Information on personal data protection

With the coming into force of the EU Regulation no. 679/2016, “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”, (hereinafter “Regulation or “GDPR”); Grimaldi Group S.p.A., as Data Controller, is obliged to provide information concerning the methods and purposes for the processing of personal data.
The table below gives a brief summary of the content of the information notice subsequently provided.
Data Controller Grimaldi Group S.p.A. (hereafter, “Data Controller” or “Company”)
  1. Issue of quotes for maritime transport contracts
Legal basis
  1. The performance of pre-contractual measures
  2. Consent of the data subject (only with regard to special categories of data)
Data transfer Possible, with adequate guarantees in place to protect the data subject’s rights
Data subject’s rights a.         to access personal data;
b.         to obtain the rectification or deletion of data or to limit the processing thereof;
c. to object to the processing of personal data;
d. to obtain the portability of such data;
e. to lodge a complaint with the competent supervisory authority (e.g. Data Protection Authority).
The rights as per letters a) to e) can be exercised by writing to:
The Data Controller has designated a Data Protection Officer (DPO), having specialist knowledge of legislation and standard practices in the matter of data protection, who is therefore qualified to perform the tasks as per Article 39 of the EU Reg. 679/2016.
1. Subject of the processing
We hereby inform you, in accordance with Art. 13 of GDPR, that the identifying, personal data (i.e.  name, surname, address, tax identification number, VAT number, e-mail, telephone number) and any special categories of data (i.e. health data), provided by you to this Company at the moment of requesting a quote will be subject to processing in compliance with the aforementioned legislation and confidentiality obligations.

The processing operations concern:

  • the applicant’s contact details;
  • any personal data spontaneously provided by the applicant when completing the “notes” section of the form.
Moreover, we remind you that the processing may regard special categories as per Article 9 of the GDPR, if spontaneously provided by you in the “notes” section. By way of example:
  • information regarding mobility restrictions;
  • information regarding your disabilities
  • data provided by you, if any, about special needs related to your state of health.
2. Purposes of data processing (Art. 6 GDPR)
Data not included in special categories may be processed for the following purposes:
  1. to manage requests for quotes.
Data belonging to special categories will be processed to check whether the special discounts for people with disabilities and those accompanying them can be applied.
3. Data processing methods (Art. 5 GDPR)
We also inform you that the personal data concerning you will be processed, including using electronic means, in compliance with the methods indicated in the GDPR, which provides, among other things, that the data must be:
  • processed according to the principles of lawfulness, transparency and fairness;
  • collected and recorded for specific, explicit and legitimate purposes (“purpose limitation”);
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
  • accurate and kept up to date (“accuracy”);
  • kept for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
  • processed using instruments that ensure the security and confidentiality of the personal data, including protection against unauthorised or unlawful processing and against loss, destruction or damage, or accidental damage (“integrity and confidentiality”).
Personal data is stored as shown in the table below.
Data Storage times Purpose of storage
Data belonging to special categories
10 years from issue of the quote For legal defence purposes in the case of possible disputes raised by the applicants
4. Legal basis
The legal basis for the processing listed above in paragraph 2, point 1, lies in the need to carry out pre-contractual measures (Art. 6, section 1, letter b, GDPR).

The legal basis for the processing of data belonging to special categories lies in the data subject’s consent (Art. 9, section 1, GDPR), provided by the data subject at the moment of freely and spontaneously communicating such data to the Data Controller, so that the latter might take such into consideration when preparing the quote.

