It is equally important that you understand what personal data is collected and how it is used. As such, this Notice is intended to provide you with these facts.
Personal data protection legislation aims at guarantying that individuals have a high level of control of their private life and personal data. As of May 2018, Regulation (EU) 2016/679 (the General Data Protection Regulation or "GDPR") the 2002/58/EC Directive (together, and with any other applicable regulations applicable to the processing and protection of personal data) define the applicable legal framework in order to guarantee this level of protection for personal data.
Within this framework, we are implementing a compliance program which particularly contains:
- Regular trainings for the employees to make them abide by key privacy principles illustrated in our code of conduct such as the duty to respect data security, in-tegrity and confidentiality.
- A strong legal Framework in our relationship with our suppliers and our affiliates which guar-antees that appropriate safeguards, enforceable rights and effective legal remedies are availa-ble for you.
- Regular audits of our affiliates, subsidiaries and our suppliers to maintain a high standard of compliance with data protection laws.
Who process your data
CMA CGM is a shipping and logistic company with offices and associated legal entities established across the world. We are a limited company registered in Marseille and regulated by French law.
We collect and use your personal data to carry out our business, as a data controller. If one of our subsidiaries or affiliates collects and use your personal data, then it will also be a controller of your personal data.
To that extent, the terms “we”, “us”, “our” or “CMA CGM” used throughout this privacy notice, shall designate CMA CGM S.A. (“CMA CGM”) and CMA CGM’s direct or indirect subsidiaries worldwide.
Please click here to get a list of subsidiaries and brands of the CMA CGM Group.
We may use service providers to process your data. In this case, the processing is governed by a contract that complies with the applicable data protection laws and ensure an adequate protection of your rights.
In any events, the recipients of your data are qualified professionals subject to GDPR principles such as lawfulness, fairness, transparency and confidentiality of the processing.
CMA CGM is a global company which carries out its activity in more than 160 countries around the world. Hence, in some instances your personal data may be transferred outside the European Economic Area. These international transfers are allowed only if there are regulated by mechanisms that ensure an adequate level of protection.
Intra group transfers are done in accordance with the binding corporate rules which governs the inter-national transfers and processing of Personal Data within the Company around the world.
International transfers of personal data between us and a company located in a third country are gov-erned by safeguards approved by the European Commission such as Standard contractual clauses.
We keep your personal data for as long as necessary to fulfil the purposes for which we collected and continue to process it, and to satisfy any legal, accounting or statistics requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
What are your rights
Your right to be informed
We will give you information about the processing of your personal data, in particular:
- The purpose of the processing.
- The activities covered by the data processing.
- The recipients.
- The storage duration of the data.
- The legal basis for the processing.
Your right of access
You have the right to ask us for copies of your personal information.
We may object to your request when:
- Your personal data is inseparable from the personal data of others. In this case, we reserve the right to redact or withhold it if it will infringe the rights of those third parties.
- Your request is “manifestly unfounded or excessive”.
- Your personal data is no longer available.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to restrict the processing
You have the right to ask us to restrict the processing of your information. This right applies when:
- The accuracy of the personal data is contested.
- The processing is unlawful.
- You need the data for the establishment, exercise or defense of legal claims.
- You have objected to the processing, pending the verification of our legitimate ground.
While we consider your request, we will stop processing your personal data. We will notify you of our decision and any justifications for continuing to process your personal data as soon as we can.
Your right to erasure (right to be forgotten)
You have the right to ask us to erase your personal data. This right applies when:
- The personal data is no longer necessary for the purpose which we originally collected processed it for.
- We no longer have a legal basis for the processing.
CMA CGM may have some legal basis for storing your personal data such as:
- Where continued processing is required under a contractual obligation (e.g. retention of contractual obligation is 10 years as from the end of the contractual relation),
- Where processing is required for the establishment, exercise or defence of legal claims.
Your right to object to processing
You have the right to ask us not to process your personal data for marketing purposes, including profiling (eg. tracking your usage of our Website).
You also have the right to object on the processing which relies on our legitimate interest. We will then stop the processing of your data until we demonstrated compelling legitimate grounds for the processing.
Your right to data portability
You have the right to transfer personal data we have to another controller. This right relates to processing carried out by automated means based on your consent or on a contract we have with you.
Your right to withdraw consent
You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Your right not to be subject to an evaluation based on automated processing
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
This right may not apply if:
- The processing is necessary for entering into, or performance of, a contract between you and us,
- The processing is authorised by Union or Member State law to which we are subject,
- The processing is based on your explicit consent.
Your right to complain to the Supervisory Authority
If you feel that CMA CGM have processed your personal data unfairly or unlawfully, you have the right to complain about us to the relevant Supervisory Authority.
In France, the Supervisory Authority for personal data protection is the
You can contact this Supervisory authority here or on +33 (0)220.127.116.11.22.
We will not discriminate against you for exercising any of your rights. Unless permitted by the law, or unless the exercise of your rights interferes with contractual requirements we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Security & confidentiality
Taking care of your data has been the core of our concerns for years of service. By this commitment, we constantly strive to do our best in building secure environment that provide confidentiality, availability and integrity to your data.
Therefore, we implement technical and organizational measures to protect your rights and freedom and your personal data against data breaches.
Here is a non-exhaustive list of our appropriate organisational and technical measures:
- pseudonymisation, encryption and minimisation policy of personal data
- software for preventing piracy and malicious intrusions in our database,
- provision of regular training programs to our employees,
- audits of our legal entities executed by highly qualified staff,
- access control and transmission control,
- risk analysis mechanisms (DPIA).
CMA CGM and its staff remain constantly attentive to any innovations or new measures which can improve your Data security.