Privacy Policy
Date of entry into force: 19.05.2025
CONTENTS:
- ABOUT THIS PRIVACY POLICE
- PERSONAL INFORMATION WE COLLECT
- PURPOSE AND LEGAL BASIS OF PROCESSING
- DATA RETENTION PERIODS
- HOW WE SHARE YOUR DATA
- YOUR RIGHTS
- HOW WE PROTECT YOUR DATA
- DATA PROTECTION AUTHORITY
- HOW TO CONTACT US
- CHANGES TO THIS PRIVACY NOTICE
ABOUT THIS PRIVACY POLICE
This Policy governs how SIRIUS MARITIME, UIC 207093183 (“We”, “Us” or “Our”) processes personal data. “Personal Information” or “Personal Data” means any information that allows someone to directly or indirectly identify you. “Processing” of Personal Data means any collection, use, sharing and storage of Personal Data.
PERSONAL INFORMATION WE COLLECT
The personal data of the following categories of data subjects are processed:
Clients | Customers are natural persons or the representatives of legal entities who use the services provided by us. |
Social media user | A social network user is a person who uses a social network such as Facebook, Instagram, LinkedIn, etc. |
Crew member | A crew member is a person who is employed by a Client (shipowner) and for whom we process personal data in relation to the services we provide. |
The following categories of personal data are processed:
Request or order data | Details of the company, the owner of the yacht, the owner of the company and information about the yacht and the services sought. |
Identification data | Personal data includes names, identifier and ID card details. The identification data is necessary for the identification of the data subject and the conclusion of a contract with him. |
Data for job applicants | Personal data includes names, email, telephone, CV, education and work experience data, cover letter and other data provided by the employee.. Personal data is processed in order to select job candidates and to choose the most suitable one for the open position in the Company. |
Details of yacht | Yacht owner, technical specification, certificates and documentation for the yacht. |
Data on the Payroll and Personal Composition of Customers | The personal data includes data on wages, social security contributions, sick leaves, holidays, data on the health of employees as reflected in a medical certificate upon entry into employment and other data where this is necessary to comply with legal requirements applicable to the Company. The personal data is processed in compliance with the legal requirement that certain employee data be stored by the employer and declared to government institutions such as the NRA, the National Social Security Institute, etc. Paragraph 1 of Art. 9 GDPR does not apply because Art. |
Social behaviour data | User names, comments, likes and reactions. We process data from the behaviour of users on social networks in order to manage the Company’s profiles and pages on social networks. |
Details on posting | Personal data includes names, telephone, email and any other information necessary for the purpose of the posting.. Personal data is processed for the purpose of posting the Company’s employees in connection with the performance of their duties. |
Accounting data of Customers | The personal data processed includes data on the issuer and recipient of invoices, identifier, address, data on services provided and received, their value, data on payments made, as well as any other information that the Client has an obligation to process in connection with the keeping of lawful accounting. The Company processes personal data in the performance of its contractual obligations to its Clients for whom it provides accounting services. |
PURPOSE AND LEGAL BASIS OF PROCESSING
We process personal data on one of the following legal grounds:
Execution or conclusion of a contract | The processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract. |
Legal obligation | The processing is necessary to comply with a legal obligation that applies to Us. |
Legitimate interest | Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data. |
Consent | You have consented to the processing of your personal data for one or more specific purposes. |
Personal data is processed for the following purposes:
Objective | Grounds and explanations |
Marketing services | Personal data is processed when providing marketing services. Legal basis: – Execution of contract Categories of processed data: – Details of yacht |
Hiring and administration of crew | We process personal data in the provision of the crew hiring and overall administration services we offer. Legal basis: – Execution of contract Categories of processed data: – Identification data – Data for job applicants – Data on the Payroll and Personal Composition of Customers – Details on posting |
Crew training | In fulfillment of a signed contract, we provide crew training. Legal basis: – Execution of contract Categories of processed data: – Identification data |
Maintaining a social media profile and page | The Company processes personal data when maintaining a profile and page on social networks in order to build its brand and distribute its services. Legal basis: – Legitimate interest Categories of processed data: – Social behaviour data |
Provision of financial and accounting services | Personal data is processed in the provision of financial and accounting services. Legal basis: – Execution of contract Categories of processed data: – Accounting data of Customers |
Sales | We process personal data in the process of negotiating a contract for the services we provide (pre-contractual relationship). Legal basis: – Execution of contract Categories of processed data: – Request or order data – Identification data |
Repair and renovation | Personal data is processed when providing yacht repair and refurbishment services. Legal basis: – Execution of contract Categories of processed data: – Details of yacht |
Shipping compliance services | Personal data is processed in the provision of our services relating to compliance with shipping requirements, including but not limited to the Marpol Convention, SOLAS, the International Convention on Standards of Training, Certification and Surveillance for Seafarers, the Maritime Labour Convention, the International Safety Management Code, the International Ship and Port Facility Security Code, international organisation regulations and other applicable legislation. Legal basis: – Execution of contract Categories of processed data: – Identification data – Details of yacht |
DATA RETENTION PERIODS
Personal data shall be kept only for as long as necessary to achieve the purpose for which it is processed. A full list of the purposes for which we process personal data can be found above.
The appropriate retention period for personal data shall be determined on the basis of the amount, nature and sensitivity of the personal data processed, the potential risk of harm from unauthorised use or disclosure of the personal data and whether the purposes of the processing can be achieved by other means, as well as on the basis of applicable legal requirements (such as applicable limitation periods).
