1. INTRODUCTION

1.1 The European Commission has adopted a renewed data protection framework in May 2016 named the General Data Protection Regulation (GDPR). The GDPR will replace the current Directive(EU Directive 95/46/EC) and will be directly applicable in all Member States without the need for implementing national legislation. It has come into force on May 25, 2018. The objective of this regulation is to enhance EU citizens‘ rights and protection over their Personal Data.
1.2 The Company has therefore put in place this Statement to set forth the principles and requirements governing the collection, use and disclosure of customer information, including their Personal Data, in compliance with laws and regulations applicable in Luxembourg, in particular the law of 2 August 2002 on data protection as amended (the 2002 Law).
1.3 When you provide Personal Information to us via www.mcs.lu (the Website), the Company protects it according to this Privacy Statement. By using this Website, you acknowledge that you have reviewed, and agreed to, the terms of this Privacy Statement. If you do not agree to this Privacy Statement, do not use this Website.

 2. COLLECTING PERSONAL DATA

2.1 The type of Personal Data the Company collects, uses and discloses for legal and business purposes are listed below:
Identification documents incl. passport copies, ID cards, driving licenses
Contact details e.g. name, address, telephone number, email address
Curriculum vitae e.g. education, training, qualifications, profession
Personal characteristics e.g. age, gender, nationality, marital status, date and place of birth
Evidence of tax residency
Extract of the criminal record
Bank references incl. financial information;
Name screening (comparison with lists of sanctions).

2.2 In addition, the Company may collect the following types of information when you browse this Website, any other website, or any affiliate site:
2.2.1 Personal Information you provide directly when you register or join an online community or another group, inquire about our services via any e-mail messages you send, including personally identifiable information such as your name, contact information (phone, fax, address, and email address);
2.2.2 Personal Information you provide directly, including personally identifiable information you submit through this Website as part of the online job application process or in the process of registering for an event, user group, or conference;
2.2.3 Passively collected information, including through the use of cookies(2) and web beacons(3), IP addresses, web browser and operating system information, date and time of visits, and the web pages your Internet browser visits when browsing this Website, any other ECP website or any affiliate site;
Clickthrough information related to ECP emails and related marketing activities; and Aggregate, non-personally identifiable information, such as the number of hits per week or per web page.

(2)Cookies are small text files that store information about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”). Cookies can make it easier to use a website by allowing servers to access certain information quickly. If cookies are disabled in your browser, you may not have access to the totality of our offers and services.
(3) A web beacon is an electronic image that is imbedded in a web page or email which allows to track web page views/hits or the opening of an email containing a beacon. ECP may use web beacon in conjunction with cookies to track web site activity the Website and associated websites. Web beacon tracking by ECP does not identify the name or email address of the web user or mail recipient.

3. PURPOSE FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

The purposes for which Personal Data relating to a natural person may be collected, used and disclosed may include:

3.1.1 For contractual purposes:
(a) Complying with or enforcing the terms and conditions of any contract or agreement entered into by or on behalf of the Company;
(b)The provision of Company services including portfolio managemnet, risk managment, compliance, reporting, etc.;
(c) The procurement of transaction and data processing;
(d) The Processing, confirming and fulfilling customers’ or other natural persons’ requests regarding the Company‘s services and/or transactions;
(e) For security, business continuity, emergency contact and travel purposes;

3.1.2 For legal obligation:
(a) Conducting customer checks, in particular anti-money laundering (“AML”) checks pursuant to the law of 12 November 2004 on antimoney laundering and counter-terrorism financing (the 2004 Law);
(b) Complying with the obligations, requirements or arrangements for disclosing and using personal data that apply to the Company, as follows:

(i) Regulatory and/or legal provisions, in particular antimoney laundering and counter-terrorism financing legislation, which require the compliance with KnowYour-Customer (KYC) obligations and therefore the identification, verification and background screening purposes of any natural person the Company is directly or indirectly in business relationship with;
(ii)  Any notifications, directives or guidelines issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers;
(iii) Any contractual commitment with local or foreign legal, regulatory, supervisory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers;

(b) For security, business continuity, emergency contact and travel purposes; 3.1.3 3.1.4 4. For marketing purposes: (a) (b) (c) Developing business relationships with prospects; Providing customized information and updates, e.g. web pages, newsletters, mailing and investor updates, about the Company services and performance;
(c) Organizing events or conferences;

3.1.4 For legitimate interests:

(a) All other incidental purposes relating thereto and other purposes to which the individuals or organizations may from time to time agree such as online job application (please note that your Personal Information may be disseminated internally and among our affiliates as necessary to consider your application and to contact you regarding our decision).

4. DISCLOSURE OF PERSONAL DATA & CUSTOMER INFORMATION

4.1 Customer information including their Personal Data will be kept confidential and securely stored in the Company’s premises. A limited number of persons have access to these Personal Data.
4.2 However, the Company may provide and/or disclose such data and information to the following parties for the above purposes, where applicable:
4.2.1 Any agent, contractor or third-party service provider who provides administrative, telecommunications, information technology, transaction and data processing, payment or securities clearing debt collection, business processing, mailing, call centre, operational or other services to the Company in connection with the operation of its business;
4.2.2 Any other person under a duty of confidentiality to the Company e.g. its auditors, independent director, etc.;
4.2.3Any person, body or authority to whom the Company is under an obligation or otherwise required, advised, recommended or expected to make disclosure under the requirements of any laws, rules or regulations binding on or applying to the Company, or any disclosure under and for the purposes of any notifications, directives, guidelines or guidance given or issued by or agreement with any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company is obliged, required, advised, recommended or expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company with local or foreign legal, regulatory, supervisory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside Luxembourg and may be existing currently and in the future;
4.2.4 Any actual or proposed assignee of the Company or participant or sub participant or transferee of the Company’s rights in respect of a natural person or an organization;
4.2.5 Third-party financial institutions, custodians, clearing houses, insurers, credit card companies, securities and investment services providers;
4.2.6 The Company’s professional service providers and advisers including lawyers, notaries, tax advisers, auditors and accountants;
4.2.7 Any party in respect of which such disclosure is requested and/or consented to by the customer and/or natural person;
4.2.8 The list of third parties to which your personal data may be transferred is available upon request to be addressed to the contact person (see §12.2).

5. TRANSFER OF PERSONAL DATA AND CUSTOMER INFORMATION OUTSIDE OF LUXEMBOURG AND OUTSIDE OF THE EU

5.1 The Company may from time to time transfer customer information including their Personal Data outside Luxembourg and the EU for the above purposes, where applicable.
5.2 Such information may be disclosed, processed, stored or maintained in accordance with the local data protection laws, rules and regulations applicable in the relevant jurisdictions.
5.3 The Company shall ask the Data Subject for his/her explicit consent before transferring any personal data to a third country having an insufficient level of protection.
5.4 The Company may also adopt the Commission’s contractual clauses with any third party listed in section 4. located in a third country having an insufficient level of protection in order to guarantee EU level of protection by this third party.

6. DISCLOSURE OF PERSONAL DATA

6.1 Before disclosing any Personal Data relating to its employees, contractors and other individuals to the Company shall (1) ensure that those natural persons are duly notified and made aware of this Statement, (2) shall undertake and represent those natural persons who have procured their consent to the collection, use and disclosure of their Personal Data as described in this Statement.

7. UPDATE OF PERSONAL DATA AND CUSTOMER INFORMATION

7.1 Customers, and other organisations or natural persons who provide (or authorize the provision of) information to the Company undertake that such information is true, accurate and complete.
7.2 In order to ensure the accuracy and validity of Personal Data collected, used and disclosed, natural persons have the right to notify the Company in writing promptly upon any changes in their Personal Data.

8. ACCESS AND CORRECTION OF PERSONAL DATA

8.1 Pursuant to the 2002 Law, natural persons may request access to or make corrections to their Personal Data. Such a request may be sent to the Company’s contact person (see §13).
8.2 You may also request to be removed from our e-mail list, by following the “unsubscribe” instructions on e-mails from the Company or by sending a request to the Company.

