DATA PROTECTION PRIVACY NOTICE
Who are we?
“MSC BULGARIA“OOD (the Company, We) is, in its capacity as joint Data Controller or Data Processor for your personal data, required to take appropriate measures to protect your personal data. When acting as Data Processor, the Company operates on behalf of MSC Mediterranean Shipping Company SA, having its register office at Chemin Rieu 12, 1208 Genève, Switzerland.
“MSC BULGARIA” OOD strives to comply with applicable data protection laws, regulations and with Regulation (EU) 2016/679 (GDPR, Regulation) when collecting, processing your personal data.
This Policy aims to inform you with information what personal data we collect about you, as our clients and contractors, for what purposes this data is used, the legal grounds for its collection and processing, the conditions for its storage in any form: oral, written or electronic, and the security measures applied by the Company with respect to your personal data.
How to contact us?
If you have any questions regarding this Policy, you wish to exercise any of your rights listed in the "Your Personal Data Rights" section below, or you have any doubts that your personal data may be processed in violation of the Regulation or your expressed preferences / consents for processing of your data, you could contact us at the following address:
“MSC BULGARIA“ OOD
Pliska str. 6
Phone number: +359 52 681 128
Email address: BGRfirstname.lastname@example.org
What are the principles for processing personal data?
From May 25, 2018, the General Data Protection Regulation (GDPR) will apply in all Member States of the European Union or when a company is out of European Union but collecting and processing personal data of people located in EU. From this date forward “MSC BULGARIA“ OOD should comply with the GDPR and the principles it sets for processing of personal data.
“MSC BULGARIA” OOD will comply with GDPR principles and personal data will be:
- Processed lawfully, fairly and in a transparent manner in relation to the data subject;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
- Processed in a manner that ensures appropriate security of the personal data.
What is personal data and the used definitions?
“Personal Data” means any information or data relating to an identified or identifiable natural person (data subject), who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Data Subject” means any natural person who is the subject of the Personal Data;
“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller in accordance with its instructions and a written agreement.;
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
“Personal data breach” means а breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
“Applicable law” means the legislation of the Republic of Bulgaria which is relevant to the protection of personal data as amended from time to time (Personal Data Protection Act, PDPA, etc.); all applicable laws and regulations in relation to the specific case of processing personal data and the Regulation (EU) 2016/679.
"Regulation (EU) 2016/679“ means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (Official Journal of the European Union, 4thof May 2016, L 119/1).
How we collect and receive information about you?
You are hereby informed that your personal data, which you submit to MSC BULGARIA OOD or as the Company collect/has collected from you when you use/have been used any of Company´s services, may be processed by Company for the following purposes:
- manage, administrate and complete your booking,
- provide you with the requested service,
- manage and administrate the business relationship and/or the agreement between you and MSC and
- comply with the company´s legal obligations.
What information we collect?
Future and current clients – individuals: “MSC BULGARIA“ OOD processes your personal data such as Personal Identification Number (PIN), telephone number, email address, address at which the delivery to be received, bank information (for example, in the case of refunds on issued credit notes).
Visitors of the building of “MSC BULGARIA“ OOD. When visiting our offices, your stay will be registered with technical means that are set in place to ensure the security, the protection of the Company’ s property and its employees, protection of the visitors, and to apply access control to the Company’s premises.
Storing your personal data
“MSC BULGARIA“ OOD stores your personal data on electronic means (server and cloud systems) and on hard copy. The personal data will be retained for the time necessary to fulfill the purposes stated above. After that period, “MSC BULGARIA” OOD will purge the personal data, if it is not required, under applicable legislations, to store the personal data for an additional time.
For instance, accounting and related documents, which are an essential part of them (e.g. annexes), as well as documents relating to and containing accounting information are kept for a maximum period of 10 years from 1st of January of the year following the year in which the contract is terminated. Retention periods are listed in the Company’s internal Storage and Deletion of Documents Policy.
Video recordings are stored for a period of two months.
Sharing your personal data
“MSC BULGARIA” OOD assures that only authorized personnel within the Company or its affiliates have access to your personal data and that your personal data is processed only for the above-mentioned purposes. Authorized personnel may be located in countries outside the EU and EEA, in which the same level of protection for personal data as provided by the legislation of the Republic of Bulgaria may not apply. Appropriate technical and organizational measures will therefore be taken with regard to any transfer of personal data to such countries. “MSC BULGARIA OOD” may disclose your personal data when there is a legal ground that justify such disclosure and in the following cases:
- Business need: when the processing of personal data is legalized by the legitimate interest of the Data Controller. For example, in case for booking and manifest process, it is needed the disclosure of personal information about employees and contractors to MSC Mediterranean Shipping Company S.A or other MSC Agencies or companies within the group located in the territory of European Union and the European Economic area or outside of it. In such case the processing and transfer of data will be carried out using adequate technical and organizational measures to protect such data and notably when the data are transferred to third country.
