Privacy Policy

Introduction

The Döhle Group respects the privacy of all of its clients, employees and associated parties and is committed to protecting all the personal data that we collect and process. We have both a legal and a moral responsibility to ensure that we treat your personal data with the same level of privacy and confidentiality as we expect our own data to be treated.

Although every effort has been made to ensure that this privacy policy is as easy to understand and as ‘jargon’ free as possible, there are times that we must use industry standard wording and if at any point you feel you do not fully understand the contents of this privacy policy or wish to discuss any points with us, please contact our Data Protection Officer here

We know that data protection can often be quite a specialist subject and we have tried to make things as simple as possible as we have an obligation to assist you in understanding exactly how and why we process your data, furthermore we must ensure that you are comfortable with the Döhle Group holding and processing your data.

This privacy notice describes how and why we collect and use your personal data as well as your individual rights under data protection regulation.

Döhle Group (“we, “us” and “our”) refers to the Döhle (IOM) Ltd Group of companies and this privacy policy covers all Döhle Group entities, a list of all Döhle Group entities is outlined below in our list of Döhle Group data controllers section.

Personal data

Personal data means information relating to an identified or identifiable living person. When “you” or “your” are used in this privacy policy, we are referring to you as the individual who is the subject of the personal data we hold and process.

We believe that the key principles of the data protection regulation are transparency, accountability and security and have therefore worked hard to ensure this privacy policy and all of our processing activities adhere to these principles. For further details on the specific processing activities we carry out as well as the lawful basis under which we process the data, please see the relevant sections of this privacy policy.

We process personal data for numerous purposes in order to service the diverse nature of our clients and therefore the processing, collecting, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

Collection of personal data

When undertaking crewing employment payroll services, our policy is to collect only the personal data necessary for agreed purposes and as required under the relevant maritime employment laws. Throughout this data collection process and the course of the business relationship we will only ask you to provide personal data with us where it is strictly needed for us to discharge our responsibilities under the relevant employment laws and to maintain our own satisfaction of your competency in your current or proposed future role.

Personal data

The types of personal data that we may collect in order to provide crew employment and payroll services is set out below:

• Name;
• Date of Birth;
• Email Addresses;
• Nationality & domicile;
• Mobile and landline telephone numbers;
• Marital Status;
• Medical history;
• Tax and Social Security information;
• Residential Address;
• Place of Birth;
• Photograph;
• Gender;
• Bank account information;
• Educational and professional qualifications;
• Employment history;
• Social media information;
• Previous criminal convictions;
• Education;
• Copy of identification documents;
• Next of Kin and beneficiary data.

Personal data relating to Medical History

We process some medical details, such as current health status and history, as part of our pre-employment checks, as it is essential to ensure that all crew assigned to vessels are fit and healthy.

Lawful basis: Contractual obligation, legal obligation and legitimate interest

Personal data relating to criminal convictions and offences

As part of our recruitment and/or crew pre-employment checks, we will undertake and process personal data relating to criminal convictions and offences which include background and criminal history.

We carry out criminal records checks for the following purposes:

• to ensure an individual is eligible to work for us;
• to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; and
• to comply with any relevant jurisdiction’s travel entry or exist requirements, in line with the Yacht’s area of use.

Lawful basis: Legal obligation and legitimate interest

These checks are carried out to ensure we comply with our legal obligation to ensure an individual is eligible to work in the country and are for our own legitimate interest to ensure any potential employees have no previous convictions or committed any offences.

Next of Kin and beneficiary data

As part of our employment take on process, we obtain the following data on individuals who you appoint as your next of kin or beneficiary/ies in the event of death in service:

Next of Kin

• personal details such as name (including prior or aliases, if applicable), relationship to crew member, residential address; and
• contact details such as email address and contact number..

Beneficiaries

• personal details such as name (including prior or aliases if applicable), relationship to crew member,  residential address; and
• contact details such as email address and contact number..

