Gimet Europe statement on personal data protection:
- Gimet Europe designated GDPR (Data Protection) responsible is Capt. Stelian Cojocaru.
- You can address any time data protection issues to the following e-mail address: gdpr@gimet.global
- We collect and process your personal data in good faith and in accordance to the law;
- We collect your personal data for the following legitimate reasons:
- to insert them in the course completion certificate;
- to confirm your data to the maritime administration that issues a Certificate a Competency on your behalf;
- We collect the minimum possible data from you and can prove that the data we collect from you is not excessive;
- We save and archive your data on our secure server and guarantee their destruction after 2 years.
- Our trainees should be aware that without collecting the minimum personal data, Gimet is not able to issue a course completion certificate to be fully identifiable and accepted by the maritime administration that issues certificates of competency on their behalf.
Next sections detail our customers’ rights:
1. Right to information
You can ask GIMET to confirm whether personal data concerning you will be processed by GIMET. If such processing has taken place, you can request the following information:
1.1. the purposes for which the personal data have been or are still being processed;
1.2. the categories of personal data processed;
1.3. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
1.4. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage time;
1.5. the existence of a right to have personal data concerning you rectified or deleted; a right to restrict the processing of personal data; or a right of objection to processing;
1.6. the existence of a right of complaint to a supervisory authority;
1.7. you have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of appropriate guarantees according to Art. 46 GDPR (“Transfers subject to appropriate safeguards”) related to the transmission.
2. Right to rectification
You have the right of rectifying and/or completing your personal data if the personal data processed concerning you are incorrect or incomplete. Upon exercising this right, the GIMET administrator/controller shall make the correction without delay.
3. Right to restriction of processing
You can request the restriction of the processing of personal data concerning you, under the following conditions:
3.1. you contest the accuracy of personal data concerning you; this will result to the restriction of processing of your personal data for a period of time that enables GIMET to verify the accuracy of your personal data;
3.2. the processing is unlawful and you oppose to the erasure of the personal data and request that the processing of the personal data be restricted instead;
3.3. GIMET no longer needs the personal data for the purposes of the processing; however, you do need them to establish, exercise or defend legal claims; or
3.4. if you have objected to processing pursuant to Art. 21.1 EU GDPR (“Right to object”) and you request restriction of processing pending the verification whether the legitimate grounds override your reasons.
Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims and/or for the protection of the rights of another natural or legal person and/or for reasons of important public interest of the European Union or of a Member State.
If the restriction of processing has been restricted according to the above conditions, you shall be informed by GIMET before the restriction of processing is lifted.
4. Right to erasure
4.1. Obligation to delete:
You shall have the right to obtain from GIMET the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
4.1.1. the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
4.1.2. you withdraw the consent on which the processing is based, pursuant to Article 6.1(a) (“Lawfulness of processing”), or Article 9.2(a) EU GDPR (“Processing of special categories of personal data”), and there is no other legal ground for the processing.
4.1.3. you object to the processing of your data, pursuant to Article 21.1 EU GDPR (“Right to object”), and there are no overriding legitimate grounds for the processing; or you object to the processing pursuant to Article 21.2 EU GDPR.
4.1.4. the personal data concerning you have been unlawfully processed.
4.1.5. the personal data have to be erased for compliance with a legal obligation in the European Union or in the Member State to which the controller is subject.
4.1.6. the personal data have been collected to offer ‘information society services’ as referred to in Article 8.1 GDPR (“Conditions applicable to child’s consent in relation to information society services”).
4.2. Exceptions:
The right to erasure shall not apply to the extent that processing is necessary:
4.2.1. for exercising the right of freedom of expression and information;
4.2.2. for compliance with a legal obligation which requires processing by Union or Member State law to which GIMET is subject or for the performance of a task carried out in the public interest or in the exercise of official authority;
4.2.3. for reasons of public interest in the area of public health in accordance with Article 9.2(h) and (i) as well as Article 9.3 GDPR (“Processing of special categories of personal data”);
4.2.4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89.1 GDPR (“Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes”); or
4.2.5. for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have exercised your right against GIMET to have the processing corrected, deleted or restricted, it shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
6. Right to data portability
You shall have the right to receive the personal data concerning you and which you have provided, in a structured, commonly used and machine-readable format. Further you have the right to transmit those data to another institution.
7. Right to object
You shall have the right to object to the processing of your personal data, being processed in accordance with the provisions (e) or (f) of Article 6.1 GDPR (“Lawfulness of processing”) at any time on grounds relating to your particular situation, which includes profiling based on those provisions.
8. Right to revoke the data protection declaration of consent
You are entitled to revoke your consent to the contents of this data protection declaration at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of your consent until revocation.
9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art.78 GDPR (“Right to an effective judicial remedy against a supervisory authority”).
11. Description and scope of data processing
Every time our website is visited, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
1.1. Information about the browser type and version used
1.2. The user’s operating system
1.3. The internet service provider of the user
1.4. The IP address of the user
1.5. Date and time of access
1.6. Websites from which the user’s system reaches our website
1.7. Websites accessed by the user’s system via our website
The data are also stored in the log files of our system. This data is not stored together with other personal data of the user.
12. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6.1(f) GDPR.
13. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data serve us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing for this purpose is in accordance with Article 6.1(f) GDPR (“Lawfulness of processing”).
14. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, the purpose of collection of personal data is achieved when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. In the case of the collection of data for the annual quality management system audits, then a rigorous selection of these data will be done, and the erasure of these data will be done within 2 years from submitting a course application.
15. Possibility of objection and erasure
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
16. Privacy
We collect name, surname, email, phone number, place of birth and date of birth. To be able to provide certain services, we collect a scan copy or a photo copy of your Seaman book or Passport.