MSC Poland Sp. z o. o. is committed to protecting the privacy and security of your personal information. We are committed to protect the security and confidentiality of your personal data. We use appropriate technical and organisational measures in such a manner that processing will meet the requirements of the National and European Union Laws and ensure the protection of your rights.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).
MSC is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
2. Data Protection Principles
To be compliant with applicable data protection laws and regulations, all personal data processing’s shall strictly follow the below core principles.
Personal data shall be:
Processed lawfully, fairly, and in a transparent manner in relation to the data subject;
Collected for specified, explicit and legitimate purposes and not furthered processed in a manner that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, where necessary, kept up to date;
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
3. Principles for the management of personal data
Personal Data shall be:
Kept accurate, complete and, where necessary, up to date;
Retained no longer than necessary to fulfil the purpose(s) for which such data have been collected unless otherwise required by applicable laws, and where applicable always strictly in accordance with the data protection notice or the consent form delivered to the Data Subject;
Tracked throughout its lifecycle, ensuring when required that different processing actions performed are appropriately documented;
Disclosed or shared to third parties only on a “need to know basis” and in line with the purpose(s) for which data was collected, unless otherwise required by the applicable law(s); and
Transferred across borders only based on a legitimate justification, fulfilling applicable legal requirements and ensuring that such transfers are documented, legitimate and lawful.
4. What is personal data?
Personal data is defined under the applicable law as any piece of information relating to an identified or identifiable living individual (the “data subject”).
The form in which it is expressed and the format of the information (storage media, paper, tape, film, electronic media etc.) is not important, as well as the volume or value of such information. Since the information is directly or indirectly linked to a living individual, it falls within the category of personal.
Similarly, it does not matter whether the data is used in a business environment or is publicly available, as long as an individual is identifiable, it is personal data.
Personal data may notably relate to (when collected by MSC for legitimate business purposes), but is not limited to:
Name and business address of company;
Personal and professional email address and telephone number, regardless if it is used for personal or professional purposes;
Customer’s professional details, job position;
IP address or similar identification number etc;
Business or personal interests required for development of business relationship development etc.
Some personal data are by nature are highly sensitive such as:
Racial or ethnic origin;
Religious or philosophical beliefs;
Trade union membership;
Genetic or biometric data ;
Sex life or sexual orientation;
Physical or mental Health;
Administration and Criminal proceedings and sanctions; or
The creation or use of personality profile which enables the assessment of the essential characteristics of the personality of a data subject.
MSC does not collect any highly sensitive data generally for legitimate business purposes, but we may collect the following information for specific business events such as business events including Multimodal, port or vessel tours in the UK, invitations to sporting events etc which are all part of building business customer relationships. For instance;
Passport or driving licence details which are required to comply with part of the ISPS Code and Ship & Port Security procedures.
5. How we will use information about you?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Where we need to perform the contract we have entered into with you.
Where we need to comply with a legal obligation.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests.
We may also use your personal information in the following situations, which are likely to be rare:
Where it is needed in the public interest or for official purposes.
6. Situations in which we will use your personal information.
Personal data is required for our legitimate needs as a transport operator whether it is by sea, road, rail, warehousing or freight forwarding activities. Such details are required for and used as follows so we can provide to you a complete transport service If required) covering MSC’s legitimate business purposes, though the list is not exhaustive and is to show the general nature of our business as agents for a Ocean Carrier (MSC Mediterranean Shipping Company S.A Geneva), Transport Provider and associated services with the Liner Trade Industry.
Company name (supplied by you for trading purposes),
Address (supplied by you, for trading purposes),
VAT number (Supplied by you for trading purposes),
Bank details (Supplied by you for trading purposes)
Registered Company Number (Supplied by you for trading purposes),
Company Contacts (Supplied by you, for trading purposes) so we can advise you of changes to trades & services, marketing activity regarding MSC Customer events and Customer Experience related matters, new initiatives and products & customer surveys etc,
Company Contacts (Supplied by you or other parties such as shipper / consignees for trading purposes) in relation to quotations, Export Booking Confirmations, Bill of lading details, manifest details, Notice of Arrivals, Delivery Booking Confirmations, Customs purposes, Sanction checks etc,
Company Contacts (Supplied by you for trading purposes) where tenders, Service level agreements and other business activity etc are needed to be recorded & monitored,
Email addresses (Supplied by you, for correspondence in regards to rates or service enquiries for trading purposes),
Cargo descriptions associated with name or contact details of the parties to the contract of carriage (MSC Bill of Lading) for trading purposes,
Delivery & Collection addresses including contact details (Supplied by you for trading purposes) for empty & loaded containers as per your business requirements when engaging MSC services etc,
Geolocalisation of customers’ containers (For customer’s use, if required),
Building commercial relationships between MSC & Customer contacts using systems such as Customer Relationship Management systems etc (which is an acceptable business relationship expectation of parties)
Historical purposes in relation to previous shipments, commercial sales activities and marketing activity with MSC (Which is an acceptable business purposes between parties who have previously had business dealings),
Using MSC Website where “Cookies” are used (see link)
Using MSC online products such as MSC Intermodal, Inttra, GT Nexus for business trading purposes).
7. Right to withdraw consent
In the limited circumstance where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that processing at any time. To withdraw your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
8. Changes to this privacy notice
We reserve the right to update this privacy notice at any time and we will provide you with a privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
9. Data Protection contact at MSC Poland
We have appointed a Data Protection Coordinator to oversee compliance with this privacy notice and to answer any concerns you may have about our Data Protection Policy. If you do have any such questions or wish to unsubscribe from MSC making contact then please contact the Data Controller PL159-RODO@msc.com. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the PL supervisory authority for data protection issues.
MSC Poland Sp. z o.o.
Plac Kaszubski 17/208, 81-350 Gdynia, Poland