Data Protection Notice
Introduction
MEDLOG S.A., “MEDLOG” or “we”, having its register office at Chemin Rieu 12,1208 Genève, Switzerland , is committed to protecting the privacy and security of your “Personal Data” (as defined in section 2) when acts as data controller in accordance with the Swiss Federal Act on Data Protection and any other applicable data protection laws, including the applicable data protection laws when you deal with MEDLOG`s agencies and the Regulation (EU) 2016/679 “GDPR” (collectively “Data Protection Laws”).
This data protection notice (referred to as the “Notice”) describes how we collect, use, share and transfer (together referred to as “Processing “or “Process”) Personal Data during and after the business relationship we have with our customers, their employees, and partners (together referred to as “Customer “or “you”).
MEDLOG operates through its agencies established across the world which, depending on the purpose, may act as data controller when Processing your Personal Data or Process your Personal Data on behalf of MEDLOG.
MEDLOG uses appropriate technical and organizational measures to ensure a level of safety appropriate to the risk of the Processing to grant confidentiality, availability and integrity of your Personal Data.
It is important that you read this Notice, together with any other data protection notices and MEDLOG policies we may provide on specific occasions when we are Processing Personal Data about you, so that you are aware of how and why we are using such data.
What are the Personal Data we collect from you?
Personal Data is any piece of information relating to an identified or identifiable natural person. MEDLOG may Process the following categories of Personal Data about you:
- Name and surname
- Telephone number
- Email address
- Your technical data which include your IP address or similar identification number, login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access MEDLOG website
- Records of our communications with you including in respect of any queries or complaints that you raise
- Identity documents including your passport and driving license
- Customer`s professional postal address
- Marketing data such as your preferences on our services, offers and attendance at our events only when you have agreed to receive such communication or when we are legitimate to collect such data to fulfill our legitimate interest.
A particular category of Personal Data is the “Sensitive Personal Data” with the meaning of 1) data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or 2) concerning health, a natural person sex life or sexual orientation. Such Sensitive Personal Data also includes genetic and biometric data, and information relating to criminal convictions and offences.
Unless strictly required under applicable laws, MEDLOG doesn`t collect Sensitive Data.
How will we use your Personal Data about you?
We will only use your Personal Data when the law allows us to, for the following purposes (referred as “Purposes”) and corresponding legal basis as described in the following schedule:
|
Purpose |
Type of data |
Lawful basis for processing |
|
To execute the obligations envisaged by the contract we have with you |
Identity Contact details cargo description Glocalization of the container (if required by you) bill of lading number container number to perform the contract with you |
To perform the contract with you |
|
To allow the performance of the security check at the terminal |
Identity Passport, identity card or driving license
|
To comply with a legal obligation |
|
Identify Vendor details (subcontractors) following the customer’s premises |
Driver’s license ID card Others |
To perform the contract with you |
|
Performance of the custom`s declaration to the local authority |
Identification code from which we can retrieve Personal Data identity contact |
To comply with a legal obligation when envisaged by the local jurisdiction or when the processing is necessary for the purpose of our legitimate interest |
|
To review and improve our services |
Identity Email address Professional information |
Legitimate interest |
|
To complete the booking |
identity contact details (i.e professional email address, professional phone number) (c) cargo description container number |
Legitimate interest |
|
To provide you the transport service (by sea, road, rail, warehousing or through forwarding activities) |
Identity Contact your bank details customer code cargo description Glocalization of the container (if required by you) bill of lading and contact details of the parties involved in the transportation service (i.e Consignee, notify party etc) container number |
Legitimate interest |
|
To review and improve our services |
Identity Passport or driving license Mail address Professional information |
Legitimate interest |
|
Compliance check to prevent a fraud and illicit traffic (security screening, background check) |
Identity bank details shipping data such as cargo description, container and bill of loading numbers passport political opinions |
The legal obligation to comply with applicable laws and the legitimate interest to prevent the stoppage of the service |
|
Commercial and Marketing Activities |
Email address Telephone number IP, login data, browser type and version, time zone setting and location your preference |
Your consent |
|
Building a commercial relationship with you by keeping you informed about our business services |
professional mail address Professional telephone number IP, login data, browser type and version, time zone setting and location of the professional device |
Legitimate Interest |
|
To respond to and defend against legal claims |
Identity IP address Passport, identity card or driving license |
Legitimate interest
|
MEDLOG will only Process your Personal Data to meet the above Purposes. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or obtain your consent when it is required by the Data Protection Laws. If you fail to provide certain Personal Data when requested, we may not be able to provide the requested service, or we may be prevented from complying with our legal obligations.
Disclosure of your personal data
We may disclose your Personal Data strictly for the Purpose(s) mentioned in section 3 to the following recipients, as described in the below list, who are required to take appropriate security measures to protect your Personal Data and to treat them only for the Purpose(s) for which they were provided and in accordance with our instructions:
- MEDLOG agencies located worldwide and working for and on behalf of MEDLOG;
- Affiliate entities;
- Terminals;
- Local Authorities; and
- Third parties (Consignee, notify party, freight forwarded).
We may also disclose your Personal Data to a third party when it is required by applicable law, court order or governmental regulation and when it is necessary to detect and prevent fraud or support any legal investigation or proceeding.
We may also use service providers to Process your Personal Data and in this case the service is governed by a contract that complies with the Data Protection Laws and ensures adequate protection of your rights.
In the event of the sale, merger, reorganization of part or all the business assets of MEDLOG, we may disclose your Personal Data to a third party involved in this procedure.
When Processing your Personal Data for the purposes outlined in section 3, it may be necessary for us to transfer your Personal Data outside of Switzerland or the European Economic Area. In the event that we do so, we will only transfer the Personal Data to a country which is subject to a European Commission adequacy decision or, where no such decision has been made, if appropriate safeguards have been implemented such as the stipulation of the Standard contractual clauses approved by the European Commission. If you require full details of any international transfers of your Personal Data and the applicable safeguard, please contact us at the following address: ch001-data.protection@msc.com
Data Security
We have put in place appropriate technical and organizational security measures to ensure a level of safety appropriate to the risk and to protect Personal Data against accidental or illegal destruction, accidental loss, alteration, unauthorized disclosure, or unauthorized access, notably when transferred to another country, and against any illegal means of Processing. We also provide regular training to our employees to ensure they comply with privacy principles when handling your Personal Data.
Retention Period
We may retain your Personal Data as long as required to fulfill the Purpose(s) for which they were collected and in compliance with MEDLOG Policies relating to the use of your Personal Data.
We shall keep your Personal Data for a longer period when we are obliged to do so by the applicable laws, regulatory requirements and for the time required to protect and defend our rights.
Your rights to your Personal data
According to the Data Protection Laws, you are granting to exercise the following rights:
- Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no legitimate reason for us continuing to process them. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to Processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) or where we are Processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for Processing it.
- Request the transfer of your Personal Data to another party in a common readable format where it is practicable.
- Right to withdraw your consent if the legal basis for the Processing of your Personal Data is based on it.
In addition to the rights and in compliance with the Data Protection Laws, you are entitled to lodge a complaint with the competent supervisory authority.
If you want to exercise the rights above described, please fill this form here, or if you have any questions about this Notice, you may address your request to ch001-data.protection@MEDLOG.com.
Changes to this Privacy Notice
We reserve the right to update this Notice at any time and we will provide you with the update Notice when we make any substantial changes. We may also notify you in other ways from time to time about the Processing of your Personal Data.