This Privacy protection policy (hereinafter referred to as – Policy) was updated on May 25, 2018.
Data Controller and contact information
- The Data Controller is SIA “LAPA Ltd” (hereinafter referred to as – LAPA):
Registration number: 40003043603
Legal address: 31-k-1, Cesu street, Riga, LV-1012, Republic of Latvia
Contact information: +371 67332887, email@example.com
About this Policy
- This Policy applies to the protection of identifiable physical persons with regard to the processing of personal data and to the free movement of such data in accordance with General Data Protection Regulation No 2016/679 of European Union, the data protection laws of Republic of Latvia and rules of this Policy.
- This Policy is applied to ensure the privacy and personal data protection in regard to natural persons – seafarers (hereinafter referred to as – Clients) and other natural persons related to the Client, whose data has been transferred or made known to LAPA.
- This Policy applies to LAPA, all branches and employees of the LAPA, as well as all contractors, partners and other people and companies, cooperating with LAPA.
- A list of categories of personal data that can be processed is established in LAPA’s records of data processing activities that is available in person in the LAPA’s office.
Purposes of processing personal data
- LAPA processes the Client’s personal data for the following purposes:
- providing human resource selection and recruitment services — including but not limited to the Client’s identification, the identification of the position and qualification, determining work experience, employing on Latvian and foreign ships, the preparation and execution of the contract of employment (hereinafter referred to as — CoE), finalising visas, airline tickets, and other travel documents, confirming health status, administrating settlements, drawing up professional documents, for arranging the necessary documents and formalities of the flag state, port and border control needs, settling insurance formalities;
- providing of training and certification services — including but not limited to the Client’s identification, Client’s health assessment, Client’s training, determination of Client’s competence status, provision of certification services;
- business planning and analytics – statistics and business analysis, planning and accounting, increasing efficiency, ensuring data quality, preparing reports, purposes of risk management activities;
- provision of information to any government administration of the Republic of Latvia or foreign and the subjects of operational activity in the events and amount set in external normative acts;
- other specific purposes of which the Client is informed at the moment that Client submits the relevant data to LAPA.
Legal bases for processing personal data
- LAPA processes Client’s personal data according to the following legal bases:
- the Client has given consent to the processing of Client’s personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the Client is a party or in order to take steps at the request of the Client prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which LAPA is subject;
- processing is necessary in order to protect vital interests of the Client or of another natural person;
- processing is necessary for the purposes of legitimate interests pursued by LAPA or by a third party, except where such interests are overridden by the interests or fundamental rights and freedom of the Client which require protection of personal data.
- The legitimate interests of LAPA are — commercial activity, verification of the Client’s identity, qualification and work experience before signing a CoE, provision of the CoE commitments, preservation of data submitted by the Client, analysis of the usage of LAPA’s data base, development and introduction of its improvements, administrating the Client’s account in the LAPA’s data base, promotion of the Client’s motivation to cooperate with LAPA, segmentation of the Client’s data base for providing efficient services, provision and development of the LAPA’s service, notifying of the course of execution and significant events relating to the CoE, fraud prevention, providing efficient enterprise administration, accounting and analytics of business and finances, providing and developing service efficiency and quality, administrating payments, turning to government and operative action agencies and court for the protection of legal interests.
Personal data processing and protection
- LAPA processes and protects personal data by using the means of modern technology, regarding existing risks of privacy and the LAPA’s sensibly available organizational, financial and technical resources.
- Within the framework of consent, which the Client has given to LAPA, LAPA has the right to transfer the Client’s personal data to the shipowners and/or their authorized management companies. If the shipowners and/or their authorized management companies process the Client’s personal data, the relevant shipowners and/or their authorized management companies are regarded as Data Controllers.
- To provide an operational and high-quality conduct of commitment of a CoE signed with a Client, LAPA has the right to authorize their cooperation partners to carry out separate services, for example, processing a visa, administrating the Client’s professional documents. If by fulfilling these tasks the cooperation partners of LAPA process the personal data of the Client, the relevant partners are regarded as Data Processors and LAPA has the right to transfer the personal data of a Client to the cooperation partners in such an amount that is necessary to achieve these tasks.
- The cooperation partners of LAPA (in the status of data processors) will provide the fulfillment of requirements for the procession and protection of personal data according to LAPA’s requirements and legislation, and will not use the personal data for other purposes other than the obligations on behalf of LAPA.
