1. PURPOSE OF THIS NOTICE
This Privacy Notice aims to inform you about how sea chefs Cruises Ltd, sea chefs River Cruises Ltd, sea chefs River Management Ltd, Ocean Spa Ltd, sea chefs Holding AG, sea chefs Cruises Worldwide GmbH, sea chefs Human Resources Services GmbH, sea chefs Cruise Management GmbH, sea chefs Malta Ltd, sea chefs Cruise Services GmbH, sea chefs Human Resources Services GmbH/Branch office Hamburg (individually and jointly referred to as “the Company”) manages your personal data in terms of collection, use, storage according to the new General Data Protection Regulation (GDPR), (EU) 2016/679.
2. INFORMATION WE COLLECT THROUGH APPLICATION
You make an application online for positions through our "Job offers, Job search and Unsolicited application" pages. You will be asked to provide certain personal data i.e. name, address, email address. Questions related to the position will be asked, as necessary. The attachment of your professional development and qualifications is required for the submission of an application.
You assure that the information made available by you represents the truth. Please note that any erroneous statements or omissions may represent cause for rejection or later dismissal.
We use your personal data for responding to your requests, processing your orders or providing you access to special information or offers. We assure you that your data is treated confidentially. The data provided is processed and used exclusively for selecting candidates. The communication of data is performed in a technically protected manner, through https.
Please do not transmit confidential information about your former or present employers to us or any other information that has no bearing on the job application.
Please contact us for any further information.
3. INFORMATION WE COLLECT AND PROCESS
We ask for, collect and process the personal information specified below (where applicable). This information is necessary for evaluating employment applications, for the adequate performance of the Company’s operations and of the contract between you and our Company, to safeguard the Company’s legitimate interests and to allow us to comply with our legal obligations. Our Company makes every effort to ensure that the information stored and processed is accurate and up to date.
2. Name / Surname
3. Date and place of Birth
4. Mobile and Home mobile numbers
7. Body measurements
8. Copy of identification/ passport (& passport number)
9. Seamans book
10. Vaccination book
11. Home Address
12. Bank Account details
13. Social Insurance Number
14. Next of Kin information
15. Marital Status
17. Diplomas / Training Certificates
18. Employment history
19. Medical History / Medical Certificates / Sick Leaves
20. Visa Information
21. Salary Information
22. Email Address
23. Personnel / Employee / Crew Records
24. Complaint and Investigation Records
25. Personnel / Employee / Crew Appraisal Records
26. Religious orientation (applicable only to German citizens due to church tax)
4. HOW WE USE INFORMATION WE COLLECT AND PROCESS
The information is stored in the Company’s internal server in each employee’s secure and separate folder.
All sea chefs systems are running in a contracted Data Center in Germany. There is a private and secure line connecting the sea chefs offices with the Data Center.
These servers are supported by our IT Department and a subcontracted server specialist company.
For shipside we established virtual servers owned and maintained by our IT Department running on the hardware of the vessel owners. The vessel owners have no access to the virtual servers.
Data backups are done automatically, daily. The backups are stored on the same servers as the production database.
No information is kept in hard copy format unless required by law, international conventions or contractual obligation.
Only authorized personnel have access to this information. It is stored in order to enable the Company to carry out its contractual obligations with the employee, its legal obligations with local and foreign governmental Authorities and applicable International Conventions, to safeguard the Company’s legitimate interests, resolve any disputes and claims and for the execution of the Company’s operations. We will store your information for as long as necessary for the performance of the contract between you and our Company. It may be necessary to retain personal information after the conclusion of the contract in the extent that is necessary to comply with our legal obligations. The Company will retain all necessary information for the maximum time as allowed by applicable law in effect from time.
The Company will disclose the above information to local and foreign governmental Authorities and/or Agents and/or Otherwise where required or permitted to do so by Law, Collective Agreements, International Conventions, Contract or otherwise and only in the extend required or permitted to do so according to the terms of employment. We may share your information in the extend required or permitted to do so with personnel, agents, advisers, lawyers, banks, clients, auditors, service providers, overseas offices, affiliates, partners and any other third person or entity in connection with our operation or services who are also obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to your personal information.
The Company will disclose the above information if requested to do so by courts, law enforcement, governmental authorities or authorized third parties.
5. CHILDREN’S DATA
The Company recognizes the importance of protecting children's privacy. We may collect and process personal data in relation to children provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under law. For the purposes of this privacy statement, “children” are individuals who are under the age of sixteen (16).
