General Data Protection and Privacy Policy for MARPRO Group

MARPRO ApS. is a specialized consulting firm, operating primarily in the maritime sector, offering services divided in three main categories, recruitment, events and promotion.

MARPRO ApS. owns and operates 6 websites:

  • marpro-group.com
  • marpro-recruitment.com
  • marpro-promotion.com
  • marpro-events.com
  • marpro-breezy.hr

At maritime-professionals.com users can register as jobseekers and upload files like a Curriculum Vitae and add non-sensitive information. It is possible to register a company user, and, in this case, only non-sensitive information can be uploaded.

For the users at www.maritime-professionals.com  who have agreed to receive our newsletter and for the users who have signed up via a form, we broadcast a weekly newsletter using Mailchimp as our external partner. All newsletters that we send out contains an unsubscribe link.

We use an external service provider for applicant tracking and they have provided us with the career page marpro-breezy.hr.

MARPRO ApS. do not intentionally process sensitive personal data, however, we do process Curriculum Vitae´s and they may contain sensitive information.

MARPRO ApS. use a range of external cloud-based service partners, whom we have entered into a Data Processing Agreement with, to assure that our partners comply with the General Person Data Regulation.

We take the General Person Data Regulation serious, with specific focus on the damage that we can potentially cause a candidate by exposing personal data.

We have written this document to help you understand our privacy policies, why we collect data, how we use it and how we protect it.

Our goal is to explain how to update, manage, export and delete your data.

As expressly required by the GDPR, when you use our services you can exercise your rights at any time and in total transparency.

Data Controller and Data Processor

As data controllers and processors, we guarantee compliance with the rules concerning the protection of personal data. We provide all useful information about the processing of data, both information communicated directly and voluntarily, and any information collected by the system while navigating on the sites and using our services.

Appointed DPO

Appointed Data Protection Officer for MARPRO ApS. is Managing Director Jakob le Fevre.

Data provided voluntarily for the use of the services

When you use our services or browse on one of our websites, our system log files may collect information about you, such as:

  • Your IP addresses
  • Your operating system
  • Your ID and your browser type
  • Your location

Even your browsing activity on our site can be traced, through:

  • Tracking technologies (such as Google Analytics) or similar on our website that are used to analyse trends, administer the website, track how users use the website and propose targeted advertising
  • Cookies, to optimize your browsing preferences.

For your peace of mind, we specify that these data are not accompanied by any additional personal information and are only used to:

  • Derive anonymous statistical information
  • Control usage needs
  • Determine responsibility in the event of hypothetical computer crimes
  • Track requests for assistance to ensure the rapid delivery of comprehensive solutions
  • Learn how and when you use our services, applications and software to improve them, both for you and for all our users.

Data provided voluntarily for the use of the services

In many cases we collect information that you voluntarily provide to fulfil a request, specifically when:

  • You sign up to use our services and software
  • Request support from our support team
  • Write to us by email
  • Complete a contact form (or other form)
  • Integrate services with another website or web service
  • Communicate with us in any way (including by telephone)

This information may include your name and surname, your client name, physical address, email address, telephone number, details of gender, occupation, location, purchase history and other demographic information.

By providing this information, you consent to the fact that it is collected, used, can be transferred to the United States and stored by our partners, as described in DPA and this Privacy Policy.

Consent to the processing of data

In expressing or denying consent you must consider:

  • The need to comply with the legal obligation to which MARPRO is subject as the data controller
  • The need to execute a contract to provide a service in which you have expressed an interest
  • Possible pre-contractual measures to execute requests for quotes

You will always be able to give your consent by a positive and unequivocal act in which you express your free, specific and informed intent to accept the processing of personal data about you.

Depending on the situation, “positive and unequivocal act” means:

  • A written paper declaration
  • A communication through electronic means (for example, forms completed online) or paper
  • An oral communication with a registered procedure

If the communication takes place by completing a contact form (or any other form) on the website, you must actively select a specific box that clearly indicates that you have intentionally accepted the proposed treatment. In other cases, you will have to check a box printed on a paper form, or you must expressly state the word “YES” during an oral communication in response to a request by the person in charge of the processing of your data. The action will be recorded and will be proof of your consent

You may at any time decide to avoid processing data according to the rules of the GDPR and the conditions of opportunity.

Data retention – Times and methods of treatment

We will keep your information for as long as your account is active or for the time necessary to provide our services.

We may also retain and use your information to comply with our legal obligations, resolve disputes, prevent abuse and enforce our agreements.

The data we collect to meet our contractual obligations, and the information about how and when you use our services are stored in active databases, log files or other types of duly protected and encrypted data storage systems.

In particular:

  • All data that you submit will be stored in clouds services provided by our partners who have all signed a DPA (Data Processing Agreement)

MARPRO is not required to store all your data forever and have the right to delete your profile and your personal information in case we terminate the service or the company.

