Legal framework for protecting
your personal data.
Vilmar International S.A. has determined responsibilities for compliance with the obligations under the European Union General Data Protection Regulation (GDPR) for processing your personal data. GDPR gives control to citizens and residents of the EU over their personal data. This policy which has been issued by Vilmar International S.A. as Data Controller, describes how we collect, use and look after your personal data. It also describes the rights you have and control you can exercise in relation to your personal data.
This policy is addressed to individuals outside Vilmar International S.A. with whom we interact, including individual clients, representatives, directors, direct or indirect shareholders, beneficial owners and other stakeholders of client organizations, visitors to our website, other users of our services and suppliers.
Vilmar International S.A.
8-10 Sachtouri street,
18537 Piraeus, Greece
T: +30 210 4511615-616
Data controller’s lines of business.
Vilmar International S.A. is the data controller for all lines of businesses under ownership or management.
The type of data we collect and process.
We may collect and process the following categories of personal information:
- Name, passport number and other identifying information
For example, we may collect your name, title, gender and date of birth, your nationality, country of residence and passport number, bank references and statements, position, role to a company or organization.
- Your contact details and personal account or registration details
Your contact details may include your address, telephone number and email address.
- Financial Information
Payment related information and financial information required for anti-money laundering or compliance purposes and ancillary services;
Billing address, payment method, bank account number, accountholder name, account security details, invoice records, payment records, SWIFT details, IBAN details, payment amount, payment date, records of cheques.
- Business Information
Data identifying you in relation to matters on which you instruct us or in which you are involved;
Identification and background information provided by you or collected by us as part of our business acceptance processes, anti-money laundering and compliance obligations;
Information from publicly available sources and screening providers: e.g. OFAC lists.
- Attendance Records
Details of your visits to our premises
- Any other information relating to you which you may provide to us.
How we collect your data.
We collect the aforementioned categories of personal data in the following ways:
- We collect data that you directly provide to us during the course of our provided services;
- We receive your personal data from your personal assistants or employees that you authorize to provide your personal data to us;
- You make public;
- From public authorities or governmental organizations.
How data is used.
Vilmar International S.A. may process personal information as part of its Insurance Services: underwriting, reinsurance, claims, legal services, loss prevention, document processing, marketing, renewals, contract review, risk, management and employment.
Automated decision making.
Vilmar International S.A. does not use automated decision making.
The legal basis we use
for lawful processing.
In order for Vilmar International S.A to conduct business and fulfil its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These are:
- Establishing insurance contracts
- Maintaining insurance contracts
- Provision of all contracted services
- Invoicing, remittance, payments, collections
- Non-promotional communications
- Marketing and other promotional communications
- Risk management contract review
- Response to Subject Access Request
- Performance measurement
- IT support services
- Business Continuity Planning
- Legal and regulatory obligations
- Responding to enquiries, requests and complaints
- Employment processing
The categories of peolple who will access or receive the data.
Vilmar International S.A sometimes needs to share the personal information it processes with individuals themselves as well as with other organizations. Below is a description of the types of organizations with which we may need to share some of the personal information we possess.
- P&I Clubs of the International Group
- Marine Underwriters / Fixed Premium P&I Insurers
- Other insurance companies
- P&I Clubs’ Correspondents
- Agents and brokers
- Business associates, other professional bodies, advisers
- Central / local government
- Claimants, beneficiaries, assignees and payees
- Claims investigators
- Complainants, enquirers
- Courts and tribunals
- Credit reference, debt collection and tracing agencies
- Current, past and prospective employers
- Customers and clients
- Data processors
- Debt collection and tracing agencies
- Employment and recruitment agencies
- Family, associates and representatives of the person whose personal data we are processing
- Financial organizations and advisers
- Healthcare professionals, social and welfare organizations
- Law enforcement and prosecuting authorities
- Regulatory Authorities
- Pension schemes / social security institutions
- Police forces / Port State Controls
- Private investigators
- Professional advisers
- Share Administrators
- Suppliers and services providers
- Survey and research organizations
- Trade associations, professional bodies, employer associations
The countries where data will be stored, processed and transferred.
Your personal data collected by Vilmar International S.A. may be stored and processed in Greece or any other country in which associated third parties maintain facilities (including countries outside the European Economic Area). The laws of these countries may not afford the same level of protection to your personal data. Should we need to transfer your personal data, all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the GDPR will be taken.
How long the data will be retained.
Retention of specific records may be necessary for one or more of the following reasons:
- To fulfil statutory or other regulatory requirements.
- To evidence events/agreements in case of disputes.
- To meet our operational needs.
- To meet any historical purposes.
Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at Vilmar International S.A. discretion.
What happens if the data is not collected.
Your personal data is required for communication and setting up a contractual agreement to provide products and services. Without this data Vilmar International S.A. will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.
Vilmar International S.A. needs personal data to:
- enable consensual bilateral communications;
- engage in pre-contractual activities;
- honour contractual obligations;
- engage in insurance services and
- enable it to employ people.
Without this data, Vilmar International S.A. will not be able to perform these five primary activities.
The right to withdraw consent.
In situations where Vilmar International S.A. requests and receives your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.
You have rights regarding the personal data we store on your behalf. These are:
- Right to access a copy of your personal data;
- Right to data portability;
- Right to object to processing;
- Right to have inaccurate personal data rectified, blocked, erased or destroyed;
- Right to file a complaint with the Information Commissioner’s Office;
- Right to claim compensation for damages caused by a breach of the GDPR.
Should you ever wish to exercise any of these rights, please contact the Data Protection Officer at the contact details mentioned above. However, if you have unresolved concerns you also have the right to complain to the Hellenic Data Protections Authority http://www.dpa.gr/.
How we look after this policy.