At MCTC Marine Ltd., we respect your privacy. The protection of your personal data (such as your name, email address or telephone number) is therefore of particular importance to us. Our data protection practice complies with the provisions of the General Data Protection Regulations (GDPR) of the European Union as well as with additional legal requirements.
Names and Address of the Controller
MCTC Marine Ltd
Serifou 37, Zakaki
3046 – Limassol, Cyprus
Tel: +357 25 000 021
This also applied for the following companies of MCTC Marine Ltd.
MCTC Far East Incorporated
20th Floor BDO Plaza,
8737 Paseo de Roxas,
Makati City, 1209 Philippines
Tel : +63 2 772 5710
MCTC Marine Ltd. and MCTC Far East Incorporated and any subsidiaries thereof (together “Group Companies”)
Address of the Data Protection Officer
We value your trust. Should you have any questions regarding the collecting, processing or use of your personal data, in the case of revocation of consent, information, correction, restriction or deletion of data, please contact:
MCTC Marine Ltd
Serifou 37, Zakaki
3046 – Limassol, Cyprus
MCTC Marine Limited and its affiliates (referred to as “we”, “our”, “us” or “MCTC”) recognise and respect the rights and privacy of individuals. This includes our applicants, current and former employees, suppliers and customers.
We consider privacy to be important and we are committed to protecting and safeguarding your data privacy rights. The use of the word “processing” in this Statement is intended to include such actions as collecting, handling, using, storing and protecting your personal data. This Statement applies to the personal data of Data Subjects such as yourself, our Employees, Customers, Visitors, Suppliers of goods and services, Website Users, and others whom we may contact in order to collect more information about our Employees or those whom they have indicated as an Emergency contact.
This Notice is written to comply with the applicable data protection legislation which includes, but is
not limited to, the European Union General Data Protection Regulation (GDPR).
How do we use data?
We may process personal data as part of our services. Such processing may include, but is not limited to, employment contracts, , document processing, marketing and procurement and is necessary to enable us to:
- Fulfill our contractual obligations
- To deliver our products and services.
- To manage the relationship with you and the way we communicate with you.
- To respond to enquiries that you may directed to us; and/or
- To action, as appropriate, any requests for our information or services.
- To provide shore based training, distance learning courses, briefings and debriefings to course participants including the administration of the curriculum and timetable; monitor participants’ progress and educational needs; report on the same internally and to the employers of the participants;
- To provide of educational support and related services to course participants
- Carry out operational management including the compilation of course participants’ records; the administration of invoices, fees and accounts; the maintenance of archives and other operational purposes;
- Carry out staff administration including the recruitment of staff and/or engagement of sub-contractors; administration of payroll, annual leave and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; and the maintenance of appropriate human resources records for current and former staff; and provide references;
- To monitor the course participants’ progress and educational needs; report on the same internally and to the employers of the participants;
Rights of the data subject
If your personal data is processed, then you are a “data subject” within the meaning of the GDPR. You have the following rights vis-à-vis the controller:
- Right of access: You may request information about your data processed by us, in particular about the purposes of processing, the category of personal data, the categories of recipients to whom the data have been or will be disclosed by us, the envisioned period of storage, the existence of a right of rectification, erasure, restriction of processing or objection to it, the existence of a right to lodge a complaint, where your data are collected from (if these are not collected by us), and the existence of automated decision-making, including profiling.
- Right to rectification: You have the right to demand without undue delay the rectification of inaccurate personal data stored by us as well as to have incomplete personal data stored by us completed.
- Right to erasure: You have the right to demand that personal data stored by us be erased as long as the processing of this data is not necessary to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
- Right to restrict processing of your personal data: You have the right to demand that processing of your personal data be restricted in the following circumstances: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Data that is restricted will not be deleted from our databases, but they will not be processed as long as the restriction is in effect.
- Right to data portability: You have the right to receive the personal data on you that you have provided us in a structured, commonly used and machine-readable format or to demand that it be transmitted to another controller.
- Right to object: Consent given to process your personal data can be revoked at any time. As a result of this, we will no longer be permitted to continue processing data based on this consent in the future.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of the place of business of our company.
- Right to withdraw consent: In situations where we request and receive your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.
In order to exercise your rights as a data subject, please contact our Data Protection Officer.
