CODE OF CONDUCT ON CONFIDENTIALITY
Code of conduct Objectives
The objectives of EU SHIPSAN ACT Joint Action (EU SHIPSAN ACT) Policy for Code of Conduct on Confidentiality and Information Security are to preserve:
- Confidentiality: Access to Data shall be confined to those with appropriate authority.
- Integrity: Information shall be complete and accurate. All systems, assets and networks shall operate correctly, according to specification.
- Availability: Information shall be available and delivered to the right person, at the time when it is needed.
Code of conduct Policy Aim
The aim of this policy is to establish and maintain the security and confidentiality of information, information systems, applications and networks owned or held by EU SHIPSAN ACT by:
- Ensuring that all members of staff are aware of and fully comply with the relevant legislation as described in this and other policies.
- Describing the principles of security and explaining how they shall be implemented.
- Introducing a consistent approach to security, ensuring that all members of staff fully understand their own responsibilities.
- Creating and maintaining within the organization a level of awareness of the need for Information Security as an integral part of the day to day business.
- Protecting information assets under the control of the EU SHIPSAN ACT.
Code of conduct Scope
This policy applies to all information, information systems, networks, applications, locations and users of EU SHIPSAN ACT Information Systems [EU SHIPSAN ACT IS] (EU SHIPSAN ACT web portal, SIS, EU SHIPSAN ACT Forum, EU SHIPSAN ACT eLearning Platform).
Duty of Confidence
All EU SHIPSAN ACT Information Systems users are responsible for maintaining the confidentiality of information gained during their usage of EU SHIPSAN ACT IS. Confidential information can be anything that relates to service users, staff (including non-contract, volunteers, ship and agency staff, doctors, public health officers, locums), their family or friends, however stored.
For example, information may be held on paper, USB disc, flash memory, CD/DVD, computer file or printout, video, photograph or even heard by word of mouth. It includes information stored on portable devices such as laptops, palmtops, mobile phones, smart phones and digital cameras. It can take many forms including medical notes, social care information, audits, inspections employee records, occupational health records etc. It also includes any company information e.g. Trust confidential information.
Person-identifiable information is anything that contains the means to identify a person, e.g. name, address, postcode, IMOs, date of birth, EU SHIPSAN ACT ID numbers, etc. Please note even a visual image (e.g. photograph) is sufficient to identify an individual. Certain categories of information are legally defined as particularly sensitive and should be most carefully protected by additional requirements stated in legislation.
During your duty of work you should consider all information to be sensitive, even a service user’s name and address. The same standards should be applied to all information you come into contact with.
Responsibilities for Information Security
The service provider will ensure that an Information Security Management System is in place and working effectively. Line managers are responsible for ensuring that their permanent and temporary staff and contractors are aware of:
- The information security policies applicable in their work areas
- Their personal responsibilities for information security
- How to access advice on information security matters
All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action. This policy shall be maintained, reviewed and updated by the IT EU SHIPSAN ACT Team. This review shall take place as appropriate. Line managers shall be individually responsible for the security of their physical environments where information is processed or stored.
Each member of users or staff shall be responsible for the operational security of the information systems they use.
EU SHIPSAN ACT is obliged to abide by all relevant European Union legislation. The requirement to comply with this legislation shall be devolved to employees, agents and users of EU SHIPSAN ACT, who may be held personally accountable for any breaches of information security for which they may be held responsible.
Information Security Framework
EU SHIPSAN ACT IS have specific Information Security framework which contains:
- Specific Access Controls
- Classification of Sensitive Information
- Protection from malicious software
- Monitoring systems access and use
- System Change Controls (Changes to information systems, applications or networks shall be reviewed and approved)
- Intellectual Property Rights (The EU SHIPSAN ACT shall ensure that all information products are properly licensed and approved by the IT EU SHIPSAN ACT team. Users shall not install software on the EU SHIPSAN ACT‘s property without permission from the IT EU SHIPSAN ACT Team. Users breaching this requirement may be subject to disciplinary action.)
- Do not talk about service users in public places or where you can be overheard.
- Do not leave any records, inspections or confidential information lying around unattended.
- Make sure that any computer screens, or other displays of information, cannot be seen by others.
- Log out when you finish a delegation with EU SHIPSAN ACT IS.
