The safety measures adopted by the Company for the purposes of preventing COVID-19 infections require the processing of some personal data considered to be under the “special categories of data” as per Art. 9 of the General Data Protection Regulation 2016/679 (“GDPR”). Wherever possible, guests’ consent is collected in accordance with the provisions of Art. 9(1)a GDPR. Where collecting consent is not possible for objective reasons, but the processing of personal data is required to ensure the prevention measures are adopted and the spread of COVID-19 disease is avoided, Art. 9(2)i serves as the legal basis for carrying out the processing.

The data collection and processing is carried out in accordance with the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimization, data accuracy, and confidentiality and integrity.

The personal data collected and processed for these purposes will not be used for any other purposes and will not be shared with any third party outside the MSC Cruises group, except for (a) enabling guests to use their COVID-19 insurance policy, (b) ensuring guests are provided with relevant medical services in hospital facilities, in case disembarkation is required, (c) ensuring repatriation, where required, and (d) where guest consent has been provided.

To obtain more information about the processing of data required by COVID-19 procedures and to exercise data subject rights, please contact the Data Protection Officer at dpo@msccruises.com.