Shipping Deputy Ministry Logo

The Shipping Deputy Ministry understands the importance of the protection of personal data and is committed towards protecting and processing the personal data of natural persons in an open, fair and transparent manner, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

This policy statement explains the framework for collecting and processing your personal data to ensure their protection and the rights you may exercise in relation to such data.


The SDM collects and processes personal data as provided for in the relevant legislation it implements, as it is mentioned in the Table below (see point I below), the provisions which create obligations for the submission of data, to the extent strictly necessary for the purposes of carrying out its responsibilities. Personal data may also be collected from the SDM offices overseas for the purpose of carrying out its responsibilities. The SDM shall take the necessary steps to ensure that the data are accurate and, where necessary, updated.

Personal data which may be processed:
As part of their work, in accordance with the relevant legislation, the various Directorates/Units may collect identity and contact details such as name, address, telephone number, date of birth, marital status, ID number, passport number, employment history, educational, academic and professional data, health data as well as financial and payment data including bank accounts and other information necessary for the processing of payments.

The processing is done for the following purposes:
Ι. The implementation of the shipping legislation, the provision of related services to the public and the ensuring of the proper functioning of the SDM [Legal basis A. 6(1) (a) to (e) GDPR]

The SDM Directorates/Units process personal data in the framework of their responsibilities, including, inter alia,

i. Oceangoing Ships RegistrationThe Merchant Shipping (Registration of Ships, Sales and Mortgages) Laws of 1963 to 2020 (Law 45/63 as amended).
ii. Coastal Passenger and Small Passenger Vessels RegistrationThe Coastal and Other Passenger Vessels Regulations of 2012 (P.I. No.278/2012).
iii. Small Vessels Registration and issuance of high-speed small vessel operators’ licensesThe Emergency Powers (Control of Small Vessels) Regulations of 1955 (P.I. No. 740/55).

The High Speed Small Vessels Laws of 1992 to 2020 (Law 56(I)/92 as amended).

The High Speed Small Vessels Regulations of 1999 (P.I. No.121/99).
iv. Marine Accidents
Investigations involving craft
Investigation of marine accidents that do not fall within the competence of the Marine Accident and Incident Investigation Committee (which was established pursuant to Law 94(I)/2012, see SDM related Circular No. 17/2014).
v. Seafarers Training and CertificationThe International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, 1978 (Ratification) and for Matters Connected Therewith Laws of 1985 to 2012 (The STCW Convention (Ratification) Laws, Law 8/85 as amended).

The Merchant Shipping (Registration of Seafarers and Seafarers’ Register) Laws of 2000 and 2012 (Law 108(I)/2000 as amended).

The Merchant Shipping (Issue and Recognition of Certificates and Marine Training) Laws of 2008 to 2022 (Law 27(I)/2008 as amended).

The Merchant Shipping (Medical Examination of Seafarers and Issue of Certificates) Laws of 2000 and 2014 (Law 107(I)/2000 as amended).

The Merchant Shipping (Criminal and Disciplinary Liability of Seafarers, Suspension or Cancellation of Certificates) Laws of 2000 and 2004 (Law 106(I)/2000 as amended).
vi. Maritime Labour IssuesThe Merchant Shipping (Masters and Seamen) Laws of 1963 to 2002 (Law 46/63 as amended).

The Maritime Labour Convention 2006 (Ratification) and for Matters Connected Therewith Law of 2012 (The MLC Convention Ratification Law 6(III)/2012).
vii. Ships security and safetyThe Merchant Shipping (Registration of Persons Sailing on Board Passenger Ships) Laws of 2002 and 2020 (Law 57(I)/2002 as amended).

The Protection of Cyprus Ships Against Acts of Piracy and other Unlawful Acts Law of 2012 (Law 77(I)/2012).
viii. Marine environment protection – reporting of marine pollutionThe International Convention for the Prevention of Pollution of the Sea from Ships (Ratification) and for Matters Connected Therewith Laws of 1989 to 2005 (The MARPOL Convention Ratification Laws, Law 57/89 as amended).

The Merchant Shipping (Ship Source Pollution) Laws of 2008 and 2010 (Law 45(I)/2008, as amended).
ix. Tonnage Tax SystemThe Merchant Shipping (Fees and Taxing Provisions) Laws of 2010 and 2020 (Law 44(I)/2010, as amended) and relevant subsidiary legislation.
x. Provision of aid, sponsorships and scholarships Commission Regulation (EU) No 1407/2013 of 18 December 2013 on the application of Articles 107 and 108 of the Treaty on the Functioning of the European Union to de minimis aid, as amended.

