Information on the Processing of Personal Data
(pursuant to Article 13 of Italian Legislative Decree no. 196/2003)
MSC Crociere SA is resolutely committed to guaranteeing its customers’ privacy, so would like to inform you about the collection and use of personal data.
In accordance with Article 13 of Italian Legislative Decree no. 196 of 30th June 2003 – Personal Data Protection Code (hereinafter referred to as the “Code”), MSC Crociere SA informs you that personal data (hereinafter referred to as "Data") provided by you, or otherwise acquired as a result of or on the occasion of your cruise, may be processed in compliance with the Code.
Your Data – which may also appertain to some data deemed sensitive (set out in Articles 4, paragraph 1, letter d, and 26 of the Code), as well as photos/images and audio/video recordings – will be processed for the following purposes:
· concluding, managing and implementing contractual relations between you and MSC Crociere SA;
· purposes linked to fulfilling legal obligations, regulations, national and EU standards, as well as those arising from provisions issued by the authorities and to this end justified by law;
· activities closely linked to and instrumental in managing relations with guests on board and for ensuring the provision of services as part of the touristic package (e.g., acquiring personal details through bookings for services relating to the various thematic areas of entertainment and relaxation, the organisation of events, photos of events or functions on board, etc.).
Moreover, if you also decide to enrol in the MSC Club programme, your data will be processed for the following subsequent purposes:
· offering members a series of exclusive benefits and privileges before and after the cruise;
· compiling statistics on member profiles, useful in developing products and services that better meet the requirements of its customers/members;
· sending personalised offers, invitations to events of different kinds, as well as information and marketing communications, by post, electronic mail, SMS and fixed-line phones;
· nominative profiling activities (analysis of consumption patterns to develop marketing strategies, including customised approaches);
· with your express consent, promotional and commercial activities by companies belonging to the MSC Crociere SA corporate group or by third parties, partners of MSC Crociere SA.
The processing of Data to achieve these purposes is necessary for ensuring the proper management of contractual relations, in addition to fulfilling the purposes indicated above.
The processing of your Data may involve their respective collection, recording, retention, modification, communication and\or deletion; this will be carried out either using print media, or by electronic and telematic means, in such a way as to guarantee the data’s integrity and confidentiality, as well as to comply with the methods stipulated in Articles 11, 31 and subsequent articles of the Code, and respect the minimum security measures prescribed by the technical specifications (Annex B to the Code).
The Data will be retained for no longer than necessary to achieve the aims for which they were collected and subsequently processed. Photos/images and audio/video recordings taken at events or functions on board will be retained for no longer than the duration of the cruise and then deleted. Data collected and processed for purposes relating to the MSC Club programme will, once the respective enrollment has ceased, be kept for a maximum of two months for purely administrative purposes, except if required to fulfil the requirements of accounting legislation in force.
Your Data will not be disseminated and may be disclosed, for the above-mentioned purposes, to staff responsible for processing them in order to organise activities on board, companies belonging to the same corporate group as MSC Crociere SA, people, companies, associations or professional bodies that provide services or support and consulting activities for MSC Crociere SA and other entities, granted permission to access the Data by statutory provisions, secondary regulations and/or rules issued by authorities with the lawful right to do so, including the port authorities at the point of disembarkation. The entities belonging to the above-mentioned categories shall utilise the Data as independent data controllers under the law and with full autonomy, being uninformed of the original processing undertaken by MSC Crociere SA. The nominal list of the parties to whom/which your Data have been or may be communicated is available for you to consult.
The data controller is MSC Crociere SA, acting through its pro tempore legal representative, having its registered office at Chemin Rieu, 12-14, CH-1208 Geneva (Switzerland).
(with the exception of images/photos and audio/video recordings, which will be processed directly by the Controller, according to the procedures and for the purposes described above) is MSC Crociere S.p.A., acting through its pro tempore legal representative, having its registered office at 31, Via Agostino Depretis, IT-80133 Naples (Italy) – Tel. +39 81 794 2111 – e-mail: firstname.lastname@example.org
The data subject has the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of whether they have already been recorded, and to communication of such data in an intelligible form.
The data subject has the right to be informed of:
a) The source of the personal data;
b) The purposes and methods of the processing;
c) The logic applied to the processing, if this has been carried out using electronic means;
d) Details of the data controller, data processors and the representative designated under Article 5, paragraph 2;
e) The entities or categories of entity to whom/which the personal data may be communicated and who/which may be notified about these data in their capacity as designated representative on the State’s territory, data processors or persons in charge of the processing.
The data subject has the right to obtain:
a) Updating, rectification or, if interested, integration of the data,
b) Deletion, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
c) Certification to the effect that the operations under letters a) and b) have been reported, including as to their content, to the entities to whom/which the data were communicated or disseminated, unless this requirement proves impossible to comply with or involves a clearly disproportionate effort compared with the right to be protected.
The data subject has the right to object, in whole or in part:
a) On legitimate grounds, to the processing of personal data concerning him/her, even if they are relevant to the purpose of their collection;
b) To the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or for undertaking market or business communication research.