Data Protection Policy
1. Introduction
HIMT Offshore is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our commitment to GDPR compliance and the procedures we follow to ensure the protection of personal data.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who process personal data on behalf of HIMT Offshore.
3. Definitions
-
Personal Data: Any information relating to an identified or identifiable natural person.
-
Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
-
Data Subject: An individual whose personal data is processed.
-
Data Controller: The entity that determines the purposes and means of processing personal data.
-
Data Processor: The entity that processes personal data on behalf of the Data Controller.
4. Data Protection Principles
HIMT Offshore adheres to the following principles:
-
Lawfulness, Fairness, and Transparency: Process personal data lawfully, fairly, and transparently.
-
Purpose Limitation: Collect data for specified, explicit, and legitimate purposes.
-
Data Minimization: Ensure data is adequate, relevant, and limited to what is necessary.
-
Accuracy: Keep personal data accurate and up-to-date.
-
Storage Limitation: Retain data only as long as necessary.
-
Integrity and Confidentiality: Process data securely to prevent unauthorized access, loss, or damage.
5. Legal Basis for Processing
HIMT Offshore processes personal data based on the following legal bases:
-
Consent: Obtain explicit consent from data subjects.
-
Contract: Process data necessary for the performance of a contract.
-
Legal Obligation: Comply with legal obligations.
-
Legitimate Interests: Process data for legitimate business interests, provided it does not override the rights and freedoms of data subjects.
6. Data Subject Rights
Data subjects have the following rights:
-
Right to Access: Access their personal data.
-
Right to Rectification: Correct inaccurate data.
-
Right to Erasure: Request deletion of their data.
-
Right to Restrict Processing: Limit the processing of their data.
-
Right to Data Portability: Receive their data in a portable format.
-
Right to Object: Object to data processing.
-
Right not to be subject to Automated Decision-Making: Not be subject to decisions based solely on automated processing.
7. Data Breach Management
-
Reporting: Report data breaches to the DPO immediately.
-
Response Plan: Follow the data breach response plan, including notifying the supervisory authority within 72 hours and informing affected individuals.
8. Data Transfers
-
Compliance: Ensure data transfers outside the EU comply with GDPR requirements.
-
Standard Contractual Clauses: Use SCCs for data transfers to third countries.
9. Data Protection Impact Assessments (DPIAs)
-
Conduct DPIAs: Perform DPIAs for high-risk data processing activities.
-
Documentation: Document DPIA results and actions taken to mitigate risks.
10. Training and Awareness
-
Training: Provide GDPR training to all employees involved in data processing.
-
Awareness: Promote data protection awareness across the organization.
11. Record Keeping
-
Processing Activities: Maintain records of all processing activities.
-
Consent Records: Keep records of consents obtained from data subjects.
12. Policy Review
This policy is reviewed annually and updated as necessary to ensure ongoing compliance with GDPR.
13. Contact Information
For any questions or concerns regarding this policy, please contact the Data Protection Officer at privacy@himtoffshore.com.