4. Categories of data recipients and personal data transfer

a. Companies of our group

Depending on the country where the booking is made from, and to provide you with specific services, we share information about you with the companies of our group. All companies are processing the personal data in compliance with the GDPR.

Depending on the country where the booking is made from, your personal data could be processed by one of the companies of our group, acting as data processors upon instructions from the data controller. The companies of the MSC Cruises group that process personal data of European passengers are: MSC Cruises S.A., MSC Crociere S.p.A., MSC Cruise Management UK Ltd, MSC Cruises UK Ltd, MSC Food & Beverage Division Spa, MSC Kreuzfahrten AG, MSC Cruises Belgium NV, MSC Cruises Scandinavia AB, MSC Kreuzfahrten (Austria) GmbH, MSC Netherlands B.V., MSC Cruises Ltd – Cyprus, Mediterranean Shipping Cruises Cruceros Sau and MSC Kreuzfahrten GmbH.

In limited cases, the above mentioned companies could act as data controllers in relation to a specific data processing activity (for example, when competitions are organized and handled at local level). In such cases, we will provide you with a separate privacy information notice in relation to that specific activity.

Personal data of passengers in the EU is not usually shared with companies of our group that are located outside of Europe. However, should data need to be transferred to a non-EU/EEA country, MSC Cruises will adopts relevant safeguards to ensure that the transfer is carried out in compliance with the applicable privacy legislation, in particular the provisions of the GDPR.

b. Commercial partners

In order to ensure that your travel arrangements are completed smoothly and effectively, we may transfer personal information to countries which may not have data protection laws or to countries where your privacy and other fundamental rights may not be protected as extensively. We will transfer information only for the purpose of fulfilling/providing the services you have requested from us, in order to fulfil a contract with a third party for your benefit or to disclose information which we are required to do by law or requested from us by a regulator.

c. Data sharing with port agents and authorities
As a travel operator, we need to share some information about our passengers with local port agents and authorities for immigration purposes. The sharing of data with these agents and authorities can trigger the transfer of data outside the EU/EEA if these entities are based abroad, outside the EU/EEA. These data are shared and transferred based on the legal obligation that MSC Cruises has in relation to the provision of information to the relevant authorities, and only the strictly necessary data is communicated. We are required to cooperate with state authorities and law enforcement agencies of each country on your route, including customs and immigration authorities. Personal information about you may be shared with these entities prior to embarkation, during your cruise, or after disembarkation for security or immigration reasons. Our Immigration Officers can clarify any questions you might have about these data processing activities.