Data processing rules

    This Data Processing Rules (“Rules”) are rules, including any amendments thereof, as applicable, to ensure there is in place proper arrangements relating to personal data exchanging or processing or to be exchanged or processed between the parties. In consideration of the mutual obligations set out herein, the parties hereby agree to the terms set out in these Rules.

    Information about General Data Protection Regulation (GDPR)

    We may be collecting and using information from you if you are from the European Economic Area (EEA), and in this section of our Privacy Policy we are going to explain exactly how and why this data is collected, and how we maintain this data under protection from being replicated or used in the wrong way.

    What is GDPR?

    GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data.

    The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers' data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide.

    What is personal data?

    Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person's name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.

    The Data Protection Principles include requirements such as:

    • Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
    • Personal data should only be collected to fulfil a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
    • Personal data should be held no longer than necessary to fulfil its purpose.
    • People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.

    Definitions and Interpretation

    “Data Protection Laws” refers to any applicable law with respect to any Personal Data, replaced or superseded from time to time, including the GDPR, laws implementing or supplementing the GDPR, European Union or applicable member state laws or any other Personal Data or personal privacy laws to the extent applicable to the parties of this Agreement.

    “GDPR” refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

    “Personal Data” refers to the personal data of data subject as defined by the GDPR.

    “Processing” refers to the meaning as defined by the GDPR.

    Special terms (not defined herein) shall be interpreted according to the GDPR. Special terms which have they meaning set in these Rules shall be interpreted according to this meaning (settled herein) and according to the GDPR.

    Information and Data Processing:

    • We may exchange, process, or collect various types of information and data in order to provide the Services, subject to the terms and conditions.
    • The processing of regular data and information provided by you to us or accessed by the recipient of such information or by any other person involved in the cooperation with or introduced by any of parties, including involuntary disclosures or leaks are governed by the Agreement and particular applicable laws. However, if any of provided, processed, or introduced information is a Personal Data nature, terms of this Rules will always apply.
    • Representative Data: We may from time-to-time process Personal Data of you or the persons associated with you (e.g., contact persons, representatives, shareholders, employees, affiliates, etc.) to observe contractual and legal rules regarding the provision of services or fulfilling regular duties according to the applicable legal rules (e.g., AML rules, etc.). Such data are provided and processed always on the need-to know basis (e.g., name, job title, e-mail, phone number, on-line identifier, etc. - as defined by particular party or used in the correspondence), for a particular purpose. Representative Data, i.e., data of particular natural persons participating on the business of one of the party shall be therefore processed, regularly, according to these Rules (pursuant to rules and principles as stipulated hereunder).

    Personal Data Processing Principles:

    • We may process from time-to-time Personal Data for the purposes of providing the services or following obligations according to valid legal rules, always subject to the terms and conditions of these Rules. Each party declares and agrees to process Personal Data in accordance with the GDPR and Data Protection Laws (if Data Protection Laws of the Licensor and Licensee differs from GDPR and legislation of the other party, party requesting to follow any specific duty according to such laws shall inform the other party of such particular duty).
    • When processing Personal Data, we undertake to ensure that all employees and representatives accessing the Personal Data are (i) aware of the terms of these Rules and (ii) are bound by a commitment of confidentiality with respect to Personal Data.
    • We agree to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, complying with the Article 32 of GDPR and other GDPR provisions. Protective measures shall include, but not be limited to the use of state-of-the-art software, computer and further encryptions methods as well as the use of adequate access controls, password procedures, blocking events, case specific authorisation or pseudonymisation concepts, logging and documentation of processes, further methods and tools to ensure the confidentiality, integrity, availability and resilience of processing systems and services, tools and measures to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident and implementation of procedures for testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
    • We shall not involve any third party in the processing of the Personal Data without your consent, nevertheless you provide hereby the universal consent to process Personal Data by the third parties guarantying the same level of Personal Data protection, complying with the measures as described in the previous par. 3 of these Rules (subject to the Article 28, para 3(d) GDPR). The consent may be withheld by a written notification delivered to us.
    • We agree and warrant that the security measures are appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the Personal Data to be protected having regard to the state of the art and the cost of their implementation.
    • We are committed to helping our customers meet the data subject rights requirements of GDPR. Be Sailor Limited processes or stores all personal data in fully vetted, Rules compliant vendors. We do store all conversation and personal data for up to 1 year unless your account is deleted. In which case, we dispose of all data in accordance with our Terms of Service and Privacy Policy, but we will not hold it longer than 60 days.
    • The processing carried out under or in connection with these Rules shall either be carried out in the territory of the Union (and particular Member States) or in the territory of one of the approved third countries or international organisations designated from time to time by the European Commission; if any processing of Personal Data shall be carried to third country territory, we will inform you about such transfer.
    • Any and all personal information shall be considered as Confidential Information, and shall always be interpreted, processed, and kept pursuant to the applicable provisions the Data Protection Laws.