This document provides the policy framework through which effective management of Data Protection matters can be achieved. The General Data Protection Regulation (“GDPR”) is the new legal framework for the protection of individuals from the processing of personal data which will be enacted on 25th of May 2018.
The purpose of this policy is to ensure that ASTRA Shipmangement Inc. complies with the provisions of the GDPR when processing Personal Data. Astra Shipmanagement Inc. establishes, maintains and implements appropriate technical and organisational measures to ensure the security of Personal Data. Our company collects the Personal Data in a transparent way and only with the full cooperation and knowledge of interested parties. The Company expects all of its employees, Crew Personnel and Third Parties Providers (i.e. port agents, Manning agents, contractors, external business partners, suppliers, visitors) to comply with the Regulation. Any serious infringement of the Regulation will be treated seriously by ASTRA.
ASTRA sets the principles of collecting, organizing, retaining, modifying, forwarding, transmitting, keeping, managing, sharing and using of Personal Data according to the Regulation:
Where external companies or individuals are used to process personal data for and on behalf of ASTRA Shipmanagement Inc, responsibility for the security and appropriate use of that data remains with ASTRA.
Where a third-party data processor is used:
A Third Party must process the personal data only to the extent required in the course of the work with ASTRA and always in a strictly confidential manner.
Where a Data Protection breach occurs, or is suspected, it should be reported immediately in accordance with the GDPR to ASTRA Shipmanagement Inc: Confirmed or suspected data security breaches should be reported promptly to the Safety & Quality or Legal Department; as the primary point of contact on +30 213 0175 100, email: email@example.com or firstname.lastname@example.org . The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.
Queries regarding this policy or the General Date Protection Regulation at large should be directed to email@example.com & firstname.lastname@example.org
This policy will be updated as necessary to reflect best practices in Data management, security and control and to ensure compliance with any changes or amendments in the law.