Security and Access Control Privacy Statement

The Security and Access control Privacy Statement explains: who we are, what information we collect, why we collect it, how we use that information, who has access to your data and the privacy choices we offer to you.

Who we are

Chrimi Shipping Ltd Facility Services operates the Access control and Registration procedure, on our office and sites (including third parties on site). These procedures apply to the terminals and offices of Chrimi Shipping Ltd in the Netherlands. The Facility Services department is responsible for your personal data and has made agreements with the external parties involved in Security and Access Control.

Anything you are not clear about

Your privacy matters at Chrimi Shipping Ltd and if you are not familiar with terms, please do take your time to get to know our practices and check, on request, our Binding Corporate Rules designed for both Chrimi Shipping Ltd employee as for customer, suppliers, and Chrimi Shipping Ltd business partners.

If there is anything you are unclear about, please do contact your local contact person or the facility department, who shall be happy to answer any queries you may have concerning this Statement or the way in which we process your personal data.

Information we collect and process and the lawfulness of processing

For the realization of the Access control and Request procedure, the security and reception will collect data from employees, contractors, and visitors on behalf of the Facility Services Department. In this respect, we collect the following categories of personal data:

• For the employees: staff number, name, passport or drivers photograph, license plate (if applicable), function, company e-mail address;
• For the contractors and subcontractors: ID number and the type of ID, name, passport or drivers photograph, company where the data subject’s works for, license plate (if applicable) nationality, work permit (if applicable) , type and end date of the training requirements (e.g VCA, BHV, first aid , (PIT) port instruction training);
• For the visitors: ID number and type, name, passport or drivers photograph, company representing the person, license plate( if applicable).
• For the sea vessel’s staff: name, rank, place of birth, ID number, the type of ID, date of birth of the staff member;
• xFor the inland barges staff: only the name of the captain;

In terms of the collection and use of information and other activities that requires processing of personal data, the Access control and request Procedure is lawful and in compliance with Article 6. 1 c-f GDPR (compliance with law, ensuring the vital interest of the data subject, performance of the task carried out in the public interest and for the legitimate interest of the data controller)and Article 9.2 b),c) GDPR (processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, processing is necessary for the vital interest of the data subjects).

What are the purposes for the use of your data?

The purposes are strictly related to the abovementioned legal grounds for processing activities. Nevertheless, in order to be more specific, we are collecting/processing your personal for the following reasons:

• monitoring the safety of the employees and third party;
• monitoring the properties of Chrimi Shipping Ltd , its employees or third parties;
• monitoring of the products managed by Chrimi Shipping Ltd in the Netherlands;
• monitoring accesses of offices and access on the landside of the terminals;
• attendance registration of the people on the sites (e.g. in case of calamities);
• Presence control of all persons registered in the access system afterward, in order to check if the presence of the persons is in line with the staff information in regards to the absence and presence systems;
• Compliance with law- meet the requirements of the ISPS;
• Compliance with law- meet the AEO requirements;
• Compliance with law- meet the requirements Working Conditions, related to informing people about the danger at the site (gate instruction);
• Compliance with law - requirements of the chapter 1.10 of the ADR/RID/ADN.

How do we obtain your data and who has access to your data?

The Security and Access control procedure is fully configured according to the Chrimi Shipping Ltd Privacy Code/GDPR and to the strict rules of authorized access of the personal data that are collected. Data is entered by your self/colleagues via the registration service or the security and reception employee directly in the access system. The recipients of the collected data are only authorized employees. In specific cases, information is shared according to a procedure with the HR department.

In addition, for sea going vessels, data may be provided by ships agents which enters the data in the common systems (Dirkzwager’s Ship2Report or Tram4u) and for the inland barges the ship responsible will enter the data in UAB system or provides the Security with a crew list.

AISLive Ship Tracking Services is only used for planning purposes and is not used for other purposes.

Further Processing and third parties

Following to the aforementioned purposes and the closely related purposes, the information will be shared with Chrimi Shipping Ltd departments. The information we collect is shared, in special conditions, via reporting system of the registration portal to SHEQ or HR department.

We will not share data with third parties, unless

i) sharing is necessary to comply with law’s requirement, regulation, enforceable governmental request, legal defense;

ii) sharing is necessary for protecting your vital interest;

iii) Sharing is necessary for the Chrimi Shipping Ltd legitimate interest unless those interests are not overridden by the interests of fundamental rights and freedoms of Chrimi Shipping Ltd employees.

For ship personal the data is not shared with third parties and only used for verification purposes on the legitimacy of the visit.

Your data subject’s rights

Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We thought it would be helpful to set out your following privacy rights as they are defined in your Chrimi Shipping Ltd Privacy Code/ GDPR :

● right to access your personal data that we process;

● right to have rectified your inaccuracies in personal data that we hold about you;

● right to object to certain processing of your personal data by us;

● right to be forgotten, which means that your details might be removed from systems that we use to process your personal data. except if Chrimi Shipping Ltd has to keep information from legislation or other legitimate interests

● right of data portability (known as the right to request the transmission of your data to another controller);

● the right to lodge a complaint to your supervisory authority.

For a further understanding of your rights and procedure please take a look either to Chrimi Shipping Ltd Privacy Code for employees and/or the Chrimi Shipping Ltd Privacy Code for the customers/suppliers and business partners or contact your Local Contact person.

Security

The security of your personal information is important for us. Chrimi Shipping Ltd has implemented high security IT standards and a framework based on proactively embedding privacy into the design and the operation of Security and Access control procedure. These security rules will be upheld unconditionally and include Process Security and Access control in Chrimi Shipping Ltd Document Management System

While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Furthermore, a data breach procedure has been created within the Chrimi Shipping Ltd Privacy Code.

Protocols, such as security protocols, crisis management, and data breach resolution plans exist for management, prevention, and solution of these risks.

Transfer of the data to third country

There will be no transfer of data to a (government) authority and/or commercial parties to third countries.

Retention periods

Chrimi Shipping Ltd manages the relevant personal data and the access registration in the automated access registration system. According to the Article 5(1) (e) GDPR, data will be stored only for the purposes for which the personal data are processed unless exception mentioned under this article applies.

The personal master data included in the registration system is stored for a period of 24 months after the right of access has expired, unless the person is on a blacklist. In that case, master data will remain in the system until the period for which the access is denied has expired. The access records included in the access registration system are kept for a maximum 24 months, after that the registrations are destroyed.

In addition, the data of the crewmembers is no longer stored and destroyed after the departure of the vessel.

Changes

This Privacy Statement is effective as of, 1th of July 2018 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately communicated to you.

We reserve the right to update or change our Privacy Statement at any time and you should check this Privacy Policy periodically. Following the procedure, after we are informing to any modifications to the Privacy Statement will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Statement.

Concerns and contact details

If you have any concerns with regard to the way your personal data is being processed or have a query with regard to this notice, please contact your local contact person at Chrimi Shipping Ltd or

Email: facilityservices.nl@chrimishippingltd.com
Tel: +31 970 050 32611
Chrimi Shipping Ltd
Chief Privacy Officer
Hoekenrode 8, P.O. Box 1102 BR
Amsterdam, The Netherlands