respective MSC Crewing Services and/or the Management of MSC

DECLARATION FOR ANTI-DRUG TRAFFICKING

Shipmanagement Limited, Cyprus (Phone number +357
DECLARATION BY THE CREW MEMBER JOINING VESSELS MANAGED
97772075/99681757), MSC Geneva Security department (Phone +41
BY MSC SHIPMANAGEMENT LIMITED WITH THEIR PLEDGE TO ABIDE
227038888) details of the unlawful acts. Such information should be
BY MSC GROUP POLICY FOR PREVENTION OF DRUG SMUGGLING ON
passed by using any convenient traceable communication means
BOARD ITS VESSELS AND THE VOLUNTARY DENOUNCING BY THE
available, such as telephone calls, emails, SMS, smart phone
SEASTAFF SERVING ON MSC OPERATED VESSELS, OF UNLAWFUL/ photographs etc. or, ideally, by using the dedicated email address:
ILLEGAL ACTIVITIES PERPETRATED ON BOARD BY ANY MEMBER OF
wbp@mscsmcy.com . The Company undertakes to keep, upon
THE COMPLEMENT.
request, the identity of the denouncing crew member strictly
MSC is a Company founded on strong values and the Company
confidential, in which case any rewards due will be paid directly into
strives to ensure that her reputation in the market remains at all
the account of the person concerned with the Company. The
times at the highest possible level and that her relations with her Company also undertakes to maintain a policy of non-retaliation
clients and the authorities of all countries remain excellent and against such denouncing crewmembers. The Company will pay to the
therefore any act direct or indirect related to possession, smuggling
denouncing crew member, an award of USD Fifty Thousand Dollars
or supporting any related activities for drug trafficking will be
(USD 50,000) for each proven unlawful act denounced as described
considered by the Company as Barratry (= willful fraud by a Master or
above in which the perpetrator(s) is (are) identified.
the crew at the expense of the owner/operator of the ship or its
cargo) and will be treated as such. MSC has undertaken various
measures to prevent any kind of drug trafficking and some of these
measure include; employing external security guards on board ships 11/03/2024
during port stay in concerned ports, security guards on board during
navigation between sensitive ports, use of dogs for drug search in DATE
ports, diving inspection of vessels in case of any concern etc. These
security guards will be authorized by the MSC to inspect any and all
areas of the ship without any notice and this includes cabins and
personal belongings of any crew member. Any non-compliance or Delhi
non-cooperation will immediate attract disciplinary measures leading
PLACE
to dismissal and reporting to authorities.
PLEDGE
I Rudhinkrishna Pottayil Suresh , Rudhinkrishna Pottayil Suresh
employed with MSC Shipmanagement Limited in the rank of
Electrical Officer am fully aware of the enormous Electrical Officer
degree of trust that the Company has shown in me by providing me CREW MEMBER NAME, RANK AND SIGNATURE
with an employment and I undertake to reciprocate on my part by
diligently executing all the duties assigned to me, following Company
procedures and protecting ship’s property and Company reputation. I
am aware of the fact that any kind of involvement in possession,
smuggling or trafficking of drugs either by direct involvement or
simply be aware that another crew member is involved, is a serious COMPANY AUTHORIZED REPRESENTATIVE SIGNATURE
criminal act and Company will immediately notify concerned
authorities and my employment will be terminated immediately and
Company will have no obligation to support me. I fully understand
that in most of the countries the punishment for such offense would
be life imprisonment besides other actions that may be undertaken
by the authorities.
I, hereby declare that I will not indulge in any such activity during
my tenure on board during my employment contract. I agree to
indemnify MSC Shipmanagement Limited from their responsibility to
rendering assistance to me in such a case and also agreed that any
penalty, damage or other costs incurred by the Company due to
above mention actions on my part will be fully
reimbursed/compensated by me to the Company.
REWARD OF USD FIFTY THOUSAND DOLLARS
(US $ 50,000) BY MSC TO THE CREW MEMBER:
I have been made aware of the Company policy to reward those,
law abiding, members of the crew who will voluntarily denounce any
such practices to the MSC by informing the Management of the