A Security Incident is any event that has or could:
- cause an unauthorized disclosure of confidential information
- put the integrity of a computer system or data at risk
- put the availability of the system or information at risk
- have an adverse impact e.g. systems IS failure to the EU SHIPSAN ACT.
All incidents or information indicating a suspected or actual security breach should be reported. Any IT breaches should be reported both to your line manager and to the IT EU SHIPSAN ACT Team.
The EU SHIPSAN ACT IS are committed to protecting your privacy. This Statement of Privacy applies to the EU SHIPSAN ACT IS and governs data collection and usage. By using the EU SHIPSAN ACT IS, you consent to the data practices described in this statement.
Collection of your personal Information when registering to the member´s area
If you register to the password protected services of the EU SHIPSAN ACT IS, you are asked to provide personally identifiable information, such as your e-mail address, name, work address or telephone number. There is also information about your computer hardware and software that is automatically collected by EU SHIPSAN ACT. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the EU SHIPSAN ACT IS. EU SHIPSAN ACT is not responsible for the privacy statements or other content on websites outside of the EU SHIPSAN ACT IS.
Use of your Personal Information
Your personal information is used to operate the EU SHIPSAN ACT IS and to deliver the services you have requested. EU SHIPSAN ACT does not sell, rent or lease its customer lists to third parties. The EU SHIPSAN ACT IS keeps track of the pages our user visits within the EU SHIPSAN ACT IS, in order to determine what services are the most popular. EU SHIPSAN ACT will disclose your personal information, without notice, only if required to do so by law to: (a) conform to the edicts of the law or comply with legal process served on the EU SHIPSAN ACT IS; (b) protect and defend the rights or property of the EU SHIPSAN ACT IS and, (c) act under exigent circumstances to protect the personal safety of users of the EU SHIPSAN ACT IS, or the public.
The EU SHIPSAN ACT IS uses "cookies" and “anonymous identifiers” to help you to personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize the EU SHIPSAN ACT IS, or register with the EU SHIPSAN ACT IS or its services, a cookie helps the EU SHIPSAN ACT Website to recall your specific information on subsequent visits. When you return to the same EU SHIPSAN ACT Website page, the information you previously provided can be retrieved, so you can easily use the EU SHIPSAN ACT IS features that you customized. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the EU SHIPSAN ACT IS services.
Security of your Personal Information
EU SHIPSAN ACT web services, secures your personal information from unauthorized access, use or disclosure. EU SHIPSAN ACT web services, secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
Changes to this Statement
EU SHIPSAN ACT will occasionally update this Statement of Privacy. EU SHIPSAN ACT encourages you to periodically review this Statement to be informed of how EU SHIPSAN ACT is protecting your information.
EU SHIPSAN ACT welcomes your comments regarding this Statement of Privacy to reflect web services feedback. If you believe that this Statement is not adhered to, please contact EU SHIPSAN ACT at firstname.lastname@example.org & email@example.com . We will use reasonable efforts to promptly determine and remedy the problem.
Conflict of interest
Any situation which places the individual in an actual, potential or perceived conflict between his or her private, personal or other interests (or the private, personal or other interest of an Associate of the individual) and the individual’s duties to SIS. Of particular concern are conflicts of interest that result in, or may result in, the following:
- the execution of SIS duties being influenced to the detriment of SIS;
- a gain, advantage or showing of preference to an individual or an Associate of an individual, to the detriment of SIS;
- the use of privileged or confidential information for personal gain;
- a reciprocal benefit or arrangement between an individual and an external organization or individual;
- outside interests or activities that erode the trust and confidence in the integrity of the SIS by the public and stakeholders.
The following are examples of Conflict of Interest situations only and are not intended to be exhaustive.
- Using privileged or confidential information for personal gain
- Influence Peddling, including accepting or offering personal rewards in order to influence business transactions affecting the SIS
- Requesting or accepting money, gifts, gratuities, loans or service for personal or family benefit without full payment for value received, from an enterprise which does business with the EU SHIPSAN ACT Information System (SIS)
- Conducting business on behalf of the SIS with an enterprise in which the employee or member of his or her immediate family has a personal or financial interest
- Engaging in outside personal interests / actions / business that could give rise to a perceived potential or actual conflict of interest. This includes activities that encroach on the time and attention required to perform duties properly, interfere with independent judgment, or erode the trust and confidence in the integrity of the SIS by the public and stakeholders (examples include reciprocal arrangements, political activities, academic or industry affiliations, etc.)