By providing the details of a 3^rd party, you confirm that you have their authority and express permission to provide us with their personal data.

Lawful basis: Legitimate interest

This data is collected and processed by us the event you are injured or other incapacitated in the course of your employment or in the event of your death in service.

The rights of next of kin and beneficiaries

Those individuals whose data we hold under the classification of next of kin and beneficiaries have the same rights as all other individuals and for more information please see the “your individual rights and how to exercise them” section.

If you believe that we may hold your data under the classification of next of kin and beneficiaries and wish to know more, please contact the Data Protection Officer here

When and how we share personal data and who we share it with

Personal data held by us

Where Levanto, as part of the Döhle Group, is administering or providing crew management services, all of your personal data is stored on centralised crew management systems which are owned and controlled by Döhle Private Clients Ltd. These systems are accessible by all shipping and crew employment and recruitment entities within the Döhle Group, details of these companies are outlined below.

• BRITISH VIRGIN ISLANDS: Levanto International Ltd
• GUERNSEY: Levanto (Guernsey) Ltd
• ISLE OF MAN: Döhle Private Clients Ltd | Döhle Yachts Management Services Ltd
• MALTA: Levanto (Malta) Ltd
• UNITED KINGDOM: Döhle Yachts Technical Services Ltd

Döhle Private Clients Ltd is the data controller of all of the data held on the centralised systems.

Access is given to each separate Döhle Group company depending on their functions and requirements. Overall management and control is maintained by Döhle Private Clients Ltd.

Legal data processing agreements govern the relationship between each entity listed above and if you want any additional information the please contact the Data Protection Officer here

Personal data sent to third parties

From time to time the Döhle Group has an obligation to share information with certain public authorities and companies such as:

• tax and social security authorities;
• regulatory authorities;
• crew medical providers;
• law enforcement agencies;
• insurers;
• crew travel providers;
• ship, yacht and aircraft registries; and
• customs & port authorities.

Lawful basis: Legal obligation, contractual obligations and legitimate interest

We will never provide any more than the minimum data necessary to order to satisfy the requirements of the public authority or company to enable them to discharge their obligations or provide the required services or to meet the legal requirement.

International transfers

We may share your personal data within other companies within the Döhle Group for the purposes of crew employment, payroll, insurance purposes and for the arrangement of medical and travel services.

This may involve transferring your data outside the European Economic Area (“EEA”).

In the event we do transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to that data as is in operation in the Isle of Man and if we undertake such a transfer then we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

If the personal data is to be transferred to a country has not been deemed adequate we will ensure that sufficient mechanisms and agreements are put into place between us and the recipient of that data, making use of  specific contracts and principles approved by the European Commission which give personal data the same protection it has in Europe.

If you feel you would like more information on international transfers, Please contact the Data Protection Officer here

Data retention

To determine the appropriate retention period for personal data, we consider the minimum legal requirement nature, scale and complexity of the personal data we hold and weigh this against the potential risk of harm from unauthorised use or disclosure of your personal data.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Please contact the Data Protection Officer if you to discuss our Data retention policy with us here

Data security – technical & organisational measures

Data Security is of the upmost importance to the Döhle Group and to that end, we have put in place appropriate security measures to protect and prevent your personal data from being accidentally lost, used or accessed by any unauthorised parties.

Access to your personal data is limited to authorised employees, insurers, service providers and other third parties who require access for the fulfillment of a contract or agreement or are providing services to you or us.

These third parties will only process your personal data on our instructions and they are subject to a duty of confidentiality and where relevant we ensure that we have legal terms of business and engagements in place between the Döhle Group and these third parties.

Your individual rights and how to exercise them

You have the legal rights as set out below:

Your right to access personal data

You have the right to request access to your personal data, commonly known as a “data subject access request”. This enables you to submit a request to us for details about all of the personal data we hold about you

To submit a data subject access request, please contact the Data Protection Officer here who can assist and kindly see the data subject access request section below for more information.