DECLARATION FOR ANTI-DRUG TRAFFICKING Page 1 of 1

 ACKNOWLEDGEMENT LETTER

Rudhinkrishna Pottayil Suresh

I ……………………………………………………………………………………………………… (name of
crew member), employed with MSC Shipmanagement Limited in the rank of
Electrical Officer
……………………………………….., have thoroughly read and understood the following
MSC Shipmanagement Limited Policies:
1. MSC Code of Business Conduct (revision 27/04/2020)
2. MSC Anti-Fraud Policy
3. MSC Anti-Bribery Policy
4. MSC Conflicts of Interest Policy
and undertake to fully reciprocate on my part by strictly complying with above said
policies and procedures. I also hereby declare that I will advise the Company of any
breaches of same policies I happen to witness and oblige to comprehensively
facilitate implementation of these Policies by my colleagues.
I have also received digital copy of above Policies for my record and future
reference.

Signature Date 11/03/2024

ACKNOWLEDGEMENT LETTER Page 1 of 1

Rudhinkrishna Pottayil Suresh

Rudhinkrishna Pottayil Suresh

11/03/2024
Delhi
Rudhinkrishna Pottayil Suresh

11/03/2024
 CONSENT FORM
DATA PROTECTION ACT: EMPLOYEE CONSENT FORM

PERMISSION TO STORE AND PROCESS YOUR DATA

To comply with the European General Data Protection Regulation Company as Employer must ask for your
permission to store and process your personal and sensitive data for this purpose.
I give my consent to MSC Shipmanagement Limited recording sensitive personal information about me

Name Rudhinkrishna Pottayil Suresh

Signature Date 11/03/2024

European General Data Protection Regulation Employee Information Sheet

What is personal and sensitive data?
Personal data is data which can be used to identify you. This may include your name, date of birth, address,
telephone number etc. Sensitive personal data is information related to any of the following: racial or ethnic
origin, political opinions, religious beliefs, trade union membership, health, sexuality or sex life, offences and/or
convictions.
Where will you store my data?
The record of your data will be stored in an electronic database system accessed by authorized employees of
MSC Shipmanagement Limited. Paper copies of your data may also be stored securely and accessed by authorized
employees only.
How will company use your data?
Your data will primarily be used for the purpose of:
 Recruitment, promotion, training, redeployment and/or career development
 Administration and payment of wages
 Calculation of certain benefits including pensions
 Disciplinary or performance management purposes
 Performance review
 Recording of communication with employees and their representatives
 Compliance with legislations
 Provision of references to financial institutions, to facilitate entry onto educational courses and/or to assist
future potential employers
 Staffing levels and career planning
 Training which means classroom, e-learning or any other means
 Marketing or company's promotion purposes only after obtaining your specific consent for such activity
What is a Data Controller?
A Data Controller is someone who is responsible for your data and who must make sure that your data is
processed according to the law. For example they are responsible for making sure that the information held about
you is accurate and that it is kept secure.
Why might you share my personal and sensitive personal data? Who will you share it with?
We will only ever share your information with your permission, for the purposes we have stated (unless required
to do so by law).
Obtaining the information we hold about you
You have a right to ask for a copy of your information and to correct any inaccuracies. Under the EU General
Data Protection Regulation, MSC Shipmanagement Limited is required to respond to your request within 30 days.
If you would like a copy of the information we hold about you, please write to the D.P.O officer at
dpo@mscsmcy.com

