Privacy Policy

  1. Personal Data Protection.
    The processing of personal data in the Union institutions and bodies like agencies is regulated by Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
  2. Scope of the Regulation No. 2018/1725.
    Art. Nº 2 provide that the Regulation shall apply to the processing of personal data by all Union institutions and bodies.
  3. Processing of personal data.
    "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Personal data.
    "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  5. Data protection principles.
    Personal data shall be:
    1. Processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency").
      Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
    2. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ("integrity and confidentiality").
    3. The controller shall be responsible for, and be able to demonstrate compliance with all of the above principles.
  6. The Data Controller.
    "Controller" means the Union institution or body or the directorate-general or any other organisational entity which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by a specific Union act, the controller or the specific criteria for its nomination can be provided for by Union law. Union institutions and bodies" means the Union institutions, bodies, offices and agencies set up by, or on the basis of, the TEU, the TFEU or the Euratom Treaty.
    For each processing operation, a Data Controller/Delegated Controller must be identified and prior notice must be given to the Data Protection Officer of the institution.
  7. The Processor.
    "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  8. The Data Subject.
    The Data Subject is the person whose personal data are collected, held or processed by the Data Controller.
  9. The Data Protection Officer (DPO).
    Each Union institution or body shall designate a data protection officer. Union institutions and bodies may designate a single data protection officer for several of them, taking into account their organisational structure and size.
    The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks. The Union institutions and bodies shall publish the contact details of the data protection officer and communicate them to the European Data Protection Supervisor. The Union institutions and bodies shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.

    The DPO in MSC IO is Mr./Ms XXXX The DPO can be contacted in DPO@mscio.eu.