Contact Us

Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Data Protection Policy

Introduction

This Data Protection Policy outlines the principles and procedures Bulkargo Companies (hereinafter referred to as “the Company”) adheres to for protecting personal data. The policy ensures compliance with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR).

1. Scope

This policy applies to all personal data processed by the Company, regardless of the format or medium. It covers the personal data of customers, employees, suppliers, and any other individuals whose data the Company processes.

2. Data Protection Principles

The Company commits to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and transparently.
  • Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary concerning the purposes for which they are processed.
  • Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
  • Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability: The Company shall be responsible for and able to demonstrate compliance with these principles.

3. Legal Basis for Processing

The Company processes personal data based on one or more of the following legal bases:

  • Consent of the data subject
  • Performance of a contract
  • Compliance with a legal obligation
  • Protection of vital interests
  • Legitimate interests pursued by the Company or a third party

4. Data Subject Rights

Data subjects have the following rights regarding their personal data:

  • Right to Access: Data subjects can request access to their personal data.
  • Right to Rectification: Data subjects can request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Data subjects can request the deletion of their personal data.
  • Right to Restrict Processing: Data subjects can request the restriction of processing their personal data.
  • Right to Data Portability: Data subjects can request the transfer of their personal data to another organization.
  • Right to Object: Data subjects can object to the processing of their personal data.
  • Rights Related to Automated Decision-Making and Profiling: Data subjects have rights concerning automated decision-making, including profiling.

5. Data Security

The Company implements appropriate technical and organizational measures to ensure the security of personal data, including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication mechanisms
  • Regular training for employees on data protection practices

6. Data Breach Notification

In the event of a data breach, the Company will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible
  • Communicate the breach to affected data subjects without undue delay if it is likely to result in a high risk to their rights and freedoms

7. Data Transfers

The Company ensures that any transfer of personal data outside the European Economic Area (EEA) is carried out in compliance with data protection laws, using appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Adequacy decisions by the European Commission

8. Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer (DPO) responsible for overseeing the Company’s data protection strategy and implementation to ensure compliance with GDPR requirements. The DPO can be contacted at [DPO’s email address].

9. Policy Review

This policy is reviewed annually or as needed to ensure its effectiveness and compliance with relevant laws and regulations. Any changes to this policy will be communicated to all employees and relevant stakeholders.

10. Contact Information

For questions or concerns about this policy or the Company’s data protection practices, please contact:

Bulkargo Companies
Suite 15, Hunkins Water Front Jewels Main Street, Charlestown, Saint Kitts and Nevis
dataprotection@bulkargo.com