSONAL DATA AND ACCESS TO PERSONAL DATA
The collection, processing, storage and protection of personal data shall be carried out only by the Manager of the Company.
Access to the personal data may also be made by the respective state bodies - the court, the prosecutor's office, the inspection bodies, etc. The aforementioned may request data in due order in connection with the exercise of their powers.
RIGHTS OF DATA SUBJECTS
Every data subject has the right to request access to his or her personal data, including asking for confirmation that data relating to him or her is being processed, to be informed of the purposes of such processing, the data categories and the recipients of the data, and for the purposes of any processing of personal data relating to it
The right of access is made by request of the affected individual, received at the address of the Company's registered office or official e-mail.
AMENDMENTS OF THE COMPANY POLICY
Company can revise and amend these Policy at any time.