WE CARE ABOUT YOUR PERSONAL DATA

Noatun Maritime Pte Ltd respects individual privacy and the importance of protecting your personal data. We are committed to protecting the personal data collected in the course of our business operations. Noatun Maritime Pte Ltd collects ‘personal data’ (see definitions) from a number of different sources for a number of different purposes, as outlined in this policy.

WHY DO WE PROCESS YOUR PERSONAL DATA?

Noatun Maritime Pte Ltd provides a number of services, including ship and project management, crewing and crew management, training, ship agency, marine consulting and corporate services. In the process of providing these services, Noatun Maritime Pte Ltd collects personal data from employees, seafarers, contractors, clients, suppliers and users of our website.

HOW DO WE TAKE CARE OF YOUR PERSONAL DATA?

This data protection policy (the “Policy”) outlines the collection, use, disclosure, transfer and storage of your personal data by (legal entity), and its subsidiaries and/or affiliates (together “Noatun Maritime Pte Ltd”) as controllers of your personal data.

Noatun Maritime Pte Ltd collects ‘personal data’, defined as any information relating to an identified or identifiable natural person or ‘data subject’. A ‘data subject’ is an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Noatun Maritime Pte Ltd collects, uses, stores and discloses personal data in accordance with a number of personal data protection laws, including but not limited to the Personal Data Protection Act 2012 Singapore and the European Union General Data Protection Regulation.

Any questions or concerns about the operation of this Policy, including whether this Policy has been followed should be referred to the Personal Data Protection Committee, who can be contacted at info@noatun.com

Where there are local requirements in respect of a particular jurisdiction, Noatun Maritime Pte Ltd may state so and/or publish further policies.

1. Collection and use of personal data

Noatun Maritime Pte Ltd collects Personal Data from a number of different sources, these sources are listed below. These sources are separated into the listed categories of Data Subject:

  1. Applications for employment, full, part-time, and temporary employees (including seafarers employed by Noatun Maritime Pte Ltd) (“Employee Personal Data”);
  2. Applications for seafarer employment, full, part-time and temporary seafarers whom Noatun Maritime Pte Ltd may enter into employment contracts as agent only for and on behalf of ship owners and/or as employers (“Seafarer Personal Data”);
  3. Contractors (“Contractor Personal Data”);
  4. Clients (“Client Personal Data”);
  5. Suppliers and other persons who provide goods and/or services to Noatun Maritime Pte Ltd (“Supplier Personal Data”); and
  6. Users of our websites or other related services provided by Noatun Maritime Pte Ltd (“User Personal Data”).
2.1 Collection of personal data

Noatun Maritime Pte Ltd collects the following types of personal data from the sources listed above.

  1. Personal details: name, address, contact information, National Registration Identity Card number/Foreign Identification Number/insurance numbers, date of birth, country of birth, nationality, fingerprint, race, occupation, gender, immigration status and eligibility to work;
  2. Family composition: names of spouses and/or dependents and emergency contact details;
  3. Employment details: CVs, recruitment details and application forms, job history and experience, references, qualifications, appraisals and performance ratings, promotions/demotions, training records, information related to an employment contract, working time records and records relating to holiday and other leave, disciplinary actions, investigations or grievances, and workplace accidents;
  4. Education and vocational training, language, and other job-related skills;
  5. Medical and fitness details;
  6. Financial details, including salary, bonuses, expense reimbursement and benefit information, bank account numbers, pensions, and details of any company loans, contractual payment and entitlements;
  7. Goods or services provided, including any information relating to goods and services that have been supplied by any contractors;
  8. Records of telephone conversations; and
  9. Photographs of individuals.
2.2 Sensitive personal data

Noatun Maritime Pte Ltd also collects, holds and processes the following types of Sensitive Personal Data in relation to employees, seafarers, contractors, clients and suppliers:

  1. Racial or ethnic origin only where required by law or for the purposes of compliance with anti discrimination regulations;
  2. Religious beliefs, sexual life, sexual orientation and gender reassignment where required by law;
  3. Health data where required by law and/or relating to benefits, accommodation of disabilities, leave entitlement, statutory sick pay, and/or health and safety at work;
  4. Trade union memberships data where required by law if applicable; and
  5. Criminal background data where such checks are required by law or for compliance with anti corruption and/or anti-bribery regulations.