Personal data shall be stored in accordance with one or more of the following types of retention periods:
Individually set time limit | The data shall be stored for the period determined individually for a specific category of personal data after an assessment of the necessity of the data processing. |
Until erasure by the data subject or an authorised person | In some cases, the data shall be retained until erasure by the data subject or another authorised person, unless erasure or retention is otherwise required. |
In contractual relations | The data shall be stored for the duration of the contractual relationship, insofar as there is no other basis for their storage. |
In pre-contractual relations | Where we process data in the course of a pre-contractual relationship and no final contract is concluded, we delete the data within 6 months of the termination of the pre-contractual relationship. |
In accordance with the Instructions of the Data Controller | The Processor shall, at the choice of the Controller, erase or return to the Controller all personal data upon completion of the processing services and erase existing copies, unless Union or Member State law requires their retention; |
Personal data is retained until all applicable retention periods have expired.
Storage periods according to the different purposes for which the personal data are processed:
Marketing services | – In contractual relations – In accordance with the Instructions of the Data Controller |
Hiring and administration of crew | – In contractual relations |
Crew training | – Individually set time limit The data shall be kept for the period of validity of the relevant certificate and up to one year thereafter |
Maintaining a social media profile and page | – Until erasure by the data subject or an authorised person |
Provision of financial and accounting services | – In contractual relations – In accordance with the Instructions of the Data Controller |
Sales | – In contractual relations – In pre-contractual relations |
Repair and renovation | – In contractual relations |
Shipping compliance services | – In contractual relations – In accordance with the Instructions of the Data Controller |
After the expiry of the retention period, we delete the personal data.
SHARING OF PERSONAL DATA
We share personal data with the following categories of 3rd parties
Objective | Third parties with whom data is shared |
Marketing services | – Cloud and hosting service providers – Advertising service providers – Charter broker |
Hiring and administration of crew | – Cloud and hosting service providers – Budget and payroll management software – Working hours management software – Fleet and Crew Management Software – Tour operators and carriers – Hotels |
Crew training | – Cloud and hosting service providers – Training institutions – Crew Training Software |
Maintaining a social media profile and page | – Social networks |
Provision of financial and accounting services | – Cloud and hosting service providers – Accounting software |
Sales | – Cloud and hosting service providers – Relationship management (CRM) service providers |
Repair and renovation | – Cloud and hosting service providers – Ship Maintenance Management Software |
Shipping compliance services | – Cloud and hosting service providers – Insurer – Classification organisation – Maritime administration – Organisation of the flag – Safe in Shipping Compliance Software – Hazardous materials inventory compliance and sustainability reporting software – Ship data management software – Ship Maintenance Management Software – Fleet and Crew Management Software |
RIGHTS OF DATA SUBJECTS
As a data subject, you have the following rights:
Right to information | You have the right to be informed about the personal data we process about you and how we process it You can get information through:
|
Right of access | You have the right to request to see or access the personal data we process about you. To access your personal data, you can contact us. Find out how to contact us here. |
Right of correction | You have the right to request the correction or update of the data we process about you when it is inaccurate or incomplete. You can request correction of your personal data by contacting us |
Right to erasure | You have the right to request erasure of your personal data when:
Sometimes we may refuse to delete your personal data. For example, when:
To delete your personal data, you can contact us. You can see more about the retention periods in the section “DATA RETENTION PERIODS“ |
Right to restriction | You have the right to ask us to stop processing your personal data where:
You can request restriction of the processing of your personal data by contacting us |
Right to object | You have the right to object to the processing of your personal data where:
You can object to the processing of your personal data by contacting us |
Right to portability | You have the right to receive your personal data in a structured, commonly used and machine-readable format and you have the right to request that we transfer this data to another controller where the processing is based on consent or a contractual obligation or the processing is carried out by automated means. You can exercise your right to portability by contacting us |
Right not to be subject to an automated decision | You have the right not to be the subject of a fully automated decision (decisions made without human intervention), including profiling, where that decision impacts you We do not carry out automated decision-making, including profiling. |
Withdrawal of consent | You have the right to withdraw your consent to the processing of your personal data where the basis for the processing is consent within the meaning of the GDPR. Consent may be withdrawn in a manner similar to the manner in which it was given. For example, through a cookie banner, unsubscribing from an email newsletter or by contacting us |
Right to lodge a complaint | You have the right to lodge a complaint with the competent supervisory authority if you believe your rights have been violated. You can find the contact details of the competent supervisory authority here. |
DATA PROTECTION
We take the privacy and security of your personal data seriously, including information that is considered sensitive. Our cybersecurity team actively works to maintain the integrity, confidentiality and availability of our Services, and our policies and protocols are designed to protect your personal information. We continually strive to improve the protection of our systems. However, no method of data transmission over the Internet or method of electronic storage is completely secure and We cannot guarantee the security of your personal data. Our security, safety and privacy features are provided on an “as is” basis. As such, their effectiveness and error-free operation cannot be guaranteed and we cannot ensure absolute privacy, anonymity or personal safety.
In the event that we are required by law to inform you of unauthorized access to your Personal Information, we may notify you electronically or in writing in accordance with applicable law.
COMPETENT DATA PROTECTION AUTHORITY
Authority: the Commission for Personal Data Protection (CPDP)
Website: https://www.cpdp.bg/
tel: 02/91-53-518
Email: kzld@cpdp.bg
Address. “Proff. 2 Tsvetan Lazarov
You can find a full list of data protection authorities in the EU here.
HOW TO CONTACT US
We welcome your comments, questions or complaints regarding this Privacy Policy, our use of your personal data or our response to your requests regarding the processing of your personal data. Please contact us using admin@sirmargroup.com
PRIVACY POLICY CHANGES
The most up-to-date version of the policy will govern our use of your personal data. We may revise this policy from time to time. Notification of changes to the Privacy Policy will be sent to the data subject by email.