Purpose and goal of data processing

We process your information to pursue our mutual goals, applying appropriate safeguards to protect your privacy.

The main purpose of collecting personal data is to offer a safe, optimal, efficient and personalized service. To achieve this goal, we inform you that we pursue legitimate interests, as foreseen by article 6 of the GDPR on the lawfulness of data processing: “It is also a legitimate interest of the data controller concerned to process personal data strictly necessary for fraud prevention purposes. It may be considered legitimate interest to process personal data for direct marketing purposes.”

We assure you that your data will be used only for the following purposes:

  • To promote the use of our services. When you request information or register for free services, leaving us your data, we may contact you by phone or send you an email:
  • To ask for your feedback;
  • To propose that you register for one of our services or software.

If you already use one of our services (free or paid) and we believe you could benefit from using another service or software, we could send you an email about that opportunity or contact you to send you information and promotional content in compliance with your marketing preferences.

  • To invoice or send payment notices. We may use your information to send you emails with invoices, receipts, or insolvency notices. We use third parties to process credit card transactions securely and send invoicing data to those third parties to process your orders and payments.
  • To send you system notification messages. You may receive communications regarding services or MARPRO software you use. The purpose is to notice you in case of:
  • Temporary or permanent changes to our services or software
  • Change of conditions of use
  • Scheduled breaks
  • New features
  • Notices of abuse or data breach (also called “data breach”)
  • Updates and changes to our Privacy Policy
  • To aid. We may communicate with you to aid and support regarding the services and software used.
  • For legal reasons. You may receive communications from a legal nature, such as compliance with court orders.
  • To provide information to representatives and consultants, including lawyers and accountants. We may need to use your information to comply with the legal, accounting or security requirements as described by law.
  • To respond to legitimate requests from public authorities. If a public authority were to make a legitimate request, motivated by compliance with national security requirements or by law enforcement, your data could be used.
  • To transfer your information in the event of sale, merger, consolidation, liquidation, reorganization or acquisition. In this case, any purchaser will be subject to our obligations under this Data Protection and Privacy Policy, including access and selection rights. We will notify you of the change by sending you an email or posting a notice on our website.

Recipients of the data

The personal data that we collect are meant to provide MARPRO´s commercial, accounting and technical assistance services.

Personal data cannot be transferred to third parties for marketing purposes without your explicit consent. The disclosure to third parties of personal data, which you have provided us, can only take place in the following cases:

  • With permission from you;
  • At the request of competent legal authorities for judicial inquiries or in the context of a judicial dispute.

Right of access, rectification, and opposition

We have established mechanisms and procedures that, at any time and for legitimate reasons, guarantee you the ability to:

  • Oppose the processing of data
  • Request cancellation, modification or updating of all your personal information in our possession.

MARPRO also lets you change your data whenever you want by accessing your profile through our portals or by contacting us at the email address indicated contact page of the website to which the specific service refers.

You can unsubscribe from our newsletter or choose not to receive commercial communications via email. Just use the unsubscribe link included in every email.

You can forward requests for the cancellation, modification or updating of all personal information electronically using the appropriate forms or by informing us by email.

These requests will be processed within a maximum period of 30 days, unless there is a justified delay.

Right to be forgotten

We have generated all the necessary procedures to guarantee your right to be forgotten, which allows you to correct your personal data.

In response to your legitimate request we will delete your data which will no longer be subjected to any type of processing. Nor will we use your data for any purpose other than those necessary for which the data were previously collected or processed.

You have the right to withdraw your consent or oppose the processing of data if you believe that the latter does not comply with this regulation.

To take advantage of this right you will have to prove that you are eligible to make the request by sending us documents proving your identity. Please remember to explain your decision.

Once we have received your communication, we will respond as soon as possible to confirm and demonstrate the cancellation of your data.

Right to data portability

To further strengthen the control of any data processed automatically, you will have the right to receive a copy of the data you have provided to us.

The data will be available in a structured format, commonly used and readable by an electronic device (such as computers, smartphones, tablets, etc.)

The files with your personal data can be transmitted to another similar data controller, ensuring your right to data portability.

Right of withdrawal of consent to data processing

If you no longer wish to receive our promotional emails, you can follow the instructions for removal from our contact list included in each email.

Technical measures

MARPRO assigns the utmost importance to the security and integrity of your personal data. In accordance with the GDPR, we commit ourselves daily to take all the necessary precautions to preserve the security of your data and, in particular, to protect them from:

  • Accidental or illicit destruction
  • Accidental or illicit loss
  • Accidental or illicit corruption
  • Circulation or disclosure to unauthorized persons
  • Unauthorized access
  • Unlawful processing

To this end, we have adopted industry-standard technical security measures, including:

  • A firewall
  • Proven antivirus and intrusion detection software;
  • Encrypted transmission of data through SSL / HTTPS / VPN technology.

