Company Data Protection Policy
This Data Protection Policy (hereinafter “the Policy”) accounts for the personal information collected, processed and used by “Navarone S.A.” (hereinafter “the Company” or “We”) in compliance with the provisions of Regulation 2016/679 of the European Parliament and Council of the European Union (also known as the General Data Protection Regulation or GDPR, hereinafter “GDPR”).
[ For more information on our data protection policies and procedures, you can always directly contact us at firstname.lastname@example.org]
1. Our Company as a Data Controller
Our Company processes Personal Data (as defined in GDPR) as an employer, prospective employer, as a supplier of services, for marketing related purposes and in the course of its operations, its standard business as a ship management company and a company employing crew on ships managed by the Company. It also collects personal information when co-operating with third parties / partners and with respect to the visits of this website as well as in compliance with the Company’s legal obligations or for other legitimate reasons or for reasons of public interest.
2. How we collect Personal Data
The Company collects personal information:
(i) directly from the data subject; or
(ii) indirectly, either from internal sources, including the Departments of the Company; other entities affiliated with the Company, if any; or external third parties, including but not limited to agents, intermediaries, suppliers, business partners etc.
3. What kind of data we process
We process Personal Data that includes but is not limited to:
(a) information referring to a subject’s name, contact details (full address, email address, phone number, IP address, social media posts), date and place of birth, gender, bank or payment details, marital and family status, passport, visas and ID numbers, tax and social security numbers, medical history for assessment of fitness to work (as also defined below), or other Special Categories of data as defined in the GDPR, as well as information on previous experience, references, diplomas and degrees and professional certificates, correspondence with or about the data subject, the contract of employment and any amendments thereof, as well as all information needed for the performance of a contract of employment, as amended in the case of the Company’s shore-based employees;
(b) information referring to a subject’s name, contact details (full address, email address, phone number) and emergency or next of kin contact details, date and place of birth, gender, bank and payment details, marital and family status, passport, visas and ID numbers, tax and social security numbers, as well as information on previous sea services and references, qualifications, training, certificates and diplomas, certificates of service on ships managed by the Company, medical history, pre-employment medical examinations or other medical information for the assessment of fitness to work of any Seafarer to be employed on ships managed by the company (as also defined below), biometric or genetic data or drug and alcohol tests, or other special categories of data as defined in the GDPR, the respective contract of employment and any amendments to it, correspondence with or about the data subject, and, where appropriate, disciplinary and complaint records, as required prospective crewmembers to be employed on ships managed by the Company
(c) information referring to a subject’s name, gender, identity card number or passport number, tax and social security numbers, bank details, date and place of birth, mailing address, telephone numbers, email address and other contact details, resume, educational qualifications, professional qualifications and certifications and employment references, as well as employment and training history or pictures/photographs, if any, included in an application, as in the case of job applicants to the Company;
(d) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, social security numbers, payment details, job title and role/function; delivery information; scanned version of invoices, billing and similar documents, as is the case with our suppliers and our suppliers’ personnel and representatives, including trainers, technicians, lawyers, law firms, accountants, auditors and other service providers;
(e) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, payment details, job title and role/function, as is the case with our agents and our agents’ personnel and representatives; etc.
4. Special categories of data
Where necessary, the Company may keep information relating to a subject’s health, which could include reasons for absence and /or accident reports and notes, as well as medical records, as is the case with crewmembers joining vessels managed by the Company [a per para 3(b) above].
This information is used solely in order to comply with our health safety and occupational health obligations, including in order to consider how a subject’s health affects the ability to work and fulfil the respective employment obligations, as well as to comply with our statutory obligations and applicable legislation with regard to recruitment, employment, other requirements set, from time to time, by the Ships’ flag or local legal requirement with respect to occupational medicine and, to protect a subject’s vital interests as is the case when protecting the safety and integrity of the crews employed on board ships managed by the Company at sea and the visitors or service providers onboard.
All above data and any other data constituting Special Categories of data, including references to a subject’s ethnic origin /nationality/other data of a sensitive nature are lawfully collected and processed by the Company and, unless this is not authorized or required by law or such information is required to protect the subject in an emergency, obtains the subject’s explicit consent.
5. Why we process Personal Data
Personal Data is processed by the Company, as necessary, for the performance of a contract to which the data subject is a party (as is the case with our employees, crewmembers and third-party associates), as well as for the Company’s compliance with legal obligations. We also process Personal Data for the Company’s legitimate interests and for protecting the Company’s legal position in the event of legal proceedings and/ or insurance claims and/or for protecting the Personal Data of the subject and consequently his/her vital interests.
