Privacy policy

Introduction
1. The scope of this policy is to inform about the personal data usage intentions, protection, legal corpus, and processing time of data acquisition, furthermore, to follow good practice and protect the reputation of the Company.
Data Controller and contact information
The Data Controller is - SIA “Riva Marine” (hereinafter referred to as – Company), Registration number: 40203091466, Legal address: Ventspils šoseja 32, Jurmala, LV-2011, Latvia. Contact information: +37126003882 e-mail: info@rivamarine.lv

Policy scope and legal corpus
2. This policy serves to protect personal data of physical persons – seafarers, hereafter referred to as – Clients, and other physical persons related to the Client, whose data have been processed by the Company in any way.
3.  This Policy applies to the protection of identifiable physical persons with regard to the processing of personal data and to the free movement of such data in accordance with General Data Protection Regulation No 2016/679 of European Union, the data protection normative acts of Republic of Latvia and rules of this Policy.
4. The Policy applies to the Company, and correspondingly to all its branches and employees, as well as to any partners, contractors and other persons in business with the Company.
5. This Policy is applied regardless the way and/or situation in which the personal data of the Client have been acquired by the Company and regards all electronic systems of physical forms provided by the Company.
6. This Policy will be reviewed periodically, but not later than every 3 (three) years. The Company reserves the right to modify and update this Policy at any time. Changes to this Policy will come into effect immediately upon such changes being approved by the Company Board.

Personal data
7. Personal data list and categories, that are acquired with Client’s consent and other legal corpus of data processing is overlooked by the Company’s data processing record that is available physically in the Company’s headquarters.

Purposes of processing personal data

8. The data can be processed by the Company for the following purposes:
• a) providing services, including but not limited to the Client’s identification, the identification of the position and qualification, determining work experience, employment on Latvian and foreign ships, the preparation and execution of the contract of employment (hereinafter referred to as - CoE), finalizing visas, purchasing airline tickets, and processing other travel documents, confirming health status, administrating settlements, drawing up professional documents, for arranging the necessary documents and formalities of the flag state, port and border control needs, settling insurance formalities;
• b) business planning and analytics – statistics and business analysis, planning and accounting, increasing efficiency, ensuring data quality, preparing reports, purposes of risk management activities;
• c) provision of information to any government administration of the Republic of Latvia or foreign and the subjects of operational activity in the events and amount set in external normative acts;
• d) other specific purposes of which the Client is informed at the moment that Client submits the relevant data to the Company.

Legal bases for processing personal data

9. The Company uses personal data with accordance to the following legal bases:
• a) the Client has given consent to the processing of Client’s personal data for one or more specific purposes;
• b) processing is necessary for the performance of a contract to which the Client is a party or in order to take steps at the request of the Client prior to entering into a contract;
• c) processing is necessary for compliance with a legal obligation to which the Company is subject;
• d) processing is necessary in order to protect vital interests of the Client or of another natural person;
• e) processing is necessary for the purposes of legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedom of the Client which require protection of personal data.
• 10. The legitimate interests of the Company are - commercial activity, verification of the Client’s identity, qualification and work experience before signing a CoE, provision of the CoE commitments, preservation of data submitted by the Client, analysis of the usage of the Company’s data base, development and introduction of its improvements, administrating the Client’s account in the Company’s data base, promotion of the Client’s motivation to cooperate with the Company, segmentation of the Client’s data base for providing efficient services, provision and development of the Company’s service, notifying of the course of execution and significant events relating to the CoE, fraud prevention, providing efficient enterprise administration, accounting and analytics of business and finances, providing and developing service efficiency and quality, administrating payments, turning to government and operative action agencies and court for the protection of legal interests.

Personal data processing and protection

• 11. The Company processes and protects personal data by using the means of modern technology, regarding existing risks of privacy and the Company’s sensibly available organizational, financial and technical resources.
• 12. Within the framework of consent, which the Client has given to the Company, the Company has the right to transfer the Client’s personal data to the shipowners and/or their authorized management companies. If the shipowners and/or their authorized management companies process the Client’s personal data, the relevant shipowners and/or their authorized management companies are regarded as Data Controllers.
• 13. To provide an operational and high-quality conduct of commitment of a CoE signed with a Client, the Company has the right to authorize their cooperation partners to carry out separate services, for example, processing a visa, providing training and qualification, administrating the Client’s professional documents. If by fulfilling these tasks the cooperation partners of the Company process the personal data of the Client, the relevant partners are regarded as Data Processors and the Company has the right to transfer the personal data of a Client to the cooperation partners in such an amount that is necessary to achieve these tasks.
• 14. The cooperation partners of the Company (in the status of data processors) will provide the fulfillment of requirements for the procession and protection of personal data according to the Company’s requirements and legislation and will not use the personal data for other purposes other than the obligations on behalf of the Company.

