NBS MARITIME OOD (“NBS”) respects your privacy and the personal information we are provided in the course of operating our business. Your privacy is important to us.
This Privacy Policy describes the ways your personal data is collected and used by NBS. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies. Please read this Privacy Policy carefully.
NBS is a company organized and existing under the laws of the Republic of Bulgaria under registration number 127595228. Our registered office is at 1, Primorski Blvd., 9000 Varna, Bulgaria.
Your personal data may be shared with associated entities as necessary and appropriate, under the condition that appropriate measures are put in place.
"Personal data" in this Privacy Policy has the same meaning as in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”). In summary, it means information that identifies you, whether directly or indirectly (combined with other data likely to come into our possession), including for example your name, gender, address, email address, phone number, date of birth, provided by you to us or received by us from other sources, online identifiers, etc.
We collect and use personal data in order to carry out our main business activities (ship supply and mobile satellite communication solutions) as well as other supporting activities. Our purposes and lawful grounds for processing your personal data vary, depending on our relationship with you and on the activity in question. The information we collect and use is limited to what is necessary for relation to the purposes for which your data are processed with minimum intrusion.
If you are our client or supplier we usually process the following kinds of personal information if you provide it to us, or if your company provides it to us:
-
Information about you, including your name, job title, address, email and other contact details;
-
Information about the company you are associated with;
-
Information you provide to us during communications you have with us and with our staff, for example, comments or queries about a particular service or supply.
MORE DETAILED INFORMATION about what data we collect and how we use it.
CLIENTS AND OTHER CONTRACTING PARTIES
We process personal data of individuals who work for clients, suppliers, agents, lessors, vessel owners, and contracting entities to which we render services or deliver goods (current and past), for their directors, shareholders, and ultimate beneficial owners and for the contracting parties if they are individuals. We may not be able to provide you/your organization with a specific service or product if we do not have enough information.
1. Types of personal data we process
The type of personal data we collect and process may include some or all of the below listed depending on our relationships with you:
Identity Data: First name, given name, last name, gender, date of birth/personal number, passport/ID card number and title of contract signatory, in some circumstances identification documents, identity numbers, and other identifying information
Contact Details: Business address, home address (if the contracting party is an individual), telephone, fax number, mobile phone number, email addresses and other contact details as appropriate, communication preferences;
Employment Information: Organisation name, position/title, rank (for crew members), professional specialism, qualification, employment history;
Service Data: Details about services and products you or your organization have requested or which we have provided to you or to your organization;
Financial Data: Where the contracting party is an individual: bank details; transactions history and other as appropriate;
Other information: Information we receive during the course of our provision of services, the existence of our contractual relationships with you, or your organization (for instance your personal opinions, advice, tax residency).
We usually do not process ‘special category’ data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) related to charterers, clients and other contracting parties or their employees.
2. How is your personal information collected?
This information is either (a) provided by you, (b) provided by your organization, (c) obtained from third parties (for instance agents, managers, your service providers), (d) obtained from public sources (public registers, information available from searching the internet or on business networking sites) or (e) created by us in the course of your/your organization relationships with us.
3. Purposes and lawful grounds for processing your personal data.
We need to collect and hold information about you for the following purposes:
-
To communicate with you for the purposes of discussing rendering of services/supply of goods (or others) to you/your organization;
-
To confirm your identity for providing some services;
-
For Assessing an application for a product or service, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms;
-
To enter into a contract with you/your organization, to provide services/goods to you or your organization, to manage the service/product you/your organization has with us;
-
To respond to your inquiries, requests, complaints, claims, and others;
-
To analyze our business trends and profiles and to receive feedback from our clients;
-
To process financial transactions (to receive payments and check if payments from you or your organization are made);
-
To enable our group members to carry out any of the purposes set out above, to enable third parties to carry out any of the purposes set out above on our behalf or to enable the provision of services of third parties appointed by you/your organization;
-
To update our records and for audit purposes;
-
To comply with legal and regulatory obligations, requirements and guidance;
-
To comply with legal obligations and obligations toward third parties on money laundering, terrorist financing, anti-bribery, and corruption, to check if you/your organization/shareholders/ultimate beneficial owners, directors or other persons related to your organization are included in the list of persons, groups, and entities subject to financial sanctions imposed by EU/ USA, other countries or organizations;
-
To make suggestions and recommendations to you/your organization about the services/goods that we offer and to send you market and industry-specific information and reports;
-
To take legal steps against you or your organization or protect ourselves/vessel owners against claims raised by you/your organization.
We rely on the following legal bases to use your personal data:
-
Where it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
-
Where it is in our legitimate interests to do so, such as: to conduct our core business activity (carriage of goods by sea), supporting activities, to provide agency services or to comply with our contractual obligations as managers; to perform and/or test the performance of, our products, services, and internal processes; for management and audit of our business operations including accounting; for the establishment, exercise or defense of legal claims and other claims; to exercise our rights under a contract concluded with you/your organization; where we need to share your personal information with people or organizations in order to run our business or comply with any legal and/or regulatory obligations; to improve the operation of our business and that of our business partners; to develop new products and services and to improve existing products and services;
-
Where the processing is necessary for the purposes of your/your organization/third parties legitimate interests: to conduct a business (for instance when you/your organization have appointed a third party to do something on your/its behalf or we process your data for the purposes of enabling vessels owner or a group member to conduct their business);
-
Where the processing is necessary for complying with our legal obligations;
-
We may process personal data also with data subject consent or explicit consent.