If an individual exercises his or her rights in accordance with the GDPR, we will not charge any fees. However, a reasonable fee may be charged if your inquiry is demonstrably abusive improper or if you make a repeated inquiry without relevant justification.
What personal data do we collect?
In order to consider you for employment, or employ you, we need to process certain information about you. We only ask for or collect details that help us provide what is required as part of your application process or employment. For example, we need information such as your name, age, contact details, education details, employment history, emergency contacts, immigration status, photos, passport details and copy, bank account details, and other relevant information required for the purposes of your employment or that you may choose to share with us. Where appropriate, and in accordance with local laws and requirements, we may also collect information of a more sensitive nature, such as diversity information, information related to your health, or details of any criminal convictions.
To enable employees to conduct our business, they have been provided with access to one another’s contact information including name, position, telephone number, work address, work e-mail address, and photograph (should you choose to provide one).
To enable us to communicate with you and to ensure that we meet certain legal requirements such as KYC (know your customer), we need to have certain details of yours or details of individual contacts at your organisation (such as their names, telephone numbers and e-mail addresses). We ensure that our marketing communications to you are relevant and timely.
We collect the basic personal data of the course participants to provide the services their employer has engaged us to provide as per the service agreement we have signed with them.
Furthermore, you may contact our company directly via our website by entering your personal data which includes your name and email. If you chose to do so, you may add your company name and phone number. You do however have the option to contact us directly by email or phone without entering and sharing your personal data. Any personal details collected via our website will be used only to respond to your inquiries. Your personal data will not be stored by us unless explicitly requested by you.
Suppliers of goods and services
We collect a small amount of information from our Suppliers to ensure that operations work properly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
When visiting our premises, we collect the necessary personal data required for security and notification purposes.
The legal bases we use for lawful processing
In order to conduct business and fulfil our legal, regulatory, and contractual obligations, we need to perform legitimate and fundamental processing activities.
- Establishing contracts
- Maintaining contracts
- Provision of all contracted services
- Invoicing: remittance, payments, and collections
- Non-promotional communications
- Marketing and other promotional communications
- Risk management
- Contract review
- 9. Response to subject requests
- 10. Performance measurement
- 11. IT and telecommunication support services
- 12. Business Continuity and Contingency Planning
- 13. Legal and regulatory obligations
- 14. Responding to enquiries, requests, and complaints
- 15. Employment processing
- 16. Workforce planning
- 17. Training and certifications
- 18. Emergency communications
- 19. Interacting with other organisations, industry groups, and professional associations
- 20. Internal ethics reporting, security, and investigations
Marketing and other promotional communications
We may process personal data to inform you about products, services and offers that may be of interest to you and/or your business and/or your employers. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services. We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in your legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes by contacting us at any time.
Third-Party Access and Data Disclosure
The recording, processing and use of personal data is carried out by us as well as other companies in the corporate group of MCTC or by external service providers who are contracted by us and both contractually and legally bound to data protection. In these cases, we ensure that Group companies and these external service providers abide by the relevant legal data protection rules.
Otherwise, other than as set out in this Privacy Notice we will not share your personal data with any third parties and no third parties shall have access to your personal data. We may also need to share your personal data from time to time to comply with the law. We will only forward data to the responsible authority in the event of official or legal demands as well as legal obligations to transmit data. This also applies in the event of a court order for transmission. In the case of an official, legal or judicial obligation to transmit data, we will examine in each individual case whether the transmission complies with the basic principles of the GDPR and/or the applicable national law.
We may contact the following parties in connection with our recruitment processes and, in order to obtain the information required from those parties, share your personal information:
- regulators, government departments, law enforcement authorities, tax authorities and insurance companies;
- any relevant dispute resolution body or the courts;
- any recruitment consultant or agency with which you are engaged;
- any training, education or certification body from whom we require verification of your attendance at, or certification from, such body (e.g. Universities);
- the referees whose details you have provided to us for the purposes of obtaining a reference for your application; and
Details of your course progress report, correspondence and grades will be shared with your employer.
The “Safe Food Handling and Nutrition Course” is endorsed by the Cyprus Department of Shipping, and we are therefore obligated to inform them every time a participant commences and completes the course. We share with the Cyprus Department of Shipping your Name, Surname, Rank, Date of Birth, Nationality, Gender, your final grade, the date when you commenced with the course and the date when you completed the course. The Cyprus Department of Shipping may require this data to issue a Cyprus flag state endorsement upon completion of this course, if requested to do so in the future.
