What does this Privacy Notice cover?
This privacy notice provides information regarding the processing of your personal data when using MSTS Tolls services (“MS Europe B.V.” or “MSTS Tolls” or “we”) whether as:
- an MSTS Tolls customer
- an MSTS Tolls supplier, business partner or stakeholders and/or investor;
- a visitor to an MSTS Tolls website (“Website” or “MSTS Tolls Website”); and/or
- a user of the MSTS Tolls Application or other accessory or linked applications (“MSTS Tolls Apps”).
This notice explains what personal data is processed, for which purposes, how long we hold the personal data for, how to access and update your personal data, as well as the options you have regarding your personal data and where to go for further information. For information about personal data processed by MSTS Tolls in relation to individuals who are current or former employees, interns or individual contractors as well as dependents listed as emergency contacts of MSTS Tolls employees (staff), please refer to the internal Employee Privacy Notice.
Special Notice – if you are under 16 years old. Processing children’s personal data.
If you are under 16 years old, please do not send us your personal data (for example, your name, address and email address). If you wish to contact MSTS Tolls in a way which requires you to submit your personal data (such as for education or innovation events) please get your parent or guardian to do so on your behalf.
What personal data do we process?
We process personal data from and in relation to individuals who are, or who work for or on behalf of or who are shareholders in our business customers, suppliers, business partners, stakeholders, visitors to our website and/or investors in the following categories:
- Private contact information (such as name, postal or e-mail address, phone number, and Vehicle Registration Number) only if necessary.
- Business contact and other information (such as job title, department, name of organization and your dealings with MSTS Tolls on behalf of yourself or the relevant business customer, supplier, business partner and/or investor);
- Customer data, payment data, employee data and/or website user data
- Vehicle identification number where it relates to MSTS services.
- Information that we obtain through your use of MSTS Tolls services and/or MSTS Tolls Applications – we will also collect information about how and where you use your MSTS Tolls applications or purchase MSTS Tolls services and products. Such information may include electronic device information, IP addresses, log information, browser type and preferences, location information, online identifiers to enable ‘cookies’ and similar technologies.
In addition, in order to comply with legal and regulatory obligations, to protect MSTS Tolls’s assets and employees/contractors and specifically to ensure that MSTS Tolls can comply with trade control, anti-money laundering and/or bribery and corruption laws and other regulatory requirements, we carry out screening on existing business counterparties and potential business counter-parties pre-contract and on a periodic basis post-contract. This screening includes individuals such as directors, officers, sole traders, shareholders and key stakeholders of our current and potential counterparties. This screening takes place against publicly available, or government issued sanctions lists and media sources.
This data may include personal data regarding suspected and actual criminal behaviour, criminal records or proceedings regarding criminal or unlawful behaviour but only for the purposes of ensuring MSTS Tolls compliance with legal and regulatory obligations and/or to the extent permitted or required by local law.
The screening does not result in any automated decision making in relation to the counterparties or potential counterparties.
Who is responsible for any personal data collected?
MS Europe B.V., a company registered in The Netherlands with registered address at Volmerlaan 5, 2288 GC, Rijswijk ZH, ZUID-HOLLAND Netherlands
For what purposes do we process the personal data?
We process personal data covered by this Privacy Notice for the following purposes:
- Business execution including researching, developing and improving products or services; concluding and executing agreements with customers, suppliers and business partners; recording and settling services, products and materials to and from a Shell Company; managing relationships and marketing such as maintaining and promoting contact with existing and prospective customers, account management, customer service, and development, execution and analysis of market surveys and marketing strategies
- Organisation and management of the business including financial management, asset management, mergers, demergers, acquisitions and divestitures, implementation of controls, management reporting, analysis, internal audits and investigations.
- Health, safety and security including protection of an individual’s life or health, occupational health and safety, protection of MSTS Tolls and staff, authentication of individual status and access rights; or
- Legal and/or regulatory compliance including compliance with legal or regulatory requirements including litigation and defence of claims or for a secondary purpose where it is closely related, such as:
- storing, deleting or anonymising personal data;
- fraud prevention, audits, investigations, dispute resolution or insurance purposes, litigation and defence of claims;
- or statistical, historical or scientific research.