Your right to correction / amendment of personal data

You have the right to request correction of any personal data we hold if you believe this personal data is inaccurate or outdated. In those instances we will need to verify the accuracy of the new data you provide to us.

If you wish to correct any data, please contact the Data Protection Officer here who can provide details of what data we currently hold.

Your right to erasure / right to be forgotten

You have the right to request erase of the personal data that we hold about you, commonly referred to as “the right to be forgotten”.  Examples of why you may wish to exercise this right include, but are not limited to;

• the personal data is no longer necessary in relation to the purposes for which it was originally collected and processed by us;
• the legal grounds for us processing your data is consent, if you withdraw consent then we have no other lawful basis for the processing;
• our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds;
• you object to our processing for direct marketing purposes;
• your personal data have been unlawfully processed; or
• your personal data must be erased to comply with a legal obligation to which we are subject.

If you wish us to exercise your right to be forgotten, please contact the Data Protection Officer here

However we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request although the most common reasons for this include complying with local or international regulations and requirements in relation to:

• preventing financial crime, money laundering and the funding of terrorism;
• identifying politically or commercially exposed persons, or those with a significant exposure to the media;
• FATCA/CRS (“AEOI”) international tax reporting; and
• employment law in the relevant jurisdiction.

If you are unsure whether or not we are able to erase your data, please contact the Data Protection Officer here to discuss the matter in greater detail.

Your right to object to processing of personal data

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing.

Please contact the Data Protection Officer here if you wish to discuss this matter in greater detail.

Your right to restrict processing of personal data

You have the right to restrict processing of your personal data which means you to ask us to suspend the processing of your personal data in the following scenarios:

(a) if you want us to establish the data’s accuracy;

(b) where our use of the data is unlawful but you do not want us to erase it;

(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise this right, please contact the Data Protection Officer here

Your right to data portability

Given the nature of the services that we provide, we currently do not believe that this applies to how we collect and use your personal data, however we are happy to discuss this with you should you feel differently. Please contact the Data Protection Officer here

Your right to withdraw consent

You have the right to withdraw your consent at any time where we are relying on consent to process your personal data.

If you do withdraw consent, please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you wish to withdraw your consent for any processing please contact the Data Protection Officer here

Data subject access request

How to make a data subject access request

To make a data subject access request, in the first instance please contact the Data Protection Officer here who can assist you with this process.

Fees

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if we believe your request is clearly unfounded, repetitive or excessive.

If we believe that your request is clearly unfounded, repetitive or excessive, we may refuse to comply with your request in these circumstances and will report our reasoning, as well as the details of your request, to the Information Commissioner.

Information we need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Our response

We are required to respond to your request within 30 calendar days of receiving it. We will provide confirmation to you that we have received your request as well as the data we must have responded by. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and provide you with a reasonable time frame for our response.

Follow up

If you are not happy with our response to your data subject access request you have the right to make a complaint to the Information Commissioner of your relevant jurisdiction. The contact details for the Isle of Man Information Commissioners are detailed below.

Changes to this privacy statement

We are aware that from time to time regulations and requirements change and we may need to update this privacy policy, to ensure transparency we will always detail when this policy was updated.

This privacy policy was updated:  26 May 2021

Data controller and contact information

The contact details for the DPO are:

Email address: dataprotection@dohle-yachts.com

Complaints to the Information Commissioner

If you are unhappy with our treatment of your personal data, you have the right to make a complaint at any time to the Data Protection Officer Information Commissioner’s Office in the jurisdiction in which you live or the data controller responsible for your personal data operates.