5. Data transfer
Please note that your data may be disclosed, in addition to other companies belonging to the Grimaldi Group, also to entities established in third countries, even outside the territory of the European Union, subject to compliance with specific procedures.
With reference to EU countries, your data may be disclosed to the port authorities, judicial authorities, and police forces, shipping agents and terminals situated in Spain, Greece, Germany, Belgium, Ireland, Portugal, Cyprus, Sweden and Denmark.
As regards extra EU countries, data may be transferred to said addressees operating in Great Britain, Tunisia, Morocco, Turkey, Israel, Brazil, Uruguay, Argentina, Senegal, Benin, Nigeria, Ghana, Ivory Coast, the USA and Canada.
In particular, the communication of your data to shipping agents is envisaged since the same act as representatives of the shipowner in forwarding data to the Authorities.
With reference to the terminals, however, there is an obligation under which the same must carry out particular checks on persons and things intended for boarding or disembarking. This means that the shipowner is obliged to communicate passenger data to the terminal in advance, which in compliance with the security procedures is required to communicate the data received to the Competent Authorities (e.g. Port Authorities, Financial Police Force and Customs).
In addition, Grimaldi Group S.p.A. may communicate the passenger data to the Authorities mentioned above directly.

With reference to transfers that may take place in countries like Israel, Uruguay, Argentina, the USA and Canada, the European Commission has ruled that the transfer shall be legitimate by specific decision of adequacy in accordance with Article 25, paragraph 6 of Directive 95/46/EC.
In other countries, however, where the GDPR applies, data transfer will be regulated in accordance with the principles established by the Regulation in the contractual relations carried out by the Company.

6. Data disclosure 
We also inform you that the aforementioned processing of personal and sensitive data concerning, related and/or instrumental to the maritime transport contract may provide for access to the above data by:
  1. Law firms, if disputes should arise.
  2. Companies, including those belonging to the Grimaldi Group, providers of other audit services, data analysis, market research and customer satisfaction surveys.
It may be necessary for us – in relation to laws, legal proceedings, disputes and/or requests made by public or governmental authorities within or outside your country of residence, national security purposes or other issues of public importance – to communicate your personal data. Where lawfully possible, we will inform you before any such disclosure.
We may also disclose your personal data if we establish in good faith that said disclosure is reasonably necessary in order to enforce and protect our rights and activate available remedies.

7. Data subject’s rights (Art. 15 – 21 GDPR)
Lastly, we inform you that the data subject may, at any time, exercise the rights:
  • to access personal data, requiring that such data be made available to you in an intelligible form, as well as the purposes of the processing (former Art. 15);
  • to obtain the rectification (former Article 16) or the erasure (former Art. 17) of the same or the limitation of processing (former Art. 18);
  • to data portability (pursuant to Art. 20);
  • to object to data processing (pursuant to Art. 21);
  • to lodge a complaint with the competent supervisory authority.
The rights as per letters a) to d) may be exercised by contacting the following e-mail address

In this regard, please also note that the Data Protection Officer appointed by the Company can be contacted by e-mail at

8. Nature of data provision and consequences of a potential failure to disclose the data
The provision of data not belonging to special categories is necessary for the correct performance of contractual and pre-contractual obligations which we are required to perform; failure to provide the same will make it impossible for us to conclude the maritime transport contract requested by you, as well as to correctly fulfil the legal obligations and those arising from the public interest concerning safety in ports.

The provision of data belonging to special categories is optional. However, if such data is provided, the Company can: better satisfy your requirements and provide the assistance needed; apply the special discounts, where pertinent- in the cases and in the manner foreseen.

9. Consent
To the processing of his/her data belonging to special categories was provided by the data subject at the moment of freely and spontaneously communicating such data to the Data Controller, so that the latter might take such into consideration when preparing the quote .
Regarding such matter, we remind you that, without prejudice to the lawfulness of processing based on consent before withdrawal, you may at any time withdraw the consent given by sending a request to the e-mail address: or by using the channel indicated in the communications you receive, i.e. by clicking on the relevant link in the e-mails sent to you.
Grimaldi Group SpA
Sede legale Palermo - Via Emerico Amari n°8 | Capitale Sociale: €150.000.000,00 | C.F. e Registro Imprese di Palermo: 00117240820 | P.IVA: IT 00117240820