PRIVACY POLICY – CMB GROUP

1. Introduction

At the CMB Group your privacy is important to us. We are aware that you expect us to handle the personal information you entrusted to us responsibly. We are therefore committed to respect and protect your privacy in the most transparent way.

With this policy the CMB Group wants to ensure the protection of privacy rights. It informs how (1) the CMB Group collects and processes personal information, (2) the conditions under which personal information can be transferred and (3) how we keep the information secure.

This policy is written in accordance with the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal information and on the free movement of such information (GDPR), which came into force on May 25, 2018.

Any questions regarding this policy or other privacy related questions for the CMB Group should be sent by email to DPOffice@cmb.be or by writing to,

CMB N.V.
Attn. Data Protection Office
De Gerlachekaai 20
2000 Antwerp

2. Who are we?

The CMB Group is a global shipping group, founded in Belgium, operating (owned and chartered),

• dry bulk vessels, under the brand name Bocimar
• container vessels, under the brand name Delphis
• chemical tankers, under the brand name Bochem
• innovative vessels, under the brand name CMB Technologies

The business purpose of the CMB Group is domestic and non-domestic transport by sea and performing all kind of transactions and services related to this transport.

The CMB Group has established representative offices and/or legal entities both domestically and abroad (Tokyo, Singapore, etc.).

3. Your Privacy is important for us, which means that…

We are aware of the personal information that we hold and where it comes from
The CMB Group collects and processes the minimum amount of personal information to enable it to carry out effectively its obligations towards the data subject and only share such information with those individuals or entities strictly in compliance with the GDPR and other privacy regulations and the privacy principles set out in this policy.

We pursue an appropriate consent regarding the personal information we hold
The CMB Group has assessed the risks to the privacy of the information subjects and has taken steps to mitigate such risks and obtain any necessary consent where required.

The CMB Group only collects and processes personal information for lawful purposes, i.e.

• where the information subject has given clear consent to the processing of their personal information for a specific purpose
• for the performance of a contract
• where it is necessary for the legitimate interests pursued by the CMB Group, inter alia, but not limited to, direct marketing
• compliance with legal provisions

Collecting and processing this information will be in strict compliance with the GDPR, and other privacy regulations and the privacy principles set out in this policy.

We hold personal information no longer than is necessary
The CMB Group reviews the retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (e.g., various corporate documentation).

We will hold your personal information on our systems for as long as is necessary, inter alia, without being limited hereto, for

• the relevant activity wherefore the information has been processed
• the performance of any relevant contract
• any applicable time bars
• not jeopardizing future business
• limited direct marketing purposes

We assess who should have access to personal information
The CMB Group only allows its staff and officers to access personal information where this is necessary for the performance of their role within the business.

This access policy will be assessed on a regular basis, and amended where access is (no longer) necessary.

We have proper security measures in place for the personal information we hold
The CMB Group maintains strict controls around information security and ensures there are policies and procedures in place to safeguard the confidentiality and integrity of all the information it holds.

The security systems are robust, rehearsed and regularly reviewed.

The CMB Group operates a multi-layered security policy internally.

• E-mail security refers to the collective measures used to secure the access and content of an email account and service. It allows our organization to protect the overall access to one or more email addresses/accounts. This is done by using strong password and access control mechanisms on the email server. Also firewall and software-based spam filtering applications are in place to restrict unsolicited, untrustworthy and malicious email messages from delivery to a user’s inbox. Desktop-based anti-virus/anti-spam/firewall applications are protecting the client. Email server backups are re-used every three months. All emails are archived year by year and kept offline for a period determined by law.
• Server security refers to all servers’ firmware, Bios, Operation system, firewall, anti-virus system, and information base systems. These applications are reviewed monthly and updated accordingly to the supplier recommendations. All network devices are undergoing the same procedure. Role based server access is in place and changes are logged in a ticketing system.
• Physical security refers to physical access control (e.g., the badging system) and due care and diligence of the staff and officers on the office floor.
• Laptop/GSM security refers to staff and officers devices. These devices are reviewed monthly and update accordantly to the supplier recommendations. Laptops, tablets and smartphones are all encrypted and protected with an additional code.

4. The CMB Group respects your privacy rights

The rights of individuals, as set out in the GDPR and highlighted below, are recognised by the CMB Group.

• The right to be informed of how your personal information is being processed
• To right of access to your personal information
• The right to rectification of your personal information if it is inaccurate or incomplete
• The right to erase allowing you to request the removal of your personal information where there is no compelling reason for its continued processing
• The right to restrict processing where an you contest its accuracy or lawfulness
• The right to information portability allowing you to obtain and reuse your personal information for your own purposes
• The right to object to processing

5. Collection and processing of personal information

The business of the CMB Group may require the processing of personal information.

This may be necessary when concluding or performing a contract, to do all kinds of transactions (e.g. financial transactions or sale and purchase deals), to perform the shipping activities, etc.

This information may include, but is not limited to:

• Individual and business-contact information (such as name, company name, physical address, email address, and telephone or fax number) of customers, suppliers, bankers, brokers, shipping agents, lawyers, auditors, etc.
• Shipping information (such as (i) signatures as proof of facts, (ii) crewing details (iii) information provided to us regarding a voyage, (iv) information provided to us regarding cargo on board and ownership, but only to the extent an identifiable person can be linked to such information.
• Information that enables us to verify an individual's identity
• Payment, tax and financial information (such as bank-account numbers)

When you provide information to the CMB Group, please ensure that information is relevant, accurate and necessary for the business relationship. In particular when you are providing us with information relating to a third person, bear in mind the common information protection principles which apply.

6. Transfer of personal information

The CMB Group may transfer your information to managers, agents, service providers, subcontractors and other third persons or organisations, in order to be able to conduct its business, transactions and services.

Primarily the personal information can be circulated freely between the companies of the CMB Group. Besides the information may also be transferred to persons (e.g., shipping agents) or companies (e.g., ship managers) operating on behalf of the CMB Group, and to any other third party if such transfer is necessary for conducting our business, transactions or services. These transfers will be in strict compliance with the GDPR and other privacy regulations and the privacy principles set out in this policy.

Certain shipment information will be obligatorily provided to the authorities of the country of transit or destination for customs and tax clearance or for security screening, as required by the laws of the respective country. The information provided would usually include, but may not be limited to, crew details, details of agents, details of the cargo, etc.

The countries to which information are transferred may not have the same information protection laws as the GDPR. When the CMB Group transfers your information to other countries, we will protect that information in accordance with the GDPR and other privacy regulations and the privacy principles set out in this policy.

In case of cross-border information transfer between jurisdictions, we will follow the more strict legal provisions. We use contractual protections for the transfer of personal information among various jurisdictions (including, for example, the European Commission's standard contractual clauses) and we regularly work with our managers and other service providers or suppliers on measures to ensure the full compliance with the applicable information protection laws, including but not limited to the full compliance with the GDPR.

7. Profiling

The CMB Group may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.

8. Use of 'cookies'

Like many other websites, the CMB website (www.CMB.be) uses cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical information about your browsing actions and patterns and do not identify you as an individual. This helps us to improve our website and deliver a better and more personalised service.

It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.

9. Review of this Policy

We keep this Policy under regular review and it may be changed from time to time. Please check this webpage occasionally to ensure that you’re happy with any changes.

This Policy was last updated in May 2018.