- use of SIS equipment, name, logo, services or materials, personnel or trainees for personal gain or benefit
- Self–dealing, including using one's position, influence or authority to promote the hiring, purchase, lease or use of goods or services used by the SIS, where the employee or member of his or her immediate family stands to gain financially from such dealing
AGREEMENT BETWEEN USER AND EU SHIPSAN ACT Web Services
The EU SHIPSAN ACT Information Systems are offered to you conditioned on your acceptance without modification of the terms, conditions, and notices contained herein. Your use of the EU SHIPSAN ACT IS constitutes your agreement to all such terms, conditions, and notices.
NO UNLAWFUL OR PROHIBITED USE
As a condition of your use of the EU SHIPSAN ACT IS, you warrant to EU SHIPSAN ACT that you will not use the EU SHIPSAN ACT IS for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the EU SHIPSAN ACT IS in any manner which could damage, disable, overburden, or impair the EU SHIPSAN ACT IS or interfere with any other party's use and enjoyment of the EU SHIPSAN ACT IS. You may not attempt to gain unauthorized access to any Services, other accounts, computer systems or networks connected to any EU SHIPSAN ACT server-s or to any of the EU SHIPSAN ACT Services, through hacking, phishing, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available or provided by the EU SHIPSAN ACT IS.
USE OF COMMUNICATION SERVICES
The EU SHIPSAN ACT Information Systems may contain bulletin board services, chat areas, news groups, communities, personal web pages, photos, calendars, and/or other message or communication facilities designed to enable you to communicate with all registered EU SHIPSAN ACT members or other organizations at large or with individual members (collectively, "communication services"). You agree to use the EU SHIPSAN ACT communication services only to post, send and receive messages and material that are proper and, when applicable, related to the particular communication service. By way of example, and not as a limitation, you agree that when using a communication service, you will not:
- Defame, abuse, harass, stalk, threaten or otherwise violate the legal rights (such as rights of privacy and publicity) of others (EU legislation for Personal Data protection & Privacy Protection).
- Publish, post, upload, distribute or disseminate any inappropriate, profane, defamatory, infringing, obscene, indecent or unlawful topic, name, material or information.
- Upload files that contain software or other material protected by intellectual property laws (or by rights of privacy of publicity) unless you own or control the rights thereto or have received all necessary consents.
- Upload files that contain viruses, Trojan horses, worms, time bombs, cancelbots, corrupted files, or any other similar software or programs that may damage the operation of another's computer.
- Advertise or offer to sell or buy any goods or services for any business purpose, unless such Communication Service specifically allows such messages.
- Conduct or forward contests, pyramid schemes or chain letters, junk email, spamming or any duplicative or unsolicited messages (commercial or otherwise).
- Download any file posted by another user of a Communication Service that you know, or reasonably should know, cannot be legally distributed in such manner.
- Falsify or delete any author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material contained in a file that is uploaded.
- Restrict or inhibit any other user from using and enjoying the Communication Services.
- Violate any code of conduct or other guidelines which may be applicable for any particular Communication Service.
- Violate any applicable laws or regulations.
- Harvest or otherwise collect information about others, including email addresses, without their consent.
- Use any material or information, including images or photographs, which are made available through the Services in any manner that infringes any copyright, trademark, patent, trade secret, or other proprietary right of any party.
- Create a false identity for the purpose of misleading others.
- Use, download or otherwise copy, or provide (whether or not for a fee) to a person or entity any directory of users of the Services or other user or usage information or any portion thereof.
- Reveal personal and sensitive data from people or organizations
EU SHIPSAN ACT has no obligation to monitor the communication services. However, EU SHIPSAN ACT reserves the right to review materials posted to the EU SHIPSAN ACT IS and to remove any materials in its sole discretion.
EU SHIPSAN ACT reserves the right to reassign your enrollment for your access to any or all of the communication services at any time without notice for any reason whatsoever.
EU SHIPSAN ACT reserves the right at all times to disclose any information as necessary to satisfy any applicable law, regulation, legal process or governmental request, or to edit, refuse to post or to remove any information or materials, in whole or in part, in EU SHIPSAN ACT 's sole discretion. EU SHIPSAN ACT does not control or endorse the content, messages or information found in any communication service and, therefore, EU SHIPSAN ACT specifically disclaims any liability with regard to the communication services and any actions resulting from your participation in any communication service. Materials uploaded to the EU SHIPSAN ACT IS may be subject to posted limitations on usage, reproduction and/or dissemination. You are responsible for adhering to such limitations if you download the materials.
