Following the requirements set out by the current laws on the protection of personal data, namely (i) Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), (ii) applicable EU Member States’ GDPR implementing laws and (iii) any other applicable national laws and regulations to which the members of Uniteam Group of Companies (UGOC)) are subject (Data Protection Laws), we would like to inform you what personal data we are collecting on which basis, for what purposes and how we intend to further process them and what rights you may exercise during the time we hold your personal information.
The Controller, i.e. the party holding overall responsibility for the processing of your personal data, is:
UNITEAM CORPORATION LIMITED, 284-286 Makarios Avenue, 3105 Limassol, Cyprus
Information we collect
To carry out our core recruitment activities, we collect information about you which may include:
- Identification information
- Financial information
- Contact information
- Education and training history
- Certification records
- Work / sea service history
- Work performance information
- Biometric data (facial photograph, height and weight)
Please note the above information is necessary for the steps prior to entering into contracts, to which you will be party. If you fail to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.
The information we collect about you will be provided by you, either by filling out a form on our website www.UniteamCruise.com or by corresponding with us by phone, e-mail or otherwise. It will also include information you provide when you register to use our website, attend our events or social media functions.
Legal basis for processing your personal data
Our legal basis for the processing of personal data is that by submitting your application will be considered as your explicit request to enter into a contract of employment with us or with one of our clients. Following the receipt of your application data, we will process the data to the extent it is necessary for:
- Taking steps at your request prior to entering into contracts, to which you will be party
- The compliance with the legal obligations, to which we and our clients are subject in relation to your employment
- The legitimate interests pursued by us or by our clients
Personal data storage
We are taking all necessary organisational and technical measures to protect your personal data against unauthorised (whether accidental or intentional) access, alteration, disclosure, transfer or destruction. The access to your data kept in paper as well as digital format is restricted to authorised personnel only, who are all bound by the obligation to compliance with the UGOC privacy policies and procedures as well as to the obligation to confidentiality.
Transmission of data both between our offices and to and from our external processors (e.g. providers of cloud storage/computing) is carried out through secure SSL VPN connections. Procedures, controls and systems are in-place to ensure our security policies are enforced. Access to personal data is governed by controls based on defined roles – either related to employee job description or third-party service and data processing agreements. All vendors, partners and service providers are under legal or contractual obligations to provide the personal data with the level of protection required by the European Data Protection Laws.
All information stored on our recruitment software “Firefish” is secured through the Microsoft Azure Infrastructure and located at two data centres locations within Europe. Firefish primary centre is located in Microsoft’s Western European centre, and these facilities are secured by a series of measures, including (but not limited to) biometric access, security alarm systems and round-the-clock security staff. Additional security information on Microsoft’s data centres can be found here.
Transfer to third countries
We will communicate only your personal data required to perform the contract to the members of the Group established outside the EEA and to non-European Uniteam Cruise clients.
As a standard, we retain the application data for 24 months. If your application is unsuccessful within the said period, we will destroy and erase all information about you upon the expiry of the period.
If your application for employment is successful, personal data gathered during the recruitment process will used to create the electronic seafarer’s personal record. This data will be destroyed and erased from our records 5 years after you have terminated your employment with Uniteam Cruises.
During our processing of your personal data, you may exercise the following rights:
- To verify at any time what personal data concerning you are being processed and in which manner and to receive a copy of your personal data,
- To have your data promptly corrected, completed or updated in case their incorrectness, incompleteness or outdated status has been identified by any means,
- To have your personal data erased in case:
- the purposes for which your data was collected and further processed are not valid anymore or
- you withdrew your consent for the processing and the controller has no other legal basis for such processing or
- you have exercised your right to object to processing (as explained below) or
- there is evidence that your data have been processed unlawfully or
- the erasure is required by the law,
- To have the processing of your data restricted to data storage and not further processed if:
- you have contested the accuracy of your personal data – for such period as is necessary for the Controller to verify the accuracy and, if necessary, to correct/update the data or
- your data has been processed unlawfully but you do not wish to have such data erased but you prefer to have their processing restricted instead or
- the Controller does not need your data for the purposes they were processed but you require such data to be kept for the purposes of establishing, exercising or defending legal claims or
- where you exercised your right to object to the processing of your personal data (as set out below) until it is verified whether our compelling legitimate interests override yours,
- To object to the processing of your personal data in case:
- the processing is solely based on our legitimate interest (or those of a third party) and, considering your situation, you believe that your personal interests, rights and freedoms override our interests or
- we are processing your personal information for direct marketing purposes,
- To have a copy of the personal data that your provided to us transmitted in a digital format back to you or directly to another controller of your choice,
- In case your personal data have been processed in breach of applicable Data Protection Laws and, following your respective enquiry or request, we have failed to take appropriate measures to rectify the situation, to file the complaint with the Supervisory Authority appropriate to the location of the Controller, i.e.:
OFFICE OF THE COMMISSIONER FOR PERSONAL DATA PROTECTION
1 Iasonos Street,
1082 Nicosia, Cyprus
Phone: +357 22 818 456
Fax: +357 22 304 565
E-mail: [email protected]
or with the Supervisory Authority appropriate to another place in the EU, where you normally live or work or where you believe your personal data have been processed in violation of the Data Protection Laws.
Some of the rights are subject to certain conditions and their execution may require additional communication, investigation and/or assessment. In any case, processing of each request shall be completed within 30 days.
To assist us in maintaining the accuracy of your personal data, you are required to let us know whenever any of your personal information which we are processing becomes invalid and requires erasure, correction or updating.
Changes to our privacy notice
Any changes we make to our privacy notice in future, will be posted on this page and where appropriate you will be notified by e-mail. Please check back frequently to view any updates or changes to our privacy notice or for any further information UGOC appointed Data Protection Officer (DPO) to oversee the compliance of the processing of personal data with applicable laws, regulations, policies and procedures by the UGOC member companies. You may contact the DPO at any time through;
e-mail: ([email protected]) or phone: (+357 25 846 111).
However if you wish to record an official enquiry concerning the processing of your personal data, including any complaints relating to the processing or the requests for execution of your rights, please use this Data Subject Request (DSR) link https://tinyurl.com/DataSubjectRequest-UM also available in our website (www.uniteammarine.com).
Your enquiries will be addressed as soon as possible, within the 30-day period prescribed by the Data Protection Laws.