1. DGS društvo za trgovinu i usluge društvo s ograničenom odgovornošću (abbreviated name: DGS d.o.o.) having its registered seat in Rijeka, MilutinaBarača 7, Republic of Croatia, OIB: 96250701832 (hereinafter: "The Company and/or The Controller") collects and processes certain personal information from you in accordance with this Privacy Notice.
2. Upon the entry into force of this Privacy Notice, the General Terms and Conditions of Personal Data Protection of the Company DGS d.o.o. cease to apply.
3. This Privacy Notice enters into force on the day of its publication on www.dgs.hr website (hereinafter: website) and is applicable from 25th May 2018.
4. By this Privacy Notice,the Company aims to provide its clients with clear information on processing and protection of their Personal data to enable honest and transparent processing and to enable them to easily monitor and manage their Personal data and consent.
5. The Company is committed to the protection of privacy and Personal data.
6. If you have any questions regarding the personal data protection, please contact our person responsible for Personal data protection by e-mail at:firstname.lastname@example.org.
7. We reserve the right to change this Privacy Notice at any time, for any reason. Any changes to this Privacy Notice will be notified to the users through the website.
8. We may remind you periodically via e-mail on the Privacy Notice, while a current version of the Privacy Notice is always available on the website.
Personal data processed and the use of Personal data
This Privacy Notice explains:
• Types of personal data the Controller collects about you;
• The manner in which the Controller obtains your Personal data;
• The manner in which the Controller uses your Personal data;
• The basis on which the Controller uses your Personal data;
• With whom the Controller shares your Personal data;
• How the Controller protects your Personal data.
Categories of Personal data that the Controller collects and processes
1. The Controller collects only Personal data necessary to achieve certain legitimate processing purposes.
2. The Controller may collect your Personal data when performing its business, including when you are addressing the Controller, asking for information from the Controller, using the Controller’s website or using the Controller’s services.
3. The Personal data that the Controller collects and processes from data subjects include:
• personal identification information such as: name and surname, date of birth, place of birth, gender, marital status, number of children, height, weight, hair color, eye color, photographs, total size and shoe size;
• user data: username, password;
• contact details: residence, place, country and postal code, e-mail address, phone number, mobile phone number, Skype username, nearest airport;
• Qualification data such as: vocational qualification, name of educational institution, period of attendance, type of diploma / completed degree of education, data on certificates relevant to seafarers' activities;
• Data on work experience and job descriptions (so-called professional data): data on current job position, years of experience, current department, position and type of vessel on which the Data Subject serves, past experience data for at least 5 years, desired job, preferred type and the dynamics of the contract, the date of employment, the minimum expected salary, the willingness to accept the lower employment position;
• data on the previous naval service, that is, employment;
• data on the previous two employers the Controller can refer to;
• information on the nearest relative: name, surname, relationship with the data subject, street, place and country of residence, telephone number information;
• Travel Document Data (Passport Information, USA Visa Information, Seaman's Book) such as: Certificate Number, Issuer Data, Issuance Date, Validity Date, Issue Location, etc;
• Data on employment agreements concluded through the Controller, such as: employer data, duration of employment contract, work place, ship and all other Personal data contained in the employment agreement;
• flight data, records on registration of embarkation / disembarkation of the Data Subject, and such;
• other personal information contained in the resume of the Data Subject;
• technical data (number of website visits, or receipt and use of materials and communications sent by the Controller to the Data Subject electronically) collected through cookies;
• Additional personal information provided by the Data Subject to the Controller upon the Employer’s quest when conducting a Selection Procedure by the Company on behalf of the Employer;
• and other information that the Data Subject may provide to the Controller either self- initiated or upon the request of the Controller.
Sensitive Personal data
1. The Controller does not process special categories of Personal data of Data Subjects who reveal racial or ethnic origin, political opinions, genetic data, biometric data, or information about sex life or sexual orientation of an individual.
2. The Controller may collect and process Personal data of data subjects which disclose religious or philosophical beliefs when mediating on behalf of the data subject in obtaining visas or other approvals for entry, exit and / or stay in the territory of a particular country, which documentation is required for the Data Subject to conclude and execute the employment agreement concluded through the mediation of the Controller.