MATERIALS PROVIDED OR POSTED TO the SHIPSAN IS
EU SHIPSAN ACT does not claim ownership of the materials you provide to the EU SHIPSAN ACT IS (including feedback and suggestions) or post, upload, input or submit to the EU SHIPSAN ACT IS or its associated services (collectively "Submissions"). By posting, uploading, inputting, providing or submitting your Submission you warrant and represent that you own or otherwise control all of the rights to your Submission as described in this section including, without limitation, all the rights necessary for you to provide, post, upload, input or submit the Submissions.
Changes are periodically added to the information herein.
EU SHIPSAN ACT may make improvements and/or changes in the EU SHIPSAN ACT IS at any time.
Service Contact : firstname.lastname@example.org and email@example.com
EU SHIPSAN ACT reserves the right, in its sole discretion, to terminate your access to EU SHIPSAN ACT Information Systems and the related services or any portion thereof at any time, without notice.
MEMBER ACCOUNT, PASSWORD, AND SECURITY
If any of the Services requires you to open an account, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. You also will choose a password and a user name. You are entirely responsible for maintaining the confidentiality of your password and account. You are not allowed to create a false identity for the purpose of misleading others. Furthermore, you are entirely responsible for any and all activities that occur under your account. You agree to notify EU SHIPSAN ACT immediately of any unauthorized use of your account or any other breach of security. EU SHIPSAN ACT will not be liable for any loss that you may incur as a result of someone else using your password or account, either with or without your knowledge. However, you could be held liable for losses incurred by EU SHIPSAN ACT or another party due to someone else using your account or password. You may not use anyone else's account at any time, without the permission of the account holder.
All passwords are encrypted in EU SHIPSAN ACT‘s database.
Accounts and personal passwords issued to or created by users should be regarded as confidential and those passwords must not be communicated to anyone.
- Passwords should not be written down.
- Passwords should not relate to the employee or the system being accessed.
- Passwords should not be shared with colleagues.
For further advice, please contact the EU SHIPSAN ACT IT Help Desk (firstname.lastname@example.org).
No user should attempt to bypass or defeat the security systems or attempt to obtain or use passwords or privileges issued to other users. Any attempts to breach security should be immediately reported, via your line manager, using Adverse Incident Procedures.
We work hard to protect EU SHIPSAN ACT IS and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to EU SHIPSAN ACT users who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
When processing and handling any personal information you agree to comply in all respects with the terms of (i) the Data Protection Act 1998, (ii) EC Data Protection Directive 95/46/EC and Law 2472/97 on the protection of Individuals with regard to the Processing of Personal Data (as amended), (iii) any similar or equivalent legislation applicable when processing any Personal Data used in connection with Insights Products and Services. "Personal Data" shall have the meaning given to it in the Data Protection.
SHIPSAN SIS especially has reached operating License from Hellenic Data Protection Agency (HDPA) after EU SHIPSAN ACT’s disclosure record keeping and processing of personal data.
LINKS TO THIRD PARTY SITES
Links to third party sites will let you leave EU SHIPSAN ACT’s site. The linked sites are not under the control of EU SHIPSAN ACT and EU SHIPSAN ACT is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. EU SHIPSAN ACT is not responsible for webcasting or any other form of transmission received from any linked site. EU SHIPSAN ACT is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by EU SHIPSAN ACT of the site.
The contents of the EU SHIPSAN ACT IS (including all website design, text, graphics, the selection and arrangement thereof and all software compilations, underlying source code, software and all other material) are protected by copyright owned by Insights or its content and technology providers except insofar as individually stated on any particular material or items.
CHOICE OF LAW
The laws of the state or country where you live govern all claims and disputes under this agreement, including breach of contact claims and claims under state consumer protection laws, unfair competition laws, implied warranty laws, for unjust enrichment, and in tort. If you acquired the EU SHIPSAN ACT IS in any other country, the laws of that country apply. This agreement describes certain legal rights. You may have other rights, including consumer rights, under the laws of your state or country. You may also have rights with respect to the party from whom you acquired the EU SHIPSAN ACT IS. This agreement does not change those other rights if the laws of your state or country do not permit it to do so.
EU SHIPSAN ACT Joint Action