We guarantee the accuracy and correct use of data:

  • With appropriate electronic, physical and management procedures to safeguard and preserve the data collected through our services
  • With the appropriate training of any staff members who have obtained specific authorization to access the data in compliance with the provisions of the GPDR.

However, there is no absolute defence against piracy attacks or hackers. In the event of a breach of security, we are committed to informing you without undue delay and will work to the best of our ability to neutralize the intrusion and minimize the impact. If you suffer a loss due to a security breach, we are committed to providing you with all the assistance you need to be able to assert your rights.

If a user or a hacker discovers and takes advantage of a security breach, such a person is responsible for prosecution. MARPRO will take all measures, including the filing of a complaint and/or legal action, to preserve the data and rights of its users and ourselves, and to limit any effects.
The measures are those that we adopt for the protection of your data. As the user of our services and software, you must perform the following actions:

  • Check the authentication of people accessing the data
  • Use a unique and sufficiently secure password, remembering to change it regularly and to never leave it unattended
  • Make sure that you take security measures for data that are processed by MARPRO and that you share on non-secure communication channels.

The purpose of these technical measures is to make your data incomprehensible or inaccessible to unauthorized persons.

For any questions related to the security of our services, applications and software, please contact our technical support staff available on our official channels: email, online chat and phone.

Organizational safety systems

  • The door to the office is closed if no employees are present
  • When the office is closed, an external alarm system with PIR sensors is activated
  • All computers used by employees are only accessible using a password that will be updated with regular intervals
  • Apps must be approved by management before installed on computer used for work related matters
  • Employees is instructed in basic computer safety including phishing and other common hacking techniques
  • Mails containing sensitive personal information must be deleted after 6 months unless legal reasons are in place, to justify keeping the information for a longer time
  • Employees are not allowed to forward work-related e-mails to private e-mail accounts
  • Employees are instructed in MARPRO´s internet policy
  • Employees are bound by confidentiality, under the employment and when employment is terminated
  • Employees is instructed that MARPRO can log all activities on company IT systems, browsers and apps
  • Employees are informed that MARPRO owns all e-mails send and received on MARPRO It systems or service, unless clearly marked with “Personal” or “Private”.

Data breach management

We will notify the control authority of any violation of personal data, within seventy-two hours of the moment it becomes known.

We distinguish between three types of violations:

  • Breach of confidentiality— unauthorized or accidental disclosure or access to personal data
  • Integrity violation— an unauthorized or accidental alteration of personal data
  • Availability violation— the loss, inaccessibility or destruction, whether accidental or unauthorized, of personal data

If the violation is also related to your data, MARPRO, will notify you in the following ways:

  • Personally, and directly by e-mail, direct mail or phone
  • By means of public communication or a similar and effective measure when direct and personal communication involves disproportionate efforts.

Access to authorized data for customer care and technical assistance

The collected data will be used if it is necessary or instrumental for:

  • Delivering technical assistance to users for the services provided by MARPRO that affect data controllers or their contact lists
  • Concluding commercial negotiations by telephone or email;
  • Direct or indirect commercial advice

Your data may be processed by MARPRO employees or third parties who will be appointed as external processors as appropriate.

Minimization of data processing and archiving

We have prepared technical and organizational measures to guarantee the principle of minimization of data processing. Any data processing will always be adequate, relevant and limited to achieving the stated purposes.

The processing of data for statistical purposes, archiving in the public interest, scientific or historical research is subject to guarantees appropriate to the rights and freedoms of the interested party in accordance with the provisions of the GDPR.

Data transfer

Regardless of where your data is processed, we apply the same protections described in these policies, and we also comply with certain provisions relating to data transfer, including those provided for by the EU-US Privacy Shield Framework.

Training

We have created a training plan based on the services we provide, the roles and internal tasks, and instructed staff on data processing and the risks involved.

For training we have considered:

  • the job, by role and sector
  • the type of data processing being conducted

In compliance with the GDPR, the certification of training will have a schedule and be updated periodically, based on the effective implementation of corporate procedures.

Supplier Instructions

We will systematically verify that suppliers issue guarantees on compliance with safety standards, and that those guarantees are maintained and updated over time. All service providers enter into a contract with us that protects personal data and limits their use of any personal information consistent with this Privacy Policy.

Complaints

We will respond to any formal written complaints that we receive, first by contacting the people who submitted the complaints. We work with the relevant regulatory authorities, including local data protection authorities, to resolve any complaints related to the transfer of personal data which cannot be resolved directly.

Application of the rules

This Privacy Policy applies to all services offered by MARPRO and to the websites developed by MARPRO. Each service and software collect and processes only the data necessary for correct operation, as highlighted in the section dedicated to the DPA.