GDPR01 Privacy Policy for Seafarers

How Cassiopeia Shipmanagement LTD is Processing seafarers Personal Data

Data Privacy Policy Introduction

This Privacy Policy explains how Cassiopeia Shipmanagement LTD processes seafarer’s Personal Data within the frame work of GDPR. Cassiopeia Shipmanagement assure that any seafarer’s Personal Data are been processes and protected based on the C.I.A. (confidentiality, Integrity and Availability).

The processing of Personal Data of seafarer’s that Cassiopeia Shipmanagement posses will be in accordance with the legal data protection regulations as well as this Data Privacy Policy.

This policy discloses the way Cassiopeia Shipmanagement handles Seafarers Personal Data from the time it collects them until the time it delete them. It is recommended that you check this page carefully and regularly for updated information about our data privacy policy.Name and address of the data controller and Data Protection Officer Any Data Subject and or physical person has the right to communication with us for any related questions or exercise his or hers rights concerning his or hers personal data.

Data Controller: CASSIOPEIA SHIP MANAGEMENT
Data Protection Officer: STELIOS SAKKAS
Data Controller Address: 58-60, Agiou Athanasiou Avenue El Greco Building,
Office No. 101 Agios Athanasios, Limassol – CYPRUS

Data Controller Telephone and email: +357 25270900 /
nicolas.lambrinides@cassiopeia.com.cy

CASSIOPEIA SHIPMANAGEMENT Privacy Policy Statement.

Our company Cassiopeia Shipmanagement assures that is in full compliance with General Data Protection Regulation 2016/679. We achieve this through the full implementation of an effective system of safeguarding and protecting personal data that we collect from any natural person and in full respect of individual’s rights. Our company has implemented at its offices a full Privacy Protection System conformed with GDPR Compliance which entails also the Information Management System ISO27001 alignment with ISO22301 Business continuity Management System. Our company’s main goals are to collect Personal Data that are:

  • Consistent with the purpose for which they were originally collected
  • Collected on the basis of what is absolutely necessary
  • Corrected and up-to-date
  • Maintained for as long it is absolutely necessary
  • Protected by appropriate and organizational security measures
  • Reviewed regularly to take account of new technological developments
  • Encrypted where it is possible and use and pseudonymization instead of using actual data?

In addition Cassiopeia Shipmanagement always takes into consideration the rights of
Physical persons by whom it has received its Personal Data in such a way that it contributes to the
strengthening of the existing rights granted to them as follows:

  • Right to be provided with information
  • Right of access
  • Right to rectification
  • Right to be forgotten (right to erase)
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to object to automated decision-making

Our company’s Top Executives and all employees are committed to prevent any possible
violations of the rights of individuals and protecting their Personal Date while being processed.
Any process of physical person’s personal data is based on the principles of C.I.A (Confidentiality,
Integrity and Availability).

All of the above will be implemented through an organized information system designed to record
and monitor all processes from collection, processing and to the final recipient. The system is
monitored and controlled at frequent intervals through documented internal audits, providing
feedback to Cassiopeia Shipmanagement Top Executives for improvement.

DIRECTORS

Nicolas Lambrinides & Vassos Stavrou
CASSIOPEIA SHIP MANAGEMENT
Date: 20/04/2018

Scope of the processing of personal data

Cassiopeia Shipmanagement can use seafarers personal data as described in this
Data Privacy Policy, in order to make its services available, to respond to their enquiries,
and to the extent it is legally permissible or required or to assist in legal or criminal
investigations. We can further anonymise and aggregate data gathered for statistical
purposes to expand our product portfolio and improve our services.

With whom do we share seafarer’s Personal Data

We can store seafarer’s personal data or otherwise pass it on to our affiliates or further trustworthy business partners, who perform services in our name, or other types of service provision.

We have conducted contracts with these parties especially for Personal Data Control so as to ensure that seafarer’s personal data is processed on the basis of our instructions and in compliance with this Data Privacy Policy, and other suitable measures regarding confidentiality and security and Availability. We pass on seafarer’s personal data to these parties and/ or other third parties exclusively to the required extent in order to perform services that you have requested or authorised and to protect yours and our rights, property or security or, if we are obligated to do so based on applicable laws, orders by courts or other authorities. In any case of data breach or any disclosure we will assist by any means in order to assist in legal or criminal investigations or court proceedings. Cassiopeia Shipmanagement as well as related parties as authorities, customers and associates to whom we may pass on seafarer’s personal data, might possibly be based outside of our home country, and potentially also in countries with data protection laws that can differ from those applicable in our country where we are. In such cases, we will ensure that suitable measures for the protection of seafarer’s personal data are taken by introducing suitable legal mechanisms.

Legal basis for the processing of personal data

When CASSIOPEIA SHIPMANAGEMENT obtains consent from any data subject for the processing of seafarer’s personal data, Art. 6 (1) lit. a) EU General Data Protection Regulation (GDPR) applies as the legal basis for the processing of personal data. In the processing of personal data that is required for the fulfilment of a contract to which the data subject is a party, Art. 6 (1) lit. b) GDPR serves as the legal basis. This also applies to processing that is required to conduct pre-contractual measures. Where processing of personal data is required for the fulfilment of a legal obligation imposed on our company, Art. 6 (1) lit. c) GDPR serves as the legal basis. In the case that vital interests of the seafarers are engage and when it is necessary the processing of personal data, Art. 6 (1) lit. d) GDPR serves as the legal basis. If the processing serves to protect a justified interest of our company or of a third party and if the interests, civil rights and fundamental freedoms of seafarers do not outweigh the interest mentioned first, Art. 6 (1) lit. f) GDPR serves as the legal basis for the processing.

Data deletion and period of storage

The personal data of seafarer’s will be deleted or blocked as soon as the purpose for
storing it ceases to apply. The Personal Data will be deleted when a storage period expires
that is prescribed by and as it is defined within the Register of Activities for Personal Data,
unless there is a necessity for the continued storage of the data for a contract conclusion
or contract fulfilment.

Accept and Send

I have read Cassiopeia’s Shipmanagement LTD Privacy Notice and I consent to the processing of my application and related personal data in accordance with Cassiopeia’s Shipmanagement LTD Privacy Notice and relevant law applicable at any time for a period of six months following the submission of my application.