Privacy Policy

This Privacy Policy outlines how Davelor Ships Services (referred to as “Davelor,” “we,” “us,” or “our”) collects, uses, and protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Definitions

In this Privacy Policy:

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or destruction.
  • Data Subject: The individual whose personal data is processed.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes to process their personal data.

1. Subject

This Privacy Policy applies to all personal data processed by Davelor in connection with its business activities, including but not limited to:

  • Employees, job applicants, and former employees.
  • Clients and potential clients.
  • Business partners and potential business partners.
  • Suppliers and service providers.
  • Website visitors and users.
  • Crew members and seafarers associated with vessels for which Davelor acts as port and crew handling agent, including personal data shared with medical providers, shipowners, and other authorized third parties involved in crew medical assistance and coordination.

2. Purpose (of Personal Data Processing)

This Policy ensures that Davelor operates in full respect of individuals’ fundamental rights and complies with all applicable data protection laws.

It sets out the principles and strategies we follow to protect personal data, in line with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and other relevant legislation.

The Policy defines how we collect and process personal data, the organizational and technical safeguards we implement to ensure data security and confidentiality, and how we fulfill our accountability obligations.

By adhering to this Policy, Davelor demonstrates its commitment to maintaining the security and confidentiality of personal data, consistent with Article 32 of the GDPR.

3. Scope

This Privacy Policy applies to:

  • All personal data collected through Davelor’s website and any related online services, including contact forms, subscription services, and other data collection methods.
  • All activities involving the collection, use, processing, storage, and sharing of personal data as described in this Policy.
  • All personnel within Davelor who handle personal data, including employees, contractors, and third-party service providers.
  • Any third parties who process personal data on behalf of Davelor, including service providers, business partners, and affiliates.

This Policy does not cover:

  • External Websites: Websites or services not operated by Davelor, even if linked from Davelor’s website. These are governed by their own privacy policies.
  • Offline Data Collection: Data collected through offline means not covered by this Policy.
  • Data Outside GDPR Scope: Data processing that falls outside the scope of the GDPR, such as data related to legal persons (e.g., companies or organizations).
  • Personal or Household Use: Processing of personal data by individuals for purely personal or household activities not associated with Davelor’s activities.
  • Anonymized Data: Data that is anonymized or cannot be linked to an identified or identifiable natural person, as well as personal data that has been anonymized to the extent that the identity of the data subject can no longer be revealed.
  • Deceased Persons’ Data: Processing of data concerning deceased individuals.

4. Information Collected

We collect and process the following types of personal data:

  • Personal Information: Name, contact details (e.g., email address, phone number), and job title.
  • Technical Data: IP address, browser type, operating system, device information, and usage data (e.g., pages visited, time spent on our Site).
  • Communication Data: Correspondence with us, including any feedback or inquiries.
  • Employment-Related Data: For job applicants and employees, the following information may be collected:
    • Application Information: Resume, cover letter, and other details provided during the application process.
    • Employment Records: Employment history, qualifications, certifications, performance evaluations, and other information relevant to employment and HR processes.
    • Background Checks: Information obtained from background checks and references.
    • Payroll Information: Bank account details, tax information, and other data required for payroll processing (if applicable).
  • Crew and Medical Data: Health-related information, medical reports, fitness for duty data, and other personal information shared with medical centers, shipowners, and relevant parties to coordinate medical assistance and crew welfare services.

5. Usage of Collected Information

We use the collected data for various purposes, including:

  • Service Provision: To provide, maintain, and improve our services and ensure they meet your needs effectively.
  • Communication: To communicate with you regarding updates, respond to inquiries, and provide information related to our services that you have requested.
  • Analytics: To analyze usage patterns and enhance the functionality and performance of our website.
  • Compliance: To comply with obligations dictated by the applicable legal and regulatory framework. This includes purposes related to the prevention and suppression of money laundering, the avoidance and combating of fraud and financing of terrorism, and the application of Greek Tax Legislation. Additionally, we use data to address any legal or regulatory requirements and to enforce our terms and policies.
  • Crew Welfare and Medical Assistance: To coordinate and manage crew medical assistance, ensuring compliance with health regulations, and to communicate relevant information to shipowners, medical providers, and authorities as necessary. This processing is carried out with strict confidentiality and in line with data protection laws.

6. Legal Basis for Processing

Davelor ensures that personal data processing is based on one or more of the following lawful grounds, as required by applicable data protection laws, including the GDPR:

  • Consent: When the data subject has given clear permission for processing their personal data for a specific purpose.
  • Contractual Necessity: When processing is necessary to fulfill a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation: When processing is required to comply with a legal obligation.
  • Vital Interests: When processing is necessary to protect someone’s life or health.
  • Public Interest: When processing is necessary for tasks carried out in the public interest or official authority.
  • Legitimate Interests: When processing is necessary for Davelor’s or a third party’s legitimate interests, provided these do not override the rights and freedoms of the data subject.

Special categories of personal data, such as health data related to crew medical assistance, are processed with additional safeguards and only when strictly necessary and lawful.

7. Special Categories of Data

In addition to standard personal data, Davelor may also process special categories of personal data that require additional protection. These include:

  • Health Information: Health-related data, medical reports, and fitness-for-duty information collected for employment, crew medical assistance, and occupational health purposes. This processing is conducted in compliance with applicable laws and is necessary for fulfilling legal obligations or managing relationships with data subjects.
  • Biometric Data: Data used for security purposes, such as access control or verification systems, if applicable. This data is handled with enhanced security measures to prevent unauthorized access or misuse.