3. The Controller may collect and process Personal data of Data Subjects which disclose membership in a trade union when an employee provides such information to the prospect of a potential employer or self-initiated.
4. The Controller collects and processes data on judicial and other procedures in relation to the Data Subject, such as: information on the refusal of visa issuance, information on judicial proceedings conducted against the data subject, information on maritime accidents involving the data subject, or a Criminal Record Office Certificate. Personal Data the Controller processes when mediating on behalf of the Data Subject inobtaining a visa or other approval for entering, leaving and / or staying in the territory of a particular country, which documentation is required for the Data Subject to conclude and execute an employment agreement concluded through the mediation of the Controller or when information is required by the potential employer for the purposes of an employment, and the Data Subject agrees to provide this information.
5. The Controller collects and processes data on the health of the Data Subject, such as: health certificate data (such as: number of the document, the issuer data, the date of issue, the date of validity, the place of issue, etc.), the yellow fever vaccine or other diseases vaccines (date, institution that has been infected, etc.), data of the disease history for the last 12 months prior to the registration on the Controller's website, data on current medical reasons for abandonment of the ship, information on existing health problems and disabilities and data on use of sick leave. The Controller processes the aforementioned data for the purpose of executing an employment mediation contract concluded with the Data Subject or another mediation contract on behalf of the Data Subject such as mediation with the competent authorities on behalf of the Data Subject for the purpose of obtaining a visa or other documentation, and since the said processing is necessary for the needs of fulfillment of obligations and the realization of special rights of the Data Subject which derive from the employment relationship with the employer (the shipping company) until the conclusion of the employment agreement which was made through the mediation of the Controller.
Manner of collecting of Personal data
1. The Controller collects Personal data of the Data Subject in various manners, including:
• as part of the business processes of the Company and during the fulfillment of the Company's obligations under a service provision contract or other contract concluded between the Company and the Data Subject;
• by opening a user’s account and logging in to the job application and their update by the Data Subject;
• during website tracking, including e-mail communication addressed to and from the Company;
• when the Data Subject delivers information during direct communication with the Company, including personal communication with Company staff and online communication via the website or e-mail, and
• from third parties (including for example Facebook and other social networks).
2. When the Controller collects your Personal data in any of the aforementioned manners, it only uses them for the purpose specified at the time of collection ofsuch data.
3. Depending on the type of activity, some required data is defined as mandatory and some as voluntary. If you do not provide mandatory data for activity that requires them, the Controller may not be able to include you in this activity. Specifically, the Controller cannot enter intothe employment mediation contract with the Data Subject if the Data Subject does not fill in at least the data on professional experience and desired employment (together on the website referred to as: "professional data") in his profilein job application.
Purpose and period of Personal data storage
1. When the Controller collects and processes Personal data, it does so in order to:
• fulfill its obligations under the service provision agreement or another agreement concluded between the Company and the Data Subject,
• conduct business processes of the Company and to perform business activity of mediation in the employment of seafarers;
• improve the services of the Company, measure the satisfaction with the Company's services;
• manage relations with Data Subjects (users of the website and / or applications for business and / or services) and other persons in the performance of its business;
• for website analysis and administration, including monitoring of website usage;
• make available the data requested by the Data Subject;
• fulfill any of its legal obligations.
A. PROVISION OF THE COMPANY’S SERVICES AND BUSINESS MANAGEMENT
• The Controller as a provider of mediation services for seafarers collects and processes from users of its services (Data Subject) the following Personal data: personal identification data, contact details, user data, qualification data, employment experience and desired employment data, data on the nearest relative, data on court and other proceedings, health data, other Personal data contained in the resume of the Data Subject, data on employment agreements concluded through the Controller’s mediation, travel documents and additional Personal data provided by the Data Subject to the Controller at the employer's request during the conduction of the selection procedure by the Company on behalf of the employer.
• The Controller collects some of the aforementioned Personal data for the purpose of fulfilling its legal obligations to the competent authorities. For more information on the above, please review Subsection D. "Fulfillment of Legal Obligations of the Controller".
This Personal data is collected for the purpose of concluding and executing a mediation service agreement with the Data Subject or another agreement concluded between the Company and the Data Subject (e.g. a mediation agreement in obtaining a visa or other residence permit in country of the employer or the state of the port in which the ship is located) by the Controller as a service provider, and executing a business processes that include contacting users (Data Subject), answering and solving users requests (Data Subjects) and disputes with users (Data Subjects).