6. IP ADDRESSES
We store all Internet Protocol Addresses (IP addresses) in our log files as part of the legal guidelines, and that only for a narrowly limited period of time, which is required for technical and security purposes. We generate anonymous statistics for recording the number of visitors to our web site (traffic). We do not however, produce individual user profiles and do not connect such with the personal-associated information.
7. LEGAL BASIS FOR COLLECTION AND PROCESS OF INFORMATION
The Company is committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons which provide legal basis:
A. For the performance of an employment contract
The processing of personal data is necessary to comply with contractual obligations with regards to an employment contract.
B. For compliance with a legal obligation
The processing of personal data is necessary to comply with the legal requirements.
C. For the purposes of safeguarding legitimate interests
The processing of personal data is necessary for the legitimate interests pursued by the Company or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Examples of such processing activities include: Claims, Court Proceedings, Arbitration and any other legal proceedings we may have the right to establish, exercise or defend. Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime,
asset security, admittance controls and anti-trespassing measures, Setting up CCTV systems, e.g. at offices, for the prevention of crime or fraud, Measures to manage business and for further developing products and services.
Provision of specific consent for processing of special categories of personal data other than for the reasons set out hereinabove. For example, consent will be obtained for medical and criminal records. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
8. HOW WE SAFEGUARD THE INFORMATION WE COLLECT AND PROCESS
Our Company is committed to protecting your privacy and uses adequate security controls to prevent unauthorized access, use, loss, destruction and damage of the above information. We use encryption, firewalls, access controls, (Sophos, PaloAlto, Active Directory) standards and other procedures to protect information from unauthorized access. We have conducted privacy and information security awareness training to emphasize and inform employees of the need to protect and secure personal information.
9. DISCLOSURE OF INFORMATION TO THIRD COUNTRIES
Your personal data may be disclosed to third countries [i.e. countries outside of the European Union] in such cases processors in third countries are also obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to your personal information.
10. YOUR RIGHTS
Please keep us informed if your personal data changes at any time. It is important that the personal data we hold about you is accurate and up to date. You have the following rights in terms of your personal data we hold about you, subject to jurisdictions and applicable law:
- Receive access to your personal data.
This enables you to receive a copy of the personal data we hold about you.
- Request correction [rectification] of the personal data we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal information.
This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where information is heldwith no valid legal basis.
- Object to processing of your personal data.
This enables you to object if you provide a reasonable basis and specific reasons for the objection. You have the absolute right to object if the processing of your personal data involves direct marketing and a non-absolute right if the data is processed for legitimate purposes. We will address your objection duly and according to the GDPR regulation and relevant applicable law.
- Request the restriction of processing of your personal data.
You have the right to submit a request to restrict the processing and only keep the information stored until the basis of your request is resolved. Notification of incorrect information held will automatically restrict the processing of your personal data until such information is corrected. You have the right to explicitly and in writing ask the company to hold on your behalf your personal information which we no longer process.
- Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organizations.
You also have the right to have your personal data transmitted directly by ourselves to other organizations you will name [known as the right to data portability].
- Withdraw the consent that you gave us about the processing of your personal data at any time (where applicable).
Consent given for processing of medical and criminal records is bound by our legal obligation to conform with relevant laws, regulations and international conventions which makes it obligatory for the company to hold and process such information. (International Maritime Organization (IMO), International Labor Organization (ILO), Maritime Labor Convention (MLC), The International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW). This obligation is based on the obligatory medical examinations for issuance of the Fit-for-Duty Certificates and for the provision of adequate onboard/ashore medical care and treatments.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact the Data Protection Officer or Privacy Officer whom the contact details are outlined below.
We will notify you appropriately when we make changes to it and we will amend the revision date at the bottom of this page. We do however encourage you to review this Policy periodically so as to always be informed about how we are processing and protecting your personal information.
13. QUERIES OR COMPLAINTS
If you have any questions, suggestions or complaints regarding the issue of data protection, please contact us:
Data Protection Officer (DPO)
sea chefs House
12 Kosta Katselli Street
CY-4102 Agios Athanasios
You also have the right to complain to the Office of the Commissioner for Personal Data Protection (http://www.dataprotection.gov.cy). Find out on their website how to submit a complaint.
14. PERSONAL DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
We will keep your personal data for six (6) months from the date of the recruitment process is ended. If you supply us with your consent, we will keep your data for two (2) years.
We will keep your personal data for as long as we have a business relationship with you. Once our business relationship with you has ended, we shall keep your data for the maximum time as allowed by applicable law in effect from time.