Noatun Maritime Pte Ltd will only process such Sensitive Personal Data when permitted or required to comply with its legal obligations or where the data subject’s explicit consent has been obtained for the processing of such data (where such consent may be required by local law) or where necessary to protect the individual’s vital interests.

2.3 Purpose of collection of personal data

The processing of Personal Data enables Noatun Maritime Pte Ltd to provide the services requested by its clients, including fulfilling its legal obligations under applicable laws and as necessary in connection with the performance of employment contracts. Without this information it would not be possible for Noatun Maritime Pte Ltd to provide the services requested by its clients as listed in paragraph lb).Personal Data is processed by Noatun Maritime Pte Ltd for legitimate business purposes only, including and without limitation:

  1. General administration and management of records (including employee, seafarer, contractor, client and supplier records);
  2. General administration of employment operations (including recruitment, payroll, attendance, training, disciplinary and legal purposes);
  3. General processing relating to the performance of contracts with, and provision of services and/or products to employees, seafarers, contractors, clients and suppliers;
  4. Carrying out background checks (including for employees, seafarers, contractors, clients and suppliers) for anti-corruption/anti-bribery compliance, anti-money laundering compliance, for the purposes of criminal history checks and for the purposes of financial sanctions screening where required by law;
  5. Keeping of records related to employees, seafarers, contractors, clients and suppliers in regard to:
    • Financial records;
    • Accounts and business records;
    • Risk management;
    • Compliance; and
    • Legal and audit purposes.
2.4 Disclosure and/or transfer of personal data

Noatun Maritime Pte Ltd may disclose and/or transfer Personal Data within Noatun Maritime Pte Ltd or to third parties for the purposes set out above. The parties to whom Noatun Maritime Pte Ltd may disclose or otherwise transfer Personal Data include:

  1. Noatun Maritime Pte Ltd’s affiliates for purposes consistent with their legitimate business practices and this Policy;
  2. Business associates and other professional advisors;
  3. Third party service providers or processors performing services on Noatun Maritime Pte Ltd’s behalf or providing products, such as:
    • Human resources functions and other business processes;
    • Operation, maintenance and hosting of information systems;
    • Risk management, compliance, legal and audit functions, and/or support services;
    • Financial organizations and advisers;
    • Insurers; and
    • Data backup and archive and/or insurers.
  4. Persons making an inquiry or complaint, where required by law and/or with consent;
  5. To an investigative body in the case of a breach of an agreement or a contravention of law; and
  6. As otherwise necessary, required or permitted by law or due to a request from a competent court, regulator or other authority.
2. Processing of personal data

Noatun Maritime Pte Ltd handles all Personal Data such that it is:

  1. Processed lawfully, fairly and in a transparent manner in relation to the Data Subjects;
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes will not be considered to be incompatible with the initial purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date. Every reasonable step is taken to ensure that Personal Data that is inaccurate is erased or rectified without delay;
  5. Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed; Personal Data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate measures;
  6. Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, using appropriate measures; and
  7. Only disclosed to third parties or transferred outside a country’s or region’s borders in accordance with paragraph 2.4 of this Policy where compatible with Data Protection Laws, ensuring adequate levels of data protection.
3. Rights of data subjects

Noatun Maritime Pte Ltd will respond to requests made by data subjects to exercise their legal rights in relation to personal data that Noatun Maritime Pte Ltd holds about them. Subject to applicable exemptions, data subjects have the following rights:

  1. Right to be informed about any personal data held about them by Noatun Maritime Pte Ltd;
  2. Right of access;
  3. Right to request access to their personal data and be provided information in relation to that data (including the purposes for which the data is processed, how long it will be stored for, the right to lodge a complaint with a supervisory authority);
  4. Right to rectification;
  5. Right to have their inaccurate personal data amended;
  6. Right to erasure (in limited circumstances, including where processing is based on consent, is for direct marketing purposes, is unlawful, is no longer necessary or was on the basis of the subjects legitimate interests);
  7. Right to have their inaccurate personal data erased;
  8. Right to restrict processing of their personal data;
  9. Right to data portability;
  10. Right to receive a copy of their personal data in a machine-readable format or to have their Personal Data sent to another entity;
  11. Right to object to the processing of their personal data; and
  12. Right not to be subject to a decision which is based on automated processing or profiling that could result in a significant effect on the data subject, such as discriminatory effects.
4. Subject access requests

