PRIVACY POLICY

Last updated: 16.05.2024

In compliance with the General Data Protection Regulation (GDPR) Articles 13 and 14, FLAIR GRUP MANAGEMENT SRL is committed to ensuring the protection and proper handling of personal data. This privacy notice for Flair Grup Management ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• Visit our website at https://flairgrup.com, or any website of ours that links to this privacy notice

• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@flairgrup.com.

1. DATA CONTROLLER INFORMATION

Name: FLAIR GRUP MANAGEMENT SRL

Address: Str. Danubiu nr.6, bl. 6E, sc. 2, ap. 16, sector 3, Bucharest

Fiscal code: RO33198550

Company registration number: J40/6119/2014

Email: office@flairgrup.com

Data Protection Officer’s e-mail: privacy@flairgrup.com 

2. WHAT PERSONAL DATA DO WE COLLECT?

For our website’s visitors: e-mail, phone number, messages transmitted to us.

For the seafarers: 

Personal Identification Data: Full name, date of birth, place of birth, address, personal numerical code, series and number of the identity document.

Contact Information: Home address, email address, phone number, and emergency contact details.

Physical Characteristics: Height, weight, clothing, and shoe sizes, necessary for uniform and safety equipment purposes.

Employment-Related Documents: Certificates of competency, qualifications, work history, resumes/CVs, and personal photographs.

Travel Documents: Passport details, visas, and other travel-related documentation required for international work assignments.

Health Information: Medical records that include fitness assessments, medical certificates necessary for offshore work, and any other health-related information deemed necessary by maritime health regulations.

Identification and Verification Data: Copies of personal identification documents such as national ID cards.

Education and Training Records: Records of completed training courses, certifications, diplomas, and other qualifications relevant to the role within maritime operations.

Special Category Data: Health-related information and nationality as part of our mandatory recruitment requirements.

Information automatically collected: 

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes. 

Like many businesses, we also collect information through cookies and similar technologies. 

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).

• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Information collected from other sources: 

In Short: We may collect limited data from public databases, marketing partners, and other outside sources. 

In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. 

3. HOW DO WE PROCESS YOUR PERSONAL DATA? 

The personal data is processed with specific objectives that are critical for our operations and compliance with legal requirements in the maritime industry. Below are detailed descriptions of each purpose: 

Recruitment and Staffing:

·         To assess and verify the qualifications and suitability of candidates for various seafaring roles. This includes reviewing work history, certifications, and other relevant credentials.

·         To match candidates with appropriate job vacancies aboard ships, ensuring that their skills and experience meet the specific requirements of each position.

Regulatory Compliance:

·         To ensure compliance with maritime laws and regulations, which require specific documentation, such as valid travel documents, medical certificates, and training certifications.

·         To maintain records as required by maritime regulatory authorities for inspections and audits, ensuring that all crew members are compliant with international maritime standards. 

Health and Safety:

·         To manage health and safety obligations, which include processing health-related data to monitor the medical fitness of crew members and ensure they are capable of performing their duties safely.

·         To handle medical emergencies or incidents at sea, ensuring that appropriate medical care is available and that incidents are reported in accordance with maritime health and safety regulations. 

Internal Administration and Operations: 

·         To improve our recruitment and operational processes through data analysis and strategic planning.

·         To maintain communication with employees and manage internal company administration. 

4. LEGAL GROUNDS FOR PROCESSING

Under the General Data Protection Regulation (GDPR), our company strictly adheres to lawful bases for processing personal data. We may process your data when you have given us explicit consent to use your personal data for a specific purpose, and you can withdraw this consent at any time. Processing your data is also necessary for a contract you have with us or because you have asked us to take specific steps before entering into that contract. 

Additionally, we are obligated to process data in compliance with legal obligations to which we are subject, which includes fulfilling requirements under employment, tax, and social security laws. In situations where it is necessary to protect someone’s life, such as in medical emergencies, we may process your data to protect vital interests. 

We may process your data when it is necessary for our legitimate interests or the legitimate interests of a third party, provided these interests are not overridden by your rights and interests. This includes processing for business management, operational, or marketing purposes. 

We ensure that each processing activity is carefully evaluated to ensure necessity and fairness, maintaining a balance between your privacy rights and the needs of our business operations. We also keep you informed about the specific legal basis we rely on for processing your data, especially if the context of the processing activity changes. 