Personal data collected for the purpose of performing contractual obligations of the Controller and relationship management with the Data Subjects who use its services shall be deleted from the Controller’s database 3 years after performed mediation at the earliest and not later than 8 years as of the date of the last update of the User’s Account data by the Data Subject or from the day of deletion of the account or a written statement of the data Subject stating he/she no longer wishes to use the Company's mediation services.
• To the extent of what is reasonably necessary in relation to the Company's services, it is possible we will have to share Personal data with third parties. Please see the Subsection “Persons with whom we share your Personal data”.
B. MARKETING, DEVELOPMENT AND IMPROVEMENT OF THE COMPANY’S SERVICES
• Some of the aforementioned data for identification, contact information and other data of the Data Subjects collected in the registration process of Data Subjects at www.dgs.hr (specifically: first name, last name, e-mail address) the Controller uses for the purpose of sending marketing messages, newsletters on vacant job positions, surveys or questionnaires by which the Company measures the satisfaction with the Company's services provided, if the Data Subject has given his / her consent.
• If you no longer wish to receive these marketing messages, newsletters, e-mails about Company services, you can log out at any time by clicking the "Sign out" link in each marketing message or newsletter and by sending an email to: email@example.com [·].
If you are completing surveys or questionnaires by which the Company measures the satisfaction of the users of Company's services or conducts a market research, it may be that the Company will collect some of the Personal data defined by the survey in question for marketing purposes and / or other purposes specified in the relevant survey.
The Controller keeps Personal data collected for these purposes permanently or up to the moment of the Data Subject’s objection to the processing of the personal data (if applicable) or withdrawal of the Data Subject’s consent (if the same is required for the particular purpose the Personal data was collected for), after which the Controllerwill delete or destroy them. The Controller keeps technical data collected for this purpose via cookies as stated in the “Cookies Notice”.
C. USERS RELATIONSHIP MANAGEMENT
The Controller,in its capacity of a Website Service Provider (web site www.dgs.hr), for the purposes of visiting the website, registration, or opening a user account, managing and administering thewebsite, or troubleshooting the website, may process the following Personal data from a registered user of the website: name and surname, date of birth, place of birth, username, password, e-mail address and mobile phone number.
Personal data collected for this purpose is kept permanently or until the user's (Data Subject)account is deleted.
The Controller may use personal identification data, contact information data, user data, and technical data of the Data Subject to find out:
- do you read e-mails or other materials of the Company, including newsletters, either by downloading attachments in emails or by opening links (links);
- do you open web links or logouts included in the e-mail messages and marketing materials of the Company;
- do you visit and how do you visit the website after you open the links provided by theCompany. We do this by using software which puts cookies on your device that track this activity and record the same. Please check the Cookies Notice published on this website for more information on how to manage and remove cookies.
D. FULFILING LEGAL OBLIGATIONS OF THE CONTROLLER
In addition to the foregoing, the identification data, contact data and flight data, employment contracts data, data from the registration file on the embarkation / disembarkation of the Data Subject and other data of the Data Subject it collects, as well as any other Personal data it keeps records of, the Controller processes in order to fulfill its legal obligations, including, but not limited to, legal obligations on the basis of regulations regulating the intermediation in employment of seafarers such as submitting data to the competent authorities (e.g. Ministry of Maritime Affairs, Transport and Infrastructure).
Personal data collected for this purpose is stored for the period prescribed by law (e.g. in accordance with the Bylaw on SeafarersEmployment Intermediation Servicethe agent i.e. the Controller, is obliged to keep all documentation concerning the employment of seafarers and all the records he keepsfor at least three years).
