PRIVACY NOTICE FOR SEAFARERS
1. DATA SUBJECTS
This Privacy Notice provides information on how QL SHIP MANAGEMENT AND TRADING LTD (the “Company”) collects and processes personal data relating to seafarers applying for employment and seafarers already employed on board of vessels crew-managed by the Company.
2. PERSONAL DATA COLLECTION
The Company collects personal data directly from the seafarers (i.e. from their submitted CVs, by telephone, or by email), from the seafarers’ manning agents and from publicly accessible sources like maritime employment sites on the Internet. The Company also creates some personal data internally.
Seafarers’ personal data include the following:
Personal details (Surname, name, rank, nationality, date of birth and place of birth)
Identification information / documents (Copies of passport, ID and national seaman book)
Contact details (Telephone number, mobile phone number, email address, skype address and home address)
Passport size photo (Color passport size photo)
Next of kin details (Surname, name, relationship, email, telephone and home address)
Medical information (Copies of medical fitness, drug and alcohol test and yellow fever vaccination certificates)
Certificates of competency (Copies of certificates of competency)
Flag State documents (Flag state endorsements and seaman books)
Visas (US visas, Schengen visas and any other visas)
Training certificates (Copies of STCW and any other training certificates required for the position employed)
Bank data (Bank details of the seafarers and/or their beneficiaries)
Service with other companies (Periods, name of ship, flag, GRT, types of ship, engine specifications and name of company)
Evaluation reports (Information on seafarers’ performance on board the vessel)
Wages and payroll data (Social insurance number, wages, payroll reports, allotments requests, deduction, etc.)
Injury and sickness reports (Information of shipboard injuries and sickness of seafarers)
Service with the company (Sign on and sign off dates, name of company’s ship, sign on and sign off ports)
Occasionally, the Company may need to collect some additional personal data from its seafarers for the purposes mentioned in Section 3. In such case the Company shall provide the seafarers with information on the reasons why the additional data is required and how that data will be processed.
3. PURPOSE OF PERSONAL DATA PROCESSING
The Company collects, stores, retains, updates, uses, transfers or otherwise processes the personal data of seafarers only to the extent necessary for:
Securing employment for them on board of vessels crew-managed by the Company;
Purposes relating to their employment on board the vessels crew-managed by the Company (i.e. Relief planning, transportation, visas, working permits, payroll, training, appraisal, insurance, medical care, certification, safety, client approval etc.);
Purposes relating to the provision of its crew management services.
The Company shall process the personal data of seafarers only if one or more of the following applies:
The seafarers have given their consent to the processing of their personal data.
Processing is necessary for the entry into or performance of the seafarers’ employment contracts;
Processing is necessary for compliance with applicable laws and regulations to which the Company, ship owners or ship managers are subject to (i.e. Flag state, ISM, ISPS, MLC, STCW etc.);
Processing is necessary in order to protect the vital interests of the seafarers or another natural person;
Processing is necessary for the purposes of legitimate interests pursued by the Company or by a third party, unless such interests are overridden by the interests or rights and freedoms of the seafarers;
4. PERSONAL DATA TRANSFER
The Company transfers the personal data of seafarers to third parties, within the European Union and in countries outside the European Union, as part of its operations and service provision and for the performance of the seafarers’ employment contracts. Categories of such third parties include, but are not limited to:
Travel agents for booking of flights and arranging visas;
Hotels for booking accommodation;
Train, bus and taxi companies for booking shore transport;
Port agents for taking care of immigration formalities and arranging the transportation of seafarers from/to the airport;
Ship owners and ship managers for deciding if seafarers are suitable for employment on board their vessels and for compliance purposes with regulatory requirements (i.e. Ism, ISPS, MLC, STCW etc.);
Charterers and ship owners for operational purposes such as arranging working permits in the countries where the vessel operates, approving marine crew for offshore projects and for coordinating logistics;
Flag state authorities for the issuance of flag state documents;
Governmental departments or authorities for compliance purposes with regulatory obligations;
Banks for payment of seafarers’ wages;
Insurance companies for insuring seafarers and paying compensations to them or their beneficiaries;
Training centers for providing training courses
The company shall transfer the personal data of seafarers to third parties in countries outside the European Union only if one or more of the following applies:
The seafarers have explicitly given their consent to the transfer of their personal data;
The transfer is necessary for performance of the seafarers’ employment contracts;
The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the seafarers between the company and another natural or legal person.
5. RISKS OF TRANSFERRING PERSONAL DATA
The Company takes appropriate safeguards to protect the privacy the seafarers when transferring their personal data to the third parties mentioned in Section 4, taking into account the nature of personal data and the risks and costs involved. It also ensures that only personal data that is absolutely necessary for the purpose for which it will be processed is transferred. However, it may not always be practically possible for the Company to implement appropriate safeguards or to control the actions of such third parties. Therefore, the risk exists that personal data transferred might not be fully protected, particularly if the third parties are located in countries outside the European Union where privacy laws, rights and obligations may vary.
6. PERSONAL DATA RETENTION
Having taken into consideration the legal, contractual and operational requirements, the Company shall retain the seafarers’ personal data as described below:
Personal data of seafarer applicants are retained for a period of up to 4 years from the day they apply for work.
Only job applications submitted to crew@qlships.com and https://qlships.com/en/insan-kaynaklari are stored and retained. Any job applications submitted to other email addresses of the company are deleted.
Personal data of seafarer candidates are retained for a period of up to 4 years from the day they have been considered for employment.
Personal data of seafarers employed on board of vessels crew-managed by the company are retained for a period of up to 9 years from the day they leave employment.
Seafarers’ personal data, or part thereof, are stored in the Company’s crewing system, laptops of authorized personnel, banking systems and hosted servers located in the United States of America and in the European Union. The Company also maintains some personal data in paper form at its office in Istanbul. By the end of the above-mentioned periods, the company shall review and proceed with the deletion or destruction of the personal data, unless there is some special reason for keeping it.
7. PERSONAL DATA PROTECTION
The Company implements appropriate technical and organizational security measures to protect the seafarers’ personal data against unlawful processing and accidental loss, destruction or damage.
Technical security measures include:
Data encryption;
Firewalls and malware;
Data backups.
Organizational security measures include:
Physical security controls on the supporting assets (i.e. Hardware, software, paper systems and individuals) that process, store and transfer the personal data;
Data access restriction according to authority and duties of individuals;
8. DATA SUBJECTS’ RIGHTS
Subject to the legal basis on which their personal data is processed by the Company, the seafarers have the following rights:
To know what personal data has been collected and how this data will be processed.
To request rectification of incorrect or incomplete personal data.
To request erasure of their personal data.
To request restriction on the processing of their personal data.
To object to the processing of their personal data.
To have their data delivered to them in structured, commonly used machine-readable format.
To withdraw their consent in case processing of their personal data is based on their consent.
9. ENQUIRIES & COMPLAINTS
All enquiries about this Privacy Notice or any requests or complains of seafarers in regards to the processing of their personal data should be sent to the Company using the below contact information:
QL SHIP MANAGEMENT AND TRADING LTD
Email : crew@qlships.com