POLICIES Data Protection Policy

Data Protection Policy

The Senior Management of ALMI TANKERS S.A. has approved the Data Protection Policy and hereby demonstrates its full commitment to the effective implementation of the present policy, to the provision of sufficient resources, and to the continual improvement of the Data Protection Program. The Policy ensures that: 

• Any personal data handled, including that of clients, employees, vessel crew or any other personal data processed or stored, is  protected against any physical, system or application level unauthorised access. 

• Confidentiality, Integrity and Availability of personal data handled by ALMI TANKERS S.A., are guaranteed.

• ALMI TANKERS S.A. continually monitors and complies with the applicable Data Protection Legislative and Regulatory requirements. 

• ALMI TANKERS S.A. does everything possible to facilitate the data subjects in exercising their rights, as derived by the Data Protection Legislative and Regulatory Frameworks. 

• Data Protection Training and Awareness Programmes are performed formally for all employees. 

• All confirmed or suspected Personal Data Breaches are reported as Incidents, and should be thoroughly investigated and effectively managed.

• All confirmed Personal Data Breaches, that are likely to result in a risk to the rights and freedoms of natural persons, are communicated to the Data Protection Supervisory Authority.

• All confirmed Personal Data Breaches, that are likely to result in a high risk to the rights and freedoms of natural persons are communicated without undue delay to the affected data subjects.

• All processes that are likely to result in a high risk to the rights and freedoms of natural persons undergo a Data Privacy Impact Assessment and all the necessary technical and organisational measures are taken in order to ensure that the risk is minimized. In case that a process results in a high risk, the Data Protection Supervisory Authority is consulted. 

• ALMI TANKERS S.A. provides any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for information addressed specifically to a child, when this information is requested by the data subject. 

• ALMI TANKERS S.A., taking into account the nature, scope, context and purposes of processing, as well as, the risks of varying likelihood and severity for the rights and freedoms of a natural person, implements appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the applicable Data Protection Legislative and Regulatory Frameworks. 

• Technical and Organisational measures are continuously monitored and evaluated via the risk assessment process and appropriate resources are provided in order to control the risks and minimise the impact on personal data. 

• ALMI TANKERS S.A., both at the time of the determination of the means for processing and at the time of the processing itself, implements appropriate technical and organisational measures, which are designed to implement data-protection principles in an effective manner.

• ALMI TANKERS S.A. integrates the necessary safeguards into the processing in order to meet the requirements of the Data Protection Legislative and Regulatory Frameworks and protect the rights of the data subjects. 

• ALMI TANKERS S.A. solely uses processors that provide sufficient guarantees on the implementation of appropriate technical and organisational measures in a way that processing meets the requirements of Data Protection Legislative and Regulatory Frameworks and ensures the protection of the rights of the data subject. 

• ALMI TANKERS S.A. keeps an up-to-date record of processing activities for all processes that handle and store personal data.

• Appropriate procedures, standards, technical and organisational controls should be in place in order to support this Policy.

• All Managers are directly responsible for implementing the Data Protection Policy and ensuring staff compliance within their respective business areas.

• All employees, contractors and suppliers are formally required to comply with this Policy and carry out their responsibilities as defined. 

• Any violations of the Policy, Standards and Procedures are subject to disciplinary action. The specific disciplinary action depends on the nature of the violation, the impact of the violation to the Group and possibly to the data subjects.

• ALMI TANKERS S.A. regularly ensures compliance with this Data Protection Policy through audits, reviews, tests, technical monitoring and should take appropriate actions for continual improvement.