Your privacy is very important to the Russian Maritime Law Association (“RUMLA”), no matter if you are our current or prospective member or simply a visitor of our web-site. With this Privacy Notice, we want to make you aware of how we collect and process your personal data as a data controller.
We process personal data in accordance with all laws that apply to the protection of personal data, including the GDPR, i.e. the European Union’s General Data Protection Regulation 2016/679 GDPR (“Data Protection Laws”). We use personal data for the purposes of identifying our prospective members and processing membership applications, notifying our current members of RUMLA events as well as the latest developments in the maritime legal sector, amongst others. In accordance with the Data Protection Laws, those persons whose personal data we process are entitled to obtain information on the personal data we process and to use their rights based on the GDPR as further described in this Privacy Notice.
We do our best to ensure that your personal data is processed lawfully and in a transparent manner, and to ensure that your personal data is safe, accurate and up to date.
You may help us in keeping your personal data up to date by reviewing and updating your contact details as well as your notification preferences. You can do this by sending an e-mail to email@example.com or by post to our registered address: 1 Orlovskaya street, office 31, Saint-Petersburg, Russia, 191124.
We apply the appropriate technical and organisational measures to ensure that your personal data is safe with us. These measures include, for example, data processing agreements and non-disclosure agreements that we have concluded with our staff and partners.
Legal basis and purposes for processing your personal data
Our main purposes as a maritime law association are to promote the study of maritime law and to provide information regarding maritime and shipping law to our members and the general public.
These are the main purposes for which we process personal data. We also use personal data to develop our information services, to manage our relationship with our members and to provide basic information about our membership to visitors of our website. To achieve those goals, we act as the data controller, and the processing of personal data is necessary for the purposes of our legitimate interests and for the fulfilment of our purposes.
You may also give your consent for the processing of your personal data for one or more specific purposes (for example in relation to e-mail notifications about RUMLA events and news in the maritime legal sector).
How do we collect personal data and how do we use it?
We primarily collect personal data from the data subject him/herself when we receive a signed membership application form from that subject. We collect personal data that relates to e.g. identification, which includes personal data such as basic identifying information, contact details and professional background information provided to us directly and voluntarily by our prospective members (either natural persons or companies).
We also collect personal data when we manage our promotional activities and communicate with the data subjects for consultation purposes. We collect personal data e.g. in order to send invitations to our events, or to send out newsletters or other news relating to our association and the maritime legal sector.
We also collect personal data via our website as follows:
You can subscribe to our newsletter to receive event invitations and news regarding our services and the firm. You can unsubscribe at any time to stop receiving this information.
‘Contact us’ form
You can send us your queries concerning RUMLA and its activities through an online form in the ‘Contact’ area of our website.
As mentioned above, we primarily process personal data we have obtained directly from you. When necessary, we may also collect or update personal data from publicly available sources or from commercial databases.
What types of personal data do we process?
We may process personal data of the following categories:
• Basic identifying data, including name and contact details (such as email address, telephone number and address); title(s) and association with previous and current employers, such as work tasks and title;
• Identifying information about our members who are natural persons (for example, name, date of birth, personal identification number, citizenship, passport copy)
• Information provided to us for the purposes of attending meetings and events (for example, name, email address, dietary requirements)
• Information about whether you have consented to or opted out of receiving direct marketing
• Automatically collected data, i.e. data collected by our website cookies as specified above and e.g. information about whether you have opened and read an email message we have sent you.
Where do we store personal data?
We primarily process personal data on servers located in Russia.
However, we may need to transfer your personal data from a location in Russia to a third country. With regard to transfers of personal data to countries where the local data protection legislation does not provide an adequate level of data protection, we will implement appropriate safeguards under the GDPR and the applicable Russian legislation to ensure that your personal data remains protected and secure. Such international transfers of personal data will be based on the standard contractual clauses approved by the European Commission. To learn more about the appropriate safeguards we use, please contact us at firstname.lastname@example.org.
