2. About Us
«Kalimbassieris Maritime» means Kalimbassieris Maritime Group of Companies located in Greece, Romania, Bulgaria, Cyprus, Turkey and Egypt.
The company under the name "KALIMBASSIERIS MARITIME SOCIETE ANONYME" hereinafter referred to as "Company" or "Kalimbassieris Maritime", with headquarters at Piraeus, Akti Miaoulis no. 65, ZIP: 185 36, VAT. 999653202, contact telephone 210 4294 444, is a leading provider of marine technical, consultancy and claims handling services.
Our team of experienced surveyors and consultants is available around the clock to handle all kinds of marine casualties and incidents.
In some cases Kalimbassieris Maritime acts as a Data Controller for the personal information that processes, in other cases our Company acts as a Data Processor.
Personal data means any information that may identify, directly or indirectly, a living natural person, such as their name, their address, their contact details (phone number, mobile phone number), their email address etc.
Processing is considered to be any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, searching for information, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data of which the Company has or will become aware, either directly from you through the page or under the transaction relationship with the Company.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
4. What kind of data we collect and process and why
A. As Data Controller
As a Data Controller we collect and process information from our clients, our current or candidate employees, our suppliers or our collaborators for the proper execution of our contractual obligations. More specifically we collect and process under certain legal bases and specific purposes:
- Contact data related to Clients, Brokers, Ship Managers, Workshops, Public Services and/or other relevant connections to Kalimbassieris Maritime’s business.
- Payment details: invoice and payment records, billing address, bank account number or credit card number, cardholder or accountholder name, SWIFT and IBAN details, payment date and payment amount, records of cheques.
- Information about current and/or former employees, personnel representatives and temporary manpower.
B. As Data Processor
In this case our Company may have to handle a mandate or a request from clients (who are mostly legal entities), brokers, law enforcement authorities etc. As Data Processors we process personal data on behalf of the client (the “Data Controller”). The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller, unless required by law to act without such instruction.
Most personal data are obtained directly from our Data Controllers who provide them to us under the provisions of the Art. 28 GDPR. As a Processor Kalimbassieris Maritime may process the following categories of Personal Data:
- Personal information (e.g. name, title, date and place of birth, marital status, nationality, residence status, education level, profession, working and professional status, nationality) in order to administrate and handle claims.
- Special categories of personal data (e.g. medical information) when needed to process personal injury/illness claims cases. This kind of information will only be used for the specific purposes for which it was provided and to carry out agreed service. This information is necessary for the purposes of carrying out the obligations and exercising specific rights of the Controller or of the data subject in the field of employment and social security and social protection law as also for the establishment, exercise or defence of legal claims of the Controller.
5. The legal basis for lawful processing
As far as the legal basis of the processing of your data is concerned, Kalimbassieris Maritime legally processes personal data, which are found essential for certain purposes and more specifically with the following legal bases:
A. As Data Controller
- when their process is necessary for the proper execution of our contractual obligations (e.g. for the purposes of managing a candidate’s job application etc.)
- when it is requested for the compliance of our Company with its legal obligations (e.g. in the statutory and/or tax audit or in the provision of tax compliance services.)
- when it is requested for the pursuit of the legitimate interest of Kalimbassieris Maritime to the extent that they are not overridden by your interests, rights or freedoms (e.g. assessment and improvement of the services provided.)
- according to the previous consent the data subject have provided us with, as long as the processing is not established in any of the above mentioned legal bases of processing
B. As Data processor
- when their process is necessary for the proper execution of our contractual obligations (e.g. granted mandates or requests from our clients in order to administrate or handle claims). Most personal data are obtained directly from our Data Controllers who provide them to us under the provisions of the Art. 28 GDPR.
6. The personal data we collect from our website and how we use them as Data Controller
As a Data Controller Kalimbassieris Maritime informs the visitors of this website that we don’t collect personal information. For functionality purposes of this website, our company is limited to the collection of your Internet Protocol (IP) address and only for protection purposes against Internet fraud and other illegal activities. Also, we use only Necessary-Functional Cookies: These are Cookies which are absolutely necessary for the function of the website. These cookies do not collect information on you. This cookie category cannot be deactivated without having an effect on the functionality of the website.
7. Who are the recipients of your data
In order to meet our clients’ requests or our business needs or in order to adequately provide our services, we may transfer personal data to third parties solely if it is required by law or contract and only where it is legitimate to do so.
In any case, we transfer only the personal data that are necessary for the fulfillment of the respective purposes and we secure the confidentiality of your personal data. Indicatively, we may transfer your personal data to the following categories of recipients:
- Public authorities, courts, law enforcement agencies, regulatory bodies, including any data privacy, security or similar audits, in compliance with applicable laws or following a request for information.
