Privacy Policy - Crew Life at Sea

PURPOSE OF THIS NOTICE

This Privacy Notice aims to inform you about how Crew Life at Sea manages your personal data in terms of

collection, use, storage according to the new General Data Protection Regulation (GDPR), (EU) 2016/679.

2. INFORMATION WE COLLECT AND PROCESS

We ask for, collect, and process the personal information specified below (where applicable). This information is

necessary for evaluating employment applications, for the adequate performance of the Company’s operations

and of the contract between you and our Company to safeguard the Company’s legitimate interests and to allow

us to comply with our legal obligations. Crew Life at Sea makes every effort to ensure that the information stored

and the process is accurate and up to date.

 Name / Surname

 Nationality

 Photo

 Date and place of Birth

 Mobile and Home mobile numbers

 Sex

 Education

 Diplomas / Training Certificates

 Employment history

 Medical History / Medical

 Certificates / Sick Leaves

 Visa Information

 Salary Information

 Body measurements

 Copy of identification/ Passport (& passport

number)

 Seaman’s book

 Vaccination book

 Home Address

 Bank Account details

 Social Insurance Number

 Next of Kin information

 Marital Status

 Email Address

 Personnel / Employee / Crew Records

 Complaint and Investigation Records

 Personnel / Employee / Crew Appraisal

3. HOW WE USE INFORMATION WE COLLECT AND PROCESS

The information is stored in the Company’s internal server in each employee’s secure and separate folder. All

Crew Life at Sea’s systems are running on a cloud-based system online in the United States. These servers are

supported by BambooHR and no information is kept in hard copy format unless required by law, international

conventions, or contractual obligations. Only authorized personnel have access to this information. It is stored in

order to enable the Company to carry out its contractual obligations with the employee, its legal obligations with

local and foreign governmental Authorities and applicable International Conventions, to safeguard the Company’s

legitimate interests, resolve any disputes and claims and for the execution of the Company’s operations. We will

store your information for as long as necessary for the performance of the contract between you and our Company.

It may be necessary to retain personal information after the conclusion of the contract in the extent that is

necessary to comply with our legal obligations. The Company will retain all necessary information for the maximum

time as allowed by applicable law in effect from time. The Company will disclose the above information to local

and foreign governmental Authorities and/or Agents and/or otherwise where required or permitted to do so by

Law, Collective Agreements, International Conventions, Contract or otherwise and only in the extent required or

permitted to do so according to the terms of employment. We may share your information in the extent required

or permitted to do so with personnel, agents, advisers, lawyers, banks, clients, auditors, service providers,

overseas offices, affiliates, partners and any other third person or entity in connection with our operation or services

who are also obligated to comply with European data protection standards and to provide appropriate

safeguards in relation to your personal information.

Crew Life at Sea will disclose the above information if requested to do so by courts, law enforcement, governmental

authorities or authorized third parties.

4. CHILDREN’S DATA

The Company recognizes the importance of protecting children's privacy. We may collect and process personal

data in relation to children provided that we have first obtained their parents’ or legal guardian’s consent or unless

otherwise permitted under law. For the purposes of this privacy statement, “children” are individuals who are under

the age of sixteen (16).

5. LEGAL BASIS FOR COLLECTION AND PROCESS OF INFORMATION

The Company is committed to protecting your privacy and handling your data in an open and transparent manner

and as such we process your personal data in accordance with the GDPR and the local data protection law for

one or more of the following reasons which provide legal basis:

5.1. For the performance of an employment contract

The processing of personal data is necessary to comply with contractual obligations with regards to the

employment contract.

5.2. For compliance with a legal obligation

The processing of personal data is necessary to comply with legal requirements.

5.3. For the purposes of safeguarding legitimate interests

The processing of personal data is necessary for the legitimate interests pursued by the Company or by a third

party. A legitimate interest is when we have a business or commercial reason to use your information. Examples

of such processing activities include Claims, Court Proceedings, Arbitration and any other legal proceedings we

may have the right to establish, exercise or defend.

5.4. Consent

Provision of specific consent for the processing of special categories of personal data other than for the reasons set

out hereinabove. For example, consent will be obtained for medical and criminal records.You have the right to

revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will

not be affected

6. HOW DO WE SAFEGUARD THE INFORMATION WE COLLECT AND PROCESS THROUGH

MANATAL

The following processes have been put in place to protect your data from unwanted third parties:

 Application design. We've designed the system from the ground up with security in mind. By applying best

practices in web application security, we prevent critical vulnerabilities.

