PRIVACY NOTICE UNDER GDPR

The privacy and security of your personal data is very important to us. Whether you are our employee, our client or our business partner or a third party, we want to ensure that the information that you have provided to us is being properly managed and protected.
We have prepared this Privacy Notice to explain more about the way that we collect and process your data.

Who we are

This Privacy Statement is issued by Weberseas (Hellas) S.A. (referred to as “Weberseas” or “we” or “us” in this Privacy Statement), who is the Data Controller and is committed to protect your rights in line with the General Data Protection Regulation (GDPR).

Information we collect and how we use and share it

We collect and use personal data, that is kept in secure electronic and/or hardcopy records. We apply adequate technologies and working practices to ensure that your information is safe and secure. We generally collect your information directly from you either with your consent or in the course of interacting with you for the performance of a contract or as required by law. In some cases, we may obtain your data from public records or business catalogues that should have collected your personal data with your consent or initiative. Records which we hold about you include among others the following information:

Suppliers

• Details about you such as name/surname, address, telephone number, email address, VAT number, bank account number etc.

Business partners and clients

• Details about you such as name/surname, address, telephone number, email address, VAT number, bank account number etc.

The legal basis for processing your data: Why do we collect this information?

We are committed to collecting and using your information in accordance with GDPR and other applicable data protection laws. We will only collect, use and share your information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

• You have provided your consent to us using the personal information
• Our use of your information is necessary to perform our contract with you, for example, executing and honouring the employment contract with you, if you are an employee, or providing our brokering services if you are a business partner or client.
• Our use of your information is necessary to meet responsibilities we have to our regulators, tax officials, social security officials, law enforcement or otherwise meet our legal responsibilities.
• Our use of your information is necessary for the protection of your vital interests or the vital interests of a third person.
• Our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services provided to you and to keep you informed about our services and about trends in the business. In any case, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing, as this is explained below under your rights section.

Our use of your personal data is usually related to the following purposes, per category of personal subjects:

Employees

• managing employees’ records
• maintaining our own accounts and records
• providing employee support services
• safeguarding and promoting the welfare of employees
• ensuring employees’ safety and security

Suppliers

• executing the contracts with our suppliers
• contacting our suppliers in connection with after-sales services
• maintaining our tax records
• being prepared for possible court disputes

Business partners and clients

• executing the contracts with our clients
• sending our clients and business partners new business offers
• informing our clients and business partners about possible new trends and business
• maintaining our tax records
• being prepared for possible court disputes

If you would like to find out more about the legal basis for which we process your personal information, please contact our offices (details found in the How to contact us section). If you have provided your consent to our processing of your information you may withdraw your consent at any time by contacting our offices (details found in the How to contact us section).

Data transfer: Who might we share your information with?

As our business is part of the global shipping industry and our services are intermediary services between ship owners located around the globe, it may be necessary to transfer, in restricted cases, some information about you to a country outside of Greece or Europe. The information that you provide us during the course of a transaction or through the provision of any other services may be transferred to any of our business partners or prospective business partners or clients for the purpose of carrying out or facilitating such services, under the below terms:

Your personal data will be treated as strictly confidential, and will be shared only with the following parties. We will only share your data with third parties with your consent or as required or permitted by applicable law.

We may share your information with:
• our service providers and agents (including their sub-contractors) or third parties which process information on our behalf
• partners, including system implementers, independent software vendors and developers
• any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
• professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
• Banks, tax authorities, Social Security funds
• Government departments where reporting is mandatory under applicable law.

Where we transfer information which originates in the European Union to a country outside the EU, we will take steps to make sure that such transfer is carefully managed to protect your privacy rights. In particular:

• where we transfer your data to other companies or third parties providing us with a service, we will obtain contractual commitments and assurances from them to protect your information,
• we will only transfer personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights, and
• any requests for information that we receive from enforcement or regulators will be carefully validated before personal information is disclosed.

How long will your information be held?

We keep your personal data for as long as it is reasonable required for the reasons explained in this Privacy Notice. We keep transactional records (which may include your information) for longer periods if necessary to meet legal, regulatory, tax or accounting needs. We will also retain information if we reasonably believe that there might be a prospect of a litigation.
In any case, we maintain a data retention policy which we apply to the records that we hold.

Using our website and data protection: How is the use of our website related to data protection?

We and our third-party providers do not use cookies on our website to collect any information about you and other Internet users.

How we secure your information:

We are committed to protecting your information and ensure security of the information that you provide to us. In order to achieve this, we apply technical, physical and organisational security measures to protect your data against any unauthorised access, disclosure, damage or loss of your information. Although there is no possibility for any company to guarantee that the collection, transmission and storage of information is completely secure, we take all steps to ensure that appropriate security safeguards are in place to protect your information. In addition, we have adopted adequate policies for the application of security measures and the protection of your data. Our systems are monitored for enabling the intervention in case of security violations or accidents and our protection systems are tested and updated regularly.

What are your rights?

You have legal rights under EU data protection laws in relation to your personal information. To exercise any of your rights, please contact us by emailing [abuse[at]weberseas.com].

In particular, unless subject to an exemption under applicable data protection laws, you have the following rights with respect to your personal data:

• The right to request a copy of your personal data;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request that your personal data is erased where it is no longer necessary for us to retain such data; Please note, though, that we may not always be able to comply with your request, for example where we need to keep using your information to comply with our legal obligations or where we need to use your information to establish, exercise or defend legal claims.
• The right to withdraw your consent to the processing at any time;
• The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, if you request us to do so;
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction to be placed on further processing. Please note, though, that we may continue to use your information following your request to restrict it, where we need to use it to establish, exercise or defend legal claims, or if we need to use it to protect the rights or another individual or company;
• The right to object to the processing of personal data, where applicable. Please note, though, that we may continue to use your information if we have compelling legitimate interests to use the information;
• The right to lodge a complaint.

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to make sure that we only disclose information where we know we are dealing with the right individual.

We will not ask for a fee, unless we think that your request is unfounded, repetitive, excessive or abusive. Where a fee is necessary we will inform you before proceeding with your request.

We aim to respond to all valid requests within one month. It may however take us longer than one month, if the request is particularly complicated or you have made several requests. We will let you know if we think that a response will take longer than one month. To help us respond more quickly, we may ask you to provide more details about what you want to receive or are concerned about.

We may not always be able to provide you with the information requested, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with your request in a different way. In any case, we will inform you accordingly if we are not able to deal with your query or petition as requested.

How to make a complaint

If you are unhappy with the way in which your personal data has been processed, you may in the first instance contact us by using the contact details below.

[To administration Department, address, @: abuse[at]weberseas.com]