PRIVACY NOTICE FOR DATA SUBJECTS
88 ACES MARITIME SERVICES INC. is committed to safeguarding your personal information pursuant to the provisions of the Republic Act 10173 or the DATA PRIVACY ACT OF 2012. Your privacy is important to us, and we want to assure you that 88 ACES MARITIME SERVICES INC. holds all your personal information in strict compliance with the law, while it allows us to provide the best services you need.
This Privacy Notice provides information on how 88 ACES MARITIME SERVICES INC. collects and processes personal data relating to customers, employees, suppliers, and seafarers (including their families, applying for life and Medical Plans, and their contact persons) on board vessels crew-managed by the Company.
1. Personal data collection
The Company collects personal data directly from the seafarers during the pre-employment process, from the seafarers’ manning agents or themselves entering in Compas Tool.
The Company also creates some personal data internally. Seafarers’ personal data are the following but not limited to:
- Personal details (surname, name, rank, nationality, date of birth and place of birth)
- Identification information/documents (copies of passport, ID, and national seaman book and CV.)
- Contact details (telephone number, mobile phone number, email address, skype, address and home address)
- Passport photo
- Next of kin details (surname, name, relationship, email, telephone, and home address)
- Medical information (copies of medical fitness, drug, and alcohol test and vaccination certificates), and “upon the occurrence medical exams and medical tests”, Etc.…)
- Injury and sickness reports (information on shipboard injuries and sickness of seafarers),
- Data relating to a reportable incident or event within the areas of health, environmental, safety, security, quality, and technical occurrences (such as a passenger’s name, address, employment status, telephone number, e-mail, and details of an event investigation)
- Data relating to the conclusion and performance of healthcare services (such as an employee‘s name, address, telephone number, and e-mail)
- Data concerning the health of a crew member (such as anamneses, medical diagnoses, x-ray images, prescriptions, treatments) Cf MMS Agreement
- Data concerning the health of a seafarer (such as anamneses, medical diagnoses, x-ray images, prescriptions, treatments) Cf MMS Agreement
- Certificates of competency
- Flag State documents
- Visas
- Training certificates, and education
- Bank detail data (bank details of the seafarers and/or their beneficiaries
- Evaluation reports (information on seafarers’ performance on board the vessel)
- Wages and payroll data (Social insurance number, wages, payroll reports, allotment requests, deduction, loans, personal travel expenses, etc.)
- Service with the company (sign-on and sign-off dates, name of company’s ship, sign-on and sign-off ports).
- CCTV Footage inside the company premises.
Occasionally, the Company may need to collect some additional personal data from seafarers for the purposes mentioned in Section 3. In such case, the Company shall provide the seafarers with information on the reasons why the additional data is required and how that data will be processed.
2. Purpose of personal data processing
The Company collects, stores, retains, updates, uses, transfers, or otherwise processes the personal data of seafarers only to the extent necessary for:
- Purposes relating to the provision of its crew management services to perform its crew management services.
- The Company shall process the personal data of seafarers only if one or more of the following applies:
- The seafarers have given their consent to the processing of their personal data.
- Processing is necessary for compliance with applicable laws and regulations to which the Company, Ship Owners, or Ship Managers are subject to.
- Processing is necessary in order to protect the vital interests of the seafarers or another natural person.
- Processing is necessary for the purposes of legitimate interests pursued by the Company or by a third party unless such interests are overridden by the interests or rights and freedoms of the seafarers.
3. Personal data transfer
The Company transfers the personal data of seafarers to third parties, within the Philippines and in countries outside the Philippines, as part of its operations and service provision and for the performance of the seafarers’ life and medical plan.
Categories of such third parties include, but are not limited to:
Mayfair, Marine Medical Solutions, Ship Money, Oceanic, Travel Cue, Medical clinics, Ships Agents, etc.
The Company shall transfer the personal data of seafarers to third parties in countries outside the Philippines only if one or more of the following applies:
- The seafarers have explicitly given their consent to the transfer of their personal data.
- The transfer is necessary for the performance of the seafarers’ life and medical reasons.
- The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the seafarers between the Company and another natural or legal person.
Access granted to CCTV footage is tiered: either by viewing or providing a copy, the latter option being allowed only when proportional to the purpose of the request. At all times, the footage to be disclosed, either by viewing or providing a copy, is only necessary and not excessive to the purpose for which it is being disclosed. CCTV footage may be disclosed in the following instances:
- Law enforcement and criminal investigation
- Court order
- Administrative investigations
- Other third-party request
4. Risks of transferring personal data
The Company takes appropriate safeguards to protect the privacy of the seafarers when transferring their personal data to third parties.
It also ensures that only personal data that is necessary for the purpose for which it will be processed is transferred. However, it may not always be practically possible for the Company to implement appropriate safeguards or to control the actions of such third parties.
Therefore, the risk exists that personal data transferred might not be fully protected, particularly if the third parties are located in countries outside the Philippines where privacy laws, rights, and obligations may vary.
5. Personal data retention
Having taken into consideration the legal, contractual, and operational requirements, the Company shall retain the seafarers’ personal data as described below:
- All collected paper copies of personal information shall be retained if the person is under the pre-employment process and those with continuously active employment with 88 Aces Maritime Services Inc. Disposing and destroying of paper copies must be through secured means or shredded by a duly authorized person assigned by the DPO unless authorized or given consent to retain their personal information. We are not keeping any paper copies from the in-active/resigned seafarers and/or from the applicant who for any reason didn’t proceed with employment in the Company.
- Digital data/information of in-active employment shall be securely deleted and removed from our database after ten (10) years except digital personal information collected and saved through Proxyclick System which will automatically be deleted after 360 days/1 year.
- CCTV recordings are generally maintained for thirty (30) days and are, after that, overwritten, making recovery impossible, except that they may be kept for a longer duration in certain instances, including legal basis or legally required to do so or footage that has investigative value. The recordings are stored as necessary for the duration of the investigation, the prosecution of the incident, or the exercise, enforcement, or defense of any legal claims.
6. Personal data protection
The Company implements appropriate technical and organizational security measures to protect the seafarers’ personal data against unlawful processing and accidental loss, destruction, or damage.
Technical security measures include:
- Data encryption.
- Firewalls and malware protection.
- Data backups.
Organizational security measures include:
- Physical security controls on the supporting assets (i.e., hardware, software, paper systems, and individuals) that process, store, and transfer the personal data.
- Data access restriction according to the authority and duties of individuals.
7.Data subjects’ rights
Subject to the legal basis on which their personal data is processed by the Company, the data subjects have the following rights:
- to know what personal data has been collected and how this data will be processed.
- to request rectification of incorrect or incomplete personal data.
- to request restriction, erasure, or blocking of their personal data.
- to object to the processing of their personal data.
- to have their data delivered to them in structure, the right to data portability enables the data subject to obtain and electronically move, copy, or transfer personal data for further use.
- to have a right to object and withdraw their consent in case of processing of their personal data.
- The last two rights are related to enforcement, the first is the right to file a complaint with the National Privacy Commission and the other one is the right to damages to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of his or her personal information.
8. Enquiries and requests
You have the right to reasonable access to your personal data being processed by the 88 Aces Maritime Services Inc. All concerns, documents, or forms submitted to the DPO shall be received and acted upon within a 30-day lead period. You may inquire or request information regarding any matter relating to the processing of your personal data under the custody of the Organization, including the data privacy and security policies implemented to ensure the protection of your personal data.
You may write for any request you wish to raise related to the processing of your personal information and send it to dpo@shipmanning.net for proper action.