Transparency ACT STATEMENT

Privacy Policy

General

At DeepOcean the privacy and security of our customers, employees and visitors are of paramount importance. DeepOcean is committed to protecting the data you share with us.
This Privacy Policy explains how DeepOcean processes information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through use of its recruitment website and internal systems.

Any information stored in DeepOcean’s systems is treated as confidential. All information is stored securely and is accessed by authorized personnel only. DeepOcean implements and maintains appropriate technical, security and organisational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft
or disclosure.

Legal Requirements

DeepOcean’s Procedures for handling personal information shall be in adherence to Regulation (EU)2016/679 (General Data Protection Regulation) and also in accordance with any additional regional office-specific legislation and vessel flag state requirements.

THE USE OF COOKIES

We use cookies on our websites. For more information please see our Cookie Policy.

Employee and Recruitment Information

LAWFUL COLLECTION OF PERSONAL INFORMATION

Where permitted or required by applicable law or regulatory requirements, we may collect personal information about you without your knowledge or consent. Where needed, we will obtain written consent for use of personal information. The person can freely object to sign this consent.

Withdrawal of Consent

The person has the right to withdraw his or her consent at any time. The withdrawal of consent shall
not affect the lawfulness of processing based on consent before its withdrawal.

ACCESS AND CORRECTION

Persons can request in writing, to see the information that DeepOcean holds by contacting DeepOcean’s Data Protection contact on email DPC@deepoceangroup.com or in written form to the Data Protection Contact.

WITHDRAWAL OF CONSENT

The person has the right to withdraw his or her consent at any time. The withdrawal of consent shall
not affect the lawfulness of processing based on consent before its withdrawal.

ACCESS AND CORRECTION

Persons can request in writing, to see information that DeepOcean holds by contacting DeepOcean’s Data Protection contact on email DPC@deepoceangroup.com or in written form to the Data Protection Contact.
Where DeepOcean holds information that a person is entitled to access, DeepOcean shall within 1month, provide such information.

If a person believes information is incorrect, incomplete or inaccurate, then he/she may request amendment of it. DeepOcean will consider if the information requires amendment. If DeepOcean does not agree that there are grounds for amendment, then DeepOcean will comply with its legal obligations,
such as by adding a note to the information stating that he/she disagrees with it.

COLLECTION OF PERSONAL INFORMATION

DeepOcean may collect personal information which is directly relevant to the recruitment process from its candidates, including through any online application processes that the candidate uses. During the employment, the personal data will be updated. DeepOcean may also collect personal information from other companies such as a referee (a “third-party”).

PERSONAL INFORMATION ON VESSELS

Personal information required onboard vessels such as passports; visa, certificates, next of kin etc. are stored digitally or in an analogue format, under the responsibility of the Vessel Captain. Sensitive information shall be kept secured. This process shall be based on requirements stated in International Regulations for shipping including harbour, customs and immigration authorities.

On vessels owned or bareboat chartered by the company, the Captain is responsible for handling personal information. On chartered vessels, the Offshore Manager is DeepOcean’s most senior person onboard and will assist the Captain in handling personal information for DeepOcean personnel. Passports and Next of Kin information, along with certain medical information is considered to be relevant.

PROCESSING OF SPECIAL DATA

Special category data is personal data which the GDPR defines is more sensitive, and so needs more protection. DeepOcean shall not collect or process any such data without special consent.

WHY WE COLLECT PERSONAL INFORMATION

The personal information collected is used and disclosed for our business purposes, including
establishing, managing or terminating your employment relationship with DeepOcean.

HOW DEEPOCEAN USES YOUR INFORMATION

Your information will be used by DeepOcean to enable DeepOcean to consider you for employment, to enable DeepOcean to facilitate the recruitment process or to meet legislative requirements. DeepOcean may also use your information for the ordinary administration of its business. DeepOcean will not use your information for any other purpose (other than those detailed above) unless it has obtained your prior consent, or as required or authorised by law.
DeepOcean will not disclose your information to other third parties, except on a confidential basis to agents that DeepOcean uses in the ordinary operation of its recruitment process, with your consent, or as required by law. DeepOcean may provide feedback to recruitment agencies in relation to your
application.

CONTRACTS WITH THIRD PARTIES WHO ARE HANDLING PERSONAL INFORMATION

A contract shall be established with all third parties who are processing personnel information for DeepOcean. Third party data protection solutions shall adhere to GDPR guidelines on data processing
and storage.

TRANSFER OF INFORMATION OUTSIDE YOUR COUNTRY

Since DeepOcean is located in many different countries, DeepOcean may transfer personal information outside EU/EEA for the purposes described above. DeepOcean will use reasonable endeavours to ensure that personal information will be held, used and disclosed in accordance with the privacy principles under applicable law.

When personal data is transferred outside the European Economic Area, special safeguards are foreseen to ensure that the protection travels with the data. These safeguards shall be examined and be approved by DeepOcean.

SECURITY AND STORAGE

DeepOcean will take reasonable steps to ensure that your information is protected from misuse, loss, unauthorised access, modification and disclosure. The majority of data will be held in a digital format
with restricted access.

NOTIFICATION OF PERSONAL DATA BREACH

If an employee has reason to believe that there has been a data breach he or she shall report to the nearest Superior or the Departments GDPR contact. Serious breaches shall be reported into DeepOcean’s internal website where a dedicated link for reporting is available.

In the event of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 in GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedom of natural persons. Where the notification to the Supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay. The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.

RETENTION AND DELETION

DeepOcean will not retain data longer than is necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations. For recruitment data, DeepOcean’s HR Department shall have control for collecting data, storing, and the duration for which the personal data may be kept. Retention guidelines can be found in internal document “Personal Information Retention Guideline”.

DEEPOCEAN’S DATA PROTECTION CONTACT

DeepOcean has a “Data Protection” Contact who is the person for matters relating to privacy and data
protection. data Protection Contact can be contacted as follows:
Contact details:
Kjell Martin Wiestad
DPC@Deepoceangroup.com

COMPANY CONTACT DETAILS

If you have any further questions regarding the data DeepOcean collects, or how we use it, then please feel free to contact us by email or in writing at:

DeepOcean
Karmsundgata 74
Postboks 2144, Postterminalen
N-5504, Haugesund
Norway
Phone: (+47) 52 70 04 00
Fax: (+47) 52 70 04 01
Email: post@deepoceangroup.com