Personal data recipient categories:
- LAPA does not disclose the Client’s personal data to a third party, except for the following cases:
- if the data must be submitted to Latvian and/or foreign shipowners and/or their representative management companies, in accordance to the Client’s clear and indisputable consent that has been given willingly, for the purpose of signing a potential CoE;
- if the data must be submitted to the institution/organization, that sent Client to the relevant training, qualification improvement and certification;
- if the data must be submitted to the maritime Administration of the flag state for carrying out necessary documentation;
- if the data must be submitted for executing necessary travel documentation, including but not limited to, foreign embassies, travel agencies, airline companies, etc.;
- if the data must be submitted to agents in foreign ports to provide safe embarkation and disembarkation to and from the vessel including all required immigration and ISPS formalities; as well as including cases in which the agent’s services are necessary for medical assistance during the time when the vessel is in a foreign port;
- if the data must be submitted to an insurance company, if medical assistance and investigation is needed in case of an incident during the contract time;
- if the data must be submitted to law enforcement or other authorities according to the rules stated in normative acts.
Personal data submission/transferring to third countries and/or international maritime organizations (outside of the European Union and EEZ)
- Only in necessary cases, abiding the rules stated in the normative acts and the cases stated in Article 13 (thirteen) of this Policy, can the Client’s personal data be transferred to third countries and/or international maritime organizations, if:
- the Client has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the Client due to the absence of a sufficient decision and appropriate safeguards;
- the transfer is necessary to carry out a contract between the Client and the shipowners and/or their authorized management companies or the implementation of pre-contractual measures taken at the Client’s request;
- the transfer is necessary in order to protect the vital interests of the Client or of other persons, where the Client is physically or legally incapable of giving consent.
Personal data storage duration
- LAPA stores and processes the Client’s personal data as long as one of the following criteria is met:
- while the Client consents to the personal data processing, but no longer than 10 (ten) years after signing the Client’s last CoE, unless there is another legal reason for processing;
- while in the order of external normative acts LAPA or the Client can carry out their legitimate interests;
- while LAPA has a legal responsibility to store the personal data.
- After the reasons mentioned in Article 15 (fifteen) of this Policy expire, the Client’s personal data is permanently deleted.
Access to personal data and other rights of the Client
- The Client has the right to receive information concerning the Client’s personal data processing mentioned in the normative acts.
- The Client holds the right to demand LAPA access to Client’s personal data, as well as the right to demand adding, editing or deleting them, or limiting the processing in regard to the Client, as well as the right to restriction to processing altogether (including the personal data processing that has been done based on the legitimate and legal interests of LAPA), as well as the right of portability the Client’s data. These rights are to be realized as far as data processing does not stem from LAPA’s responsibilities that have been bestowed upon it according to normative acts.
- The Client can submit a demand for the realization of their rights:
- in writing at LAPA’s office, providing a document of identification;
- submitting a demand electronically that has been signed with a secure e-signature; sent to the e-mail address firstname.lastname@example.org.
- By receiving the Client’s demand of realizing their rights, LAPA confirms the Client’s identity, evaluates the demand and carries it out according to the normative acts.
- LAPA responds to the Client via registered mail at Client’s provided address or using e-mail regarding the Client’s preferred way of receiving an answer. The answer must be given within 30 (thirty) days from the day of receiving the demand. In the time of one calendar year, 2 (two) demands of the Client are processed for free, each of the next costing 10,00 euro.
- The Client holds the right to turn to LAPA’s personal data protection officer (e-mail: email@example.com) with a request of possible personal data processing and protection law breach and its prevention. As a safeguard against the possibility of victimization of Client all complaints sent to data protection officer will be confidential. The answer must be given within 30 days from the day of receiving the demand.
- LAPA guarantees a fulfillment of requirements concerning data processing and protection in accordance to the normative acts and in the case of the Client’s complaints carries out the necessary actions to solve the complaint. However, if it fails, the Client has the right to turn to a supervisory authority – Data State Inspectorate of Republic of Latvia.
The Client’s consent to data processing and the right to withdraw it
- The Client’s consent to personal data processing, which the legal basis of is a consent, is given electronically or face to face in LAPA’s office.
- The Client has the right to withdraw Client’s consent to data processing at any moment in accordance with Article 19 (nineteen) of this Policy , and in which case any further data processing that is based on a previous consent to it will not be carried out.
- The withdrawal of consent does not affect the data processing that took place while the Client’s consent was valid.
- By withdrawing consent, data processing that is being done based on other legal bases cannot be interrupted.
Communication with the Client
- LAPA contacts the Client by using the contact information provided by the Client (telephone number, e-mail address, mail address).
Changes to Policy
- This Policy will be reviewed periodically, but not later than every 3 (three) years.
SIA “LAPA Ltd”
Board Member/ General Manager