CONSENT FORM Page 1 of 1

 PERSONAL DATA PRIVACY POLICY Coordinators.
Personal Data means any information or data that relates to an
INTRODUCTION
identified or identifiable natural person. Personal Data is each piece of
The MSC SHIPMANAGAMENT LIMITED (hereafter the “MSCSMCY”) is information related to such person, regardless of the form in which it is
committed to all aspects of personal data protection and takes seriously expressed and the format of the information (storage media, paper,
its duties, and the duties of its employees, under the European Union tape, film, electronic media, etc.). For the purpose of this Policy, legal
General Data Protection Regulation. MSC SHIPMANAGEMENT LIMITED entities shall be excluded of its scope, unless otherwise provided under
needs to gather and use information about individuals. These include local data protection law.
employees, clients, suppliers, business contacts, contractors, candidates
Personal Data covers any information that relates to an identifiable
and other people.
person. There are different ways in which a person can be considered
This policy ensures that MSCSMCY and its employees on shore, ‘identifiable'. A person's full name is a direct identifier. Other combined
onboard, subsidiaries and agencies offices information may also be sufficient to identify a person.
 Comply with the European Union General Data Protection Sensitive Personal Data means any Personal Data related to:
Regulation and follow good privacy practices
 racial or ethnic origin;
 Protect the confidentiality and security of personal data
 religious or philosophical beliefs;
 Protect the privacy rights of individuals
 political opinions or activities;
 Properly collects, stores, handles and destroys personal data
 trade union activities;
 Protect itself from the risks of data breach
 physical or mental health;
This policy supports the adoption all the technical and organizational
measures necessary to prevent the loss, misuse, alteration,  genetic or biometric data;
unauthorized access, and theft of the personal data provided, taking  administrative and criminal proceedings and sanctions; or
into account the technological state, the nature of the personal data, the creation or use of personality profile which enables the assessment
and the risks to which is exposed. of the essential characteristics of the personality of a Data Subject.
POLICY SCOPE Process or Processing or Processed means any operation or set of
operations which is performed on Personal Data or on sets of Personal
This policy applies to:
Data, whether or not by automated means, such as collection,
 MSCSMCY, its subsidiaries and crewing agencies network recording, organisation, structuring, storage, adaptation or alteration,
 All employees, job candidates, contractors, suppliers and other retrieval, consultation, use, disclosure by transmission, dissemination or
people working for and on behalf of MSCSMCY otherwise making available, alignment or combination, restriction,
Any relevant parties associated to the organization's handling of erasure or destruction
personal data. Sub-processing means a Processing carried out by any Subprocessor
CONFLICT OF LAWS Sub-processor means any company or natural person engaged by a
The Policy applies recognised international data protection principles Data Processor, or by any other Subprocessor, which agrees to receive
but does not replace the local laws which must always be complied with from such Data Processor or Subprocessor, Personal Data exclusively
by Agencies and Employees. These laws may have different intended for the Processing to be carried out on behalf of the Data
requirements than this Policy. Controller in accordance with its instructions and a written agreement.
In case of absence of local law, the Policy shall constitute the legal DATA PROTECTION OFFICER (D.P.O)
framework for the concerned Agency. The organization's data protection officer is responsible for the
If an Agency has reason to believe that any local applicable law or management and monitoring this policy. If employees have any
regulation will prevent it from implementing this Policy, it shall questions about data protection in general, this policy or their
immediately report this conflict to the Compliance Team. In such event, obligations under it, they should direct them to D.P.O , contable by
MSCSMCY will provide guidance to the Agency in order to reach a email on dpo@mscsmcy.com.
businesslike solution that safeguards MSCSMCY's interests and complies The role of a company D.P.O is also to inform the company about its
with applicable data protection laws and regulations. compliance with the GDPR, monitor its compliance and be the first
DEFINITIONS point of contact with the ICO (Information Commisioner's Office) and
MSCSMCY means MSC Shipmanagement Limited, its subsidiaries and other supervisory bodies. The D.P.O will report to the highest
agencies network management level of the company and he is allowed to operate
MSC Shipmanagement means MSC Shipmanagement Limited having independently with adequate resources and with no internal/external
its registered office at MSC HOUSE, 8 Spyrou Kyprianou Avenue, 3070 interference which may result in being penalised or dismissal for
Limassol,Cyprus performing the allotted task.
Subsidiaries means crew management companies including, but not DATA PROTECTION COORDINATOR (D.P.C)
limited to, MSC Crewing Services LLC Odessa, MSC Crewing Services Data Protection Coordinator should (1) report directly to the Managing
India Private Ltd, MSC Crewing Services Philippines Inc. Director or the person(s) designated by them, (2) be the focal point of
Agencies means crew management companies with whom MSCSMCY the Compliance Team and (3) implement any of its instructions as well
has crew management agreements as all other MSCSMCY's and MSC data protection policies. As deem
appropriate, the Compliance Team may approve the appointment of a
Data Breach means a breach of security leading to the accidental or
Data Protection Coordinator in charge of multiple Agencies.
illegal destruction, loss, alteration, unauthorized disclosure of or access
to Personal Data, notably when transferred to another country, or to The Data Protection Coordinator is in charge of implementing the
any other illegal means of Processing. Principles within their Agency, by putting in place day to day good
practices and procedures and taking all necessary steps to ensure
Data Controller means a company or a natural person which, alone or
compliance with this Policy and applicable data protection laws and
jointly with others, determines the purposes and means of the
regulations, contactable by email on dpc@mscsmcy.com
Processing of Personal Data.
Therefore, the Data Protection Coordinator shall notably:
Data Processor means a company or a natural person which processes
