Privacy Policy
The MedSkippers project is a result of the Call for Proposals for EU Grants under the European Maritime and Fisheries Fund "Sustainable Blue Economy Call"EMFF Work Programme 2017. Call for proposals EASME/EMFF/2017/1.2.1.12 under the strand 3 "Blue Networks in the Mediterranean" The general objective of the call is to accelerate the development of the blue economy in the Mediterranean through closer cooperation between public and private maritime stakeholders such as education and training institutes, maritime clusters and fisheries local communities from the EU and its partner countries in the Mediterranean. This call support skills, innovation, entrepreneurship as well as job diversification and local communities empowerment.

The specific objective of the call is to promote networking and collaboration between marine and/or maritime, port and logistics - related education and training institutes in the Mediterranean to develop relevant skills and promote maritime professions in cooperation with business and public authorities.

The MedSkippers project is an EU funded project under a grant agreement for an action with multiple beneficiaries, with the agreement number EASME/EMFF/2017/1.2.1.12/S3/03/SI2.789395, between the Executive Agency for Small and Medium-sized Enterprises (EASME) and Dalula Marine SL. Other beneficiaries of the project, with which Dalula Marine SL signed a partnership agreement, are (i) the Asociación Patronal de Empresarios de Actividades Marítimas de Baleares (Spain), (ii) the International Sailing Schools Association (Cyprus), (iii) Oritek Innovations SL (Spain), (iv) Indigo Med SRL (Greece), and (v) Marina Saidia Management (Morocco). The general project objective is to foster growth and exploit opportunities in the nautical charter sector, while the specific objectives of the project are (i) to promote public & private cooperation for the international harmonisation of professional skippers training for small commercial vessles, (ii) to promote a cross-sectoral network including charter industry, sailing schools and skipper training centers, (iii) to improve professional skipper´s skills aiming to foster their employability, (iv) to build capacity in Mediterranean partner countries (non-EU) and (v) to increase competitiveness of small charter tourism enterprises by making maximum use of information technologies, (vi) to ensure the long term sustainability of the cross-sectoral network and (vii) to raise awareness about charter tourism and maritime professions among young.

The General Data Protection Regulation (GDPR) (EU 2016/679), applicable as of 25 of May 2018, is about the protection of natural persons in regards the processing of personal data and the free circulation of these data. For the purpose of this policy, the processing of the data relies on the project coordinator, Dalula Marine SL, located in Spain. It applies the Ley Orgánica 3/2018 as of 5 of December, about "Protección de Datos Personales y garantía de los derechos digitales (LOPD-GDD)" (BOE 295, 6 of December 2018, section I, pag. 119788), which adopts the GDPR.

The aim of this policy is to make all the clear to our visitors and costumers how we gather information, what information we gather, how we use the information gathered, where we store the information, who we share the information with and how you can access, update and/or delete your personal information.

1. Definitions

Personal Data Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Data processing Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third Party Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2. Name and Address of the data controller

Controller for the purposes of the GDPR, other data protection laws applicable in Members states of the European Union, and other provisions related to data protection is: Dalula Marine SL Passeig Torre Blanca 7. Floor 3 - Door 2. 08172 Sant Cugat del Valles - Barcelona. Spain. VAT number: ESB66959347 Email contact: hello@dalula.eu Telephone number: +34 696 085 214

3. Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyses data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

4. How we do collect data

4.1 Mapping of relevant publicly available information As part of the tasks envisaged in the GA of the MedSkippers project, all the project partners carry out a stakeholder mapping at EU level as well as non-EU Mediterranean countries with the ultimate goal of engaging relevant stakeholders for the achievement of the objectives of the project. As a result, and taking into account Article 8 of LOPD-GDD, and Article 6 of the GDPR, publicly available information of relevant stakeholders, such as names, position / department within the organization, type of organisation, and contact details are stored in a "Stakeholder database", in relation to contractual Deliverables 4.2, 4.3, 4.4 and 5.5 of the project. 4.2 Our own website In order to continuously improve the user experience on our website, the MedSkippers project uses google analytics. These track the pages visited, actions taken (clicks and searches), devices used (mobile, tablet or desktop) and source of the visit (google search, advert etc). We do not store any of this information, all data is processed by google. Please visit google analytics to be informed of their privacy policy

4.2.1 Partner Registration to the MedSkippers project Any data subject can register with the project website voluntarily using personal data. All data saved will be explicitly communicated by the form fields and no extra processing or profile matching will take place.