The Isle of Man Information Commissioner’s contact details are:

First Floor
Prospect House
Prospect Hill
Douglas
Isle of Man
IM1 1ET

Telephone number: +44 1624 693260

Email address: ask@inforights.im

Website: https://www.inforights.im/

The Guernsey Information Commis­sioner’­s contact details are:

Office of the Data Protection Commissioner
St Martin’s House
Le Bordage
St Peter Port
Guernsey GY1 1BR

Telephone number: +44 (0)1481 742074

Email address: enquiries@odpc.gg

Website: www.odpc.gg

The Malta Information Commis­sioner’­s contact details are:

Office of the Information and Data Protection Commissioner
Airways House
Second Floor
High Street
Sliema SLM 1549

Telephone number: +356 2328 7100

Email address: idpc.info@gov.mt

Website: www.idpc.org.mt

Introduction

This section describes how and why we collect and use your personal data in connection with our internal recruitment process.

If your application is successful, we will carry out pre-employment screening checks as part of our recruitment process.  Depending on the role for which you have applied, these checks may include criminal records checks.

Collection of personal data

We collect your personal data to enable us to make an informed decision as to your suitability for the role, specifically:

• to process and manage applications for positions within the Döhle Group;
• to screen and select talent by evaluating your suitability for employment by the Döhle Group through interviews and by conducting relevant background checks; and
• making an offer to successful applicants and carrying out pre-employment screening checks.

Interview stage

Most of the personal data we collect as part of our recruitment process is provided by you, either directly or via a 3^rd party employment agency. For the purposes of the recruitment process this information is usually:

• contact details such as name, address, email address and telephone number;
• position of interest;
• CV which usually includes details of your experience, education, academic and professional qualifications; and
• information freely provided by you during any interviews or correspondence.

We create personal data in connection with our recruitment activities such as:

• interview and assessment results and feedback; and
• offer details.

Lawful basis: Explicit consent and legitimate interest

It is in our legitimate interest for us to hold and process this data for the purposes of proceeding with the job application and interview process to allow us to determine whether or not you are a suitable candidate. We can then contact you further about the role.

Acceptance of the position – Personal data

In the event of a successful application we will need to collect the following additional personal data as part of our recruitment process.

• information about you and your next of kin; and
• tax reference, national insurance and bank account details.

Acceptance of the position – Special categories of personal data

We will also need to obtain certain special category data in relation to your health to ensure we are aware of any ongoing medical issues that could impact working with us. A privacy policy for employees will be provided to you upon joining the Döhle Group which details how we hold and use special category data.

Acceptance of the position – Personal data from 3^rd parties

We obtain personal data from third party sources such as:

• references from your named referees;
• information from your employment agency (where applicable);
• results of Disclosure and Barring Service checks (depending on the role applied for); and
• verification of information provided during the recruitment process by contacting relevant third parties (for example, previous employers, education and qualification providers) or using publicly available sources (for example, to verify your experience, education and qualifications).

Lawful basis: Contract and legitimate interest

The provision of both personal data and special categories of personal data form part of the pre-employment process. It is in our legitimate interest to hold and process this data in order to employ you and provide any employee benefits.

Acceptance of the position – Personal data relating to criminal convictions and offences

As part of the recruitment process we will undertake and process personal data relating to criminal convictions and offences which include background and criminal history.

We carry out criminal records checks for the following purposes:

• to ensure an individual is eligible to work for us and potentially hold the position they are applying for;
• to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct; and
• to comply with government and public sector clearance requirements.

Lawful basis: Legal obligation and legitimate interest

These checks are carried out to ensure we comply with our legal obligation to ensure an individual is eligible to work in the country and industry and are for our own legitimate interest to ensure any potential employees have no previous convictions or committed any offences.

When and how we share personal data and who we share it with

When you submit an application to us, that information will be shared between the individual Döhle Group entity to which you have applied and our centralised Human Resources and Personnel team, based within Döhle (IOM) Limited. Any personal data contained within your career application (C.V.) will be treated as private and confidential and treated in the same respect as other personal data.

If your application is through a 3^rd party employment agency then we will share data with them relevant and necessary for the progression of the application process.

Data retention

If your application with us is successful we will retain the relevant personal data as part of your employee record. Additional personal data will be required as part of our pre-employment screening and recruitment process.