5. LEGAL GROUND FOR PROCESSING OF SPECIAL CATEGORY DATA 

We process special categories of personal data, specifically health-related information and nationality, as part of our mandatory recruitment requirements for seafarers. The legal basis for processing this data is stipulated under Article 9(2)(b) of the GDPR, which states that processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the data controller or the data subject in the field of employment, social security, and social protection law. This processing is permissible under EU or national law, or a collective agreement pursuant to national law which provides appropriate safeguards for the fundamental rights and interests of the data subject. This includes assessments of working capacity and compliance with maritime safety regulations, crucial for both the effective functioning of our maritime operations and the safety of our crew members. 

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES? 

In Short: We may use cookies and other tracking technologies to collect and store your information. 

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice. 

7. HOW DO WE KEEP YOUR INFORMATION SAFE? 

In Short: We aim to protect your personal information through a system of organizational and technical security measures. 

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS? 

In Short: We do not knowingly collect data from or market to children under 18 years of age. 

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@flairgrup.com. 

9. RECIPIENTS OF PERSONAL DATA

In the course of our recruitment operations, we share the personal data we collect with various parties who play specific roles within and related to the maritime industry. These include port agents and shipping companies, who receive personal and employment-related information to facilitate crew changes, manage logistics, and ensure compliance with maritime regulations at various ports of call. Additionally, external collaborators and service providers such as travel agencies, training providers, and IT service providers, including internet service providers managing our email systems and hosting services, are integral for arranging travel, delivering necessary training, and maintaining our data systems and cybersecurity. 

Furthermore, we share health-related data with medical centres and healthcare providers who conduct pre-employment medical examinations or provide medical care to crew members during employment, ensuring that all health and safety standards are met. This cooperation extends to regulatory and governmental authorities, including maritime regulatory bodies, immigration authorities, and tax agencies, to ensure compliance with international and local laws related to labour, immigration, and taxation. 

Our legal and financial advisors can also access personal and financial data to provide legal advice, ensure compliance with financial regulations, and assist in the resolution of disputes. 

Each of these recipients is chosen based on their ability to fulfill their responsibilities in accordance with GDPR standards, and we ensure that all data shared is limited to what is necessary for the specific purpose, with appropriate safeguards in place to protect the data and respect the rights of individuals. 

This processing is carried out under the lawful basis of substantial public interest and is necessary for the assessment of working capacity of seafarers as per maritime law.

10. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA) 

In our maritime recruitment operations, the nature of our business requires transferring personal data outside the European Economic Area (EEA) to ensure the effective management and operation of our crew on international voyages. These transfers are essential for the execution of employment contracts between our seafarers (the data subjects) and the employers, as well as for taking steps at the request of the seafarers before entering into such contracts. This includes making necessary arrangements for joining ships or transferring to other ports globally, which cannot be achieved without processing data across borders. 

The legal basis for these transfers is outlined in Article 49(1)(c) of the GDPR, which states that the transfer is necessary for the performance of a contract between the data subject and the employers or the implementation of pre-contractual measures taken at the data subject's request. 

When transferring personal data internationally, we ensure that all necessary safeguards are in place to protect the data and comply with GDPR requirements. This includes assessing the data protection measures of the third country and using appropriate safeguards such as standard contractual clauses approved by the European Commission. We also maintain transparency with our seafarers about the nature of these transfers, the reasons for them, and the measures we take to ensure their data is protected. 

Moreover, we continuously monitor regulatory updates and guidance from relevant authorities to ensure our practices remain compliant with international data protection standards. This proactive approach helps us manage the complexities of international data transfers while safeguarding the rights and freedoms of our seafarers. 

11. DATA RETENTION PERIOD 

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law. 

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). 

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. 

12. CONTROLS FOR DO-NOT-TRACK FEATURES 

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

13. DO WE MAKE UPDATES TO THIS NOTICE? 

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws. 

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information. 

14. YOUR RIGHTS 

Under the General Data Protection Regulation (GDPR), you have several important rights that ensure you have control over your personal data. Below is a detailed explanation of each right:

a) Right to Access: You have the right to request access to your personal data that we hold. This allows you to receive a copy of the personal data we have about you and to check that we are lawfully processing it. 

b) Right to Rectification: You have the right to request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold corrected, though we may need to verify the accuracy of the new data you provide to us.

c) Right to Erasure (‘Right to be Forgotten’): You have the right to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. 

d) Right to Object to Processing: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. 

e) Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.

f) Right to Data Portability: You have the right to request the transfer of your personal data to another party. For data processed by automated means and with your consent or under a contract you have entered into, you can ask us to provide your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance.

g) Right to Withdraw Consent: Where the processing of your personal data is based on consent, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

h) Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

i) Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. 

It is important to us that your rights are fully respected and upheld. If you wish to exercise any of the rights set out above, please contact us using at the e-mail address: privacy@flairgrup.com. We aim to respond to all legitimate requests within one month.