- Legal and regulatory authorities for the purposes either of reporting any suspected breach of applicable law or regulation or exercising/ defending our legal rights.
- Lawyers, auditors, accountants and any other outside professional advisors to Kalimbassieris Maritime.
- Shipping companies, insurance companies, software providers, agents and any other third-party Processor.
- Any relevant party for the purposes of prevention, investigation, detection, or prosecution of criminal offences or the execution of criminal penalties.
Access to your personal data is available to the trained and authorized personnel of our Company to cover the needs of your service, bound by absolute confidentiality and non-disclosure.
Kalimbassieris Maritime, respecting the privacy of the visitors of its page does not further share with third parties the personal data it collects from you on its website if such a thing is not necessary. It is likely to share/make some of them known to third legal persons, to which it has partially or fully assigned the execution of the processing of your personal data (Data Processors) on its behalf, for specific purposes, as for example the support of the present website and with which it has ensured the accordant to the Regulation (GDPR) processing, for the protection of your data, through signed contracts and legal binding of upholding sufficient measures, under the accordant provisions of the GDPR (articles 28, 32).
Additionally, the Company shares your data to public services and institutions, when and where such a thing is provided by the current legislation in force.
8. Data Transfer
By Data Transfer we mean the transfer of your Personal Data outside EEA.
Personal Data will only be transferred to countries outside the EEA if:
(a) It is required for fulfilling our contractual obligations and only in accordance to GDPR provisions.
(b) You have granted Kalimbassieris Maritime your consent
(c) It is required or permitted by Law
9. How long we retain your data for
We take every reasonable step to ensure that your Personal Data are only retained for as long as they are needed in connection with a lawful purpose.
Retention of specific personal data may be necessary for one or more of the following reasons:
- To fulfil statutory or other regulatory requirements
- To evidence events/agreements in case of disputes
- To meet our operational needs
- To save anonymized data for statistical purposes
Personal data that is collected and subsequently not used for any business purpose will be regularly reviewed and may be deleted.
On termination of our business relationship, Kalimbassieris Maritime may keep your Personal Data for up to five (5) years. We may keep your Personal Data for longer than five (5) years if we cannot delete them for legal and/or regulatory and/or technical reasons. Kalimbassieris Maritme retains your personal data in accordance with the requirements of the legislation and the Retention Policy it has, more specifically for the time period applicable in each case, for as long as the nature and the purpose of each processing demands, for as long as each legislative and regulatory framework defines and in any case, for the whole period of our transaction relationship and its secondary contractual obligations.
In case of contractual relationships, your personal data shall be stored until termination of said contract, unless further storage is provided by law.
In any case, we apply, as a maximum period, the twenty (20) years of retention (General Statute of Limitation on claims), with the chance of extending that period in case any form of arrogation or pending legal dispute or indication of control from a public authority arises. After the above period of time passes, the data which are no longer necessary will be erased in a safe and non-recoverable way.
In case you have given your consent in view of specific processing and there is no other legal basis for it, you have the right to withdraw it, with a simple statement of withdrawal, which will be addressed to Kalimbassieris Maritime, by completing a form of exercising your rights or through other means, without offending the legitimacy of the processing that was based on your consent until it was withdrawn.
In the above cases, your data will be immediately erased unless there is a lawful and valid ground for further retention. In any case, you will be informed respectively.
10. Security of your data
We abide by the Applicable Legislation and our privacy policies and we apply reasonable and appropriate technical and organizational security measures to protect your personal data against accidental destruction, loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing, covering any technology infrastructure point. We always secure that solely authorized users have access to your personal data, abiding by confidentiality clauses, on a need to know basis and to the extent necessary in order to fulfil the respective purposes.
Kalimbassieris Maritime is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have implemented appropriate technical and organizational security measures to safeguard, secure and protect the personal and confidential information we process from destruction, loss, access, alteration and circulation of your data by unauthorized third parties.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although Kalimbassieris Maritime will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.
Kalimbassieris Maritime makes every effort in order to have sufficient technical and organizational measures for the preservation of our technical and natural security in accordance with the article 32 and the principles of the GDPR. (e.g. security policies for IT infrastructure, access matrix and application encryption etc).
More specifically, in regard to the above mentioned website, our Company applies the protocol of secure communication SSL (Secure Sockets Layer) with a powerful encryption, through which security, during online data transmission, is enhanced.
Kalimbassieris Maritime is also committed to making staff aware of the requirements under relevant privacy legislation and GDPR. Our staff are aware that personal or sensitive data can only be disclosed in limited circumstances.
