Recruitment privacy statement

CMB.TECH NV Recruitment privacy statement

Introduction – who we are

In applying to join CMB.TECH (CMB.TECH or we), you will be providing us with certain personal data about yourself. CMB.TECH takes your privacy very seriously and considers it important for your personal data to be treated with the necessary care and confidentiality at all times.

This privacy statement explains why we require your personal data and what we do with it. If you have any questions after reading this privacy statement, you are always welcome to contact us.

This statement only applies for the personal data that CMB.TECH processes as data controller. This means that we determine the purpose and resources for processing your personal data. We collect, use, disclose and otherwise process personal data that is necessary for the purposes identified in this privacy statement or as permitted by law.

We understand ‘processing of personal data’ as meaning any processing of data that could identify you as a natural person. Which specific data this concerns will be explained below in this privacy statement. The concept of ‘processing’ is broad and includes the collection, storage, use or distribution of this data.

This statement only applies to the processing of the personal data of job applicants.

If you have questions about this statement, or about the processing of your personal data, please feel free to get in touch with our designated data protection officer:

  • via e-mail: dpo@CMB.TECH
  • by letter:

CMB.TECH NV

f.a.o. DPO

Belgica Building

De Gerlachekaai 20

2000, Antwerp

Belgium

What we do with your personal data

When do we collect your personal data as data controller?

We may process your data if:

  • you contact us applying for a job;
  • you contact a recruitment firm applying for a job with CMB.TECH;
  • you have applied for a job in the past and we contact you for a new opportunity.

Which data can we collect?

We may process the following data from you if you are applying for onshore employment. However, depending on the situation, we will not necessarily possess all of the data below:

  • Your contact information: including your home address, e-mail address and telephone number,… ;
  • Your biographical information: including name, gender, date of birth, details of family members, place of birth, civil status, nationality,…;
  • Your contact history: including messages sent and received (e.g. e-mails exchanged regarding the application and possible matching for a vacancy),… ;
  • Your employment related details: including CV, education, diplomas, language skills, employer, (incl. background), professional activities, professional skills, publications, salary, assessment reports, interview report, reference checks,…;
  • Your lifestyle preferences and personality profile: including hobbies, social activities, personality, community involvement,…;
  • Your public data: publicly available data (e.g., press articles),… .

The following personal data can additionally be collected for potential employment on a CMB.TECH vessel:

  • Your identification information: including citizen identification numbers issued by government bodies or agencies (e.g. social security, citizen service or national insurance number, ID number, tax identification number), a copy of an identity card/ residence permit, social security & tax information, a copy of a passport,… ;
  • Additional biographical information: including nearest international airport, hair colour, eye colour, height, weight, boiler suit size, safety shoe size, distinguishing marks,… ;
  • Additional performance information: including management metrics, appraisals, feedback; disciplinary measures, job assessment and personality test,…;
  • Additional identification information of emergency contacts and family members;
  • Additional education, training and employment related information: including rank, name of maritime academy, proof of no outstanding military obligations,…;
  • Special Categories of Personal Data:
    • Your personal data relating to health: including fit or unfit for duty certificate and/ or medical records before employment to verify fit or unfit for duty status.

If you become an employee or consultant for CMB.TECH, additional personal data will be collected and processed about you in accordance with our HR Privacy Statement.

Special categories of data

We will not process special categories of data (medical data, political views, religious or philosophical beliefs, trade union membership) if you are applying for onshore employment, unless you provide it to us with your explicit consent. However, if you are applying for employment on a CMB.TECH vessel it could be necessary for us to process special categories of data in order to assess your application.

It may be necessary for us in order to execute the agreement to view a certificate of good moral conduct or other personal data concerning criminal convictions or offences. However, we will not ask you to provide us with a copy and therefore we will not process this data in any way. In the event that other parties request such information, we ask that you provide this information – if feasible - directly to the requesting party.

What are the legal grounds that we apply for processing your data?

We only process your data for legitimate purposes, and it will always be processed according to the grounds for processing as listed in the European General Data Protection Regulation (GDPR).

In general, we process your data based on your consent. You may withdraw your consent at any time by contacting us. We request that you always confirm a withdrawal of consent made by telephone in writing, or notify us of your withdrawal of consent by e-mail or letter.

