This Privacy Policy (the “Policy”) sets out information about how Damask Shipping & Management Limited (hereinafter referred to as “Damask Shipping”, “We” or “Our”) processes and uses your personal information. At Damask Shipping, we are firmly committed to respecting your privacy and the confidentiality of the personal information you supply to us and all personal data will be processed in accordance with the Data Protection Act (Chapter 586 of the Laws of Malta) and subsidiary legislations thereunder (the “Act”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”).
Damask Shipping requires the collection and use of certain personal data on various individuals. These include customers, suppliers, business contacts, employees and other natural persons and/or entities with whom We have a relationship with or whom We may need to contact.
This Policy outlines Our internal practices to ensure that personal data collected in relation to employees, suppliers, customers, and any other natural person is protected. Furthermore, it also provides that Our operations are subject to continuous review to maintain alignment with GDPR. We must emphasize that We will only be using and/or disclosing any personal data collected from you in accordance with the manner set out in this Policy.
Should you require further information regarding Our privacy practices, kindly contact us via e-mail at malta@damaskinvestment.eu
“Controller” or “Data Controller” means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Data subject” refers to any living person (natural person) whose personal data is being collected, held or processed.
“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
“Processor” or “Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Processing’ means any operation/s which is/are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
NB: Information in relation to legal persons (e.g. company, other legal entities) does not constitute personal data in terms of both the Act and the GDPR. Nonetheless, the aforesaid information will still be handled in a confidential manner, in accordance with Our standard internal practices and professional secrecy obligations.
When processing your personal data for the purposes indicated in this Policy, We are generally qualified as data controllers.
On a general note, We collect personal data pertaining to our employees, suppliers, customers on a regular basis to be able to conduct business activities. We typically collect personal data:
The following is an indicative list of personal data that We collect and process:
Personal data will be processed on the basis of the following legal grounds:
Kindly note that special categories of data, which include information about the data subject’s racial or ethnic original, political views, religious or political beliefs, trade union membership, genetic, biometric or health data, sexual orientation and data related to your conviction and offences are not typically processed. However, We may be required to collect special categories of data in specific scenarios such as from our employees to process payroll. Such data shall be collected and processed as required by applicable legislation.
We may process your personal data for the following purpose/s:
The collected personal data shall only be processed for the sole purpose which was explained to the Data Subject or any ancillary purposes. The processing of personal data shall also be conducted for the fulfilment of any legal or regulatory obligation imposed on Damask.
We shall inform data subjects accordingly in cases where we are required to process personal data for any other purpose not linked to the ones established with the data subject.
In the course of conducting business, it might be necessary for Us to share the data subject’s personal data with third parties as indicated below:
The Company shall not, transfer personal data to any third party without the prior consent of the data subject, except where Damask is required to do so by operation of law.
Personal data shall not be transferred to third parties located outside the EU or European Economic Area (EEA) unless specifically instructed to do so in writing by the data subject. However, there are instances whereby it would be necessary to transfer personal data to countries which are not subject to the same level of data protection legislation, such as:
Personal data will only be retained exclusively for the period which is necessary to fulfil the purposes for which it was collected and thereafter, for the purpose of satisfying further legal and regulatory requirements or obligations to which We are subject. This period may also be extended further to be able to assert, exercise or defend possible future legal claims against or otherwise involving the data subject.
In the context of a contractual relationship between Damask Shipping and the data subject, the latter’s personal data will be retained for a period of five (5) years from the termination date of the contractual relationship on the basis of legitimate interests to protect ourselves against any civil disputes in relation to the aforementioned contractual relationship.
With reference to invoices, credit notes and other similar documentation or information, including all personal information collected for compliance with our legal obligations in terms of applicable laws and regulations with respect to accounting, audit, tax and VAT, these will be retained for a period of ten (10) years from the date of the relevant submissions.
Moreover, the listed time periods may be further extended when We have a legitimate interest related to exercising or defending legal claims or in case of inspections by relevant authorities.
Personal data which has been collected and processed on the basis of the data subject’s consent shall be retained until the data subject withdraws his/her consent.
Data subjects have various rights vis-à-vis their personal data:
Keeping the data subject’s personal data secure is of utmost importance to Us. We undertake to put in our best efforts to keep any disclosed personal information secure by implementing the appropriate technical and organizational measures with the aim of protecting the data subject’s personal data against unauthorized or unlawful processing, encompassing also accidental losses, destruction, storage or access.
Notwithstanding Our efforts to protect personal data, no system can guarantee that the aforementioned scenarios will not occur.
It is important that personal information We hold about you is accurate and when necessary kept up to date. Kindly keep us informed if your personal information changes during our business or employment relationship.