Communication and marketing
You may receive offers on behalf of the relevant business customer, supplier or business partner. On all occasions you will be given the opportunity to use the unsubscribe functionality through the different digital channels we use to interact with you.
What are the legal bases for processing the personal data?
The personal data covered by this Privacy Notice is only processed:
- in order to take steps at the request of an individual prior to entering into a contract;
- where it is necessary to comply with a legal or regulatory obligation to which MSTS Tolls is subject to;
- where it is necessary for the purposes of the legitimate interests pursued by MSTS Tolls, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual/s; or
- (only if legally required) with the explicit consent of the individual.
In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.
Security of your personal data
We have implemented technology and policies with the objective of protecting your privacy from unauthorised access and improper use. In particular, we may use encryption for some of our services, we apply authentication and verification process for access to MSTS Tolls services and we regularly test, assess and evaluate the effectiveness of our security measures.
Who will we share the personal data with?
The personal data covered by this Privacy Notice is exclusively processed for the purposes referred to above and will only be shared on a strict need to know basis with:
- Authorized third party agents, service providers and/or subcontractors of MSTS Tolls;
- A competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which MSTS Tolls is subject to or as permitted by applicable local law.
- Companies which control MSTS Tolls or other companies within such group of companies, to the extent such transfer is necessary for the purposes of meeting regulatory requirements at group level and/or provision of services by the group companies to MSTS Tolls
What are the consequences of not providing personal data?
Personal information gathered by MSTS for these processes either directly or indirectly are required in order to:
- Fulfil legal requirements and/or which is required for entering into a contract with a counterparty and continuing to contract with that counterparty; or
- Maintain contact with Business Customers, Suppliers and Business Counterparts.
Failure to provide us with the information required will negatively affect our ability to communicate with you, or our ability to enter into a contract with a counterparty or continuing to contract with a counterparty.
Transfers of personal data
Where the personal data has been transferred to authorized third parties located outside of your country (including outside of the European Economic Area) we take organizational, contractual and legal measures to ensure that your personal data is exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented in order to safeguard your personal data. You can request more information about the applicable data transfer mechanisms by contacting firstname.lastname@example.org.
How long do you hold any personal data for?
Any personal data that is required for the purposes of conclusion and execution of agreements with business customers, suppliers and business partners or for considering bids or tenders will be held during the duration of the contractual relationship and up to 15 years after. Data related the screening against publicly available or government issued sanctions lists and media sources is held for no longer than 15 years after it was first gathered.
In all cases information may be held for a) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose) or b) a shorter period where the individual objects to the processing of their personal data and there is no longer a legitimate purpose to retain it.
Your rights in relation to your personal data
We aim to keep our information as accurate as possible.
You can request:
- access to your personal data;
- correction or deletion of the personal data (but only where they are no longer required for a legitimate business purpose);
- that you no longer receive marketing communications on behalf of the relevant business customer, supplier or business partner;
- that the processing of your personal data is restricted; and/or
- that you receive personal data that you have provided to MSTS Tolls, in a structured, digital form to be transmitted to another party, if this is technically feasible.
Who can you contact if you have a query, concern or complaint about your personal data?
If you have any issues, queries or complaints regarding the processing of your personal data please contact us at email@example.com and we will facilitate the communication channel to the Chief Privacy Officer (Data Protection Officer).
You may also contact the Shell Group Chief Privacy Officer at Shell International B.V. The Hague, The Netherlands – Trade Register, No. 27155369 Correspondence: PO Box 162, 2501 AN, The Hague or email Privacy-Office-SI@shell.com
Without prejudice to any rights you may have in line with local law you have the right to lodge a complaint with the Dutch Data Protection Authority whose address is Autoriteit Persoonsgegevens, PO Box 93374, 2509 AJ DEN HAAG, Netherlands. Please visit https://autoriteitpersoonsgegevens.nl/en for more information.
Cookies and similar technologies
Changes to this Privacy Notice