Introduction – who we are
Windcat takes your privacy seriously when visiting our website and considers it important for your personal data to be treated with the necessary care and confidentiality at all times. This privacy statement describes how we collect and use your personal data when visiting our website, in accordance with the EU General Data Protection.
This website (https://www.windcatworkboats.com/) is owned, operated and controlled by CMB.TECH NV, a company organised under the laws of Belgium with registered office at De Gerlachekaai 20, Antwerp 2000. This means that CMB.TECH is responsible for determining the purpose and resources for processing your personal data. We collect, use, disclose and otherwise process personal data that is necessary for the purposes identified in this privacy statement or as permitted by law.
We are required under data protection legislation to notify you of how we collect and use personal data about you as well as other information contained in this privacy notice. This notice does not form part of any contract to provide services. We may update this notice from time to time.
Please note that our website and other digital platforms may contain links to third party websites/digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms. We recommend that you check the privacy and security policies and procedures of each and every website / digital platform that you visit.
Data protection principles
In compliance with applicable data protection laws, CMB.TECH commits that the personal data we hold about you are:
1. Used lawfully, fairly and in a transparent way
2. Collected only for valid purposes, clearly explained to you and not used in any way that is incompatible with those purposes
3. Relevant to the purposes we have told you about and limited only to those purposes
4. Accurate and kept up to date to the best of our knowledge (you are required to inform us of changes to your personal data to ensure our records are up to date)
5. Kept only as long as necessary for the purposes we have told you about
6. Kept securely and
7. Shared with third parties only as required and relevant to the purposes we have informed you of. When shared with third parties, we will make reasonable efforts to ensure such third parties comply with GDPR.
The type of information we hold about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity data includes first name, last name, title, company name.
• Contact data includes email address, physical address and telephone numbers.
• Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Usage data includes information about how you use our website.
Cookies
In common with many other website operators, we use standard technology called ‘cookies’ on our website. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate this website on each visit.
For more information on our cookies policy please use following link .
Purposes for which we use your personal data and legal basis for processing
We will only process your personal data when and to the extent that the law allows us to. In broad terms, we use your data for the following purposes:
• To better understand how people use our website to enable us to create better content and more relevant communications
• Provide you with information you have requested from us
• To share industry news and information with you and
• To communicate with you in general.
The above categories of information are necessary (a) for our legitimate interests (for running our business, provision of administration and IT services, network security, define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) and (b) to comply with a legal obligation.
Please note that if you fail to provide certain information when requested, or unprompted when it has changed, we may not be able to fulfil the above purposes.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so and, if required, we will request your consent prior to doing so.
Please note that we may process your personal data without your knowledge or consent where and to the extent this is required or permitted by law.
We may have to share your data with (a) other entities in the CMB.TECH Group, (b) third-party service providers (c) other third parties and (d) authorities, to the extent permitted by law and on a need to know basis. The third parties (including contractors and designated agents) which may process some or all of your personal data, as the case may be, are:
• Website maintenance service providers
• Judicial authorities or regulatory bodies
CMB.TECH requests third-party service providers and other entities in the CMB.TECH Group to assure CMB.TECH that they take appropriate security measures to protect your personal data in line with our policies. CMB.TECH requests its third-party service providers assurance they will not use your personal data for their own purposes but will only process your personal data for specified purposes and in accordance with our instructions and will retain your personal data only as long as required for said purpose in accordance with legal requirements.
We may transfer the personal data we collect about you to other entities in the CMB.TECH Group. When there is no adequacy decision by the European Commission in respect of the countries where such entities are established we will only effect such transfers as reasonably required for the purposes outlined in this notice on the basis of appropriate safeguards and/or the derogations under Articles 46 and 49 of GDPR.
Data security
We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer. The measures can be categorised in 5 ways
- Access Control measures
- Add/change/remove access procedures
- Periodic access reviews
- Authentication mechanisms (complexity, multi-factor,…)
- Privileged Access Management
- Change Management measures
- Ensure changes are properly requested, approved, tested and reviewed
- Use segregation of duty principles for applying changes to the systems
- Monitoring, Response and Service Level Management measures
- Detect and respond to incidents
- Manage partner agreements and service delivery
- Backup and Recovery procedures and systems
- Technical measures
- Perimeter Security
- Endpoint Security
- Network Security
- Application Security
- Penetration testing and vulnerability scanning
- Data Security measures o Use of Encryption technology o Exclusion of private data in reporting systems (Data Warehouse)
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the applicable legal requirements and the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
What are your rights?
You have various rights concerning the personal data collected about you. If you would like to exercise one of the rights described below, please contact us via the contact details provided below (by e-mail, telephone or post).
You have the following rights:
- Right to access and copy
- Right to amendment or rectification
- Right to have data deleted (right to be forgotten)
- Right to limit the processing
- Right to object
- Right to transferability
However, the exercise of the above rights is subject to certain exceptions in order to protect the public interest, our interests and the interests of other individuals.
When you submit a request to exercise your rights, we will first verify your identity by requesting a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands. Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.
In any case, we will answer you within 1 month. However, it may take up to 3 months to provide all details regarding your request, depending on the complexity of your request or if you have submitted multiple requests.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at dpo@cmb.tech. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We have appointed a data protection officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the Data Protection Officer:
- via e-mail: dpo@cmb.tech
- by letter: CMB.TECH NV f.a.o. DPO Belgica Building De Gerlachekaai 20 2000, Antwerp Belgium
Where do we store your data?
We store your personal data on our own IT systems or IT systems that are outsourced to third parties. All IT service providers act as data processors on our behalf and are located within the European Economic Area (‘EEA’).
We have taken the necessary physical and appropriate technical and organisational (precautionary) measures in order to secure your personal data against any form of unlawful processing. We restrict access to personal data to individuals and third parties who need access to this data for the abovementioned legitimate, relevant business purposes.
Do we share your data with third parties?
We have engaged various data processors to process your personal data on our behalf, including associated companies, IT service providers and other business service providers such as travel agents, client audits, leasing companies, financial institutions,… We may also share your personal data with other third parties if this is necessary for the purposes for which the data was collected e.g. flag states, authorities, classification societies,…
Some of these external parties are located outside of the EEA. If we provide data to external parties outside of the EEA, we will ensure that the transfer of personal data takes place in accordance with the relevant legislation and that there is an appropriate degree of protection. In addition, we will take reasonable efforts to implement safeguards for this type of transfer, such as model contract clauses, consent from individuals or other legal grounds.
Changes to the privacy statement We may unilaterally decide to make changes to this privacy statement. However, the most recent version will always be made available on our website.
What are your options for filing a complaint as subject of the data?
Despite all of our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we collect, use and/or process your personal data. Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint.
To start with, you can submit a complaint to us.
- via e-mail: DPO@cmb.tech
- by letter: CMB.TECH NV f.a.o. DPO Belgica Building De Gerlachekaai 20 2000, Antwerp Belgium
Furthermore, you can also file a complaint with the supervisory authority, which you can contact via the data details below:
- by telephone: +32 (0)2 274 48 00
- by fax: +32 (0)2 274 48 35
- by e-mail: contact@apd-gba.be
- by letter: Data protection authority Rue de la Presse 35 1000 Brussels Belgium
Subsequently, if you have incurred damages, you can also file a claim with the competent court.
For more information concerning complaints and legal recourse, we invite you to consult the website of the data protection authority in your country:
- Greece : http://www.dpa.gr/
- France : https://www.cnil.fr/en/home
- United Kingdom : https://ico.org.uk/
- Belgium :https://www.dataprotectionauth…