Company Data Protection Policy
This Data Protection Policy (hereafter “Policy”) accounts for the personal information collected, processed and used by “Andriaki Shipping Co Ltd.” (hereafter “Company” or “We”).
Our Company as a Data Controller
Our Company processes personal data as an employer, prospective employer, as a supplier of services, for marketing related purposes and in the course of its operations, its standard business as a crew and ship management company. It also collects personal information when co-operating with third parties / partners and with respect to the visits of this website.
How we collect personal data
The Company collects personal information:
(i) directly from the data subject; or
(ii) indirectly, either from internal sources, including the Departments of the Company; other entities affiliated with the Company, if any; or external third parties, including agents, intermediaries, suppliers, business partners etc.
What kind of data we process
We process personal data that includes but is not limited to:
(a) information referring to a subject’s name, contact details (full address, email address, phone number), birth date and place, gender, bank details, marital and family status, passport, visas and ID numbers, tax and social security numbers, as well as information on previous experience, references and professional certificates, correspondence with or about the data subject, the contract of employment and any amendments to it and all information needed for the execution of a contract of employment, as is the case with our shore-based employees;
(b) information referring to a subject’s name, contact details (full address, email address, phone number) and emergency contact details, birth date and place, gender, bank details, marital and family status, passport, visas and ID numbers, tax and social security numbers, as well as information on previous sea services and references, qualifications and certificates, the respective contract of employment and any amendments to it, correspondence with or about the data subject, and, where appropriate, disciplinary and complaint records, as is the case with our crewmembers;
(c) information referring to a subject’s name, gender, identity card number or passport number, birth date and place, mailing address, telephone numbers, email address and other contact details, resume, educational qualifications, professional qualifications and certifications and employment references, as well as employment and training history or pictures/photographs maybe included in an application, as is the case with job applicants;
(d) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, payment details, job title and role/function; delivery information; scanned version of invoices, billing and similar documents, as is the case with our suppliers and our suppliers’ personnel and representatives, including trainers, technicians, lawyers, accountants, auditors and other service providers;
(e) information referring to a subject’s name, contact details (mailing address, email address, phone numbers), tax ID, payment details, job title and role/function, as is the case with our agents and our agents’ personnel and representatives; etc.
Special categories of data
Where necessary, we may keep information relating to a subject’s health, which could include reasons for absence and /or accident reports and notes, as well as medical records, as is the case with crewmembers joining the vessels managed by us.
This information is used in order to comply with our health and safety and occupational health obligations, including in order to consider how a subject’s health affects the ability to work and fulfil the respective employment obligations, as well as to comply with our statutory obligations and applicable legislation with regard to recruitment, employment, other flag or local legal requirement with respect to occupational medicine and, evidently, to protect a subject’s vital interests as is the case when protecting the safety and integrity of our crews at sea and the visitors or service providers onboard.
All above data and any other data that constitutes special category of data, including references to a subject’s ethnic origin /nationality etc. are lawfully collected and processed by the Company and, unless this is not authorized or required by law or such information is required to protect the subject in an emergency, we obtain the subject’s explicit consent.
Why we process personal data
Personal data is processed by us as necessary for the performance of a contract to which the data subject is a party (as is the case with our employees, crewmembers and third-party associates), as well as for compliance of the Company with a legal obligation. We also process personal data in order to pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings or insurance claims.
When we need to process personal data to pursue our legitimate business interests, for example to prevent fraud or potential crimes, for administrative purposes or to protect the Company’s assets and to improve our efficiency, we try to never process a subject’s data where these interests are overridden by the subject’s own interests and we use only methods and technologies which are necessary, proportionate and implemented in the least intrusive manner, by appropriate means that ensure a balance with the subject’s fundamental rights and freedoms.
How we use and protect personal data
We do not collect more information than we need to fulfil the purposes for which we process personal data.
We hold accurate and up to date data in manners that reasonably ensure appropriate security thereof, protection against unauthorized or unlawful processing, accidental loss, destruction or damage.
We restrict physical access to authorized persons and maintain and use appropriate technical and organizational measures and specified technological solutions and IT systems to protect the integrity, safety, security and availability of the personal data we process.