When we need to process Personal Data to pursue our legitimate business interests, for example to prevent fraud or potential crimes, for administrative purposes or to protect the Company’s and its affiliated entities’ assets and to improve our efficiency, we exercise best efforts to avoid processing a subject’s data where these interests are overridden by the subject’s own interests and we use only procedures and technologies which are necessary, proportionate and implemented in the least intrusive manner, by appropriate procedures that ensure a balance with the subject’s fundamental rights and freedoms.
6. How we use and protect Personal Data
When processing Personal Data, we do not collect more information than needed, in order to fulfil the purposes for which we process Personal Data.
We hold accurate and up to date Personal Data in the appropriate manner reasonably ensuring suitable security thereof, protection against unauthorized and/or unlawful processing, accidental loss, destruction, or damage.
We restrict physical access to authorized persons (cognizant of the Company’s strict policies and procedures), we further maintain and use appropriate technical and organizational procedures and specified technological solutions as well as suitable IT systems to protect the integrity, safety, security and availability of the Personal Data we process.
7. Monitoring – Ship tracking – CCTV surveillance
While onboard, geolocation of a subject is obviously monitored/tracked. In certain cases, computers are also monitored while on certain vessels we use cameras installed on bridge wings. The same applies while ashore, when and to the extent installation of a CCTV system is installed and operated in our premises due to reasons relating to the subject’s personal safety and health and as precautionary/preventive measures against piracy or other potential dangers while trading at sea; to protect our Company’s assets and resources; and, mainly, to ensure the life, the safety and health of our people.
8. E-mail correspondence
Any Personal Data (name, address, title/position, contact details or information of a sensitive nature) we send and/or receive in our e-mail systems or other electronic correspondence is duly processed in compliance with the GDPR and any other applicable law and/or regulation.
Our Company uses the Personal Data contained therein and any attachments thereto lawfully, duly and in a transparent manner; for specified, explicit and legitimate purposes at all times.
Our correspondence recipients are duly informed that they have all rights and freedoms provided for by any applicable legislation regarding their Personal Data.
9. Who has access to Personal Data
A subject’s information is disclosed, as the case may be, only to appropriate Company’s personnel, including, obviously, the Master/Officers of the ships managed by the Company.
We may also disclose Personal Data to Port State or other competent authorities if this disclosure is mandatory under applicable laws or regulations.
Disclosure to tax authorities and to internal and/or external auditors is included.
We also disclose Personal Data to service providers onboard or ashore, as well as to our charterers, port and other agents, external consultants, training providers, business partners and/or associates and professional advisors, including but not limited to lawyers, legal counsels, law firms, insurance institutions and accountants, as well as accredited clinics and/or doctors or medical organizations (including telemedicine centers, the Red Cross or similar health organizations) performing medical exams and/or prescribing medication to our crews prior to or during their recruitment) and to other third parties, if we are legally obliged to do so (flag requirements included) or where we need to comply with our contractual duties to the data subject, for instance where we may need to pass certain information on to our port agents responsible for the transportation, boarding and any other related function from and to ports or other destinations or to our insurance or other associates in case of an accident or illness as the case may be.
In all such cases, we act in the most reasonable manner and only in accordance with local laws, regulations and requirements and we exercise best efforts in order to ensure at all times that such third parties have been invited to adopt appropriate data processing procedures thus preserving the security and confidentiality of the subject’s data.
Due to our global shipping activities and the nature of our business as a ship management company and a company employing crew on ships managed by the Company, personal information may be transferred outside the E.U. when we need to comply with our legal and/or contractual requirements. We do so only where an adequate level of protection is ensured or where we have in place safeguards including the use of standard contractual terms, to preserve the security of a subject’s data in case of these transfers as far as it is practically possible.
We might also transfer a subject’s Personal Data to companies affiliated with the Company, if any, for purposes connected with the management of the Company’s business.
10. When we assign Personal Data processing
Where the Company relies on a third-party Personal Data Processor, to execute processing on its behalf, the Company will choose one (to the extent practically possible under the prevailing circumstances on each separate occasion) who provides adequate security level and procedures as well one that undertakes reasonable steps to ensure compliance of the Personal Data processor with such procedures .
11. Duration of retaining
The Personal Data are stored by the Company for no more than it is necessary, solely for processing purposes as per the applicable legislation.
For as long as the Personal Data are retained by the Company, we implement and have in force at all times appropriate technical and organizational procedures as required by the law or existing regulations, in order to safeguard the rights and freedoms of the data subjects.
When we process Personal Data based on the subject’s consent, this consent remains valid until such time it is withdrawn by the subject, as the case may be, subject to the Company’s right to maintain the Personal Data after the termination of the employment for legitimate purposes. In such case, the Company shall notify the subject accordingly (as promptly as possible following the subject’s written request) and reasonably provide an estimate as to the time necessary for maintaining such Personal Data.