Processing of special categories of data occurs only under specific conditions permitted by GDPR, such as:

  • Obtaining explicit consent from the data subject; or
  • When processing is necessary to fulfill legal obligations or protect vital interests where consent cannot be given.

Davelor ensures appropriate technical and organizational safeguards are in place to protect these data from unauthorized access, disclosure, or misuse.

When processing personal data based on legitimate interests, we maintain records of the relevant processing activities and assess on a case-by-case basis whether these interests override the fundamental rights and freedoms of data subjects. This assessment considers the relationship with the data subject and their reasonable expectations at the time of data collection.

Personal data is processed only for specified, explicit, and legitimate purposes. Any further processing beyond the original purpose will be conducted with prior informed consent from the data subject or under lawful grounds with appropriate safeguards. Data subjects will be informed of their rights, including the right to object to processing.

8. Data Sharing and Disclosure

Davelor may share your personal data in the following circumstances:

  • Service Providers: We may share personal data with third-party vendors and service providers who perform functions on our behalf, such as payment processing, data analysis, email delivery, IT services, and customer support. These third parties are contractually obligated to handle your data securely and use it only for the purposes specified in our agreements.
  • Business Transfers: In the event of a merger, acquisition, sale of assets, or any other business reorganization, your data may be transferred as part of the transaction. We will take appropriate measures to ensure that your data remains protected and is used in accordance with this Privacy Policy.
  • Legal Requirements: We may disclose your personal data to comply with legal obligations, such as responding to lawful requests from government authorities, legal processes, or regulatory requirements. This includes protecting our rights, enforcing our terms and conditions, and preventing fraud or other illegal activities.
  • Professional Advisors: We may disclose your data to professional advisors, such as lawyers, accountants, or auditors, when necessary to obtain legal advice or perform other professional services.
  • Third-Party Platforms: If you interact with third-party platforms (for example, social media sites) through our website or services, data may be shared with those platforms according to their own privacy policies.
  • Consent: We may share your personal data with other parties if you have given explicit consent for such sharing.

Davelor does not sell, trade, or otherwise transfer personal data to outside parties except as described above. Any sharing of personal data is conducted in compliance with applicable data protection laws and under appropriate safeguards.

9. Data Security

Davelor implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: We use encryption to safeguard personal data both during transmission and while stored.
  • Secure Servers: Personal data is stored on secure servers with strict access controls to prevent unauthorized access.
  • Access Controls: We enforce strong authentication and access management to ensure only authorized personnel can access personal data.
  • Data Backup: Regular backups are conducted to enable recovery of data in case of accidental loss or corruption.
  • Incident Response: A robust incident response plan is in place to promptly detect, respond to, and manage data breaches and security incidents.
  • Employee Training: Our employees receive ongoing training on data protection and security best practices to ensure compliance with our policies.

While Davelor employs comprehensive security measures, no method of electronic transmission or storage is completely secure. We continuously review and enhance our security practices to address emerging risks and protect your data.

10. Data Retention

Davelor retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, regulatory, and contractual obligations. When personal data is no longer required, we ensure it is securely deleted or anonymized to protect your privacy. The retention period varies depending on the type of data and the context in which it was collected. If you have any questions about how long your data is kept, please contact us using the details provided in this policy.

11. Rights of Data Subjects

Without prejudice to applicable law, Davelor provides the following rights to all individuals whose personal data we process:

  • Right to Access: You can request access to the personal data we hold about you and obtain a copy.
  • Right to Rectification: You can request correction of any inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data under certain conditions.
  • Right to Restriction: You can request restriction of processing in certain situations.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: You can withdraw consent where processing is based on consent.
  • Right to Object to Automated Decision-Making: You can object to decisions made solely based on automated processing, including profiling, that significantly affect you.

To exercise these rights, please contact us using the details provided below.

12. Data Transfers to Third Countries or International Organizations

In the course of its business, Davelor may transfer personal data to countries outside the European Economic Area (EEA). These transfers are carefully managed and supervised by Davelor’s management and data protection officers to ensure compliance with applicable laws.

Personal data may be transferred under the following conditions:

  • Adequacy Decision: When the European Commission has determined that the third country or international organization ensures an adequate level of data protection.
  • Appropriate Guarantees: When the third-party data recipient (i) provides appropriate safeguards in accordance with Article 46 of the GDPR, such as standard contractual clauses, and (ii) effective legal remedies are available for data subjects.
  • Specific Circumstances: When any of the conditions outlined in Article 49 of the GDPR apply.

13. Training and Awareness

Davelor is committed to fostering a strong culture of data protection. Regular training is provided to all staff and partners involved in data processing to ensure they understand and adhere to the principles of this Policy. This training supports effective compliance and the integration of data protection practices into daily operations.

We foster a culture of data protection by:

  • Raising Awareness: Emphasizing the importance of respecting the fundamental rights and freedoms of data subjects.
  • Understanding Policies: Ensuring staff and partners are knowledgeable about Davelor’s privacy policy framework.
  • Active Participation: Encouraging proactive involvement in maintaining compliance with data protection rules.
  • Risk Detection: Promoting vigilance to identify risks and effectively address data breaches.
  •  

14. Changes to This Privacy Policy

Davelor may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will post any updates on this page with the revised effective date. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

15. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience. For detailed information about our use of cookies and how you can manage your cookie preferences, please refer to our Cookie Policy.

16. Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please contact us at:

Davelor Ships Services
Email: privacy@davelor.com
Phone: +30 210 45 21 784
Address: 2, Iasonos & Akti Miaouli, 18537

Last Updated: July 28, 2025