The basis for processing of Personal data
The Controller processes your Personal data on the following basis:
• the performance of a contract on employment mediation services of the Company or another contract concluded between the Data Subject and the Company;
• legitimate interest of the Controller for:
- providing and managing the website service,
- tracking Data Subject’s visits to the website, tracking of file openings, e-mail messages, links that the Controller refers to the Data Subject,
- for the purpose of determining, resolving disputes and conducting proceedings between the Data Subjects and the Company,
- for the purpose of sharing Personal data with third parties as stipulated in this Privacy Notice in detail;
- to create an employment seeker base pursuant to specific characteristics (vocation, qualifications, employment positions) for the purpose of selecting and suggesting suitable candidates for employers (so-called profiling);
• express consent of the Data Subject to receivenewsletters, participate in questionnaires / surveys for the purpose explicitly specified in each questionnaire / questionnaire; for processing of Sensitive Personal data of the Data Subjects when they are being processed on the basis of the consent and;
• For the fulfillment of legal obligations of the Controller (e.g. keeping the records of seafarers).
Sensitive data processed by the Controller (data on philosophical and / or religious beliefs and / or membership in the trade union) on the basis of execution of aemployment mediation agreement and agreement on mediation in obtaining visas and / or similar documents is also processed on the basis of Article 9. paragraph 2 (a) or (b) (depending on the specific situation) of the General Data Protection Regulation, i.e. when the Data Subject has given his/her explicit consent to process such Personal data for specific purpose or where the processing is necessary for the purposes of performing obligations and to exercise special rights of the Controller or Data Subject in the field of the employment law and the social security and protection of social rights law.
Sensitive data relating to the health of the Data Subject processed by the Controller on the basis of the performance of an employment mediation agreement or agreement on mediation in obtaining visas and / or similar documents by the Controller shall also be processed in accordance with Article 9, paragraph 2 ) of the General Data Protection Regulation, or where processing is necessary for the purpose of performing obligations and the realization of special rights of the Controller or the Data Subject in the area of the employment law and the social security and protection of social rights law.
Sensitive data on judicial and other proceedings against the Data Subject which is processed by the Controller on the basis of execution of an employment mediation agreement or agreement on mediation in obtaining visas and / or similar documents is processed in situations permitted under the law of the Republic of Croatia for the purpose of exercising the rights of the Data Subject abroad (residence permit or work permit in the territory of the employer's state or the state where the ship's port is located). Additionally, the Controller may process such information when requested by a potential employer if the Data Subject agrees to provide such information, i.e., on the ground of a consent.
Persons with whom the Controller shares your Personal data
•The Controller shares information you submit to it with third parties in execution of an employment mediation agreement concluded with you (the Data Subject), namely,with employers who, on the basis of the information you provided, it considers you would like to enter into an employment agreement with.
• The Company may, on the basis of its legitimate interest, share your Personal data with third parties in accordance with the contractual obligations it has with them in order to fulfill its obligations towards the Data Subject.
Such business partners of the Controller belong to the following categories of recipients of Personal data:
- equipment store (e.g. shoe size and clothing, name and surname),
- IT associates (e.g. user data, identification data).
- health institutions and polyclinics in which the Data Subjects are submitted to medical examination (name and surname of the Data Subject only),
- travel agencies (e.g. the name and surname of the Data Subject, travel information or other travel document required).
• The Controller may share Personal data with supervisory authorities, courts or state agencies when such data sharing is necessary. Unless prohibited by law, we will make all reasonable efforts to inform you of such disclosure of your Personal data performed by the Company.
• The Company does not allow your Personal data to be made available to third parties for the purpose of offering third-party products and services, unless you have given your explicit consent for that purpose.
Data transfer outside EU
• Data provided to the Controller by you may be shared with third parties outside the territory of the European Union when executing an employment mediation agreement concluded with you (Data Subject), with employers who, on the basis of the data you provided, it believes you would like to enter into an employment agreement with or employers with whom you have entered into an employment agreement through the mediation of the Controller.
• It is possible that some other recipients of Data Subject’s Personal data are outside the European Union (e.g. travel agencies with whom the Controller contracts the travels for the Data Subject) and to whom the Controller forwards your data in order to fulfill your obligations towards you.
The Controller shall ensure that the transfer of Personal data to third countries is carried out on the basis of an adequacy decision or by using appropriate protection measures or deviations for specific situations, which shall be duly notified to the Data Subject prior to the intended transfer.