The countries where data will be stored, processed and/or transferred
Your personal data we collect may be stored and processed in the EU or any other country in which we or associated third parties maintain facilities. In case we need to transfer your personal data, we will take all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the applicable data protection laws.
How long will the data be retained
Retention of specific records may be necessary for one or more of the following reasons:
- Fulfilling statutory or other regulatory requirements
- Evidencing events/agreements in case of disputes
- Operational needs
- Historical and statistical purposes
Where we collect personal data for which we subsequently have no use for any business purpose we will then review and may destroy such personal data at our discretion.
The personal data of the data subject will be erased or restricted as soon as the purpose of storing the data ceases to apply. Furthermore, data may be stored if doing so has been provided for by European or national lawmakers in EU regulations, laws or other provisions to which the controller is subject. The data will likewise be restricted or erased if a storage period stipulated by the aforementioned rules expires, unless it is necessary to continue storing the data in order to conclude or fulfill a contract.
We have an obligation, during a participant’s working life, to provide factual information on what they have studied and achieved, i.e. a transcript and copy of the certificate of achievement. The retention period for these records should reflect the need to fulfil this obligation over long periods of time. Participant records will be kept for not less than 6 years after a participant has completed the course to provide detailed records which may be used in the event of a claim made by the participant.
What happens if the data is not collected?
Your personal data is required for communication and setting up a contractual agreement to provide employment, products, and services. Without this data we will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.
We need personal data to:
- Enable consensual bilateral communications
- Engage in pre-contractual activities
- Honour contractual obligations
- Be able to employ personnel
Without this data, we will not be able to perform these primary activities.
You have the opportunity to sign up for the free “What’s Cooking” newsletter. In order to send out our email newsletter, we work together with a service provider to which we need to pass on your address details. We take care to ensure that the data is only used for the purposes of sending the requested emails to you. If you have signed up for our newsletter, you are also consenting to the collection of data upon receipt of the email newsletter (opening, click and unsubscribe rates, bouncebacks, devices, geotracking). Such data will be used solely for the purposes of performing internal analyses. You are free to subscribe to or unsubscribe from our newsletter at any time.
When you take part in our feedback survey
When you take part in our feedback survey, we record your organisation name, your job role and your answers to questions we ask about your opinion of, and use of, our products and services.
We use this information to develop and improve our products and services and our customer relationships. Your job role, organisation and some or all of your comments may be publicly displayed on our website as a testimonial. We will do this based in our legitimate interest in marketing our products and services.
Your details will not be shared with any third parties nor to make any automated decisions that might affect you.
Automated decision making
We do not use automated decision making.
Our internet sites may contain hyperlinks (i.e., electronic cross-references) with which internet sites from other companies can be called up. This Data Privacy Statement does not apply to these linked internet sites belonging to other companies.
A cookie (sometimes also referred to as a browser cookie, HTTP cookie, Internet cookie or Web cookie) is a small file sent from a Web server to your computer whenever you visit a website.) If you return to the website later, your Web browser sends the small file to the server to notify the website of any previous activity you engaged in on the site. Once you return to a website, the server can retrieve the cookie file from local computer to assist in expediting certain functions such as logging in and retrieving account or user data.
Cookies may also be placed in your browser when visiting our website via third party application plugins or when using third party modules on the website. This applies when using social media “sharing” tools via third party application plugins. We do not, however, have access to details regarding your social media or personal data during this process.
The table below demonstrates the cookies that we use and explains why we use them.
1st Party COOKIE NAMES
Universal Analytics (Google) Cookies
These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
Read Google’s overview of privacy and safeguarding data
All above data is collected anonymously
To store a the logged in user’s username and a 128bit encrypted key. This information is required to allow a user to stay logged in to a web site without needing to submit their username and password for each page visited. Without this cookie, a user is unable to proceed to areas of the web site that require authenticated access.
Controlling Cookies on your Device
Even though we are not collecting cookies for our purposes, the following first party cookies are collected when you visit our site. A first-party cookie, is a cookie set by the domain name that appears in the browser address bar.
MCTC Marine Ltd
Serifou 37, Zakaki
3046 – Limassol, Cyprus
As of: June 2018