MTM Data Protection Policy
1. Policy brief & purpose
Our Company Data Protection Policy refers to our commitment to treat information of
employees, customers, stakeholders and other interested parties with the utmost care and
With this policy, we ensure that we gather, store and handle data fairly, transparently and
with respect towards individual rights. It also summarizes the rights which the data subject
has, including the right to request information.
This Data Protection Policy is in compliance with Regulation (EU) 2016/679 containing the
General Data Protection Regulation (the “GDPR” or “Regulations”) and any amendments
made to this Regulation hereafter.
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who
provide any amount of information to us.
3. Who is covered under the Data Protection Policy?
Employees of our company and its subsidiaries must follow this policy. Contractors,
consultants, partners and any other external entity are also covered. Generally, our policy
refers to anyone we collaborate with or acts on our behalf and may need occasional access to
4. The information we collect
As part of our Operations, we need to obtain and process information. The information we
collect depends on your association or interaction with MTM. Our Company collects this
information in a transparent way and only with the full cooperation and knowledge of
interested parties. Examples of such association or interaction amongst others could be in the
form of a ship owner client, seafarer in our employment, a seafarer applicant, an office
employee, an applicant for office employment, existing approved vendors or service providers
as well as prospective vendors or service providers. Some key examples amongst others, of
the information collected are;
Your identity – This includes for individuals, your date of birth, Passport details, National
Identity details, contact details, bank details, professional and academic qualifications and
similar details of your family. For a Company, it includes financial, organizational, contact and
Your interaction with us – For example a note of a call you make to one of our offices, an
email or letter you send us or other records of any contact you have with us.
Your preferences – This would include products and / or services provided by MTM or other
organizations engaged by MTM whilst conducting our business.
Information from other organizations - These include business directories, employment
websites, employment agencies, credit reference agencies or individuals we believe you have
authorized to provide your personal details on your behalf.
5. Ways we collect your personal information
The information collected includes any offline or online data that makes a person identifiable
such as names, addresses, usernames and passwords, digital footprints, photographs, social
security numbers, financial data etc.
We may collect such information when you;
- Apply to MTM for a job on board a vessel or in the office.
- Require to be processed for approval as a vendor or service provider.
- As an existing vendor, service provider, seafarer or employee require to update your personal details.
- Visit our web site or sites.
Enquire about our services.
In the process of delivering our services, we may use or share your information with your prior
consent as follows;
- Process your regulatory compliance with requirements for joining or leaving from a vessel.
- Process your travel arrangements to and from a vessel.
- Process your local employment requirements for employees ashore.
- Process travel arrangements for employees ashore.
- Respond to demands from Government Agencies or Law Enforcement Authorities.
- Enable us to process invoices and payments.
- Respond to enquiries and requests from you or people you have authorized.
Inform you about circulars, safety alerts and general updates which are required for the
efficient execution of the Company’s business.
- Perform market analysis.
Conduct market research and customer satisfaction surveys to improve our service, develop
new products or processes.
6. Ways we protect your personal information:
Once this information is available to us, the following rules will apply.
Our data will be:
- Accurate and kept up-to-date.
- Collected fairly and for lawful purposes only.
- Processed by the company within its legal and moral boundaries.
- Protected against any unauthorized or illegal access by internal or external parties.
Our data will not be:
- Communicated informally.
- Stored for more than two years from the time a data subject is made inactive in the
- Distributed to any party other than the ones agreed upon by the data’s owner.
7. Rights of the Data subject;
In addition to ways of handling the data the company has direct obligations towards people to
whom the data belongs. Specifically, we must:
- Let people know which of their data is collected.
- Inform people about how we’ll process their data.
- Inform people about who has access to their information.
- Have provisions in cases of lost, corrupted or compromised data.
- Allow people to request that we modify, erase, reduce or correct data contained in
our databases without undue delay.
8. Monitor and respond
To exercise data protection, we’re committed to:
- Assigning a dedicated Data Protection Officer who has full authority to implement this Policy
and Procedures, restrict and monitor access to sensitive data and respond to the legitimate
queries by the data subjects or Authorities.
- Develop transparent data collection procedures.
- Train employees in online privacy and security measures.
- Build secure networks to protect online data from cyberattacks.
- Establish clear procedures for reporting privacy breaches or data misuse.
- Include contract clauses or communicate statements on how we handle data.
- Establish data protection practices (document shredding, secure locks, data encryption,
frequent backups, access authorization etc.).
Our data protection provisions will appear on our website.
9. Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection
guidelines will invoke disciplinary and possibly legal action.