Pursuant to articles 13 and 14 of the EU Regulation 679/2016 (hereinafter, “GDPR”), MSC
SHIPMANAGEMENT LIMITED wishes to inform you of the following about the processing of personal data carried
out through the mobile application named “me@MSC”, that Data Controller makes available to its own employees
in order to facilitate their exchanges, the transmission of documents and/or any relevant information
(hereinafter “Crew App”).
This privacy policy is not intended to substitute the full and detailed privacy policy that crew members
receive at the time of engagement.
The data controller is MSC SHIPMANAGEMENT LIMITED, with its registered office at 8, Spyrou Kyprianou
Avenue, Limassol, CY-3070, Cyprus, (hereinafter “MSCSMCY” or “Data Controller”).
The Data Protection Officer (“DPO”) may be contacted by writing to this email address
Cy974-dpo@msc.com
Personal data being processed includes:
Some of the aforementioned information and data which are processed via the Crew App have already been
collected by the Data Controller at the time of employment or during the work relationship and such data
are made available to each employee on the Crew App. For any further information on these processing
activities, please refer to the full and detailed policy that you have received at the time of
engagement. Some data are provided directly by the crew member during the registration with Crew App or
collected during the use of the Crew App.
Data are processed through the Crew App for allowing crew members to use the Crew App, which is
intended to facilitate the exchanges with his/her employer, as well as the transmission of documents and
of any relevant information.
If you provide us with data of third parties (e.g. contact persons, family members) to be contacted
in case of need, you must ensure the lawfulness of such communication and subsequent processing by the
Data Controller, by informing such third parties of the processing of their date for the purposes
indicated in this policy and in the full and detailed policy that you have received at the time of
engagement and by obtaining their consent to such processing.
We process your data for the purpose to manage the employment relationship, in particular:
(i) to allow Crew App users to access certain information and documents relating to their employment
relationship (e.g., pay slips, personal certifications, company’s policies, etc.…).
(ii) to easily communicate with Data Controller in order to communicate any relevant information
(e.g., updating the emergency contact, work, and vacation scheduling, etc.…)
The legal basis for the processing of personal data via the Crew App is the consent that crew member
is required to provide at the time of the registration with the Crew App, pursuant to Article 6, par.1
letter a) GDPR.
We also process your personal data under letters d) and e) above for the following purposes: (i) the
functioning of the Crew App, (ii) to extract statistical information on service usage, (iii) to ensure
the IT security of the Crew App and (iv) to prevent or investigate illegal behavior or to protect and
assert rights. The legal basis for such processing activities is the legitimate interest of the Data
Controller, pursuant to Article 6, par.1 letter. f) GDPR.
During every stage of data-processing, the Data Controller guarantees full compliance with the
compulsory provisions of GDPR.
Your data are processed by electronic means:
The provision of your personal data, as indicated in greater detail in paragraph 2 above, is optional. However, the refusal to provide your consent for the processing of your personal data via the Crew App has not any consequences on the employment relationship, but would make not possible for Data Controller to allow you to use the Crew App.
The Data Controller may communicate your personal data to third parties, who will act as data processors
or independent data controllers, and to our staff, duly appointed and authorized to process your data.
We may communicate personal data to authorities, institutions, domestic and foreign public and
governmental bodies, (also to enable foreign Group companies to comply with legal provisions, orders or
requests from competent authorities). We may disclose personal data to foreign companies in our Group
for internal administrative purposes, pursuant to Article 6.1 letter f) of the GDPR, and to cloud
service providers in order to use their services.
As MSCSMCY operates internationally, MSCSMCY may need to make your data available to other Group
entities and to selected external third parties, which can be located outside the EU. Should data be
transferred to third countries, the Data Controller undertakes to enter into data processing agreements
pursuant to article 28 GDPR with standard clauses in accordance with the decision of the European
Commission concerning protection clauses or by virtue of a decision of adequacy of the European
Commission on data protection levels (Privacy Shield). Such parties located in third countries only
access of the personal data which are strictly necessary for the fulfillment of their obligations and
can use it only to perform the services on behalf of the Data Controller or to comply with provisions of
law.
You may exercise your rights as provided for under articles 15-22 of GDPR. You are entitled to obtain
information from the Data Controller as to whether or not data concerning you is being processed and you
are entitled to access your data, to request rectification, erasure, restriction of processing; you
shall also be entitled to obtain a copy of your data and to object to processing – where applicable. You
have the right to file complaints with the relevant supervisory authorities.
In order to exercise your rights, please contact Cy974-gdpr@msc.com or by contacting the DPO
at the above email address.
Your personal data are processed via the Crew App for the time crew members use the Crew App and after
termination of use of the Crew App, anonymized for statistical purposes. We retain your data for as long
as you remain a registered user.
Personal data under letters d) and e) are kept for no longer than 30 days (except where required by
law or where judicial authorities need such data for establishing the commission of criminal offences).
Any termination of the use of Crew App by crew members for any reason will not affect the processing
activities carried out by Data Controller in force of the employment relationship and pursuant to the
privacy policy that crew members receive at the time of engagement.