Privacy Notice for provision to POACs by DYNAMARINe
DYNAMARINe is committed to protecting your privacy. This Privacy Notice sets out how we collects and use your personal data. Please read it carefully.
In this Privacy Notice, references to "we" or "us" or "DYNAMARINe" are to: [DYNAMARINe], a company registered in [Greece] with company number  and a registered address [of 4 Vasili Tsitsani str, 16675 Glyfada]. We act as the data controller in respect of the personal data that we process.
If you have any questions about how we collect, store or use your information or you would like to update the information we hold about you, please contact us using the details below.
We may change our Privacy Notice from time to time. Any changes we may make to this Privacy Notice in the future will be posted on our website.
2. WHO DO WE COLLECT PERSONAL DATA FROM?
We may collect personal data:
(a) From you, where you fill in forms that we provide to you or where you contact us by phone, email or otherwise; and
(b) From third parties such as shipowners and STS service providers.
3. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?
The personal data that we process may include, as applicable:
(a) Your name;
(b) Your date of birth (optional);
(c) Your email address (optional);
(d) Your POAC experience; and
(e) Assessments of the POAC services provided by you, carried out by the relevant Master.
4. WHAT DO WE USE YOUR PERSONAL DATA FOR?
We use your personal data in order to provide risk assessments to our clients in relation to STS transfer operations, in accordance with applicable IMO rules and regulations.
In these circumstances, the legal basis for processing the data is our legitimate interests. We have a legitimate interest in providing risk assessment services to our clients, and this requires the processing of personal data relating to POACs.
5. WHAT HAPPENS IF I DO NOT PROVIDE MY PERSONAL DATA?
Where we need to collect personal data by law or its collection is a contractual requirement and you fail to provide that data when requested, this may mean that the contract cannot be performed, or it could affect your ability to act as a POAC on a particular STS transfer operation.
6. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
We may share your personal information with any member of our group.
We may also share your personal information with the following third parties, where relevant:
(a) Our staff, agents and contractors;
(b) Our professional advisors; and
(c) Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them.
We may disclose your information with third parties such as regulatory authorities, where we are under a legal obligation to disclose your information, or in order to enforce our legal rights or to protect the legal rights of a third party.
7. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?
We keep your personal information only for as long as is reasonably necessary for the purposes for which it is processed. Where we retain data in our OnlineSTS Information System (OSIS) database, it is kept for 10 years before being automatically deleted.
8. INTERNATIONAL TRANSFERS
The data that we process about you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). Where the personal data is transferred to a destination outside of the EEA we ensure that appropriate safeguards are in place to protect your personal data.
9. YOUR RIGHTS
You have certain rights under data protection legislation in relation to the personal information that we hold about you. These rights apply only in particular circumstances and are subject to certain exemptions such as public interest (for example the prevention of crime). They include:
(a) The right to access your personal information;
(b) The right to rectification of your personal information;
(c) The right to erasure of your personal data;
(d) The right to restrict or object to the processing of your personal data;
(e) The right to object to the use of your data for direct marketing purposes;
(f) The right to data portability;
(g) Where the justification for processing is based on your consent, the right to withdraw such consent at any time; and
(h) The right to complain to the Hellenic Data Protection Authority about the use of your personal data.
10. OUR CONTACT DETAILS
11. DYNAMARINe legal basis for processing the POAC's personal data
DYNAMARINe has a legitimate interest in processing POAC personal data in order to provide risk assessment services to its clients. This includes the collection of data on a POAC for a specific STS operation, the storage of that data in OSIS and the provision of aggregated statistics on POACs to other clients when undertaking risk assessments.
Processing the POAC's personal data is necessary in order to provide the risk assessment services – data relating to specific individuals is required so that the risk profiles of those individuals can be analysed, in accordance with IMO rules and regulations.
The type of processing carried out is unlikely to cause harm to the POAC, particularly as no special category or criminal convictions data is processed, and the data is used only for risk assessments. POACs work in an industry that is subject to IMO rules and regulations and would therefore reasonably expect their personal data to be processed for risk assessment purposes.
On the basis of applicable GDPR article 6, there is no need for DYNAMARINe to seek the consent from the relevant individuals.
12. Shipowner legal basis for processing the POAC's personal data
The shipowner also has a legitimate interest in processing POAC personal data as it has a legal obligation to carry out risk assessments relating to STS operations. Pursuant to applicable IMO rules and regulations, these risk assessments require the consideration of the POAC's personal data. As stated at section 11, above in relation to DYNAMARINe, the processing does not prejudice the POAC's rights or cause them harm, and would not be unexpected.
Shipowners will not need to obtain consent from individual POACs in respect of the processing activities carried out, according to article 6 of GDPR.