Privacy Policy

Introduction – Who we are

Evamir takes your privacy seriously when visiting our website and considers it important for your personal data to be treated with the necessary care and confidentiality at all times. This privacy statement describes how we collect and use your personal data when visiting our website, in accordance with the EU General Data Protection.
This website (evamir.com) is owned, operated and controlled by Evamir, a company organized under the laws of Germany with registered office at Bremen. This means that Evamir is responsible for determining the purpose and resources for processing your personal data. We collect, use, disclose and otherwise process personal data that is necessary for the purposes identified in this privacy statement or as permitted by law.

We are required under data protection legislation to notify you of how we collect and use personal data about you as well as other information contained in this privacy notice. This notice does not form part of any contract to provide services. We may update this notice from time to time.

Please note that our website and other digital platforms may contain links to third party websites/digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms. We recommend that you check the privacy and security policies and procedures of each and every website / digital platform that you visit.

Company privacy policy

Confidential information is information that belongs to the company and is unknown to third parties. This information is financial, strategic, technical, commercial, all kinds of information, especially matters regulated within the scope of confidentiality agreements made with third parties, and similar information that may cause harm to the company and/or its stakeholders or benefit others if disclosed.

Evamir employees are expected to take care to protect the information of Evamir and all its stakeholders. Employees share this information with the relevant persons only within the specified authorities.
Confidential information should not be shared with third parties when leaving/after leaving Evamir. Employees are obliged to deliver all kinds of documents or electronic copy documents that they receive during the working period and that belong to Evamir.

Our newly recruited employees cannot share confidential information about their previous employers within Evamir.
All official statements are announced simultaneously to investors, partners and the public as needed, through the units determined by Evamir.

Evamir employees are expected to protect the confidentiality of confidential financial information, trade secrets, information and documents related to personnel rights, agreements with business partnerships that may weaken Evamir’s competitive power, and similar information and documents attributable to Evamir.
Evamir employees are expected to refrain from sharing information obtained or owned by unauthorized persons, internal or external authorities, or using it (directly or indirectly) for speculative purposes.

Evamir employees are expected to refrain from using non-public information belonging to the institutions, organizations, companies with which they do business and the customers of these institutions, organizations, companies for other than the specified purposes and to avoid sharing them with third parties without obtaining the necessary permissions.

Website data protection principles

In compliance with applicable data protection laws, Evamir commits that the personal data we hold about you are:

  1. Used lawfully, fairly and in a transparent way
  2. Collected only for valid purposes, clearly explained to you and not used in any way that is incompatible with those purposes
  3. Relevant to the purposes we have told you about and limited only to those purposes
  4. Accurate and kept up to date to the best of our knowledge (you are required to inform us of changes to your personal data to ensure our records are up to date)
  5. Kept only as long as necessary for the purposes we have told you about
  6. Kept securely
  7. Shared with third parties only as required and relevant to the purposes we have informed you of. When shared with third parties, we will make reasonable efforts to ensure such third parties comply with GDPR.

The type of information we hold about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity data includes first name, last name, title, company name and informations that you provide in job application forms.
  • Contact data includes email address, physical address and telephone numbers.
  • Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage data includes information about how you use our website

Cookies
In common with many other website operators, we use standard technology called ‘cookies’ on our website. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate this website on each visit.

For more information on our cookies policy please use following link.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Purposes for which we use your personal data and legal basis for processing

We will only process your personal data when and to the extent that the law allows us to. In broad terms, we use your data for the following purposes:

  • To better understand how people use our website to enable us to create better content and more relevant communications
  • Provide you with information you have requested from us
  • To share industry news and information with you
  • To communicate with you in general

The above categories of information are necessary (a) for our legitimate interests (for running our business, provision of administration and IT services, network security, define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) and (b) to comply with a legal obligation.

Please note that if you fail to provide certain information when requested or unprompted when it has changed, we may not be able to fulfil the above purposes.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so and, if required, we will request your consent prior to doing so.

Please note that we may process your personal data without your knowledge or consent where and to the extent this is required or permitted by law.

