Oldendorff Crew Training

We, Oldendorff Carriers GmbH & Co. KG, Willy-Brandt-Allee 6 23554 Lübeck Germany (“Oldendorff” or “the Company”), place the utmost importance on protecting the personal data of our customers, visitors, suppliers, and employees. We process this data in compliance with the applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Our primary objective is to ensure that the rights of the individuals whose data we process are fully respected. This includes the protection of privacy, maintaining the confidentiality of personal information, and fulfilling all legal requirements related to our business activities. To achieve this, we implement strict data security measures and ensure transparency in all our data processing activities.

2. SCOPE

This policy applies to all personal data processed by Oldendorff as part of the application and recruitment process and crew training, as well as to crew data in our personnel systems. This also includes personal data collected from our visitors, business contacts, partners, employees, suppliers and other individuals involved in our activities. The policy also applies to personal data collected through digital platforms, such as our website and mobile applications. Further information on data processing can be found in our privacy policy, in complement this policy.

3. DEFINITIONS AND ABBREVIATIONS

Data Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data. In this case, Oldendorff Carriers GmbH & Co. KG is the Data Controller.

Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Data Subject: An identified or identifiable individual whose personal data is being processed.

Personal Data: Any information relating to an identified or identifiable natural person (Data Subject).

Processing: Any operation performed on personal data, including collection, storage, use, transfer, or deletion.

Explicit Consent: It refers to permission granted on a particular subject, based on clear information and voluntary decision-making, providing unequivocal assurance within that specific transaction.

4. ROLES AND RESPONSIBILITIES

4.1 Management Oldendorff as a controller is responsible for ensuring compliance with this policy and overseeing all personal data processing activities. The management will review and, if necessary, update the policy to reflect changes in data protection legislation or company practices.

4.2 Data Protection Officer (DPO) The DPO ensures adherence to data protection laws and acts as the main liaison for any data protection issues. Additionally, the DPO communicates with pertinent data protection supervisory authorities and reports directly to the company's executive team.

5. LEGAL OBLIGATIONS

As the Data Controller, Oldendorff is responsible for ensuring that personal data is processed lawfully, fairly, and transparently, in accordance with the principles set out in the GDPR.

5.1 Information Duty When collecting personal data, Oldendorff ensures that Data Subjects are informed about:

• The purpose of data processing

• The legal basis for processing (e.g., consent, legitimate interest)

• The identity and contact details of the Data Controller

• The recipients or categories of recipients of the data

• The Data Subject’s rights regarding access, rectification, erasure and restriction of processing, and objection

• The right to lodge a complaint with a supervisory authority

5.2 Data Security We employ both technical and organisational strategies to safeguard personal data. These measures are routinely assessed and enhanced to maintain the continuous confidentiality, integrity, availability, and resilience of our data processing systems.

6. CATEGORIES OF PERSONAL DATA PROCESSES DURING APPLICATION PROCESS AND CREW TRAINING

Oldendorff processes various types of personal data, including but not limited to:

• Identification data: Name, address, date of birth, national identification number

• Contact data: Email address, telephone number

• Employment data: Job title, work history, salary details

• Financial data: Bank account information

• Training data: information about online trainigs, date and results

• Technical data: data which is needed for connecting your device with our services such as browser version, operating system, language, cookies (technical needed).

Furthermore, personal data of applicants is collected during the recruitment process in order to create assessments and to check suitability for vacancies. The provided information, including contact details, professional qualifications and other relevant data, will be used only for recruitment purposes.

Data processing is strictly limited to what is necessary for the purposes for which the personal data is collected.

7. DATA PROCESSING PRINCIPLES

Oldendorff adheres to the following principles when processing personal data:

Lawfulness, fairness, and transparency: Data is processed lawfully, fairly, and in a transparent manner.

Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data minimisation: Data is adequate, relevant, and limited to what is necessary.

Accuracy: Data is kept accurate and up to date.

Storage limitation: Data is stored for no longer than necessary for the purposes for which it is processed.

Integrity and confidentiality: Data is processed securely to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

8. TRANSFER OF PERSONAL DATA

Oldendorff transfers personal data to third parties only where necessary and in compliance with GDPR requirements. Data may be shared with:

Service providers: For the purposes of fulfilling contracts, technical support, or other necessary services: MTR Bilişim Eğitim ve Danışmanlık Anonim Şirketi situated in Esentepe Mahallesi Kelebek Sok. Marmara Kule Apt. No: 2/83 Kartal, İstanbul

Authorities: Where required by law, or in response to legal requests

International transfers: If data is transferred outside the European Economic Area (EEA), appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place to ensure the security of the data.

9. RETENTION AND DELETION OF PERSONAL DATA

Personal data is kept only as long as needed for its original purpose or by legal requirements. After this time, or if requested by the Data Subject, Oldendorff ensures the data is securely deleted, anonymised, or destroyed.

10. DATA SUBJECT RIGHTS

Data Subjects have the following rights under the GDPR:

Right of access: Obtain confirmation as to whether their personal data is being processed and access to that data.

Right to rectification: Request correction of inaccurate personal data.

Right to erasure: Request deletion of personal data when there is no longer a legal ground for processing.

Right to restrict processing: Restrict the processing of their data in certain circumstances.

Right to data portability: Receive their personal data in a structured, commonly used, and machine-readable format.

Right to object: Object to processing based on legitimate interests or direct marketing.

11. COMPLAINTS AND CONTACT INFORMATION

If a Data Subject believes their personal data has been processed unlawfully or in violation of their rights, they have the right to lodge a complaint with a data protection supervisory authority. Oldendorff´s itself and / or DPO can be contacted for any questions or concerns related to this policy or data protection in general.

Contact: Oldendorff Carriers GmbH & Co. KG Telephone: 49 (0) 451 15 00 0 Telefax: 49 (0) 451 73 522 Email: info@oldendorff.com DPO: E-Mail: thilo.noack@sharedit-pro.de

12. COOKIE POLICY

Oldendorff uses cookies and similar technologies on its digital platforms to improve the user experience and gather analytics data. Users can manage their cookie preferences through their browser settings. For more details, please refer to our Cookie Policy.

13. Data protection information for applicants

We are pleased that you are interested in us and that you are applying or have applied for a position in our company. In the following, we would like to provide you with information on the processing of your personal data in connection with the application.

What data about you do we process? And for what purposes?

We process the data you have sent us in connection with your application in order to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process.

What is the legal basis for this?

The legal basis for the processing of your personal data in this application process is primarily Art. 6 para. 1 lit. b) GDPR. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

If, after completion of the application process, the data may be required for legal prosecution, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the purpose of safeguarding legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in asserting or defending claims.

How long is the data stored?

In the event of a rejection, applicants' data will be deleted after 6 months. Reasons for data storage are legal protection of the company and to be able to understand the process of the selection process. It is also possible that a position has to be filled again and that quick access to data of suitable candidates may be necessary for us as a company.

In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will also be deleted after 2 years.

If you have been awarded a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

To which recipients will the data be passed on?

Your applicant data will be reviewed by the HR and the crewing-department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. Then the further procedure will be coordinated.

For additional information and further privacy notices, please visit: https://www.oldendorff.com/privacy