PRIVACY POLICY for using the mobile application me@MSC

Pursuant to articles 13 and 14 of the EU Regulation 679/2016 (hereinafter, “GDPR”), MSC SHIPMANAGEMENT LIMITED wishes to inform you of the following about the processing of personal data carried out through the mobile application named “me@MSC”, that Data Controller makes available to its own employees in order to facilitate their exchanges, the transmission of documents and/or any relevant information (hereinafter “Crew App”).
This privacy policy is not intended to substitute the full and detailed privacy policy that crew members receive at the time of engagement.

1. The Data Controller

The data controller is MSC SHIPMANAGEMENT LIMITED, with its registered office at 8, Spyrou Kyprianou Avenue, Limassol, CY-3070, Cyprus, (hereinafter “MSCSMCY” or “Data Controller”).
The Data Protection Officer (“DPO”) may be contacted by writing to this email address Cy974-dpo@msc.com

2. Type of data

Personal data being processed includes:

  1. your identification data (such as, by way of example, name, surname, age, nationality, place of residence, email address, mobile telephone number, birthday, photos).
  2. data pertaining to your training and your career (such as, by way of example, type of employment contract, position held in your current job, remuneration, pay slips).
  3. your picture.
  4. data relating to your device (Device Unique identifier).
  5. data relating to the percentage of usage of the functionalities of the Crew App.
  6. any personal data provided by crew members during the interaction via the Crew App;
  7. Usage data.
The aforementioned personal data are processed by the Data Controller in compliance with applicable legislation governing personal data, in particular EU Reg. 679/2016 (“GDPR”).

3. Purpose and legal basis of data-processing

Some of the aforementioned information and data which are processed via the Crew App have already been collected by the Data Controller at the time of employment or during the work relationship and such data are made available to each employee on the Crew App. For any further information on these processing activities, please refer to the full and detailed policy that you have received at the time of engagement. Some data are provided directly by the crew member during the registration with Crew App or collected during the use of the Crew App.
Data are processed through the Crew App for allowing crew members to use the Crew App, which is intended to facilitate the exchanges with his/her employer, as well as the transmission of documents and of any relevant information.
If you provide us with data of third parties (e.g. contact persons, family members) to be contacted in case of need, you must ensure the lawfulness of such communication and subsequent processing by the Data Controller, by informing such third parties of the processing of their date for the purposes indicated in this policy and in the full and detailed policy that you have received at the time of engagement and by obtaining their consent to such processing.
We process your data for the purpose to manage the employment relationship, in particular:
(i) to allow Crew App users to access certain information and documents relating to their employment relationship (e.g., pay slips, personal certifications, company’s policies, etc.…).
(ii) to easily communicate with Data Controller in order to communicate any relevant information (e.g., updating the emergency contact, work, and vacation scheduling, etc.…)
The legal basis for the processing of personal data via the Crew App is the consent that crew member is required to provide at the time of the registration with the Crew App, pursuant to Article 6, par.1 letter a) GDPR. We also process your personal data under letters d) and e) above for the following purposes: (i) the functioning of the Crew App, (ii) to extract statistical information on service usage, (iii) to ensure the IT security of the Crew App and (iv) to prevent or investigate illegal behavior or to protect and assert rights. The legal basis for such processing activities is the legitimate interest of the Data Controller, pursuant to Article 6, par.1 letter. f) GDPR.

4. Data processing techniques

During every stage of data-processing, the Data Controller guarantees full compliance with the compulsory provisions of GDPR.
Your data are processed by electronic means:

5. The mandatory or optional nature of the provision of data and the consequences of possible refusal to apply

The provision of your personal data, as indicated in greater detail in paragraph 2 above, is optional. However, the refusal to provide your consent for the processing of your personal data via the Crew App has not any consequences on the employment relationship, but would make not possible for Data Controller to allow you to use the Crew App.

6. Disclosure of personal data

The Data Controller may communicate your personal data to third parties, who will act as data processors or independent data controllers, and to our staff, duly appointed and authorized to process your data.
We may communicate personal data to authorities, institutions, domestic and foreign public and governmental bodies, (also to enable foreign Group companies to comply with legal provisions, orders or requests from competent authorities). We may disclose personal data to foreign companies in our Group for internal administrative purposes, pursuant to Article 6.1 letter f) of the GDPR, and to cloud service providers in order to use their services.
As MSCSMCY operates internationally, MSCSMCY may need to make your data available to other Group entities and to selected external third parties, which can be located outside the EU. Should data be transferred to third countries, the Data Controller undertakes to enter into data processing agreements pursuant to article 28 GDPR with standard clauses in accordance with the decision of the European Commission concerning protection clauses or by virtue of a decision of adequacy of the European Commission on data protection levels (Privacy Shield). Such parties located in third countries only access of the personal data which are strictly necessary for the fulfillment of their obligations and can use it only to perform the services on behalf of the Data Controller or to comply with provisions of law.

7. Data subject’s rights

You may exercise your rights as provided for under articles 15-22 of GDPR. You are entitled to obtain information from the Data Controller as to whether or not data concerning you is being processed and you are entitled to access your data, to request rectification, erasure, restriction of processing; you shall also be entitled to obtain a copy of your data and to object to processing – where applicable. You have the right to file complaints with the relevant supervisory authorities.
In order to exercise your rights, please contact Cy974-gdpr@msc.com or by contacting the DPO at the above email address.

8. Term of processing and retention of personal data

Your personal data are processed via the Crew App for the time crew members use the Crew App and after termination of use of the Crew App, anonymized for statistical purposes. We retain your data for as long as you remain a registered user.
Personal data under letters d) and e) are kept for no longer than 30 days (except where required by law or where judicial authorities need such data for establishing the commission of criminal offences).
Any termination of the use of Crew App by crew members for any reason will not affect the processing activities carried out by Data Controller in force of the employment relationship and pursuant to the privacy policy that crew members receive at the time of engagement.