However CMB.TECH also needs to process your personal data to assess your application prior to entering into an employment contract with you. This processing is a necessary pre-condition of entering into any future contract with you.

CMB.TECH may also process personal data when we have a legitimate interest to do so. We will mitigate the effect(s) the processing may have on your privacy by minimizing our use and prevent unauthorized use.

For what purpose do we collect this data?

We collect your data for various purposes:

  • operationalpurposes: for example answering your contact request, considering your application;
  • business purposes: for example, to manage the relations with applicants.

If we wish to process your personal data for any purpose other than the one for which the data was obtained, we will contact you before proceeding with further processing.

How long do we store your data?

We do not store your personal data for longer than is necessary in order to achieve the purpose for which the data has been collected or processed.

If your application for employment is unsuccessful, we will keep your data on file for as long as necessary. If your application for employment is successful, personal data gathered during the recruitment process will be retained during your employment in accordance with our HR Privacy Statement.

When it is no longer necessary to process your personal data, we will delete your personal data or anonymize it. If this is not (technically) possible, for example because your data is stored in backup archives, then we will retain your data, but we will not process it and will remove it when this becomes possible.

From whom do we receive your data?

We may obtain your personal data directly from you, from public sources, such as press articles or from third parties such as recruitment agencies and past employers.

If we receive your data from external sources and we process your data in our systems as data controller, we will notify you, at the latest at the time of our first contact with you following the receipt of such data, about the processing of your data.

Where do we store your data?

We store your personal data on IT systems in Belgium and Greece and some of these IT systems are outsourced to third parties, whereby the data may be stored within the European Economic Area (EEA). All (IT) service providers, act as data processors on our behalf. Some of these external parties are located outside of the EEA. We will implement additional safeguards for this type of transfer, such as model contract clauses.

We have taken the necessary physical and appropriate technical and organizational (precautionary) measures in order to secure your personal data against any form of unlawful processing. We restrict access to personal data to individuals and third parties who need access to this data for legitimate, relevant business purposes.

Do we share your data with third parties?

We have engaged various data processors to process your personal data on our behalf, including associated companies, IT service providers and other business service providers. We may also share your personal data with other third parties if this is necessary for the purposes for which the data was collected.

Some of these external parties are located outside of the EEA. If we provide data to external parties outside of the EEA, we will ensure that the transfer of personal data takes place in accordance with the relevant legislation and that there is an appropriate degree of protection. In addition, we will take reasonable efforts to implement safeguards for this type of transfer, such as model contract clauses, consent from individuals or other legal grounds.

What are your rights?

You have various rights concerning the personal data collected about you. If you would like to exercise one of the rights described below, please contact us via the contact details provided above (by e-mail, telephone or post).

You have the following rights:

  • Rights to access and copy;
  • Right to amendment or rectification;
  • Right to have data deleted (right to be forgotten);
  • Right to limit the processing;
  • Right to object;
  • Right to transferability.

However, the exercise of the above rights is subject to certain exceptions in order to protect the public interest, our interests and the interests of other individuals.

When you submit a request to exercise your rights, we will first verify your identity by requesting a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands.

Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.

In any case, we will answer you within a period of four weeks to 3 months, depending on the complexity of your request or if you have submitted multiple requests).

Changes to the privacy statement

We may unilaterally decide to make changes to this privacy statement. However, the most recent version will always be made available on our website.

What are your options for filing a complaint as subject of the data?

Despite all of our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we collect, use and/or process your personal data.

Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint.

To start with, you can submit a complaint to our designated data protection officer:

  • via e-mail: dpo@CMB.TECH
  • by letter:

CMB.TECH NV

f.a.o. DPO

Belgica Building

De Gerlachekaai 20

2000, Antwerp

Belgium


Furthermore, you can also file a complaint with the supervisory authority, which you can contact via the data details below:

  • by telephone: +32 (0)2 274 48 00
  • by fax: +32 (0)2 274 48 35
  • by e-mail: contact@apd-gba.be
  • by letter:

Data protection authority

Rue de la Presse 35

1000 Brussels

Belgium

Subsequently, if you have incurred damages, you can also file a claim with the competent court.

For more information concerning complaints and legal recourse, we invite you to consult the website of the competent data protection authority of your country: