Privacy Policy
I. Name and Address of Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection legislation is:
MPC Container Ships ASA
Ruseløkkveien 34
N-0251 Oslo, Norway
E-mail: [email protected] Website: https://www.mpc-container.com
II. Name and Address of Data Protection Officer
We have appointed Ove André Vanebo as our Data Protection Officer. You may contact him if you have any queries about the company's processing of personal data. Our Data Protection Officer is an external privacy lawyer with an independent role, whose duty it is to advise and assist the company to ensure that personal data are processed in accordance with applicable data protection rules and regulations.
Contact details of our Data Protection Officer:
Ove André Vanebo
CMS Kluge Advokatfirma AS
Bryggegata 6
NO-0117 Oslo, Norway
Phone: +47 915 49 378 E-mail: [email protected]
III. General Information on Data Processing
1. Scope of Personal Data Processing
As a rule, we collect and use personal data only where this is necessary to provide a functional website and to deliver our content and services. Personal data are regularly collected and used only on a statutory basis. An exception applies where there is no apparent statutory basis and processing can only be legitimised by means of consent.
2. Legal Bases for Processing
Where we obtain consent from the data subject, point (a) of Article 6(1) GDPR serves as the legal basis.
Where processing is required for the performance of a contract to which the data subject is party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing that is necessary in order to take steps prior to entering into a contract.
Where processing is necessary for compliance with a legal obligation to which we are subject, point (c) of Article 6(1) GDPR serves as the legal basis.
Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, point (d) of Article 6(1) GDPR serves as the legal basis.
Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, and those interests are not overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Article 6(1) GDPR serves as the legal basis.
3. Erasure of Data and Retention Periods
Personal data are erased or restricted as soon as the purpose for which they were stored ceases to apply. Data may additionally be retained where required by Union or Member State law to which we are subject. Restriction or erasure is also carried out when a storage period prescribed by the applicable rules expires, unless continued storage is necessary for the conclusion or performance of a contract.
IV. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing device. The following data are collected:
- Information on the browser type and version used
- The user's operating system
- The user's IP address and IP origin
- Date and time of access
- Websites from which the user's system reaches our website
- Websites accessed by the user's system via our website
These data are also stored in the log files of our system and are not stored together with any other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is point (f) of Article 6(1) GDPR.
3. Purpose of Data Processing
Temporary storage of the IP address is necessary in order to enable delivery of the website to the user's computer. To this end, the IP address must be stored for the duration of the session.
Storage in log files is carried out in order to ensure that the website functions properly. In addition, we use the data to optimise the website and to ensure the security of our IT systems. No evaluation for marketing purposes is carried out in this context.
These purposes also constitute our legitimate interest in data processing pursuant to point (f) of Article 6(1) GDPR.
4. Retention Period
Data are erased as soon as they are no longer required for the purpose for which they were collected. In the case of data recorded for the provision of the website, this is the case when the respective session ends.
In the case of storage in log files, erasure takes place after no more than 365 days. IP addresses are fully logged for a maximum of 24 hours, after which anonymisation is performed by deleting the last octet so that association with the accessing client is no longer possible.
5. Right to Object
Recording of data to provide the website and storage of data in log files are strictly necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
V. Use of Cookies
1. Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the web browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive string of characters that enables clear identification of the browser when the website is next accessed.
We, together with service providers acting on our behalf, use strictly necessary cookies to ensure core website functionality, enhance usability, and store your cookie consent preferences. Certain features of our website require the browser to remain identifiable as you navigate between pages.
In addition, our website uses analytics cookies. These are only set if you give your consent via our cookie consent banner. If you decline, no analytics cookies are set and your visit is not associated with an individual visitor profile.
For a complete and current list of all cookies we use, including their names, providers, purposes, and retention periods, please refer to our separate Cookie Policy, available at [https://www.mpc-container.com/cookie-policy].
2. Legal Basis for Data Processing
The legal basis for processing of personal data using technically necessary cookies is point (f) of Article 6(1) GDPR.
The legal basis for processing of personal data using analytics cookies is point (a) of Article 6(1) GDPR, subject to the user's prior consent.
3. Purpose of Data Processing
The purpose of technically necessary cookies is to make the website easier to use, to provide its core functions such as session management, and to save your cookie consent preferences. Some functions of our website cannot be offered without the use of cookies.
The purpose of analytics cookies is to understand how visitors use our website so that we can measure and improve its performance. These cookies are only placed if you consent via our cookie consent banner. You may withdraw your consent at any time.
4. Retention Period, Right to Object and Withdrawal
Cookies are stored on the user's computer and transmitted from the computer to our site. Through our cookie consent banner, you can accept or decline non-essential cookies and change or withdraw your choice at any time. In addition, by changing the settings in your web browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be erased at any time. If cookies are deactivated for our website, some functions of the website may no longer be fully usable.
The retention period for individual cookies varies by cookie. Details of each cookie's expiry period are set out in our Cookie Policy.
VI. Joint Controllership with MPC Capital AG — Use of CRM System
1. Description and Scope of Data Processing
To manage our relationships with customers, prospects, and business partners, we use a centralised Customer Relationship Management (CRM) system for which we are jointly responsible with MPC Münchmeyer Petersen Capital AG, Palmaille 67, 22767 Hamburg, Germany ("MPC Capital"), pursuant to Article 26 GDPR.
We process your data in the shared CRM system to manage and maintain relationships with customers and prospects, to ensure efficient and consistent customer support, lead and opportunity management, coordinated marketing measures, and internal reporting. For these purposes, we process contact and master data, communication histories, sales and marketing data, and consent and communication preferences of customers, prospects, and business partners.
2. Source of Data (Article 14 GDPR)
Where personal data processed in the CRM system were not collected directly from you, they may originate from the following sources:
- Data provided by MPC Capital as the other joint controller, where MPC Capital has an existing relationship with you;
- Data from publicly accessible sources (e.g. company registers, official publications, or publicly available professional profiles); or
- Data received from third parties, such as business partners or intermediaries, in the course of our business relationship.
Where we receive personal data from a source other than you, we will inform you of this within one month of receiving the data, or at the time of first contact with you, whichever is earlier, in accordance with Article 14(3) GDPR, unless an exception under Article 14(5) GDPR applies.
3. Legal Basis for Processing
The legal bases for processing personal data in the CRM system are: Article 6(1)(b) GDPR (taking steps prior to entering into a contract or performing contractual obligations); Article 6(1)(f) GDPR (legitimate interest in efficient and coordinated customer communication); and, where applicable, Article 6(1)(a) GDPR (consent for marketing communications) or Article 6(1)(c) GDPR (compliance with retention obligations).
4. Retention Period
CRM data are retained for as long as is necessary to fulfil the purposes described above. As a general rule, personal data in the CRM system are retained for the duration of the business relationship and for a period of up to three (3) years thereafter, unless statutory retention obligations require longer storage or the data subject objects to further processing. Data processed solely on the basis of consent will be deleted upon withdrawal of consent, unless another legal basis applies.
5. Allocation of Roles under Article 26 GDPR
Data subjects may exercise their rights (see Section VIII below) with respect to either party. Each party is responsible for processing within its respective areas of responsibility. We will provide you with the main contents of the joint controllership arrangement under Article 26 GDPR upon request.
The contact details for MPC Capital's Data Protection Officer are:
Luther Rechtsanwaltsgesellschaft mbH Franziska Tilgner Anna-Schneider-Steig 22 50678 Cologne, Germany
VII. Data Recipients
We only share your personal data with third parties where this is permitted or required by law, necessary to provide our services, or where you have given your consent. We use the following categories of recipients:
- Internal recipients within MPC Container Ships ASA, MPC Capital, and affiliated companies, on a strict need-to-know basis.
- HubSpot, Inc. — provider of our Customer Relationship Management (CRM) system and web analytics tools, acting as a data processor under a data processing agreement. Pursuant to our agreement with HubSpot, all personal data processed through the CRM and analytics tools are stored and processed exclusively within the EU/EEA.
- Comprend WaaS — provider of the cookie consent management tool used on our website, acting as a data processor.
- YouTube (Google LLC) — provider of the video player embedded on our website. Where the YouTube player is loaded, Google may set cookies and receive technical data. Please refer to our Cookie Policy and Section IX below for further information.
- Public authorities and institutions, where we are legally required to disclose data.
Where our service providers act as data processors, they are contractually bound to process your personal data only on our documented instructions.
VIII. Third-Country Transfers
Data will only be transferred to countries outside the EU or the EEA (third countries) where this is necessary for the performance of our contractual relationships, required by law, based on your consent, or in the context of order processing.
In addition to the general provisions above, the following specific transfers apply:
- HubSpot, Inc.: As noted in Section VII, HubSpot stores and processes all data exclusively within the EU/EEA. No transfer to the United States or other third countries currently takes place in this context. Should this change, we will ensure that appropriate safeguards pursuant to Article 46 GDPR (e.g. standard contractual clauses adopted by the European Commission) are in place and will update this Privacy Policy accordingly.
- YouTube (Google LLC): Where you consent to functional cookies and the YouTube video player is loaded, your data may be transferred to Google LLC in the United States. This transfer is based on the adequacy decision of the European Commission regarding the EU–US Data Privacy Framework (Decision (EU) 2023/1795), pursuant to which Google LLC is certified. Further information is available in our Cookie Policy and in Google's Privacy Policy at https://policies.google.com/privacy.
Where transfers to third countries take place on the basis of standard contractual clauses, you may request a copy of the relevant clauses by contacting our Data Protection Officer at the address set out in Section II.
IX. Rights of the Data Subject
You have the right:
- pursuant to Article 15 GDPR to request information on your personal data that we process, including information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged retention period, the existence of your rights to rectification, erasure, restriction or objection, the existence of the right to lodge a complaint, the source of your data where they were not collected directly from you, and the existence of any automated decision-making including profiling;
- pursuant to Article 16 GDPR to request prompt rectification of inaccurate personal data or completion of incomplete personal data that we hold;
- pursuant to Article 17 GDPR to request erasure of your personal data that we hold, provided that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- pursuant to Article 18 GDPR to request restriction of processing of your personal data where you contest the accuracy of the data, where processing is unlawful but you oppose erasure, where we no longer need the data but you require them for the establishment, exercise or defence of legal claims, or where you have objected to processing pursuant to Article 21 GDPR;
- pursuant to Article 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request transmission to another controller;
- pursuant to Article 21 GDPR to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on point (f) of Article 6(1) GDPR (legitimate interests). Where personal data are processed for direct marketing purposes, you have the right to object at any time without providing a specific reason, and we will cease processing your data for such purposes;
- pursuant to Article 7(3) GDPR to withdraw any consent you have given us at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Following withdrawal, we will no longer process personal data based on that consent; and
- pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority. You may generally contact the supervisory authority of your habitual place of residence, your place of work, or our registered office.
To exercise your right of withdrawal or right to object, it is sufficient to send an e-mail to [email protected]. For all other rights listed above, please contact our Data Protection Officer at the address set out in Section II.
X. Obligation to Provide Personal Data
There is generally no statutory or contractual obligation for you to provide us with personal data. However, please note the following:
- If you do not provide the technical data collected automatically when visiting our website, we will not be able to provide the website to you.
- If you do not provide the contact details requested when submitting an enquiry, we will not be able to respond to your enquiry.
- Where we process your data in the CRM system for the purposes of a contractual relationship, failure to provide the relevant data may mean that we are unable to enter into or perform that contract.
XI. Automated Decision-Making and Profiling
We do not carry out automated decision-making, including profiling, within the meaning of Article 22 GDPR that produces legal effects concerning you or similarly significantly affects you. Should we implement such procedures in specific cases in the future, we will inform you separately in accordance with the applicable legal requirements.
XII. Changes to This Privacy Policy
Should it become necessary to amend this Privacy Policy in future, you will always be able to find the latest version on our website.
Last updated: June 2026