Information on the Processing of Personal Data
(pursuant to Article 13 of Italian Legislative Decree no. 196/2003)
MSC Crociere SA is resolutely committed to guaranteeing its customers’ privacy, so would like to inform you about the collection and use of personal data.
In accordance with Article 13 of Italian Legislative Decree no. 196 of 30th June 2003 – Personal Data Protection Code (hereinafter referred to as the “Code”), MSC Crociere SA informs you that personal data (hereinafter referred to as "Data") provided by you, or otherwise acquired as a result of or on the occasion of your cruise, may be processed in compliance with the Code.
Your Data – which may also appertain to some data deemed sensitive (set out in Articles 4, paragraph 1, letter d, and 26 of the Code), as well as photos/images and audio/video recordings – will be processed for the following purposes:
• concluding, managing and implementing contractual relations between you and MSC Crociere SA;
• purposes linked to fulfilling legal obligations, regulations, national and EU standards, as well as those arising from provisions issued by the authorities and to this end justified by law;
• activities closely linked to and instrumental in managing relations with guests on board and for ensuring the provision of services as part of the touristic package (e.g., acquiring personal details through bookings for services relating to the various thematic areas of entertainment and relaxation, the organisation of events, photos of events or functions on board, etc.).
Moreover, if you also decide to enrol in the MSC Club programme, your data will be processed for the following subsequent purposes:
• offering members a series of exclusive benefits and privileges before and after the cruise;
• compiling statistics on member profiles, useful in developing products and services that better meet the requirements of its customers/members;
• sending personalised offers, invitations to events of different kinds, as well as information and marketing communications, by post, electronic mail, SMS and fixed-line phones;
• nominative profiling activities (analysis of consumption patterns to develop marketing strategies, including customised approaches);
• with your express consent, promotional and commercial activities by companies belonging to the MSC Crociere SA corporate group or by third parties, partners of MSC Crociere SA.
The processing of Data to achieve these purposes is necessary for ensuring the proper management of contractual relations, in addition to fulfilling the purposes indicated above.
The data controller is MSC Crociere SA, acting through its pro tempore legal representative, having its registered office at: MSC Crociere S.A. Chemin Rieu, 12-14 1208 Geneva (Switzerland).
The data processor (with the exception of images/photos and audio/video recordings, which will be processed directly by the Controller, according to the procedures and for the purposes described above) is MSC Crociere S.p.A., acting through its pro tempore legal representative, having its registered office at 31, Via Agostino Depretis, IT-80133 Naples (Italy) – Tel. +39 81 794 2111 – e-mail: email@example.com
The data subject has the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of whether they have already been recorded, and to communication of such data in an intelligible form.
The data subject has the right to be informed of:
a) The source of the personal data;
b) The purposes and methods of the processing;
c) The logic applied to the processing, if this has been carried out using electronic means;
d) Details of the data controller, data processors and the representative designated under Article 5, paragraph 2;
e) The entities or categories of entity to whom/which the personal data may be communicated and who/which may be notified about these data in their capacity as designated representative on the State’s territory, data processors or persons in charge of the processing.
The data subject has the right to obtain:
a) Updating, rectification or, if interested, integration of the data,
b) Deletion, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
c) Certification to the effect that the operations under letters a) and b) have been reported, including as to their content, to the entities to whom/which the data were communicated or disseminated, unless this requirement proves impossible to comply with or involves a clearly disproportionate effort compared with the right to be protected.
The data subject has the right to object, in whole or in part:
a) On legitimate grounds, to the processing of personal data concerning him/her, even if they are relevant to the purpose of their collection;
b) To the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or for undertaking market or business communication research.