By registering on the project websites, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored.

The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller’s employees are available to the data subject in this respect as contact persons.

4.2.2 Subscription to the MedSkippers project newsletters Should you choose to register for MesSkippers newsletter, you will be authorizing the data controller to send you periodic newsletters via email only.

All data provided in the registration form will be sent on to Mail Chimp a third party email provider, please review Mail Chimp Privacy policy for further information.

Should you wish to unsubscribe you can do so by following the unsubscribe link presented in all news letters or by contacting the data controller directly. On unsubscribing all registration data will be deleted from MedSkippers servers, and deletion of your request for deletion will be passed to Mail Chimp.

4.2.3 Contact form via the website. If a data subject contacts the controller by email, via a contact form, or via the booking engine, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

4.2.4 Booking of a yacht or hiring a skipper. In case of booking a yacht or hiring skipper services, a rental contract is made between the data subject (=the renter) and the lessor of the yacht or the skipper by intermediary of the Controller. In this case the Controller is legally obliged to forward the necessary customer data received during the booking procedure to the lessor in order to enable the lessor to prepare the rental contract and to issue an invoice over its services. After a booking the lessor normally will be asked to send a crew list and a copy of his passport. In some countries also a registration with the responsible authorities (e.g. harbour police) by the lessor is required. The controller forwards the necessary documents for this purpose to the lessor.

4.3 Phone Upon calling any of the project partners to make an enquiry about the MedSkippers project, we may ask you for some basic information about your query, interest in the MedSkippers project, and contact details. We will enter the provided contact details (email address and phone numbers) into our stakeholder database. This so is as to formulate and send you a reply reflecting your needs.

4.4 Email Upon receipt of an email enquiry about the MedSkippers project, the MedSkippers partners will enter the provided contact details (email address and phone numbers) into our stakeholder database. This so is as to formulate and send you the requested information.

4.5 Social Media The MedSkippers project aims to be promoted by means of different social media channels such as Facebook, Twitter, Instagram, Youtube and/or Vimeo. When following the project on social media, the social media provider is responsible for the collection, storage and use of your information, which you have shared with them. We have access to analytic tools which they provide which we use for informational purposes. We can also view any information which you are sharing via the platforms. We will not use or store this information without seeking your permission to do so. Please refer to the Privacy Policy of each social media platform.

5. What do we do with the collected data

There are two main uses for the information we collect: operational requirements and communication and marketing:

5.1 Operational Requirements When a boat is charted or skipper services are hired, we will have gathered information as stated in section 4.2 of this policy. This information will be used to build a customer profile for you, to which we can match appropriate services between you and skippers and or yacht owners.

5.2 Communication and Marketing In all cases of marketing and communication we no material will be communicated with any party without explicit permission. Permission maybe granted via either a form on the project website or via Stakeholder meetings.

We use gathered information to offer tailored content by segmenting our database, but also by using information collected from cookies and other technologies, to improve your user experience and the overall quality of the service. Information compiled in our stakeholder databases is not going to be disclosed to third parties.

6. Where do we store the information Data is stored in a combination of proprietary data controller databases and on google drive

7. Who have access to our information Depending on the level of interaction with us, we will gather various types of information.