Personal data recipient categories:

• 15. The Company does not disclose the Client’s personal data to a third party, except for the following cases:
• a) if the data must be submitted to Latvian and/or foreign shipowners or their representative management companies, in accordance to the Client’s clear and indisputable consent that has been given willingly, for the purpose of signing a potential CoE;
• b) if the data must be submitted to the maritime Administration of the flag state for carrying out necessary documentation;
• c) if the data must be submitted for executing necessary travel documentation, including but not limited to, foreign embassies, travel agencies, airline companies, etc.;
• d) if the data must be submitted to agents in foreign ports to provide safe embarkation and disembarkation to and from the vessel including all required immigration and ISPS formalities; as well as including cases in which the agent’s services are necessary for medical assistance during the time when the vessel is in a foreign port;
• e) if the data must be submitted to an insurance company, if medical assistance and investigation is needed in case of an incident during the contract time;
• f) if the data must be submitted to law enforcement or other authorities according to the rules stated in normative acts.

Personal data submission/transferring to third countries and/or international maritime organizations (outside of the European Union and EEZ)

16. Only in necessary cases, abiding the rules stated in the normative acts and the cases stated in the sub articles of Article 16 (sixteen) of this Policy, can the Client’s personal data be transferred to third countries and/or international maritime organizations, if:
• a) the Client has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the Client due to the absence of a sufficient decision and appropriate safeguards;
• b) the transfer is necessary to carry out a contract between the Client and the shipowners and/or their authorized management companies or the implementation of pre-contractual measures taken at the Client's request;
• c) the transfer is necessary in order to protect the vital interests of the Client or of other persons, where the Client is physically or legally incapable of giving consent.

Personal data storage duration

17. The Company stores and processes the Client’s personal data as long as one of the following criteria is met:
• a) while the Client consents to the personal data processing, but no longer than 10 (ten) years after signing the Client’s last CoE, unless there is another legal reason for processing;
• b) while in the order of external normative acts the Company or the Client can carry out their legitimate interests;
• c) while the Company has a legal responsibility to store the personal data.

18. After the reasons mentioned in the Article 18 of this Policy expire, the Client’s personal data is permanently deleted.

Access to personal data and other rights of the Client

• 19. The Client holds the right to demand the Company access to Client’s personal data, as well as the right to demand adding, editing or deleting them, or limiting the processing in regard to the Client, as well as the right to restriction to processing altogether (including the personal data processing that has been done based on the legitimate and legal interests of the Company), as well as the right of portability the Client’s data. These rights are to be realized as far as data processing does not stem from the Company’s responsibilities that have been bestowed upon it according to normative acts.
20. The Client can submit a demand for the realization of their rights:
• a) in writing at the Company’s office, providing a document of identification;
• b) submitting a demand electronically that has been signed with a secure e-signature; sent to the e-mail address:info@rivamarine.lv

21. By receiving the Client’s demand of realizing their rights, the Company confirms the Client’s identity, evaluates the demand and carries it out according to the normative acts.
22. The Client holds the right to turn to the Company’s personal data protection officer with a request of possible personal data processing and protection law breach and its prevention. As a safeguard against the possibility of victimization of Client all complaints sent to data protection officer will be confidential. The answer must be given within 30 days from the day of receiving the demand.
23. The Company guarantees a fulfillment of requirements concerning data processing and protection in accordance to the normative acts and in the case of the Client’s complaints carries out the necessary actions to solve the complaint. However, if it fails, the Client has the right to turn to a supervisory authority – Data State Inspectorate of Republic of Latvia.

The Client’s consent to data processing and the right to withdraw it
24. The Client’s consent to personal data processing, which the legal basis of is a consent, is given on the site www.rivamarine.lv, by clicking confirm you agree to our data policy terms in the application form.
25. The Client has the right to withdraw Client’s consent to data processing at any moment by submitting a demand electronically that has been signed with a secure e-signature; sent to the e-mail address :info@riva-marine.com or in the Company’s office and in which case any further data processing that is based on a previous consent to it will not be carried out.
26. The withdrawal of consent does not affect the data processing that took place while the Client’s consent was valid.
27. By withdrawing consent, data processing that is being done based on other legal bases cannot be interrupted.

Communication with the Client
28. The Company contacts the Client by using the contact information provided by the Client (telephone number, e-mail address, mail address, access to the self-service site).