12. Future use and update
In the event that the Company will intend in the future to process Personal Data for a purpose other than the one this has been collected for, we shall make sure to provide the subject with relevant information thereto, as well as any other relevant information if such purpose is not consistent with the initial purpose.
13. The subject’s rights
If and to the extent that we process a subject’s Personal Data based on his/her consent, the subject may withdraw his/her consent and request the Company to stop using processing and/or disclosing such personal data for any or all of the purposes for which consent has been granted to the Company. This may be done by submitting a request in writing, via email, to our authorized person in charge (with copy to the DPO). The Personal Data Subject will have at any time access to the data, right to rectification or erasure or destruction (“right to be forgotten”), restriction of the processing, objection to the processing, objection to automated decision making and right to the data portability.
Upon receipt of such written request to the Company withdraw the consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the subject) for the subject’s request to be processed and for us to notify him/her of the consequences of our acceding to the same, including any legal consequences which may affect his/her rights and liabilities to the Company. In general, we seek to process and respond to a subject’s respective request within 30 days of receiving it.
A subject is also entitled to request access to his/her Personal Data, as well as rectification, erasure, destruction or restriction of processing, as the case may be, to object to our processing, if and as the case may be, as well as to receive the Personal Data in machine-readable format.
14. Changes to this Policy
The Company reserves its rights to make changes to this Policy from time to time. Regularly reviewing our website ensures that a subject is always aware of the updated version.
If we make material changes to this Policy, we will promptly provide notification via prominent notice on the Company’s Website.
15. Contact in case of queries
For more information on our Personal Data policies and procedures and for guidance on privacy related issues, as well as for requests for access, rectification, erasure, etc. as above, you can contact our data protection officer (email@example.com / +30 2104101700).
CV – JOB Apllicant Policy
The present policy contains information in accordance with article 13 of the General Data Protection Regulation (Regulation EU 2016/679 – GDPR), regarding the processing of your personal data. For any queries or assistance please contact us.
Navarone S.A. takes all necessary organizational and technical measures to secure your personal data and protect your rights in line with the GDPR. For more information on this topic, please read out Website Policy in the company’s website.
What information does Navarone S.A. collect about you
Navarone S.A. collects personal data and keeps them in electronic and hard copy records and uses a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which Navarone S.A. holds about you include among others the following information:
- Details about you such as name/ surname, date of birth, family status, address, telephone number, ID, passport, Social Security Number, contact details, etc.
- CV’s details such as application forms and references, education, working experience, correspondence with or about you.
- Degrees, diplomas.
Why does Navarone S.A. collect this information?
Navarone S.A. uses your personal data for the following purposes:
- Managing your job application
- Informing or updating you about news, events, activities, and services relating to Navarone S.A.
The collection of your personal data is required for purposes of evaluating your job application and maintaining appropriate records with a view of future collaboration. In case you refuse to grant your consent to the processing of your personal data, as required below, Navarone S.A. will not be able to use your personal data and to examine your job application or other communications that you may address. The processing of your personal data does not include automated decision-making or profiling, as referred to in article 22 (1) and (4) of the GDPR.
Who might Navarone S.A. share your information with?
Navarone S.A. applies strict security rules regarding the processing of personal data and third parties’ access to its records and files. Navarone S.A. shares your data when this is necessary to conduct its business or to discharge an obligation imposed by law.
Navarone S.A. may share your information with:
- Companies processing your job application
- Service providers, agents and brokers (including their sub-contractors) or third parties which process information on the company’s behalf
How long will your information be held?
Navarone’s retention policy dictates that any personal data should be kept for no longer than reasonably necessary.
What are your rights?
Unless subject to an exemption, you have the following rights with respect to your personal data:
- The right to request access to and rectification or erasure of your personal data;
- The right to restrict processing, to object to processing as well as in certain circumstances to exercise the right of data portability;
- The rights to withdraw your consent to the processing at any time;
- The right to lodge a complaint to the Data Protection Authority.
How to make a complaint
If you are unhappy with the way your personal data has been processed or you have any request or any objection you may contact Navarone S.A. in writing to, firstname.lastname@example.org
By sending your resume and any supporting documents to the Company, you are confirming that you have read the Privacy Notice and that you are consenting to the processing of your personal data for purposes described above. Please note you can withdraw your consent to all or any one of the above purposes at any time by contacting Navarone S.A. Please note that all processing of your personal data will cease once you have withdrawn consent, but this will not affect any personal data that has already been processed prior to this point.
The Job Applicant has reviewed carefully the above which is all made absolutely clear and specific to him/her and hereby gives expressly and fully his/her consent for the processing as specified above.