7.1 Project Partners Staff All the project partners have access to all the data collected by means of the project website. However, only the controller will have access to the data of those people booking a yacht or skipper services. All the project partners have signed a confidentiality agreement with the data Controller for which data can´t be disclosed to third parties and can´t be used for any other reason more than accomplishing the objectives of the MedSkipper´s project. The confidentiality is composed by two main sections:  and secrecy agreement states: o Unauthorized access to personal data should be avoided, for that purpose: personal data will not be exposed to third parties. o paper documents and electronic media will be stored securely 24 hours a day. o Electronic documents or media will not be discarded with personal data without guaranteeing their destruction. o No personal data or personal information will be transferred to third parties, special attention will be paid not to disclose protected personal data during telephone consultations or emails. o The duty of secrecy and confidentiality remains ever when the worker´s employment relationship with the company ends.

 Duty to keep the information secure o Updating of computers and devices: The devices and computers used for the storage and processing of personal data should be kept updated as possible. o Malware: On computers and devices with access to personal data, an anti- virus system will be available to guarantee, as far as possible, the theft and destruction of information and personal data. The antivirus system should be updated periodically. o Firewall: In order to avoid undue remote access to personal data, it must be ensure that a firewall is activated on computers and devices in which personal data are stored and/or processed. o Data Encryption: When it is necessary to bring personal data outside the MedSkippers internal shared workspace, the possibility of using and encryption method to guarantee the confidentiality of the data must be assessed to avoid unauthorized access to information.

7.2 Service Providers We have contracts and agreements with a number of external companies in order to ensure we can provide a good and well coordinated service. Tax advisors, IT providers, hosting services, pay per click campaigns, etc. The agreements have an unlimited duration. Our contracts with service providers will continue in full force unless one of the parties notifies the other about the contrary. Once the data is concluded the service providers must return the personal data to the controller and erase any copy in its possession. However, the data processor may keep the data locked to address possible administrative or jurisdictional responsibilities.

7.3 Operational Suppliers

Operation suppliers refers to suppliers of services to the MedSkipper project such as hiring a skipper of chartering a boat. Your information is passed to the suppliers and as such, we have signed agreements from all suppliers that they have carried out GDPR due diligence.

7.4 European Commission As an European funded project the staff of the European Commission has the duty and the right to monitor the achievement of the project outcomes, which includes the development of different stakeholders, skippers and volunteers databases. As the instigators of the GDPR the EC is the most entrusted organisation in this regard.

7.5 Managing Authorities On some occasions your information must be shared with local or regional authorities, such as port police, marinas and harbour officials. This can be for a number of reason and depends on the situation.

8. How do we share our information

Information is stored in Google Drive folders where only project partners have the right to access. In cases where we are transferring your information to authorities or suppliers via email, our accounts are covered by Google security measures.

9. Rights of the data subject

Each data subject has different rights granted by the European Legislator. He or she may, at any time, contact the controller in order to exercise his / her rights.

9.1 Right of confirmation Each data subject has the right to obtain from the data controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of conformation, he or she may, at any time, contact any employee of the controller.

9.2 Right of access The data subject will be provided with a list of the available personal data, together with the purpose at the time they were collected, the identity of the recipients of the data, the storage period, and the identity of the controller to exercise the rights of rectification, erasure and to object.

9.3 Right of rectification Each data subject have the right to modify the data of the data subject that were inaccurate or incomplete taking into account the processing purposes.

9.4 Right to erasure data will be deleted when the data subjects express their refusal or opposition to the consent for their data processing and there is no legal duty that prevents it.

9.5 Right to withdraw data protection consent Each data subject has the right to withdraw his or her consent to processing of his or her personal data at any time.

9.6 Right to data portability Data subjects must communicate their decisions and inform data controller about the identity of the data controller who is to be provided with his personal data, if it is the case.

10. Period for which the data will be stored 

Data will be stored as long as the data is necessary for the fulfillment of a contract between the controller and the European Commission or between the controller and the data subject, or for the years necessary to comply with legal obligations. After expiration of that period data will be routinely deleted.

11. Changes

Our Privacy Policy may change from time to time as the MedSkippers project moves forward or after the completion of the project. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice. We will also keep prior versions of this Privacy Policy in an archive for your review.