Monitoring – Ship tracking – CCTV surveillance
While onboard, geolocation of a subject is obviously monitored/tracked. In certain cases, computer and telephone/mobile telephone use are also monitored. The same applies while ashore, when and to the extent installation of a CCTV system is involved in our premises.
All for reasons relating to the subject’s personal safety and integrity and as precautionary/preventive measures against piracy or other possible dangers while at sea; to protect our Company’s assets and resources; and, mostly, to ensure the life, the safety and integrity of our people.
Any personal data (name, address, title/position, contact details) we send and/or receive in our e-mail or other electronic correspondence is processed in compliance with the GDPR and any other applicable law or regulation.
Our Company uses the personal data contained therein and any attachments thereto lawfully, fairly and in a transparent manner; for specified, explicit and legitimate purposes.
Our correspondence recipients are duly informed that they have all rights provided for by respective legislation regarding their personal data.
Who has access to personal data
A subject’s information is disclosed, as the case may be, only to appropriate Company’s personnel, including, evidently, the Master/Officers of the ships managed by us.
We may also disclose personal data to port or other competent authorities if this disclosure is mandatory under applicable law.
Disclosure to tax authorities and to internal and/or external auditors is included.
We also disclose personal data to service providers onboard or ashore, as well as to our charterers, port and other agents, external consultants, training providers, business associates and professional advisors, including lawyers and accountants, as well as accredited clinics or doctors performing medical exams or prescribing medication to our crews prior to or during their recruitment) and to other third parties, if we are legally obliged to do so (flag requirements included) or where we need to comply with our contractual duties to the data subject, for instance where we may need to pass on certain information to our port agents responsible for the transportation, boarding etc. from and to ports or other destinations or to our insurance or other associates in case of an accident.
In all such cases, we do so where appropriate and only in accordance with local laws and requirements and we try to at all times ensure that such third parties have undertaken appropriate data processing obligations to ensure the security and confidentiality of the subject’s data.
Due to our global activities and the nature of our business as a crew and ship management company, personal information may be transferred outside of the E.E.A. when we need to comply with our legal or contractual requirements. We do so only where an adequate level of protection is ensured or where we have in place safeguards including the use of standard contractual terms, to ensure the security of a subject’s data in case of these transfers.
We might also transfer a subject’s personal data to companies affiliated with the Company, if any, for purposes connected with the management of the Company’s business.
When we assign data processing
Where the Company relies on a third-party data processor, to execute processing on its behalf, we choose one who provides adequate security level and measures and undertake reasonable steps to ensure compliance of the data processor with such measures.
Duration of retaining
Personal data is stored for no more than it is necessary for the purposes for which it is processed for.
For so long as personal data is retained by the Company, we implement and at all times have in force appropriate technical and organizational measures as required by law, in order to safeguard the rights of the data subjects
When we process personal data based on the subject’s consent, this consent remains valid until such time it is withdrawn by the subject, as the case may be.
Future use and update
If in the future we intend to process personal data for a purpose other than that which it has been collected for we make sure to provide the subject with information on that purpose and any other relevant information if such purpose is not compatible with the initial.
The subject’s rights
If and to the extent we process a subject’s personal data based on his/her consent, the subject may withdraw consent and request us to stop using and/or disclosing such personal data for any or all of the purposes for which consent has been granted to the Company. This may be done by submitting a request in writing or via email to our authorized person in charge.
Upon receipt of such written request to withdraw the consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with the subject) for the subject’s request to be processed and for us to notify him/her of the consequences of our acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we seek to process and effect a subject’s respective request within 30 days of receiving it.
A subject is also entitled to request access to his/her personal data, as well as rectification, erasure or restriction of processing, as the case may be, to object to our processing, if and as the case may be, as well as to receive the data in machine-readable format.
Changes to this Policy
We reserve the right to make changes to this Policy from time to time. Regularly reviewing our website ensures that a subject is always aware of the updated version.
If we make material changes to this Policy, we will promptly provide notification via prominent notice on our website.
Contact in case of queries