Last update: 1st May 2018
At Dromon Bureau of Shipping (DBS), we are committed to our customers, colleagues and associates. Part of this commitment is accountability and integrity as it relates to the collection, processing and retention of any customer and/or colleague and/or associate personal data.
At DBS, we appreciate the importance of protecting your personal information. This EU Data Protection and Privacy Regulation requires compliance by all organizations who use data relating to EU citizens as part of their business, regardless of whether the organization resides within the EU.
1. What categories of personal data we process
We use a variety of personal information depending on the circumstances under which personal information is made available to us.
- Business contacts: We hold the names, job titles, employer details and professional contact details for various business contacts, including client contacts, supplier contacts and interested parties who have signed up for our newsletter via our website.
- Clients: Most of our clients are incorporated entities, however in the course of conducting surveys/audits, we may collect and use personal information of individuals that work for our clients. This can include names, contact details and information about an individual’s work or role at our client.
- Subcontractors: If you are a subcontractor, we will process your name, professional and personal contact details, CV and professional background, payment details and information about the work you complete for us.
- Job applicants: Where you apply for a role with us, we will process the personal information you provide to us as part of your application and any interview selection process. This will ordinarily include your name, personal contact details, professional history, education and qualifications and references.
- Personal data automatically collected when you browse our website: When you visit the website to browse information it contains, we will gather and store certain information (e.g. IP address, the browser used, the date and time of visit, pages visited) about your visit automatically.
2. The purposes for which we process personal data
Personal data actively provided by you may be used to enable us to communicate with you with regards to the services in which you have registered an interest, to make available targeted information and provide you with e-mail information on our services.
We use your information to communicate with you and improve our business relationship, to personalize and expand your business experiences as well as to provide our services and to manage our business operations. We may use your information or part of it for marketing and promotional purposes and share your information with third parties assisting us completing our business cycles.
3. Retention periods
Personal data will be deleted as soon as it is no longer needed for the purpose it was collected for to provide the services and fulfill the agreements and transactions you have requested, or for other essential purposes such as complying with our legal obligations and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly. we may, however, retain information about your previous transaction for auditing purposes (financial, quality and other audits), to ensure the integrity of our data and to fulfill legal requirements.
In the event of complying with our audit legal requirements (financial, quality and other audits), we may keep our records for a certain period, as required, to a controller which we will ensure that shall be GDPR compliant.
Unsuccessful job applicant information is retained for a period of 6 months after the position has been filled.
We will retain the personal information of business contacts that receive our newsletter until they opt-out or unsubscribe from our newsletter.
4. Sharing personal Information with third parties
We only share personal information with third parties to the extent necessary for fulfilling the purposes of our work, including where necessary for the provision of services, where we are under a legal or contractual obligation to do so and where is it fair and reasonable for us to do so in the circumstances.
We may share personal information with the following third parties:
- Suppliers: We use a number of different suppliers, including IT suppliers and consultants, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data protection laws to ensure that these suppliers protect the personal information we share with them;
- Certification and Accreditation Bodies: We may be required to share personal information with accreditation and regulatory bodies, who monitor certification and audit services to ensure that we are compliant with their rules and requirements when awarding certifications and accreditations.
5. Sending personal Information overseas
We may need to transfer personal information outside the European Union to our agents / subcontractors and suppliers based in countries where data protection laws may not provide the same level of protection as those in the EU.
We will only transfer your personal information outside the EU where either:
- the transfer is to a country which the EU Commission has decided ensures an adequate level of protection of personal information; or
- we have put in place our own measures to ensure adequate security as required by data protection laws.
6. Monitoring and recording of communications
DBS may monitor and record communications with you, such as emails for quality assurance and compliance.
We take market standard precautions to protect personal data.
The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access the website or our Eretes platform, you are responsible for keeping this password confidential.
Unfortunately, no data transmission or processing can be guaranteed to be 100 % secure. Accordingly, despite our efforts to protect the personal data, DBS is not able to guarantee or warrant the security of the personal data.
8. Privacy rights
You may be entitled to exercise some or all the following rights free of charge:
- require (i) information whether your personal data is retained and (ii) access to and/or (iii) duplicates of your personal data retained, including the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed and where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- request proper rectification, removal or restriction of your personal data, e.g. because (i) of the incomplete or inaccurate nature of the personal data, (ii) it is no longer needed for the purposes for which it was collected, (iii) the consent on which the processing was based has been withdrawn, or (iv) you have taken advantage of an existing right to object to the data processing; in case your personal data is processed by third parties, we will forward your request for rectification, removal or restriction also to such third parties unless this proves impossible or involves disproportionate effort;
- receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller,
- refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
- object at any time, out grounds relating to your particular situation, that your personal data shall be subject to a collection, processing or use;
- not to be subject to any automatic individual decisions (automatic decisions based on data processing by automatic means, for assessing several personal aspects) which produce legal effects on you or similarly significantly affect you;
- take legal actions in relation to any breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.
9. Online activities
In the following www.dromon.com and eretes.dromon.com are referred to as the “Website”.
- This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.
- From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
- We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including: Facebook, Twitter, LinkedIn, YouTube, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
11. Contact Details
Dromon Bureau of Shipping