The State Aid Control (De minimis) Regulations 2009 (P.I. No 364/2009).
xi. Complaints of passengers travelling by seaRegulation (EU) No 1177/2010 of the European Parliament and of the Council of 24 November 2010 concerning the rights of passengers when travelling by sea and inland waterway.
xii. Organisation of Conferences and eventsArticle 6(1)(a) and (f) GDPR.
II. Control of entry into SDMs buildings, premises and facilities for security reasons (Legal basis A. 6(1)(f) of the GDPR)
The SDM has video-monitoring cameras (CCTV) installed and placed at respectively controlled points of entry/exit of the SDM main building on Kyllinis Street on the ground floor and on the second floor of the building as well as in the Iacovou House building. When entering the SDMs main building, a visitor log book is maintained as well.

III. Processing of applications for employment, recruitment or appointment (Legal basis A. 6(1)(c), (e) and (f) of the GDPR and the legal framework of the Public Service, Law.1(I)/1990 as amended)
The SDM processes the personal data of applicants for recruitment (against vacant posts, secondments, etc.), for leave and for promotions, retirements and other procedures concerning the staff, in accordance with the Public Service Law and relevant regulations.

IV. Notification and award of tenders (Legal basis A. 6(1)(c) and (e) of the GDPR and the legal framework governing public procurement, Law.73(I)/2016 as amended)
The SDM collects the personal data from the interested economic operators for the purposes of evaluating tenders, awarding tenders and implementing the relevant contracts.

V. For any other purpose related to or ancillary to any of the above or for any other purpose for which personal data were transmitted to the SDM.

In case you do not provide your personal data, the SDM may not be able to process your request.


As a rule, no data is shared or transmitted to third parties. In some cases, however, the SDM has the obligation to disclose the data of the subjects to third parties in the context of the performance of its tasks, powers and responsibilities.

Such cases are the forwarding of complaints to competent departments/services/organisations (with the consent of the data subject), but also in cases where during our audit, findings arise which are required to be sent to the Attorney General of the Republic, the Independent Authority against Corruption, the Police, etc.


The SDM does not transfer personal data to third countries or international organisations.


The SDM processes and stores your personal data for as long as it is necessary to complete the purpose for which they were collected. The SDM documents containing personal data are kept in electronic form in the electronic file archiving system and in hardcopy form in files with controlled access. Criteria for determining the retention period for each record may be the provisions of national or EU legislation, e.g. the State Archive Laws (Law 208/1991 as amended).


Right of access
You have the right to request a copy of your personal data processed by the SDM. This right is subject to exceptions and access may be refused where, for example, access to the requested information may lead to the disclosure of personal data of third parties or where the disclosure of such information is prohibited by law.

Right to rectification of inaccurate and/or incomplete personal data
You have the right to ask the SDM to correct your personal data if it is found that any retained personal data or information is not accurate or has changed.

Right to object
In specific cases and for reasons related to your particular situation, you have the right to object the processing of your personal data. To exercise this right, you can contact the SDM via the available contact details. The request will be assessed on the basis of the facts and the surrounding circumstances.

Right to erasure (to be forgotten) and right to restriction of processing
You have the right to request the erasure of your personal data when such information is no longer necessary for the purpose for which it was collected or where, inter alia, the processing of personal data lacks a lawful basis. You also have the right to request the restriction of the processing of your data.

Right to withdraw consent
When you are asked to give your consent so that the SDM can process your personal data, you have the right, at any time, to withdraw your consent. In this case, the processing carried out before the withdrawal of consent is still considered lawful.

Right to complain and appeal to a supervisory authority
Any complaint in relation to the use of personal data by the SDM may be submitted to the Data Protection Officer by email at or by mail as provided under point 7 below with a full description of the circumstances underlying the complaint. You also have the right to contact the Data Protection Commissioner ( or to apply to the court if, in your opinion, the processing of your personal data violates your rights and interests and does not comply with the relevant legislation.

The above rights are exercised by submitting a written request to the Data Protection Officer.

For more information on your rights, please refer to Chapter III of the GDPR.


The SDM announces any rectification or erasure of personal data or restriction of the processing of the data it carries out to each recipient to whom the personal data have been disclosed.


The SDM, in accordance with the GDPR, appointed as Data Protection Officer (DPO) Ms Evdokia Savva, Maritime Affairs Officer, and you can contact her about issues regarding the processing of your personal data and the exercise of your rights by e-mail:, by post (to the attention of Data Protection Officer) to the postal address: Shipping Deputy Ministry, P.O Box 56193, 3305 Limassol or by telephone at 25804906.