Privacy Policy - Greenheart Management

Greenheart Management is committed to protecting and respecting your privacy. Greenheart Management is a UK based shipping company providing the full spectrum of commercial and operational management to all vessel classes.

This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our website at www.greenheartmgmt.com (the “Website”), or when you have applied for a job with us. Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website or submit any personal data to us.

This Privacy Policy has been divided into three sections.

Part 1 describes the personal data we collect, and how we use it, when you are a visitor on our Website.

Part 2 describes the personal data we collect, and how we use it, when you apply for a job with us.

Part 3 applies generally in respect of all of our processing of personal data

PART 1 – OUR WEBSITE

Data Controller

If you are in the EU, then for the purposes of the General Data Protection Regulation, Greenheart Management is the controller of your personal data collected and used in the context of you visiting our Website (as described in this Part 1).

The type of information we, or our third parties’, collect

Technical usage information. When you visit our Website, the third party vendor which hosts our website automatically collects the IP address of the device you are using, e.g. computer, mobile phone or other access device.

Information you give us. You may also provide Greenheart Management with information by contacting us via email, telephone or by signing up for our newsletters or alerts when you engage with Greenheart Management personnel.

Purpose and legal basis for processing

As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Website and to provide useful content, we will use your information to:

communicate with you;
enforce our Website terms and conditions;
if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.

PART 2 – APPLYING FOR A JOB WITH GREENHEART MANAGEMENT

Data Controller

If you apply for a job with Greenheart Management, the company you apply to is, for the purposes of the General Data Protection Regulation, the controller of your personal data. For the purpose of this Part 2, we refer to Greenheart Management as the Employing Entity.

The type of information we collect

Information you give us. When you apply for a job with Greenheart Management, the Employing Entity will ask you to provide a CV. Your CV will likely include personal data such as your name, contact details, education and previous experience. During the application process, the Employing Entity may ask you further questions about this information and/ or request additional information such as proof of identity, proof of your qualifications, a criminal records declaration and names and contact details for referees.

Where permitted by local law, you have the option of providing certain sensitive personal data with your consent, such as, race or ethnic origin, or whether you have a disability, for the purposes of equal opportunities monitoring. If you decide not to provide this data, your application will not be prejudiced.

Information from third parties.

Background Screening Checks. The Employing Entity will receive information from third parties in connection with your application, such as data provided by referees, recruiters and organisations that provide background checks (this will include right to work and credit and criminal reference checks, to the extent permitted by applicable law).

The Employing Entity uses the services of outside agencies to perform background checks in order to research and verify the information that you have provided in relation to your job application. Prior to any background checks being undertaken, you will be contacted to inform you of the agency performing the relevant checks. This is an essential step for Greenheart Management as part of its due diligence evaluation of all potential employees and it is within the Employing Entity’s legitimate interests to process your personal data for the purpose of conducting and assessing the outcome of such background checks to evaluate trustworthiness, fitness and propriety, integrity and reliability. The information obtained through these background checks may be used to make employment decisions. When you receive the details of the screening agent, please review their privacy policy as they will be processing your personal data.

Assessments. The Employing Entity may ask you to complete an occupational personality profile questionnaire. Greenheart Management uses third parties to perform such tests on its behalf and the third party will share the outcome of the test with the Employing Entity. If an Employing Entity asks you to complete one of these tests, you will be sent a link to the test. When you receive these details, please review the privacy policy of the test provider as they will be processing your personal data.

Purpose and legal basis for processing

The Employing Entity processes personal data to assess your suitability for the role you have applied for. The Employing Entity is therefore processing this personal data with a view to entering into a contract with you. Where background screening or assessments are undertaken, automatic reports are generated which will form part of the Employing Entity’s assessment. You may request that such reports are assessed manually.

The Employing Entity processes any sensitive personal data you provide for equal opportunities monitoring for the purpose of carrying out specific obligations as an employer.

The Employing Entity will use your information to:

communicate with you;
progress your application, including conducting background checks and determining the validity of the information you have provided; and
to fulfil its legal and regulatory obligations as an employer/ potential employer.

How do we share your personal data?

Please see How do we share your personal data? below.

The Employing Entity also, when processing personal data for job applications, will share your personal data with:

background check providers to verify the information that you provided as part of your application;
recruitment agents through whom you have made your application;
referees (as provided by you) to identify you so they can provide a reference; and
our assessment providers for the purpose of providing occupational personality profile evaluations.

Your Rights

In addition to Your Rights described below, where you have given information to an Employing Entity for the purpose of processing in relation to entering into an employment contract, you have the right to request that the Employing Entity transfer this data to you or another organisation. If you wish for the Employing Entity to transfer the personal data to another party, please ensure you detail that party and note that the Employing Entity can only do so where it is technically feasible. The Employing Entity is not responsible for the security of the personal data or its processing once received by the third party.

The Employing Entity may not be able to provide you with certain personal data following a portability request if providing it would interfere with another individual’s rights (e.g. where providing the personal data it holds about you would reveal information about another person) or where another exemption applies.

PART 3 – GENERAL PROVISIONS

How do we share your personal data and where it is stored?

Sharing with Third Parties. We do not sell, rent or lease your personal information to others except as described in this Privacy Policy. We share your information with third parties to the extent they provide us with services which involves the processing of data. These categories of recipients include:

In the European Economic Area:

our Website host which collects the IP address of the device used to access the Website;
cloud storage providers to store the personal data you provide and for disaster recovery services; and
IT Services providers that provide us with SaaS services, such as our customer relationship management information, and other software; and

In the United States of America:

analytics and search engine providers that assist us in the improvement and optimisation of the Website.

We only share personal data with third parties outside of the European Economic Area, if the third party:

complies with the US Department of Commerce’s EU-US Privacy Shield and has certified that it will adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield
has entered into standard data protection clauses adopted pursuant to European Commission Decisions 2004/915/EC and 2010/87/EU.

Sharing with Law Enforcement. We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

comply with a legal obligation, process or request;
enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
detect, prevent or otherwise address security, fraud or technical issues; or
protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

Sharing data for business purposes. We will also disclose your information to third parties:

in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.

How long do we store your personal data?

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

our internal policies that dictate the period for which we hold personal data; and
legal obligations – laws or regulation may set a minimum period for which we have to store your personal data.

Your rights

Under data protection law, you have certain rights with respect to the data we process about you. The rights available to you depend on our reason for processing your information and may be limited in certain circumstances, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your personal data.

Your right of access. You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.

Your right to rectification. You have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavour to do so without undue delay.

Your right to erasure. In certain circumstances, you have the right to ask us to delete the personal data we hold about you:

where you believe that it is no longer necessary for us to hold your personal data (for example, if you decide that you no longer wish to submit a job application to us);
where we are processing your personal data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
where you believe the personal data we hold about you is being unlawfully processed by us.

Your right to restrict processing. In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data. You may choose to restrict processing:

while we are considering: (i) a challenge you have made to the accuracy of your data; or (ii) an objection you have made to the use of your data;
where we want to erase your personal data, as the processing is unlawful, but you want us to continue to store it; or
where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defence of legal claims; or

To exercise any of these rights above, please contact compliance@greenheartmgmt.com. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.

The security of your personal data

Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

Complaints

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at compliance@greenheartmgmt.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.

Changes

Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.

Contact

Questions, comments and requests regarding this policy are welcomed and should be addressed to compliance@greenheartmgmt.com