Protection of your Personal data
1. The Company takes Personal data protection seriously and it has taken various precautions to protect your Personal data. Data Subject’s Personal data can be accessed using a password and a username on the website. The Data Subject’s password is encrypted. It is recommended that Data Subject does not disclose the password to anyone. In addition, Personal identification data of the Data Subjects is kept on a server that can only be accessed by selected persons and providers. The Company encrypts certain sensitive information using Secure Socket Layer (SSL) technology to ensure that Personal data is secured. You have to take care of the security of your password and change it occasionally.
2. Unfortunately, no data transfer over the Internet or any wireless network can be 100% secure and the Company cannot guarantee the protection of any data transmitted to or from the web site and is not responsible for the actions of any third party to whom such data is made available.
3. In accordance with the applicable law on the protection of Personal data, the Company shall use technical and organizational measures to protect Personal data against unauthorized access, use, disclosure or destruction.
4. In order to protect the Personal data of Data Subjects and the privacy of the Company, the Company carries out the appropriate physical, technical and organizational protection measures. Maintenance and safety testing stipulated is carried out on an ongoing basis. The Company restricts access to the data of the Data Subject by allowing access only to authorized persons directly engaged in providing or maintaining the service, as well as improving the quality and collection of services.In addition, the Company continuously trains its personnel on the importance of confidentiality and the maintenance of privacy and Personal data security and engages partners with whom it contracts appropriate protection measures.
Rights of the Data Subject
1. Right to object - The Controller seeks to ensure the highest standards in processing of Personal data and approachesseriously to resolution ofevery complaint of the Data Subject.
In case you consider the processing of Personal data processed by the Controller is contrary to the regulations on the protection of Personal data, please notify us in writing to the Controller’s address (DGS d.o.o. Rijeka, MilutinaBarača 7, att: Controller - do not open) or via e-mail address: [firstname.lastname@example.org].
Your objection can also be addressed to the Supervisory Authority –Agencija za zaštituosobnihpodataka (Personal Data Protection Agency), Zagreb, Martićeva 14 and from 25 May 2018 you may also refer to the supervisory authority within the EU.
2. Right of Access: Every Data Subject has the right to request details of Personal data processed by the Controller in relation to him / her and the manner in which they are processed.
3. Right to Rectification: If the personal data the Controller processes about you is incomplete or inaccurate, you can request the Controller for a correction or amendment of such data at any time. Please notify us of any changes to your Personal data via e-mail: [email@example.com] in order to update your data.
4. Right to Erasure ("Right to be Forgotten"): You may request the Controller to delete your Personal data if it has been processing it unlawfully or if processing represents disproportionate interference with your protected interests. Please note there are reasons that prevent the instant deletion, for example, in case of archiving obligations prescribed by the law.
5. Right to a Restriction of processing: You may request a Restriction of processing from the Controller:
• If you dispute the accuracy of the data,during a period that allows the Controller to process the accuracy of such data;
• If data processing was unlawful but you refuse the erasure and require a Restriction of processing instead;
• if the data is no longer needed for the envisaged purposes, but you still need them in order to realize some of your legal claims; or
• If you have filed a complaint for processing of this data.
6. Right to Data Portability: You can request the Controller to deliver the data you have entrusted it to you in a structured form, in a standard machine-readable format:
• If this data is processed on the basis of a consent you have given and which can be withdrawn or for the execution of an agreement, and
• if the processing is performed using automated processes.
7. Under certain circumstances, each Data Subject is also entitled to request for termination of any unauthorized transfer of his / her Personal data to third parties and to require that the Controller does not transmit the Personal data relating to him/her to third parties.
8. Exercising Rights: If you wish to exercise any of these rights, please contact us using our contact information stipulated in Article 1 of this Privacy Notice.
9. Confirmation of identity: In case of a doubt, we may request additional information to verify your identity. It serves to protect your rights and private spheres.
10. Misuse of Rights: If you use any of these rights with an obvious intent to misuse them, the Controller may charge an administrative fee or decline to process your request.
11. When you object to the processing of your Personal data by the Controller or when you withdraw the consent, there is a possibility that the Company will not be able to achieve the processing purpose specified in this Privacy Notice or that you will not be able to use our services. Withdrawalof the given consent does not affect the legitimacy of processing that was based on the consentprior to the withdrawal.
12. When you object to the processing of your Personal data by the Controller or when you withdraw the consent, it is important that you understand the Company may continue to process your Personal data to the extent required or otherwise permitted by law.