 SSL. We encrypt all customer information in transit to a minimum standard of TLS 1.2.

 Strong encryption. Especially sensitive information (social security numbers, driver license numbers, etc.)

is encrypted in our database using the Advanced Encryption Standard (AES).

 Firewall. Our application, including our customers' data, sits behind a firewall.

 Vulnerability scanning. Our servers are scanned regularly for vulnerabilities by a reputable third party. In

addition, our internal security team performs bi-weekly vulnerability assessments against the application.

 Intrusion detection. Our servers and all traffic are monitored by an intrusion detection system (IDS).

 Data Backup. All of your data is backed up nightly in at least two distinct availability zones. Backups are

encrypted and transferred over TLS to protect the data in transit and at rest. The purpose of backing data

up in this manner is to guard against unforeseen hardware issues (i.e. challenges with a particular server

machine, or an unexpected data center outage) and is therefore designed to be used specifically in restoring

a full account with all data due to an issue similar to those mentioned above.

Crew Life at Sea in conjunction with BambooHR software is certified under the Privacy Shield Framework. You

can view BambooHR's certification under the Framework by going to https://www.privacyshield.gov, selecting

"Privacy Shield List" and searching for Bamboo HR LLC. For any additional questions or concerns please contact

Customer Service.

7. DISCLOSURE OF INFORMATION TO THIRD COUNTRIES

Your personal data may be disclosed to other countries,, in such cases, processors in third countries are also

obligated to comply with the European data protection standards and to provide appropriate safeguards in relation

to your personal information.

8. YOUR RIGHTS

Please, keep us informed if your personal data changes at any time. It is important that the personal data we hold

about you is accurate and up to date. You have the following rights in terms of the personal data we hold about

you, subject to jurisdictions and applicable law.

8.1. Receive access to your personal data

This enables you to receive a copy of the personal data we hold about you.

8.2. Request correction [rectification] of the personal data we hold about you

This enables you to have any incomplete or inaccurate data we hold about you corrected.

8.3. Request the erasure of your personal information

This enables you to ask us to erase your personal data [known as the ‘right to be forgotten] where information is

held with no valid legal basis.

8.4. Object to processing of your personal data

This enables you to object if you provide a reasonable basis and specific reasons for the objection. You have the

absolute right to object if the processing of your personal data involves direct marketing and a non-absolute right

if the data is processed for legitimate purposes. We will address your objection duly and according to the GDPR

regulation and relevant applicable law.

8.5. Request the restriction of processing of your personal data

You have the right to submit a request to restrict the processing and only keep the information stored until the

basis of your request is resolved. Notification of incorrect information held will automatically restrict the processing

of your personal data until such information is corrected. You have the right to explicitly and in writing ask the

company to hold on your behalf your personal information, which we no longer process.

8.6. Request to receive a copy of the personal data concerning you in a format that is structured

and commonly used and transmit such data to other organizations

You also have the right to have your personal data transmitted directly by us to other organizations you will name

[known as the right to data portability].

8.7. Withdraw the consent that you gave us about the processing of your personal data at any

time (where applicable)

Consent given for the processing of medical and criminal records is bound by our legal obligation to conform to

relevant laws, regulations, and international conventions, which makes it obligatory for the company to hold and

process such information. (International Maritime Organization (IMO), International Labor Organization (ILO),

Maritime Labor Convention (MLC), The International Convention on Standards of Training, Certification, and Watch

keeping for Seafarers (STCW). This obligation is based on the obligatory medical examinations for the issuance of

the Fit-for-Duty Certificates and the provision of adequate onboard/ashore medical care and treatments.

9. CHANGES TO THE PRIVACY POLICY

We may modify or amend this Privacy Policy from time to time. We will notify you appropriately when we make

changes and will amend the revision date at the bottom of this page. We do, however, encourage you to review this

Policy periodically so as to always be informed about how we are processing and protecting your personal

information.

10. QUERIES OR COMPLAINTS

If you have any questions, suggestions, or complaints regarding the issue of data protection, please get in touch with us:

Raymond Crystal Founder – CEO Operations

Crewlife@seainfogroup.com

Roxanne Crystal - VP Operations

Roxannec@crewlifeatsea.com

11. PERSONAL DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including

for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. We will keep your

personal data for as long as we have a business relationship with you. Once our business relationship with you

has ended, we shall keep your data for the maximum time as allowed by applicable law in effect from time to time.

12. ACKNOWLEDGEMENT

I acknowledge that I have received, read, and understood this Privacy Notice, the scope and its purpose