Where necessary or required we share information with:
-
Your organization;
-
Owners of vessels served/supplied by us;
-
Professional advisors and consultants;
-
Auditors;
-
Debt collectors;
-
Service providers used by us or vessels owners or used by you/your organization;
-
Local and central governmental authorities (including port authorities, customs, and maritime administrations, border authorities);
-
Regulatory authorities;
-
Courts, tribunals and arbitrators;
-
Legal representatives, defense solicitors;
-
Survey organizations;
-
Insurers.
We usually do not use your Personal Data (Identity, Contact, and Service Data) for direct marketing but if we send you a marketing message (for instance invitations to meetings or marketing events) you may at any time request us to stop doing that by contacting us at data.protection@nbs-maritime.com without you/your organization suffering any negative consequences.
You may contact us at email: data.protection@nbs-maritime.com in order to receive full information about what personal data, related to you we process.
We may share your personal data with companies within the NBS group and with companies controlling NBS and with service providers. We also share data with business partners (for example, financial services institutions, insurers), account beneficiaries, courier companies, notaries, or others who are a part of providing you with products and services/receiving products and services form you or operating our business. We disclose data to governmental and regulatory bodies such as National Revenue Agency, National Social Security Institute, Commission for personal data protection, Maritime Administrations, Port Authorities when required by law applicable to us or to respond or establish a claim. We share personal information with other organizations and businesses that provide services to us such as debt collectors, back up and server hosting providers, IT software and maintenance providers, document storage providers, and suppliers of other back-office functions. Your personal data may be disclosed also with your consent when allowed by law or for protecting or in order to protect lives, vital interests, rights, or property of NBS or third parties.
The personal data related to you may be transferred to, and stored at, countries and territories outside the European Economic Area (“EEA”). They may be processed by entities belonging to NBS’s or its parent company groups, or by our service providers located outside of the EEA.
If your personal data are to be transferred outside the EEA we will endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with NBS.
We will store your personal data in compliance with the requirements of the GDPR. We will only keep your personal data for as long as necessary to fulfill the purposes for which we collected it, to satisfy any legal, accounting, or reporting requirements, or to protect our legitimate interests. If there is no legal requirement for the period of retention of the personal data we determine the appropriate retention period for personal data by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable limitation periods for claims which might be brought against us or by us against you.
In some circumstances, we may anonymize your personal information so that it can no longer be associated with you.
We aim to ensure that your personal data are secure. In order to prevent unauthorized access, destruction, or disclosure of your personal data we have put in place appropriate physical, technical, and organizational measures. Our service providers are required to do the same.
In assessing the appropriate level of security, we take into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data collected, stored, or otherwise processed. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you, we control the access to systems and networks which allows us to stop people who are not allowed to view your personal information from getting access to it. We train our employees about the importance of confidentiality and maintaining the privacy and security of your information and have put in place appropriate policies and procedures. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
The GDPR provides certain data protection rights for you including to request access, rectification, restriction, deletion, or transferring ("porting") of your data, and to object to our use of your data, including for direct marketing. Our response to your requests may depend on which legal grounds we are using to process the data in question.
You have the right to complain about us to the relevant supervisory authority (in Bulgaria Commission for personal data protection, (Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, website: www.cpdp.bg) but if you are concerned that our processing of your personal information is not compliant with the GDPR, please contact us first.
In addition to the right to complain to the relevant supervisory authority a number of rights are available for individuals residing in the EEA under the GDPR.
-
Right of access
-
The right to request an amendment
-
The right to withdraw your consent to the processing of your personal data
-
The right to object to the processing of your personal data
-
Right to object to direct marketing
-
The right to request the restriction of your personal data
-
The right to erasure (‘to be forgotten’)
-
The right to personal data portability
You can exercise your rights at any time by contacting us at data.protection@nbs-maritime.com
Any change in the contact details shall be published on the NBS website: http://www.nbs-maritime.com.
We may request additional information (including copies of documents) from you for the purposes of verifying your identity.
We will respond to your request without undue delay (usually within one month) and will give you our reasons where we do not intend to comply with your requests. If we need more time to respond (particularly due to the complexity of your request or if you have made a number of requests) we will notify you.
These Third Party Sites may place cookies or other files on your computer, collect data or solicit personally identifiable information from you. Third-Party Sites are governed by their own privacy policies, we do not exercise control over them therefore we do not accept any responsibility or liability for their policies or processing of your personal information. When accessing Third Party Sites please make sure that you read carefully the applicable privacy policies or statements.
If you would like more detailed information about our Privacy and Data Protection Policy, please, contact us at email: data.protection@nbs-maritime.com.
This Privacy Policy is subject to change from time to time. The most current version will always be at https://www.nbs-maritime.com. Where appropriate and feasible or required by GDPR such changes will be notified to you by email.
We may e-mail periodic reminders of our notices and may periodically request by email (if available) updates of your personal information used by us.
Please check back frequently to see any updates or changes to our Privacy Policy.