Consequences of Personal data denial andmanagement of the consent
1. In the event of denial of your Personal data on employment experience and preferred employment (“professional data”) required by the Company for the purpose of entering into and exercising the rights fromthe employment mediation agreement or other agreements entered into between the Company and the Data Subject, the agreement cannot be concluded, since the Controller will not be able to perform the agreement and successfully mediate for the Data Subject.
2. Registration via the website www.dgs.hr is not possible if the Data Subject does not wish to provide specific Personal identification data (name and surname) and contact information data (e-mail address, country of residence) and specify the password. Without registration a great number of website services is not available such as the employment application for submittingother data required by the Controller in order to provide the employment mediation services, applications to individual vacancies,etc.
3. You may withdraw the consent you have given to the Controller for a particular purpose based on the consent, at any time in which case your Personal data collected on the basis of the consent will no longer be used for the purpose mentioned. In this case, please note that the Controller will not be able to perform activities that require processing of Personal data which was based on the consent.
4. Notwithstanding the foregoing, in the event of denial or withdrawal of the consent with respect to the processing of Sensitive Personal data when the processing of the same is based on the consent (e.g. information on judicial and other proceedings on the employer's request or membership in the trade union on the employer's request, when such data is not necessary for entering into an employment agreement or obtaining a visa or a similar document) cannot have a negative impact on the Data Subject.
5. You can give and withdraw consent by sending an e-mail to the e-mail address firstname.lastname@example.org or by sending a written request to the address of the Controller in Rijeka, MilutinaBarača 7.
6. If you wish to give your consent once again, you can do so by sending an e-mail to the e-mail address: email@example.com or by sending a written request to the address of the Controller in Rijeka, MilutinaBarača 7.
Profiling and Automated Decision-making
1. Personal data of the Data Subject in the process of registering and using the employment application are also used to profiling users for the purpose of creating a user base according to certain criteria such as vocation, qualification, job position etc., in order to successfully perform the selection of Data Subjects in the employment mediation of seafarers.
2. The Company does not use the automated decision-making.
Confidentiality of Third-party data
1. This Privacy Notice applies only to the use of data the Controller collects from the Data Subjects. Other websites accessible through the website www.dgs.hr have their own notices of confidentiality and data collection and the manner of their use and publishing. In case you visit one or more other websites through www.dgs.hr, we recommend that you review the privacy notice of that site. The Company is not responsible for manners and conditions of third parties’ activities.
4. The aforementioned analysis software also collects and stores some technical data, including the IP address of the user. Personal data collected by these cookies is: cookie consent - CookieWarningAgreed, a cookie connecting a cart with unregistered user - CartStorageID, the registered user selected "Remember me" when signing in to the system - IntranetUserld; the user voted on the poll - PollAnswered˂ID˃ and information that the user gave a rating on something so he/she could not repeat it (encrypted cookie content) -Rating˂Name web.
5. Cookies from the previous item have the following duration:
CookieWarningAgreed: 90 days;
CartStorageID: 90 days or custom setting;
IntranetUserId: 90 days;
PollAnswered : Does not expire;
Rating : Does not expire.
7. Analysis cookies, third-party cookies, advertising cookies, and similar cookies can be stored on your computer only with your explicit consent. You can either turn off or delete such cookies by using the appropriate settings on your browser.
8. Manage your cookies by selecting settings from your browser menu. You can always withdraw your cookie consent in the same manner by selecting settings in your browser menu.
9. Most web browsers accept cookies, but you can usually change your browser settings to reject new cookies, disable existing ones, or simply notify you when new cookies are sent to your device.
11. Please note that certain page functionality may be lost if you decline or disable cookies. In addition, disabling cookies or cookie categories does not delete the cookie from your browser. You have to do this yourself in the browser menu.
12. Your Personal data collected through cookies is not shared with third parties without your express consent. This data is kept permanently by Google Analytics, and the user can delete them whenever he/her wants.
13. You can find the rights of the Data Subject and other information regarding Personal data that is collected by cookies in the Privacy Notice.
14. Any changes to this Notice will be communicated to the users at www.dgs.hr.
15. Shouldyou have any questions regarding this Notice, please contact us at: firstname.lastname@example.org.