Data Protection Policy
Policy: 2
Publication: 12.03.2024
Title: Data Protection Policy
Reference: 5.2 Policy
Responsibilities
Personal Data
Responsible for implementing and enforcing this policy.
Protection Officer
Oversees compliance with this policy, data protection laws, and liaises with regulatory authorities.
Comply with this policy and data protection laws.
Employees
The Policy
This policy establishes the guidelines for processing and protecting personal data handled by Exalit in accordance with applicable data protection laws and regulations.
Scope
This policy applies to all employees, contractors, and third parties who have access to personal data controlled or processed by Exalit.
Data Protection Principles
Exalit commits to the following principles to ensure the protection of data:
• Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and transparently.
• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimization: Only data that is necessary for the purposes of processing is collected and maintained.
• Accuracy: Every reasonable step must be taken to ensure that personal data is accurate and, where necessary, kept up to date.
• Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
• Integrity and Confidentiality: Data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage using appropriate technical or organizational measures.
Data retention period and rights
• The storage period corresponds to the validity of the certificate issued or within the timeframe to perform the obligations of the service contract. Also, period may be extended on the basis of legal enactments, as for, the Commercial law, law on accounting, etc.
• In accordance with the legal enactments, clients may free of charge, upon written request to Exalit access, rectify, transmit, erase or restrict personal data processing, if only it does not conflict with legal enactments stipulated by Latvian and International laws.
Personal data receiver/s can be:
• Law enforcement agencies,
• Maritime Administrations,
• Exalit personal data processors,
• Potential/actual employer,
• Project Management Organization,
• Project Owner.
Data processing purposes
PERSONAL DATA SETS (CATEGORIES)
Responsible for implementing and enforcing this policy.
Personal identification data:
Name, surname, date of birth, information specified in your identification document (passport, ID card or Seaman's book).
• For client identification,
• Ensure satisfaction of qualifications for a project.
• Effective communication for the purpose of employment and project performance,
• To ensure your safe travel (travel agents, embassy, etc.),
• Employment opportunities.
Personal contact information:
Correspondence address, telephone number, Email address
Information relating to the use of the Exalit services and their compliance with client needs:Name of the service, Beginning and end dates of the service, Certificate number, Service assessment and quality performance review, Information relating to contractual obligations with the Exalit.
• Information about the products and services we provide to clients. • The conformity and authentication of issued records in accordance with Requirements, International standards and legal enactments.
Professional data: Education, Rank, Employee, Received certificates.
• Information to maximize your chances for employment, • To verify required qualifications for a project.