Donation Form - Privacy Policy
PRIVACY INFORMATION NOTICE
provided pursuant to Article 4 of the Swiss Federal Act on Data Protection (FADP) of 19 June 1992 and Article 13 of the Regulation (EU) 2016/679
- Data controller and contact details
The MSC Foundation (the “Foundation” or “we”), headquartered in Chemin Rieu 12-14, 1208, Geneva, Switzerland, collects and processes information, including some personal information, about the people who make a donation.
The Foundation is the Data Controller that determines the means and purposes of data processing., If you want to contact the Data Controller, please use the following email address privacy@mscfoundation.org
As a Swiss entity, the Foundation is committed to the processing of all personal data in a fair, transparent and lawful way, in accordance with the provisions of the Federal Act on Data Protection of 19 June 1992 (hereinafter “FADP”). In addition, due to the international reach of activities covering many EU countries, the Foundation is also committed to applying the principles of the EU General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR").
- Purposes of data processing and categories of data
We collect personal data when you make a donation through the donation form for the following purposes that are determined by the Foundation. We do not share personal data with third parties for their own processing purposes.
- Handling donations
Donations can be anonymous, or they can contain some personal data related to the donor (e.g. name, surname). We process such data on the basis of our contractual obligation with you (Article 6.1(b) GDPR) only to the extent necessary to fulfil the donation and ensure that it is properly handled internally. Before publishing any information regarding the amount or type of donation made by a specific person or organisation, we inform them and collect their specific consent.
Donations can be made through various methods: by bank transfer to the MSCF Swiss bank account or to the MSCF US bank account, or by payment through our partners TGE or CAF America, or by allowing us to debit a donation from your on board account during MSC cruises. Depending on the payment method, various payment processors may have access to your personal data. We recommend that you check their privacy policies.
If you wish to make an anonymous donation, please send an email to secretariat@mscfoundation.org and a representative of the Foundation will help you with the next steps, without storing your identity or personal data.
- Legal obligations
We process your personal data on the basis of our legal obligation (Article 6.1(c) GDPR) to the extent necessary to fulfil any obligations imposed by law, regulation or legislation.
- Handling donations
We may process your personal data on the basis of our legitimate interest (Article 6.1(f) GDPR) only in the event that it is necessary to ascertain, exercise or defend a right out of court or in court.
- Recipients of personal data
Your personal data may be shared with:
- persons authorised by the Foundation to process personal data by reason of the performance of their work duties (e.g. employees and system administrators, etc.);
- service providers (such as IT service providers, consultants, etc.), other companies who collect the donations on behalf of the Foundation (e.g. MSC Cruises S.A.) who act as data processors on behalf of the Foundation;
- subjects, entities or authorities, independent data controllers, to whom it is mandatory to communicate your personal data under the provisions of the law or orders of the authorities.
You may request us for the complete and updated list of data recipients at the addresses indicated above.
- Data Transfer
Your Personal Data may be transferred outside the European Economic Area. We inform you that the processing will be carried out according to one of the methods permitted by the law in force, such as, for example, the consent of the data subject, the adoption of the Standard Contractual Clauses approved by the European Commission, the selection of subjects adhering to international data processing programs or operating in Countries considered safe by the European Commission. Further information is available on request at the addresses indicated above.
- Data retention
In accordance with Article 5.1(e) GDPR, the personal data that we collect is kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are collected and processed in each specific case, and in any case not longer than as specified by the relevant applicable laws.
We have defined a MSC Foundation Data Retention Policy that specifies the time frame for data processing at the end of which all copies of the personal data are either destroyed or anonymised using adequate techniques that do not permit the re-identification of the data subject.
- Data subject rights
In accordance with articles 15-22 of the GDPR, the data subject has, at any time, the right to:
- Obtain access to your personal data;
- Request the rectification or deletion of personal data or the restriction of data processing;
- Object to the processing of your personal data;
- Receive your personal data in a structured format of common use and readable by an automatic device;
- File a complaint with the relevant data protection authority (taking into account the place of residence of the data subject or the place of supplying of the services), in accordance with article 77 of GDPR, if you believe that the processing of personal data is in violation of the GDPR.
To exercise your data subjects rights, please send an email to privacy@mscfoundation.org.
Notwithstanding your right to object the processing of some or all of your personal data, the Foundation reserves the right to evaluate the request, which will not be processed in case the legitimate reasons of the Foundation or of another individual prevail over the rights and interests of the data subject.