We store your Personal Data on servers located in Frankfurt. We may transfer Personal Data to MSC Cruises Group’s companies, or other reputable third party organizations situated inside or outside Switzerland. Your Personal Data may also be shared with recipients who are located outside the European Union or the European Economic Area. For all these cases, MSC Cruises ensures that your Personal Data are transferred to these recipients in accordance with the applicable data protection law and contractual measures are in place to ensure that the data is afforded a comparable level of protection as laid out in this Privacy Notice. Indeed, transfers can be based on an adequacy decision, the Standard Contractual Clauses approved by the European Commission or another legal transfer mechanism depending on the applicable law.

To ensure greater transparency, we have provided a list below of the main categories of recipients with whom your Personal Data may be shared:

  1. Companies of our group

Depending on the country where the booking is made from, and to provide you with specific services, we share information about you with the companies of our group. All companies are processing the Personal Data in compliance with the applicable data protection laws.

Depending on the country where the booking is made from, your Personal Data could be processed by one of the companies of our group, acting as data processors upon instructions from the data controller. The companies of the MSC Cruises group that process Personal Data of European passengers are: MSC Crociere S.p.A., MSC Cruise Management UK Ltd, MSC Cruises UK Ltd, MSC Procurement & Logistics Division Spa, MSC Kreuzfahrten AG, MSC Cruises Belgium NV, MSC Cruises Scandinavia AB, MSC Kreuzfahrten (Austria) GmbH, MSC Netherlands B.V., MSC Cruises Ltd – Cyprus, Mediterranean Shipping Cruises Cruceros Sau and MSC Kreuzfahrten GmbH.

In limited cases, the above-mentioned companies could act as data controllers in relation to a specific data processing activity (for example, in the case of security onboard our ships as described in this notice). In such cases, we will provide you with a separate privacy information notice in relation to that specific activity.

  1. Commercial partners

Some services that you book with us are provided by our commercial partners. For example, shore excursions or experiences may be provided by local tour guides that have been carefully selected by MSC Cruises for their knowledge and experience. In some cases, we need to communicate your data to such partners. However, rest assured that we only share the data that is strictly necessary, and we have established agreements with our commercial partners to ensure that the shared data is used exclusively for fulfilling your request. In cases where these commercial partners act as autonomous data controllers, we recommend consulting their specific privacy policies for comprehensive information on how they process your Personal Data.

Our commercial partners operate in the following industries:

  • Tourism (e.g. tour operators, local tour guides);
  • Transportation services (e.g. bus, train, airplane or other means of transportation depending on type of service required on a case by case basis);
  • Insurance companies (e.g. when there is a need to activate your insurance package during a cruise);
  • Restaurants and shops (e.g. where you sign up for a lunch, dinner or for special offers); in some cases, where lunch/dinner is included in a package offered by us and provided by one of our commercial partners, we communicate data about allergies or food preferences that may reveal health information about you. We take utmost care to only reveal your identity when this is strictly necessary and, where possible, we work with anonymous data.
  • Service providers (such as IT service providers, consultants, etc.), including persons authorized to process the Personal Data needed to carry out activities strictly related to the provision of the services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
  • Only if you are based in the United States, we may also shared your Personal Data with marketing partners (e.g., advertising platforms such as Google, Facebook, and Instagram, and third-party marketing agencies).
  1. Data sharing with port agents and authorities

As a travel operator, we need to share some information about our passengers with local port agents and authorities for immigration purposes. The sharing of data with these agents and authorities can trigger the transfer of data outside the EU/EEA if these entities are based abroad, outside the EU/EEA. These data are shared and transferred based on the legal obligation that MSC Cruises has in relation to the provision of information to the relevant authorities, and only the strictly necessary data is communicated.