We may have to share your data with (a) other entities in the Evamir Group, (b) third-party service providers (c) other third parties and (d) authorities, to the extent permitted by law and on a need to know basis. The third parties (including contractors and designated agents) which may process some or all of your personal data, as the case may be, are:

  • Website maintenance service providers
  • Judicial authorities or regulatory bodies
  • Third party business partners in or out of the country.

Evamir requests third-party service providers and/or business partners and other entities in the Evamir Group to assure Evamir that they take appropriate security measures to protect your personal data in line with our policies. Evamir requests its third-party service providers and/or business partners assurance they will not use your personal data for their own purposes but will only process your personal data for specified purposes and in accordance with our instructions and will retain your personal data only as long as required for said purpose in accordance with legal requirements.
We may transfer the personal data we collect about you to other entities in the Evamir Group. When there is no adequacy decision by the European Commission in respect of the countries where such entities are established we will only effect such transfers as reasonably required for the purposes outlined in this notice on the basis of appropriate safeguards and/or the derogations under Articles 46 and 49 of GDPR.

Data security

We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer. The measures can be categorized in 5 ways

  1. Access Control measures
    1. Add/change/remove access procedures
    2. Periodic access reviews
    3. Authentication mechanisms (complexity, multi-factor,…)
    4. Privileged Access Management
  2. Change Management measures
    1. Ensure changes are properly requested, approved, tested and reviewed
    2. Use segregation of duty principles for applying changes to the systems
  3. Monitoring, Response and Service Level Management measures
    1. Detect and respond to incidents
    2. Manage partner agreements and service delivery
    3. Backup and Recovery procedures and systems
  4. Technical measures
    1. Perimeter Security
    2. Endpoint Security
    3. Network Security
    4. Application Security
    5. Penetration testing and vulnerability scanning
  5. Data Security measures
    1. Use of Encryption technology
    2. Exclusion of private data in reporting systems

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the applicable legal requirements and the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

What are your rights?

You have various rights concerning the personal data collected about you. If you would like to exercise one of the rights described below, please contact us via the contact details provided below (by e-mail).

You have the following rights:

  • Right to access and copy
  • Right to amendment or rectification
  • Right to have data deleted (right to be forgotten)
  • Right to limit the processing
  • Right to object
  • Right to transferability

However, the exercise of the above rights is subject to certain exceptions in order to protect the public interest, our interests and the interests of other individuals. This data does not include any data we are obliged to keep for administrative, legal, or security purposes.

When you submit a request to exercise your rights, we will first verify your identity by requesting a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands. Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.

In any case, we will answer you within 1 month. However, it may take up to 3 months to provide all details regarding your request, depending on the complexity of your request or if you have submitted multiple requests.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at legal@evamir.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

We have appointed a data protection officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the Data Protection Officer: legal@evamir.com

Where do we store your data?

We store your personal data on our own IT systems or IT systems that are outsourced to third parties. All IT service providers act as data processors on our behalf and are located outside of the European Economic Area (‘non-EEA’).

We have taken the necessary physical and appropriate technical and organizational (precautionary) measures in order to secure your personal data against any form of unlawful processing. We restrict access to personal data to individuals and third parties who need access to this data for the above mentioned legitimate, relevant business purposes.

Do we share your data with third parties?

We have engaged various data processors to process your personal data on our behalf, including associated companies, IT service providers and other business service providers such as travel agents, client audits, leasing companies, financial institutions,… We may also share your personal data with other third parties if this is necessary for the purposes for which the data was collected e.g. flag states, authorities, classification societies,…

Some of these external parties are located outside of the EEA. If we provide data to external parties outside of the EEA, we will ensure that the transfer of personal data takes place in accordance with the relevant legislation and that there is an appropriate degree of protection. In addition, we will take reasonable efforts to implement safeguards for this type of transfer, such as model contract clauses, consent from individuals or other legal grounds.

If you request a password reset, your IP address will be included in the reset email. Visitor comments may be checked through an automated spam detection service.

Changes to the privacy statement

We may unilaterally decide to make changes to this privacy statement. However, the most recent version will always be made available on our website.

What are your options for filing a complaint as subject of the data?

Despite all of our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we collect, use and/or process your personal data. Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint.

To start with, you can submit a complaint to us via e-mail: legal@evamir.com Furthermore, you can also file a complaint with the supervisory authority.