PRIVACY POLICY

In accordance with the provisions under EU Regulation no. 679/2016, “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”, this document provides a brief summary of the main regulations on the processing of data carried out by Grimaldi Euromed S.p.A. (with registered office in Palermo at Via Enrico Amari 8, 90139, tax identification code/VAT number 00278730825), in its capacity as Data Controller, with regard to the activities of shipping freight and issuing of “Driver Cards”.

For information relating to the cookie policy adopted by the Company for this website, reference is made to this link .

http://cargo.grimaldi-lines.com/en/cookie-policy

Data Controller

Grimaldi Euromed S.p.A. with registered office in Palermo at Via Emerico Amari 8, 90139, tax identification code/VAT number 00278730825 (hereinafter the “Controller” or “Company”)

Purpose

  • Conclusion, management and execution of goods transport contract
  • Application, issuing and management of the “Driver Card”

Legal basis

Respectively:

  • Fulfilment of the contract and legal obligations
  • Implementation of pre-contractual measures taken at the data subject’s request

Data transfer

Possible, with adequate guarantees in place to protect the data subject’s rights

Rights of the Data Subject

a.         access to personal data;
b.         to obtain the rectification or erasure of data or restriction of processing;
c.         to object to data processing;
d.         data portability;
e.         to lodge a complaint with the competent supervisory authority (e.g. Data Protection Authority);
can be exercised by contacting privacy@grimaldi.napoli.it.

The Data Controller has designated a person Responsible for Data Protection (DPO), who has the specialised knowledge of data protection law and practices, and who is therefore able to discharge the duties pursuant to article 39 of EU Reg. 679/2016.

  1. Subject of the processing

Processing operations may refer to:

  • the information and contact details of Shipper, Consegnee, Notify, Customers, Invoice Payer, Drivers.
  1. Purpose for which the data will be processed (Art. 24 letters a, b, c Privacy Code and Art. 6 letters b, e of GDPR)

This data shall be processed for the purposes related to the mutual obligations arising from the freight shipping contract or the issuance of the “Driver Card”.

More specifically, the data will be processed:

  1. to manage quotation requests;
  2. for the conclusion, management and execution of the operations connected with the freight transport contract;
  3. to send logistical information on the journey (e.g. delays, departure quay, etc.);
  4. to send data to maritime agencies, terminals and port authorities, judicial authorities and public security forces;
  5. to manage the requests for issuing “Driver Cards”;
  6. to manage the “Driver Cards” issued;
  7. to guarantee the benefits provided by the “Driver Card” are enjoyed by the companies providing the services contemplated by the agreement;
  8. for the extraction of statistical information in anonymous form.
  1. Data processing method (Art. 4 Privacy Code and Art. 5 GDPR)

Personal data shall also be processed using computer instruments, in compliance with the procedures stipulated in the GDPR, which requires, inter alia, that the data:

  • is processed based on the principles of lawfulness, transparency and correctness;
  • collected and recorded for specified, explicit and legitimate purposes (‘purpose limitation’);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • accurate and kept up to date (‘accuracy’);
  • stored for no longer than is necessary for the purposes, which the personal data is processed for (‘storage limitation’);
  • processed using instruments that ensure the security and confidentiality of the personal data, including protection against unauthorised or unlawful processing and against loss, destruction or damage, or accidental damage (‘integrity and confidentiality’).

Personal data is stored as shown in the table below.

Data

Storage period

Purpose of storage

Information details of Shipper, Consegnee, Notify, Customers, Invoice Payer

10 years from the end of the transport

 

For accounting purposes, and to challenge any disputes that may be raised against the Company

Driver’s contact details

10 years from issue of “Driver Card

To resolve any problems associated with the issuing/operation of the “Driver Card”
  1. Legal basis

The legal basis of the processing listed above from point 1 to point 3 of paragraph 2 “Purpose for which the data will be processed” lies in the fulfilment of contractual obligations, precontractual measures and the law in order to manage the shipping contract.

With regard to point 4 of paragraph 2 “Purposes of processing that the data is intended for”, this falls within the scope of the Data Controller’s obligations in terms of the law and public interest in protecting port security.

In respect of points 5, 6 and 7 of paragraph 2 “Purposes of processing that the data is intended for”, the legal basis for processing falls within the scope of executing the pre-contractual measures taken at the data subject’s request and in meeting the legal obligations pursuant to managing the issuing of the “Driver Card”, and for data subjects to enjoy the benefits provided therein.

  1. Transfer and/or communication of data

You are hereby informed that data may be communicated to other companies in the Grimaldi Group, as well as establishments in third-party countries, including those outside the territory of the European Union, complying with the appropriate procedures and in the context of the aforementioned purposes.

We may also be required to provide personal data based on legislation, legal proceedings, disputes and/or requests received from public or government authorities within or outside of the data subject’s country of residence, for the purposes of national security and other issues relating to public interest. When legally possible, we will inform the data subject prior to the communication of data.
Furthermore, we may communicate personal data if we ascertain in good faith that this communication is reasonably necessary to enforce and protect our rights, and undertake the remedies available.

  1. Rights of the Data Subject (Art. 7 Privacy Code and Art. 15 - 21 GDPR)

Finally, please note that the data subject can, at any time, exercise the rights:

  1. to access his or her personal data, requesting that this data is made available in an intelligible format, and for the purposes that the processing is based on (pursuant to Art. 15);
  2. to rectification (former Art. 16) or erasure (pursuant to Art. 17) of such or restriction of processing (former Art. 18);
  3. to data portability (pursuant to Art. 20);
  4. to object to data processing (pursuant to Art. 21);
  5. to lodge a complaint with the competent supervisory authority.

 

The above rights can be exercised by e-mailing a request to privacy@grimaldi.napoli.it.

In this regard, we advise further that the Data Protection Officer (DPO) appointed by the Company may be contacted on the following email address DPO@grimaldi.napoli.it.

  1. Nature of the provision of data and consequences of any failure to communicate data

The conferment of the data is necessary for the exact execution of the contractual and pre-contractual obligations at our expense and their failure to indicate implies the impossibility to process your requests relating to the conclusion of a contract for the transport of goods, the issue and management of the "Driver Card", as well as to exactly fulfill the legal obligations and those deriving from the public interest to protect the safety in the ports.