Personal Data on behalf of the Data Controller in accordance with its  maintain a register listing the data processing's carried out in
instructions and a written agreement. their Agencies;
Data Protection Coordinator means the person in charge of  train and raise awareness according to Compliance Team
instructions;
addressing data protection issues at Agency level and of monitoring and
reporting to the Compliance Team such issues.  be a direct point of contact for Employees and Data Subjects in
relation to the Policy;
Data Subject(s) means any natural person who is the subject of the
 inform, receive instructions from and provide all necessary
Personal Data.
support to the Compliance Team to address enquiries from Data
Employees means MSCSMCY's and Agencies' employees, Subjects in relation to their data protection rights; and
representatives, officers, and directors, including Data Protection
PERSONAL DATA PRIVACY POLICY Page 1 of 4
  inform, receive instructions from and provide all necessary The Company considers that the following personal data falls within
support to the Compliance Team to address requests from data the categories set out above:
protection supervisory authorities.  personal details including name, address, age, status and
DATA PROTECTION PRINCIPLES qualifications. Where specific monitoring systems are in place,
At each stage of the Personal Data lifecycle, MSCSMCY is committed to ethnic origin and nationality will also be deemed as relevant
Process Personal Data in its possession in compliance with applicable  references and CVs
data protection laws and regulations and all the following core  emergency contact details
principles (hereafter the “Principles”). As such, each Employee shall (1)  notes on discussions between management and the employee
be aware of their responsibilities and obligations with respect to
 appraisals and documents relating to grievance, discipline,
Personal Data and confidentiality, and (2) follow the Compliance Team promotion, demotion or termination of employment
and the Agency Data Protection Coordinators' instructions.
 training records
The Principles cover on the one hand the collection and use of the
 salary, benefits and bank/building society details
Personal Data and on the other hand the management of such data.
 absence and sickness information
Principles for the collection and use of a personal data
THE USE OF PERSONAL INFORMATION
The collection of use of Personal Data shall be carried out: The General Data Protection Regulation applies to personal
 lawfully, fairly, and on legitimate grounds information that is "processed". This includes obtaining personal
information, retaining and using it, allowing it to be accessed, disclosing
 transparently with respect to information obligations it and, finally, disposing of it.
 for specific, explicit and legitimate purposes and not further Processing is defined as any operation performed on personal data
Processed in a manner which is incompatible with those
purposes including automated means.
 for adequate, relevant and limited period of time and to what is This include:
necessary in relation to the aforementioned purposes  Collection
 in a manner that ensures appropriate security of the Personal  Recording
Data, including protection against unauthorised or unlawful  Organisation
Processing and against accidental loss, destruction or damage,  Structuring
using appropriate technical or organisational measures
 Storage
 in a way that Data Subjects will not suffer adverse effect unless
such use is authorized by applicable laws.  Adaptation or alteration
Principles for the management of personal data  Retrieval
 Consultation
 Personal Data shall be:  Use
 kept accurate, complete and, where necessary, up to date.  Disclosure by transmission, dissemination, or otherwise making
 retained no longer than necessary to fulfil the purpose(s) for available.
which such data have been collected unless otherwise required  Alignment or combination
by applicable laws, and where applicable always strictly in
accordance with the data protection notice or the consent form  Restriction
delivered to the Data Subject  Erasure or destruction
 tracked throughout its lifecycle, ensuring when required that the
different processing actions performed are appropriately This personal data can be received from a variety of sources which in
documented order to be GDPR compliant is important to monitor the incoming
 disclosed or shared to third parties only on a “need to know channels of data. These sources can include:
basis” and in line with the purpose(s) for which the data was  Applicants for employment
collected, unless otherwise required by the applicable law(s)
 Employees including access via portals
 transferred across borders only based on a legitimate
justification, fulfilling applicable legal requirements and after  Clients / Vendors
having consulted the Data Protection Coordinator to ensure that  Contractors / Sub-contractors
such transfers are documented, legitimate and lawful.  Port Agents
Personal information covered by this policy can be stored:  Doctors and Clinics
 electronically such as on computers and servers, and  Manning / Crewing Agencies
 physically as part of a filing system, such as records on paper and  Ship managers
indexed in a well- structured cabinet.  Governments
Personal Data relating to employees may be collected primarily for the  Insurers
purposes of:  Other companies
 Institutions in third countries
 Recruitment, promotion, training, redeployment and/or career
development GENERAL CONTROLS FOR PERSONAL DATA PROTECTION
 Administration and payment of wages MSCSMCY will protect personal data based on the following
 Calculation of certain benefits including pensions controls:
 Disciplinary or performance management purposes  personal data will not be transferred outside the European
 Performance review Economic Area without explicit consent of the individual
 Recording of communication with employees and their involved;
representatives  generally accepted standard of technology and data security will
 Compliance with legislations be implementing to prevent data loss, misuse, authorized
alteration and/or destruction;
 Provision of references to financial institutions, to facilitate entry
onto educational courses and/or to assist future potential  personal data will be transferred by secure systems;
employers  individuals affected by any personal data breach will be
 Staffing levels and career planning promptly notified if the event might create a serious risk;
 Training which means classroom, e-learning or any other means  hard copies of personal information will be locked at filing
cabinets accessible only by authorized personnel.
 Marketing or company's promotion purposes only after
obtaining your specific consent for EMPLOYEES' OBLIGATION REGARDING PERSONAL INFORMATION
 such activity If an employee acquires any personal information in the course of