A privacy policy for employees will be provided to you upon joining the Döhle Group.

If your career application with us is unsuccessful, we will retain any recruitment application forms, C.V.’s and interview notes for up to 1 year, in line with relevant legislation.

Collection of personal data

We collect and process personal data about the suppliers to the Döhle Group in order to manage the relationship, contract, to receive services from the suppliers and, where relevant, to provide professional services to our client entities. The personal data is generally referred to as “business card data” and will usually include name, trading address, employer name, phone, email and other business contact details and all communications with us.

We may also obtain bank account details for the settling of invoices.

Use of personal data

We use personal data for the following purposes.

Receiving services

We process personal data in relation to our suppliers and their staff as necessary to receive the services.

Lawful basis: Legitimate interests

This processing of personal data by us is necessary for the purposes of the legitimate interests pursued by us in receiving services.

Providing professional services to clients

Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients.

Lawful basis: Legitimate interests

This processing of personal data by us is necessary for the purposes of the legitimate interests pursued by us in providing professional services and our client in receiving professional services as part of running their organisation.

Administering, managing and developing our businesses and services

We may process personal data in order to run our business, including:

• managing our relationship with suppliers;
• developing our businesses and services (such as identifying client needs and improvements in service delivery); and
• maintaining and using IT systems.

Lawful basis: Legitimate interests

This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.

Complying with any requirement of law, regulation or a professional body of which we are a member

As with any provider of professional services, we are subject to legal, regulatory and professional obligations.  We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Lawful basis: Legal obligation and legitimate interests

This processing is necessary for us to comply with a legal obligation; for example, when conducting supplier due diligence checks and, where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory or professional obligations.

When and how we share personal data and who we share it with

Supplier data may be shared within the Döhle Group in order to maintain a high level of service and continuity if other members of the Döhle Group wish to engage the supplier for good or services.

The Döhle Group will not sell or otherwise release supplier data contained to third parties for the purpose of allowing them to market their own products and services.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).  Personal data will be retained about our contacts with our suppliers for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation) and then deleted in line with our deletion and retention policies.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

You can find details of the Döhle Group data controllers in each jurisdiction and their contact details below:

BRITISH VIRGIN ISLANDS

Levanto International Ltd

Mill Mall, Suite 6, Wickhams Cay, Road Town, Tortola, BVI

Email: dataprotection@dohle-yachts.com

GUERNSEY

Levanto (Guernsey) Ltd

First Floor, Northside House, Vale Avenue, Vale, Guernsey, GY3 5TH

Email: dataprotection@dohle-yachts.com

ISLE OF MAN 

Döhle Private Clients Ltd

Fort Anne, South Quay, Douglas, Isle of Man, IM1 5PD

Email: dataprotection@dohle-yachts.com

MALTA

Levanto (Malta) Ltd

Email: dataprotection@dohle-yachts.com

UNITED KINGDOM

Döhle Yachts Technical Services Ltd

Email: dataprotection@dohle-yachts.com

Collection of personal data

We do not collect any personal data from this website.

We do collect, store and use information in relation to the frequency of page visits, return visits, browser types and platform. We also obtain anonymised IP’s which are collected by region and therefore cannot be used to identify you, even in conjunction with any other analytical data obtained.

We do not collect any special category data about you via this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Nor do we collect any information about criminal convictions and offences.

Minors / Children

This website is not intended for children and we do not knowingly collect data relating to children on this website.

Data retention

To determine the appropriate retention period for personal data, we consider the minimum legal requirement nature, scale and complexity of the personal data we hold and weigh this against the potential risk of harm from unauthorised use or disclosure of your personal data.

Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

Please contact the Data Protection Officer here if you wish to discuss our data retention policy with us.

Cookies

Our website uses cookies to store data on our visitor’s computers.

To find out how to control the cookies that are created on your device please see this page. To find out how to delete cookies please see this page. For more information about managing cookies, please see http://www.aboutcookies.org/.