- State and municipal authorities: In fulfilling our legal obligations, the Company may be required to disclose your personal data at the explicit instruction of state or municipal authorities (Customs, Executive Agency "Maritime Administration", Ministry of Transport, Information Technology and Communications, National Revenue Agency, etc.).
- Service Providers: When using service providers who supply technical support for the internal information systems and operational support for our business, the Company may disclose personal data. Such disclosure only occurs when there is a business need and upon a written agreement which includes the required safeguard measures to protect the data disclosed;
Your Personal Data Rights
In accordance with the applicable legislation you have the following rights with respect to your personal data processed by “MSC BULGARIA“ OOD:
1. Right of access and right to receive a copy of your personal data
You have the right to receive confirmation whether we process your personal data. If so, you can access your personal data and certain information about how the data is processed, as well as a copy thereof. To do so, you can fill in the appropriate access request.
2. Right to rectification of the personal data
You have the right to obtain the rectification of your personal data when it is inaccurate or incomplete.
3. Right to erasure (‘right to be forgotten’)
You have the right to request the erasure of your Personal Data when it is no longer necessary for the purposes for which it was collected or otherwise processed, as in other cases provided for in the Regulation, for example if you wish to withdraw your consent or the data was unlawfully processed.
4. Right to restriction of processing
If you question the accuracy of your personal data for a period enabling us to verify the accuracy of your Personal Data, as well as in other cases provided for in the Regulation, you may request that we limit the processing of your personal data.
5. Right to data portability
You have the right to receive your Personal Data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit your data to another Personal Data Controller, where:
- the processing is based on consent or on a contract with us and
- the processing is carried out by automated means.
When you have exercised your right of portability, you have the right to ask the Company to transfer your personal data directly to another Personal Data Controller when it is technically feasible.
6. Right to object
You have the right to object, on grounds relating to your particular situation, to the processing of your personal data concerning you, when the processing is based on the legitimate interest of the Company.
7. Right to withdraw your consent
If you have voluntary agreed to the processing of your Personal data, you could withdraw your consent at any time.
If you wish to exercise any of your rights or have any questions regarding the processing of your personal data, please inform us at the contacts listed in item 2 above. We will consider your inquiry / complaint and within 30 days of receiving it, you will receive an answer. If necessary, this period could be extended to up to two months, taking into account the complexity and the number of requests for which you will be informed timely, including the specific reasons for the delay.
Please note that your personal data are necessary in order for “MSC Bulgaria” OOD to fulfill the purposes stated above. Exercising your rights can impede the normal functioning of the service.
Detailed information on the terms and conditions under which you can exercise your rights can be found in Exercising Data Subject Rights Policy of “MSC BULGARIA“ OOD at www.msc.com.
You have the possibility to lodge a complaint with Bulgarian Commission for Personal Data Protection by contacting the tel. +359 02 / 91-53-518, email: email@example.com.
Security of your personal data
“MSC BULGARIA“ OOD maintains appropriate administrative, technical and organizational measures designed to help protect the security and integrity of your personal data and prevent accidental or unlawful destruction, loss, unauthorized alternation, disclosure or access, misuse and any other illegal form of processing. “MSC BULGARIA“ OOD maintains secure computer systems through which personal data is processed. Adequate control mechanisms for data separation and management are applied to our systems, limited access and security of the premises are ensured, subject to periodic verification.
“MSC BULGARIA“ OOD has implemented security procedures as well as technical and physical restrictions on access and use of personal data.
“MSC BULGARIA“ OOD conducts training of its employees regarding the policies and procedures for personal data protection.
“MSC BULGARIA“ OOD has strict policies and procedures applicable to the staff in order to minimize the risks of processing personal data.
“MSC BULGARIA“ OOD will update this data protection privacy notice by amending and supplementing it at any time in the future when legal requirements or other circumstances so require.
If you wish to receive more information regarding the processing of personal data by “MSC BULGARIA“ OOD, do not hesitate to contact us at: BGRfirstname.lastname@example.org
23 May 2018