Privacy Policy

Legal framework for protecting
your personal data.

Vilmar International S.A. has determined responsibilities for compliance with the obligations under the European Union General Data Protection Regulation (GDPR) for processing your personal data. GDPR gives control to citizens and residents of the EU over their personal data. This policy which has been issued by Vilmar International S.A. as Data Controller, describes how we collect, use and look after your personal data. It also describes the rights you have and control you can exercise in relation to your personal data.

When we mention “we”, “us” or “Vilmar International S.A.” in this privacy policy, we are referring to the relevant company (as mentioned above) responsible for processing your data.

This policy is addressed to individuals outside Vilmar International S.A. with whom we interact, including individual clients, representatives, directors, direct or indirect shareholders, beneficial owners and other stakeholders of client organizations, visitors to our website, other users of our services and suppliers.

If you have any questions in relation to this privacy policy or the use of your personal data by Vilmar International S.A. or if you want to exercise your legal rights, please contact our Data Protection Officer using the details set out below:

Vilmar International S.A.


8-10 Sachtouri street,

18537 Piraeus, Greece

T: +30 210 4511615-616

Data controller’s lines of business.

Vilmar International S.A. is the data controller for all lines of businesses under ownership or management.

The type of data we collect and process.

We may collect and process the following categories of personal information:

  1. Name, passport number and other identifying information

For example, we may collect your name, title, gender and date of birth, your nationality, country of residence and passport number, bank references and statements, position, role to a company or organization.

  1. Your contact details and personal account or registration details

Your contact details may include your address, telephone number and email address.

  1. Financial Information

Payment related information and financial information required for anti-money laundering or compliance purposes and ancillary services;

Billing address, payment method, bank account number, accountholder name, account security details, invoice records, payment records, SWIFT details, IBAN details, payment amount, payment date, records of cheques.

  1. Business Information

Data identifying you in relation to matters on which you instruct us or in which you are involved;

Identification and background information provided by you or collected by us as part of our business acceptance processes, anti-money laundering and compliance obligations;

Information from publicly available sources and screening providers: e.g. OFAC lists.

  1. Attendance Records

Details of your visits to our premises

  1. Any other information relating to you which you may provide to us.

How we collect your data.

We collect the aforementioned categories of personal data in the following ways:

  1. We collect data that you directly provide to us during the course of our provided services;
  2. We receive your personal data from your personal assistants or employees that you authorize to provide your personal data to us;
  3. You make public;
  4. From public authorities or governmental organizations.

How data is used.

Vilmar International S.A. may process personal information as part of its Insurance Services: underwriting, reinsurance, claims, legal services, loss prevention, document processing, marketing, renewals, contract review, risk, management and employment.

Automated decision making.

Vilmar International S.A. does not use automated decision making.

The legal basis we use
for lawful processing.

In order for Vilmar International S.A to conduct business and fulfil its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These are:

  1. Establishing insurance contracts
  2. Maintaining insurance contracts
  3. Provision of all contracted services
  4. Invoicing, remittance, payments, collections
  5. Non-promotional communications
  6. Marketing and other promotional communications
  7. Risk management contract review
  8. Response to Subject Access Request
  9. Performance measurement
  10. IT support services
  11. Business Continuity Planning
  12. Legal and regulatory obligations
  13. Responding to enquiries, requests and complaints
  14. Employment processing

The categories of peolple who will access or receive the data.

Vilmar International S.A sometimes needs to share the personal information it processes with individuals themselves as well as with other organizations. Below is a description of the types of organizations with which we may need to share some of the personal information we possess. 

  1. P&I Clubs of the International Group
  2. Marine Underwriters / Fixed Premium P&I Insurers
  3. Other insurance companies
  4. P&I Clubs’ Correspondents
  5. Agents and brokers
  6. Business associates, other professional bodies, advisers
  7. Central / local government
  8. Claimants, beneficiaries, assignees and payees
  9. Claims investigators
  10. Complainants, enquirers
  11. Courts and tribunals
  12. Credit reference, debt collection and tracing agencies
  13. Current, past and prospective employers
  14. Customers and clients
  15. Data processors
  16. Debt collection and tracing agencies
  17. Employment and recruitment agencies
  18. Family, associates and representatives of the person whose personal data we are processing
  19. Financial organizations and advisers
  20. Healthcare professionals, social and welfare organizations
  21. Law enforcement and prosecuting authorities
  22. Regulatory Authorities
  23. Pension schemes / social security institutions
  24. Police forces / Port State Controls
  25. Private investigators
  26. Professional advisers
  27. Share Administrators
  28. Suppliers and services providers
  29. Survey and research organizations
  30. Trade associations, professional bodies, employer associations

The countries where data will be stored, processed and transferred.

Your personal data collected by Vilmar International S.A. may be stored and processed in Greece or any other country in which associated third parties maintain facilities (including countries outside the European Economic Area). The laws of these countries may not afford the same level of protection to your personal data. Should we need to transfer your personal data, all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the GDPR will be taken.

How long the data will be retained.

Retention of specific records may be necessary for one or more of the following reasons:

  1. To fulfil statutory or other regulatory requirements.
  2. To evidence events/agreements in case of disputes.
  3. To meet our operational needs.
  4. To meet any historical purposes.

Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at Vilmar International S.A. discretion.

What happens if the data is not collected.

Your personal data is required for communication and setting up a contractual agreement to provide products and services. Without this data Vilmar International S.A. will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.

Vilmar International S.A. needs personal data to:

  1. enable consensual bilateral communications;
  2. engage in pre-contractual activities;
  3. honour contractual obligations;
  4. engage in insurance services and
  5. enable it to employ people.

Without this data, Vilmar International S.A. will not be able to perform these five primary activities.

The right to withdraw consent.

In situations where Vilmar International S.A. requests and receives your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.

Your rights.

You have rights regarding the personal data we store on your behalf. These are:

  1. Right to access a copy of your personal data;
  2. Right to data portability;
  3. Right to object to processing;
  4. Right to have inaccurate personal data rectified, blocked, erased or destroyed;
  5. Right to file a complaint with the Information Commissioner’s Office;
  6. Right to claim compensation for damages caused by a breach of the GDPR.

Should you ever wish to exercise any of these rights, please contact the Data Protection Officer at the contact details mentioned above. However, if you have unresolved concerns you also have the right to complain to the Hellenic Data Protections Authority

How we look after this policy.

This privacy policy was most recently amended on 04 March 2021 and replaces earlier versions. We may amend this privacy policy from time to time and will notify you of any changes prior to these changes taking effect.