If making a request to access your personal data please follow the instructions and send the necessary documents to info@noatun.com. Noatun Maritime Pte Ltd shall handle subject access requests as follows:

  1. Noatun Maritime Pte Ltd shall identify the data subject;
  2. Noatun Maritime Pte Ltd shall provide the requested information within one month of receipt of request; this period may be extended by two further months where necessary, taking into account the complexity and nature of the requests; Noatun Maritime Pte Ltd shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay;
  3. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject;
  4. Where the request concerns a large quantity of information, Noatun Maritime Pte Ltd reserves the right to ask the data subject to specify the information the request relates to;
  5. In the event that Noatun Maritime Pte Ltd does not take action on the request of the data subject, Noatun Maritime Pte Ltd shall inform the data subject with in one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy; and
  6. Noatun Maritime Pte Ltd reserves the right to charge a reasonable fee for access or not to act on the request, where permitted by law.
5. Appointing data processors

When appointing third parties to carry out processing of Personal Data on Noatun Maritime Pte Ltd’s behalf, Noatun Maritime Pte Ltd shall impose contractual obligations dealing with the protection and security of that information such that these third parties are contractually required to, among other obligations, act in a manner consistent with Noatun Maritime Pte Ltd’s instructions when processing Personal Data and that they have in place appropriate technical and organizational security measures to safeguard such Personal Data.

6. Record keeping

Noatun Maritime Pte Ltd maintains various records including the following:

  1. Processing activities carried out by Noatun Maritime Pte Ltd;
  2. Consents provided by Data Subjects (where applicable); and
  3. Data protection related policies and procedures.
7. Intra-group data transfers

Personal Data may betransferred between companies in Noatun Maritime Pte. Ltd. in accordance with Data Protection Laws and this Policy.

8. International transfers of personal data

Given the international nature of Noatun Maritime Pte Ltd’s operations, Personal Data collected in Singapore or the EEA may be transferred to countries outside Singapore and/or the EEA which may not have laws offering the same level of protection for Personal Data as those inside the EEA. Noatun Maritime Pte Ltd will take steps to prevent the transfer of Personal Data without adequate safeguards being put in place and will ensure that Personal Data collected in the EEA and transferred internationally is afforded the same level of protection as it would be inside the EEA.

9. Data retention

Noatun Maritime Pte Ltd retains data for no longer than what is necessary to achieve the purposes for which the data is processed.

10. Breaches of this policy

Any actual or suspected breach of this Policy should be immediately notified to the Personal Data Protection Committee by contacting info@noatun.com.

11. Definitions
  1. “Data Subject” means any individual who is the subject of Personal Data that is processed by Noatun Maritime Pte Ltd;
  2. “Data Protection Laws” means all applicable laws, rules, regulation, directives and governmental requirements relating in any way to the privacy, confidentiality, security, integrity and protection of Personal Data, including without limitation:
    • Personal Data Protection Act(2012) Singapore, The(PDPA) took effect in phases starting with the provisions relating to the formation of the PDPC on 2 January 2013. Provisions relating to the DNC Registry came into effect on 2 January 2014 and the main data protection rules on 2 July 2014;
    • EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, each as amended or superseded from time to time, and any EU Member State national implementing legislation
    • The Philippine Data Privacy Act of 2012 and its implementing rules and regulations (together the “DPA”);
    • Applicable laws regulating unsolicited telephone calls, email, text/SMS or other electronic or anti-spam legislation;
    • Applicable laws relating to data breach notification; (e) applicable laws imposing minimum security requirements;
    • Applicable laws requiring the secure disposal of records containing Personal Data; and applicable laws regulating cross border data transfers of Personal Data;
  3. “Personal Data” means any data relating to an identified or identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name,an identification number,location data,an online identifier or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity. Examples of information that may permit this kind of identification include without limitation addresses, email addresses, telephone numbers, dates of birth, identity card numbers, human resources files about employees,details of clients and suppliers;
  4. “Process” or “processing” or “processed” means any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,dissemination or otherwise making available, align mentor combination, restriction, erasure, or destruction;
  5. “Sensitive Personal Data” means any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or bio-metric data, data concerning health, data concerning sex life or sexual orientation, and data concerning the commission or alleged commission of any offence.
  6. Words denoting the singular shall include the plural and vice-versa.