11. Your rights, according to GDPR and how to exercise them
A. As Data Controller
In any case, you have control over the processing of your personal data. Specifically, according to the provisions of the General Data Protection Regulation for the Data Protection of natural persons (EU 679/2016), as a subject of personal data processing you preserve the following rights:
- The right to be informed, announced and briefed about exercising your rights (Art. 12, 13, 14 GDPR), meaning your right to be informed on how your personal data are used (as it is thoroughly done in the present Briefing)
- The right to access the personal data that concern you and if the Company processes them, as a Data Controller (Art. 15 GDPR). The Company will provide a copy of the personal data after a relevant request is made from you.
- The right to rectify inaccurate data as well as to add data when they are incomplete (article 16 GDPR).
- The right to erase your personal data (“The right to be forgotten”), subject to the obligations and legal rights of the Company over their preservation according to the current legislative and regulatory provisions (Art. 17 GDPR).
- The right to restrict the processing of your personal data if, either their accuracy is doubted, or the processing is illegal, or they lack the purpose of processing but their erasure is not applicable (Art. 18 GDPR).
- The right to transfer your personal data to another Data Controller (data portability), if the processing is based on you consent and is conducted with automated means or to execute the contract between us (Art. 20 GDPR).
- The right to object for reasons that concern your special condition in case your data are being processed for purposes of the Company’s legitimate interest (Art. 21 GDPR) and especially to object to the automated decision-making (Art. 22 GDPR).
- The right to withdraw the already given consent (article 7 GDPR) at any time, for processing conducted based on the consent. The legitimacy of the processing of your data is not influenced by the withdrawal of your consent up to the point you requested the withdrawal.
- The right to lodge a complaint with the competent supervisory authority, that is to say the Hellenic Data Protection Authority (1 – 3 Kifissias Avenue, PC 115 23, Athens, +30 2106475600, email@example.com).
B. As Data Processor
As Data Processor only acts and processes the Personal Data in accordance with the documented instruction from the Data Controller and according to the Art. 13 GDPR, you are entitled to exercise your rights straight to the Data Controller, under the instructions given by the Data Controller.
In any case we may help you contact the Data Controller for more information.
12. The way to exercise your rights and file a complaint
You are entitled to exercise your rights sending an email to the electronic address firstname.lastname@example.org or by letter to our address (65 Akti Miaoulis, Piraeus, PC: 185 36), completing the appropriate rights request form that we provide you with (Data Subject Rights Request Form).
Your relevant requests must be accompanied by the appropriate identification documents of yourself, with the stated reservation of the Company to be able to ask for provision of additional information in order to identify and verify your personal information.
The above requests will be examined upon completing and sending the relevant rights request form, as it has been posted on our page and under the explicit instructions written in it.
Kalimbassieris Maritime, as Data Controller, will make every effort to proceed to the necessary actions within a month from the day of the request/exercise of the case-by-case right on your behalf, with the exception of the case in which the tasks concerning the fulfillment of your request are characterized by particularities and/or complications based on which the Company retains the right to extend the period of time taken to complete the actions.
In any case the Company will inform you about the course of your request within a month of its filing.
13. Kalimbassieris Maritime’s statements
- Kalimbassieris Maritime does not process personal data of visitors/users of the website who are under the age of eighteen (18) years.
- Kalimbassieris Maritime is not responsible for any damage (direct, indirect, positive, deponent) that may be caused to the visitor on account of the website or its use. The visitor is solely responsible for the protection of their system against viruses.
- Kalimbassieris Maritime does not make decisions or proceed to profiling based on an automated processing of your data.
- The present policy is likely to be amended / updated at any time. You will be informed about all the significant changes, while, every single time, the updated version will be posted on the page.
14. Useful contact details
1. Data Controller
“KALIMBASIERIS MARITIME SOCIETE ANONYME” or “KALIMBASIERIS MARITIME”
Address: 65 Akti Miaoulis, Piraeus, PC: 185 36 (Headquarters)
Phone: +30 2104294444
Data Protection Authority
Address: 1 – 3 Kifissias Avenue, PC 115 23, Athens
Phone: +30 2106475600
Fax: +30 2106475628
2. Data Protection Officer
Kalimbassieris Maritime has also appointed a Data Protection Officer (DPO) to advise and inform staff, monitor compliance with GDPR and be the first point of contact to relevant supervisory authorities and for individuals whose data is processed. If you have any queries about how Kalimbassieris Maritime is using your Personal Data and/ or wish to exercise any of your aforementioned rights, you may contact our DPO: