Maersk Global Data Privacy Notification
This Privacy Notification is effective as of October 1st, 2022.
This Privacy Notification explains how Maersk and its affiliated companies (“Maersk”, “we”, “us”, “our”) use personal data about you on our websites, mobile applications, or other sites that display this Privacy Notification. You can see Maersk affiliates here at the latest company overview. This Privacy Notification will also apply to information gathered from your visits to our facilities.
Specific Provisions
In specific situations, other provisions apply or supplement this Privacy Notification:
- when applying for a job with Maersk only the Privacy Notification for Recruitment applies;
- when using our websites, the Policy on Cookies supplements the Privacy Notification.
Protecting Your Personal Data
With offices and operations throughout the world, personal data will be transferred or be accessible internationally throughout Maersk’s global business. Any such transfers throughout Maersk’s global business takes place in accordance with the applicable local data privacy laws and regulations and for the European Union in accordance with the authority approved Binding Corporate Rules (“BCR”).
Our BCR reflect the standards contained in European data privacy laws and regulations (including the General Data Protection Regulation). Having our BCR means that all our Maersk group entities which have signed up to our BCR have to comply with the same internal rules. It also means that your rights stay the same no matter where your data are used by Maersk.
Maersk Binding Corporate Rules (BCR) can be downloaded here.
Types of personal data that we use, purpose and the legal basis
Consumers
Maersk rarely use personal data about consumers; however, we might use personal data about you in order to deliver logistic services to you or our customers, e.g., custom clearance services, document and parcel freight etc., where we use:
- Contact information (e.g., name, address, email, and phone number)
- Delivery and packaging information
As per the applicable laws of certain jurisdictions, Maersk is required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying or receiving payment for delivery of goods and services etc.
Maersk customers (excluding consumers)
If you are a customer to Maersk, we use personal data about you in order to fulfil the agreement between the parties, e.g., the administration of the agreement, payment, delivery of goods and services etc., where we use:
- Business contact information (e.g., name, address, email, and phone number)
- Job title
Maersk is also legally required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying or receiving payment for delivery of goods and services, etc.
Suppliers, Vendors, or other Third Parties to Maersk
If you are a supplier, vendor, or another third party engaging with Maersk, we use personal data about you in order to fulfil the agreement between the parties, e.g., the administration of the agreement, payment, delivery of goods and services, etc., where we use:
- Business contact information (e.g., name, address, email, and phone number)
- Job title
- Banking Information
- Third party compliance screening
Maersk is also, as per relevant laws, required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying or receiving payment for delivery of goods and services, etc.
Consultants to Maersk
If you are a consultant to Maersk, we use personal data about you in order to fulfil the agreement between the parties, e.g., the administration of the agreement, payment and services etc., where we use:
- Business contact information (e.g., name, address, email, and phone number)
- Professional CV and job title
- Date of birth and other personal information as relevant
- Banking Information
- Information relating to the consultancy tasks
Maersk is also, as per relevant laws, required to document the personal data in financial transactions when fulfilling our agreement, e.g., when paying for delivery of consultancy services, etc.
Guests at our facilities
If you visit our facilities and sites, we use personal data about you in order to identify you and to inform you about applicable visitor rules, where either:
- our legitimate interest in correctly identifying you and providing you with visitor instructions overrides your interest in the information not being used, or
- your freely given consent when you choose to disclose your personal data to us, or
- the personal data is being collected for performance of any contractual obligations,
are the legal bases for our use, where we use:
- Contact information (e.g., name, address, email, and phone number)
- Work related information (e.g., title, workplace)
- Personal information (e.g., license plate, if you have used one of our parking lots)
Business administration
If you contact us, we use personal data about you in order to document quality and compliance (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations) where either:
- our legitimate interest in improving our legal position overrides your interest in the information not being used, or
- your freely given consent when you choose to disclose your personal data to us,
- or the personal data is being collected for performance of any contractual obligations,
are the legal bases for our use, where we use:
- Contact information (e.g., name, address, email, and phone number)
- Other applicable information
When you are marketed to
If you sign up for one of our newsletters, you consent to us sending you our newsletters, where we use:
- Contact information (e.g., name, address, email, and phone number)
- Content and your choices in relation to newsletters – contact forms and content etc.
The marketing in newsletters and on our websites, including social media, is adapted to your personal preferences based on our knowledge of you through profiling, where we use:
- Content of newsletters signed up to
- Stated areas of interest
- Cookies as laid out in our Cookie Policy
- Information from your social media profiles
- Information from our customer databases
Either:
- our legitimate interest in doing an automatic evaluation of your personal data in order to personalize the marketing presented to you overrides your interests and fundamental rights, or
- your freely given consent when you choose to disclose your personal data to us, or
- personal data collected for performance of any contractual obligations.
We do not use automated decisions that have a legal effect or similarly significantly affect you.
Understanding our customers, consumers, and suppliers
We also make analyses in order to optimize our products, marketing, website, sales and to know more about our customers’ preferences in relation to Maersk’s products and maintaining a CRM database. We do this by making analyses of our databases with information about e.g., website use, customer preferences, purchase history, sales and by sending questionnaires where either:
- our legitimate interest in using the personal data overrides your interest in the data not being used, or
- your freely given consent when you choose to disclose your personal data to us, or
- personal data collected for performance of any contractual obligations.,
We collect:
- Information from our customer databases
- Cookies as laid out in our Cookie Policy
- User behavior and logs from our websites and databases
- The answers you provide regarding suggestions and preferences in the questionnaire
Compliance and security operations for all data subjects
We monitor user behavior and have implemented security solutions on our website as well as in our solutions and on our premises, where either:
- our legitimate interest in anti-corruption, anti-fraud, anti-bribery, technical and physical security overrides your interest in the information not being used or
- your freely given consent when you choose to disclose your personal data to us, or
- personal data collected for performance of a contractual obligations.
We collect:
- Contact information (e.g., name, address, email, and phone number)
- Cookies as laid out in our Cookie Policy
- User behaviour and logs
- Images captured by video surveillance in marked areas at Maersk premises
Sharing of Personal Data
In addition to us sharing your Personal Data with Maersk Group Entities, we may in some situations also share your Personal Data with third parties such as business partners, suppliers, vendors, consultants, agencies, customers, consumers, governmental bodies, courts, and IT hosting, supply and service providers that we use for our group’s IT environment (Third Parties). We only share Personal Data where it is relevant and necessary for us to perform the activities described in this Privacy Notification, for example, the fulfilment of your order, the processing of your payment details, or the provision of support services.
Transfer and protection of your personal data
As a global organization with offices and operations throughout the world, we will transfer Personal Data collected by us on an aggregated or individual level to various divisions, subsidiaries, joint ventures, and affiliated companies of Maersk around the world for the purposes stated above and in accordance with applicable laws and regulations, as well as to contractors and sub-contractors to Maersk (data processors and sub-processors) for storage and service purposes. Your Personal Data will not be disclosed to anyone outside Maersk unless permitted or required under applicable legislations and regulations and where necessary subject to appropriate written assurances from third parties who have access to your personal data, in which they must guarantee that they will protect the data with security measures designed to provide an adequate level of protection.
Unless you are otherwise notified, any transfers of your Personal Data will be based on applicable local data privacy laws, which among other includes appropriate international data transfer mechanisms and safeguards such as an adequacy decision, Standard Contractual Clauses, and/or Binding Corporate Rules.
You can always request a copy of the transfer mechanisms, which includes the transfer of personal data, by filling out this contact form.
Automated decisions
Maersk uses automated decision-making in relation to some of your personal data for some services and products. An example is our fraud prevention and detection efforts on our online platforms.
You may request that Maersk provides information about the decision-making methodology and ask us to verify that the automated decision has been made correctly.
We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias.
Security measures
We choose to use suppliers that implement security in accordance with industry practices for good IT security, and we only use encrypted data communications when transferring sensitive and confidential personal data. We also maintain organizational, physical, and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures, and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the using we undertake. We store personal data on servers with limited access located in secured facilities, and our security measures are evaluated on an ongoing basis. The servers are protected by anti-virus software and firewalls, among other measures.
Personal Data retention
Maersk stores your personal data for as long as it is necessary to fulfil the purpose of the use, unless Maersk is obliged under applicable laws and regulations or is entitled to store the personal data for a longer period, more specifically:
- We retain your personal data as long as we have an ongoing relationship with you (in particular, if you have an account with us or have not withdrawn your marketing consent).
- We will only keep the personal data while your account is active or for as long as needed to provide services to you.
- We retain your personal data for as long as needed in order to comply with our global legal and contractual obligations.
We will also retain your Personal Data where this is advisable to safeguard or improve our legal position (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations).
Data Subjects rights
You are entitled, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law, to:
- Request access to the personal data we use about you: You have the right to ask us for information about or access to your personal data. There are some exemptions, which means you may not always receive all the data we use.
- Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
- Object to the use of your personal data: this right entitles you to request that we no longer use your Personal Data. However, it only applies in certain circumstances, and we may not need to stop the use if we can give legitimate reasons to continue using your personal data.
- Request the erasure of your personal data: this right entitles you to request the erasure of your personal data in certain circumstances.
- Request the restriction of the use of your personal data: this right entitles you to request that we only use your personal data in limited circumstances, including with your consent.
- Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used, and machine-readable format) of personal data that you have provided to us or request us to transmit such personal data to another data controller.
- Withdraw your consent: You can withdraw your consent at any time by opting out in the email or by contacting us. However, this will not affect our right to use personal data obtained prior to the withdrawal of your consent, or our right to continue parts of the use based on other legal bases than your consent.
- File a complaint: You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.
Please note that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy laws, or other laws and regulations.
Contact information
Please contact our Chief Data Privacy Compliance Officer by filling out this contact form, or send a letter to A.P. Møller – Mærsk A/S, Esplanaden 50, DK-1263 Copenhagen K, Denmark, Att.: Data Privacy if you have a general question about how Maersk uses and/or protects your personal data, if you wish to exercise your rights, or if you wish to make a complaint about how Maersk uses your personal data.