9. DATA INTEGRITY AND SECURITY

9.1 The Company is committed to protecting your privacy. The Company processes your Personal Information only in ways compatible with the purpose for which it was collected. To the extent necessary for such purposes, we take reasonable steps to make sure that the information is accurate, complete, current and otherwise reliable with regard to its intended use. However, the Company expects that you will update your personal information with the Company as necessary.
9.2 The Company takes reasonable and appropriate measures to maintain confidentiality and integrity, and prevent the unauthorized use or disclosure, of information. This includes maintaining a system of appropriate administrative, physical and technical safeguards to secure such information.

10. WITHDRAWAL OF CONSENT

10.1 Pursuant to the 2002 Law, customers may withdraw their consent to the collection, use or disclosure of their Personal Data.
10.2 However, if a customer or individual does not provide or withdraw such consent or fails to provide requisite Personal Data, the Company may be unable to initiate or continue a relationship with the natural persons or organization concerned.

11. ANTI-MONEY LAUNDERING

11. 1 The Company is obliged to act in accordance with the 2004 Law. Customers are asked to actively support the Company in obtaining certain types of information, including those required under anti-money laundering laws and regulations in Luxembourg.
11. 2 The Company is required to ask customers questions regarding their identity, the company or association they belong to, their legal representatives, authorised signatories, source of funds and, if necessary, also regarding individual transactions.
11. 3 The Company also has a duty to verify the identity of the respective ultimate beneficial owner of the customer or of the assets brought in.

12. AUTOMATIC EXCHANGE OF INFORMATION

12. 1 By application of the US Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standards (CRS) regulations concerning the automatic exchange of information, as well as the 2002 Law on the protection of natural persons in relation to the processing of their personal data, natural persons declare being informed, acknowledge and agree, that their Personal Data and financial information provided by the Company to financial institutions for the purposes mentioned in section 2. of this Statement may be thereafter potentially used by the financial institutions in the execution of their FATCA and CRS duty to provide information to the Luxembourg tax authorities. That information can in turn be forwarded to the relevant foreign tax authorities, including the relevant US tax authorities.

12. 2The Customer must provide any additional information that might be required from time to time by the Company for the purpose of the FATCA and CRS laws and failure to do so within the prescribed timeframe may trigger a report to the Luxembourg tax authorities.

13. CONTACT PERSON WITHIN THE COMPANY

13. 1 The person to whom requests for access to, or correction of personal data or withdrawal of consent for the processing of personal data or for information regarding the Company’s policies and practices and kinds of Personal Data held by the Company are to be addressed is as follows:
13.2 Maritime Construction Services (MCS) S.A.
To the attention of Natalia Makosheva
153-155B, rue du Kiem L-8030 Strassen
Luxembourg
Email: data.privacy@mcs.lu

14. DATA PROTECTION REGULATOR
14.1 In cases of non-compliance with the law and/or regulatory provisions, a data breach report must be filed with the Commission Nationale pour la Protection des Données (CNPD):
Commission Nationale pour la Protection des Données
15, Boulevard du Jazz
L-4370 Belvaux Luxembourg

15. MISCELLANEOUS
15. 1 This Statement shall be deemed an integral part of all contracts, agreements, facility offer letters, account mandates and other binding arrangements which customers or other individuals or organizations have entered into or intend to enter into with the Company.
15.2 This Statement may be updated from time to time to reflect changes and/or developments in data protection and banking secrecy laws, regulations, guidelines, codes and industry practices in Luxembourg.
15.3 The Company periodically updates the features of the Website to better serve you and all Company’s customers. The Company reserves the right to change this Privacy Statement without advance notice and any modifications are effective when they are posted here. The date of the newest version will be posted below. Please check back frequently, especially before you submit any personally identifiable information to this Website, to see if the Privacy Statement has changed. By using this Website, you indicate your understanding and acceptance of the terms of the Privacy Statement posted at the time of your use. If you have any questions, please contact us by sending an e-mail message to data.privacy@mcs.lu.