Privacy Notice for customers, suppliers, partners, investors and other stakeholders
What is the purpose of this document?
This privacy notice applies to individuals who work for or on behalf of or who are shareholders of former, existing or prospective customers, suppliers, business partners, stakeholders and/or investorsin relation to individuals who work for or on behalf of or who are shareholders of our business customers (B2B), suppliers, business partners (including within non Shell-operated joint ventures), stakeholders and/or investors of GasLog Partners LP and its subsidiaries and affiliates (“GasLog”, “GasLog Group”, “we” or “our”). This privacy notice describes how we collect and use personal data about you during and after your business relationship with us, in accordance with the EU General Data Protection Regulation (“GDPR”).
The data controller of your personal data is GasLog LNG Services Ltd., a company organized under the laws of Bermuda with its registered office at Clarendon House, 2 Church Street, Hamilton, Bermuda and its branch office established in Greece at 69 Akti Miaouli, GR-18537 Piraeus, Greece. This means that GasLog LNG Services Ltd is responsible for deciding how we hold and use personal data about you. We are required under data protection legislation to notify you of how we collect and use personal data about you as well as other information contained in this privacy notice.
This notice does not form part of any contract of employment or other contract to provide services. We may update this notice from time to time.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions (including our website privacy notice) when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information.
Data protection principles
In compliance with applicable data protection laws, GasLog commits that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes, clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date to the best of our knowledge (you are required to inform us of changes to your personal data to ensure our records are up to date);
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely; and
- Shared with third parties only as required and relevant to the purposes we have informed you of. When shared with third parties, we will make reasonable efforts to ensure such third parties comply with GDPR.
The kind of information we hold about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection.
We will collect, store, and use the following categories of personal data about you:
- Personal details (to the extent required) such as:
- Name and surname
- Telephone number
- E-mail address
- Other personal information that may be provided in a contract if you are the signatory of it
- Professional details such as:
- Job title
- Department and name of organisation
- Relationship with the relevant customers, suppliers, business partners, stakeholders and/or investors
- Other information that your organisation may include in a bid document
We may also collect, store and assess information about criminal convictions. For more information please see the relevant section below (‘Information about criminal convictions’).
How is your personal data collected?
Most of your personal data is provided directly by you or your organisation in the course of its business relationship with us. We may however collect personal data about criminal convictions from screening service providers. For more information please see the relevant section below (‘Information about criminal convictions’).
Purposes for which we will use your personal data and legal basis for processing
We will only process your personal data when and to the extent that the law allows us to. We need your personal information in the list above primarily for the following purposes (or for compatible purposes):
- Business operations
- Considering bids of our potential counterparties
- Executing agreements, reports and other documents which are required in the course of day-to-day business of GasLog
- Performing or receiving the services provided under the agreements with our customers, suppliers and business partners
- Managing business and investor relationships
- Carrying out marketing activities
- Providing access to our premises including our offices and vessels
- Communicating within the GasLog Group and/or with third parties
- Business management
- Management reporting
- Financial management
- Mergers and acquisitions
- Internal audits and investigations
- Compliance with laws
- Compliance with legal, tax, and regulatory obligations (including capital market regulations)
- Complying with health and safety obligations
- Dealing with disputes involving you or your organisation
- Processing personal data to comply with data subject requests pursuant to this privacy notice
The relevant personal data will only be processed (a) where it is necessary to enter into a contract with you; or (b) where it is necessary to comply with our legal obligations; or (c) where it is necessary to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights are protected and do not override those interests; or (d) in limited circumstances and only if legally required, with your consent. The situations in which we will process your personal data are listed below.
GasLog may process your personal data by using both automated processing and hard copies.
If you fail to provide personal data
If you fail to provide certain information when requested, or unprompted when it has changed, it will negatively affect our ability to communicate with you, or our ability to enter into a contract with a counterparty or continuing to contract with a counterparty. It may also prevent us from complying with our legal obligations.
Information about criminal convictions
To comply with our legal and regulatory obligations (especially with anti-bribery and corruption and anti-money laundering laws and other regulatory requirements) and to protect our assets and employees, we carry out screening on existing and potential business counterparties both pre-contract and on a periodic basis afterwards. This screening includes carrying out searches using an online screening tool provided by a screening service provider and may include individuals such as directors, officers and shareholders of our current and potential counterparties. To the best of our knowledge, these searches take place against publicly available or government issued sanctions lists and media sources. Your organisation may also share such data with us in the course of our anti-bribery and corruption due diligence.
This data may include personal data regarding suspected and actual criminal convictions, criminal records or proceedings regarding criminal or unlawful behaviour but only for the purposes of ensuring our compliance with legal and regulatory obligations and/or to the extent permitted or required by law.
Our due diligence officers will always review the screening results and any other information that may be provided by your organisation and there will be no automated decision making in relation to our counterparties or potential counterparties.
We may have to share your data with: (a) other entities in the GasLog Group, (b) third-party service providers (such as advisors, consultants, external auditors and law firms, building and security service providers, screening service providers etc.), (c) other third parties, and (d) authorities and regulatory bodies or agencies to the extent permitted by law and on a need to know basis.
How secure is your information with third-party service providers and other entities in the GasLog Group?
GasLog requests third-party service providers and other entities in the GasLog Group to assure GasLog that they take appropriate security measures to protect your personal data in line with our policies. GasLog requests its third-party service providers’ assurance they will not use your personal data for their own purposes but will only process your personal data for specified purposes and in accordance with our instructions and will retain your personal data only as long as required for said purpose in accordance with legal requirements.
Transferring information outside the EU
We may transfer the personal data we collect about you to other entities in the GasLog Group, and third-party service providers, not established in the European Union nor in a country for which the European Commission has issued an adequacy decision. This means these countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal data. However, we will only effect such transfers: (a) after taking organisational, contractual and legal measures to ensure that your personal data is adequately protected and processed as reasonably required for the purposes outlined in this notice under Article 46 of GDPR, or (b) in limited circumstances, on the basis of the derogations under Article 49 of GDPR.
We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Manager (see ‘Data privacy manager’ section below).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will we use your information for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the applicable legal requirements and the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current so please keep us informed if your personal data changes during your business relationship with us.
Your rights in connection with personal data
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
If you want to review, verify, correct or, under certain circumstances as provided by law request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Manager at email@example.com
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so at law.
Data privacy manager
We have appointed a data privacy manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the Data Protection Manager at the following e-mail address: firstname.lastname@example.org
Alternatively, you may send your written comments, inquiries or concerns to:
GasLog LNG Services Ltd
69 Akti Miaouli street,
Piraeus 185 37,
Attention: Data Protection Manager
You also have the right to make a complaint at any time to your local data protection authority or to the Hellenic Data Protection Authority (HDPA), the Greek supervisory authority for data protection issues, at Kifissias 1-3, 115 23 Athens, Greece.
Please visit http://www.dpa.gr/portal/page?_pageid=33,40911&_dad=portal&_schema=PORTAL for more information.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.