Will data be transferred or disclosed to third parties?
We will not disclose personal data to any third parties unless we are required to do so under applicable laws or in order to provide services to our members.
We use partners and service providers in connection with activities that require the processing of personal data, and as such, personal data will be transferred to and processed by third-party providers (data processors) that provide services to RUMLA. All of these partners and third-party service providers must comply with our written data processing agreements, and they must implement appropriate technical and organisational measures to ensure the protection of your personal data. Furthermore, they may not process any personal data transferred to them for any other purposes than for providing services to us. The only employees with access to your personal data will be those employees who need to process your personal data.
How long we retain specific personal data depends on the personal data concerned and the purposes for its processing. We will retain personal data at least for as long as needed in order to carry out the purposes of processing mentioned above, such as in order to reply to a query, to provide the data subject with notifications and updates or in order to manage the relationship between us and our prospective and current members.
The retention periods are determined in accordance with the following criteria:
• Related personal data will be retained for as long as our legitimate interest can reasonably be considered valid. The validity of this legitimate interest is determined by, for example, communications between us and the data subject.
• Ultimately, we will retain the personal data of our members for the entire duration of their membership contract we have concluded with the data subject or with an organisation represented by the data subject.
• Related personal data will be deleted if the data subject withdraws their consent or objects to the processing of their personal data for direct marketing purposes.
When your personal data is no longer needed, your personal data will be destroyed in a secure way or irrevocably anonymised.
What are your rights regarding your personal data?
The GDPR ensures that the data subject has a number of rights and that the data subject can exercise these rights in many cases to govern the processing of their personal data. The extent of the data subject’s rights is subject to the legal basis provided for processing the relevant personal data, and the data subject must provide identification in order to exercise the said rights. Where we have reasonable doubts concerning the identity of the natural person making the request referred to below, we may request you to provide additional information that we require to confirm your identity.
You can use your rights by sending an e-mail to email@example.com or by post to our registered address: 1 Orlovskaya street, office 31, Saint-Petersburg, Russia, 191124.
• Right of access: You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed of whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing.
• Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You may also request the completion of any incomplete personal data relating to you.
• Right to object: You are entitled to object to certain processing of your personal data, and we may be obliged to comply with your request unless we can demonstrate compelling legitimate grounds for further processing of such personal data.
• Right to opt out of email updates: You can opt out at any time by contacting us as specified above.
• Right to erasure: You may request the erasure of your personal data, and we are obliged to comply with your request e.g. in the event that the relevant personal data is no longer required for the purposes for which it was collected, or where we have unlawfully processed the relevant personal data.
• Right to restrict processing: Under certain statutory situations, we may be obliged to restrict the processing of your personal data.
• Right to withdraw your consent: In cases where we have been processing your personal data based on your consent, you have the right to withdraw your consent to such processing at any time.
• Right to data portability: In certain cases, you have the right to receive any personal data we process in a structured, commonly used and machine-readable format, where this is technically feasible.
We do not engage in any kind of automated individual decision-making.
We do not process any personal data that is included in the special categories of personal data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health data, etc.).
In the event that you consider the way in which we process your personal data to be in breach of the applicable legislation, you may lodge a complaint with the national supervisory authority regarding our processing of your personal data. If you are located in Russia, your local data protection authority is the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) (http://eng.rkn.gov.ru).
If you have any questions regarding the processing of your personal data, please feel free to contact us by sending an e-mail to firstname.lastname@example.org or by post to our registered address: 1 Orlovskaya street, office 31, Saint-Petersburg, Russia, 191124.
This Privacy Notice was created in November 2018. We reserve the right to update and amend this Privacy Notice. Unless otherwise provided in mandatory applicable legislation, we may not personally notify the data subjects of any changes we make to this Privacy Notice. We kindly ask that you review this Privacy Notice from time to time for possible changes.