Privacy Statement and General Terms & Conditions

In this Privacy Statement, Portbase provides a description of the way in which it collects and processes the personal data of its website visitors and customers (users of the Port Community System (PCS)). In doing so, it is acting in line with applicable privacy laws (General Data Protection Regulation (GDPR)). The principle followed is that Portbase only collects data which are necessary for the delivery of services and which help improve the services provided to customers.

Portbase collects and processes the following personal data for the purposes listed below.

As a Controller Portbase processes contact information: company name, name (initial and surname), gender, e-mail address, address, postcode, city, phone number

• The use of products (PCS services) that require a user account. This applies only to customers with whom Portbase has concluded an agreement to deliver services. In order to use these services, personal accounts are created for users.
• Portbase informs its customers about functional changes and other relevant information relating to the service(s) purchased.
• Portbase sends newsletters to those customers who have indicated that they wish to receive them. If you do not wish to receive this information, you can inform Portbase by unsubscribing via a link in the newsletter.

When using the service ‘Notification Crew & Passengers’, Portbase processes as a Processor the following data of crew members and passengers (the data subjects): Name, Gender, Nationality, Date of Birth, Place of Birth, Travel Document Information (type, number, expiration date and country of issue). For this service, Portbase has taken additional security measures (the contents of these messages are not stored and are not accessible by Portbase). Portbase advises customers who use this service to also take additional measures.

• This service is used for the electronic delivery of crew and passenger lists to the Seaport Police and the Royal Netherlands Marechaussee.

When using the website (www.portbase.com), Portbase collects certain information about the use of the website ( IP addresses excluded) and the preferences of visitors.

•  Facilitating internet use by means of cookies: saving login names, passwords and preferences and language settings.
• Analysing and improving the website: cookies may be used to store preferences and interests based on visit and click behaviour.
• Enabling interaction through social media: we use social media on parts of our website so that you can like or share videos, news or promotions through social media like Facebook, LinkedIn and Twitter.

You can adjust your browser settings in case you do not want to receive analytical cookies visiting our website. In this case:

• You may not be able to use all the features of our products, services and activities.
• You may not have access to certain parts.

As laid down in the GDPR, data subjects can exercise various rights with respect to the processing of their personal data. The manner in which Portbase interprets the exercise of these rights is outlined below.

Permission
The data subjects must give their consent before personal data may be collected for the processing of personal information other than pursuant to an agreement. This consent must be obtained for each purpose for which the data are collected. The data subject has the right to withdraw this permission.

Access, modification and deletion
Data subjects can submit a request for access, modification or deletion their data to the Service Desk. Portbase will meet such requests or inform the data subject about the status of the request within the applicable term of 1 month.

Portbase takes appropriate technical and organisational measures in order to protect personal data against loss, etc. The measures taken by Portbase are in line with the ISO 27002 standard. They include the following:

• Screening of employees.
• Within Portbase, there is a Security Manager who is responsible for security issues.
• Annual independent security audit of the organisation.
• Portbase is a member of the port ISAC, a forum within which public and private parties share information and experiences about cyber threats and vulnerabilities in the port community.
• The data centre of our hosting partner is ISO 27000 certified.
• The PCS works at two different locations; essential components are duplicated. If a problem occurs at one location, the PCS (including all data) continues to function.
• We work with secure connections both via the web and for system links.

Portbase reserves the right to make changes to this Privacy Statement. All amendments will be published on this page. We recommend that you consult this Privacy Statement regularly, so that you will always be up to date on the content of the applicable Privacy Statement.

1] Portbase is a trade name of Port infolink B.V., Rotterdam.