PERSONAL DATA PRIVACY POLICY Page 2 of 4

his/her duties, he/she must ensure that:
 the information is accurate and up to date, insofar as it is
practicable to do so;
 the use of the information is necessary for a relevant purpose
and that it is not kept longer than necessary; and
 the information is secure.
Personal data should not be disclosed to unauthorized people, either
within the company or externally. In particular, an employee should
ensure that he/she:
 uses password-protected and encrypted software for the
transmission and receipt of emails;
 sends fax transmissions to a direct fax where possible and with a
secure cover sheet;
 requests access to confidential information from their line
managers; and
 locks files in a secure cabinet.
Data should be regularly reviewed and updated if it is found to be out
of date. If no longer required, it should be deleted and disposed of.
Where information is disposed of, employees should ensure that it is
destroyed. This may involve the permanent removal of the information
from the server, so that it does not remain in an employee's inbox or
trash folder. Hard copies of information may need to be confidentially
shredded. Employees should be careful to ensure that information is
not disposed of in a recycle bin.
If an employee acquires any personal information in error by whatever
means, he/she shall inform the data protection coordinator (D.P.C.)
immediately and, if it is not necessary for him/her to retain that
information, arrange for it to be handled by the appropriate individual
within the organization.
Where an employee is required to disclose personal data to any other
country, he/she must ensure first that there are adequate safeguards
for the protection of data in the host country. For further guidance on
the transfer of personal data outside Cyprus, please refer to the data
protection coordinator (D.P.C.)
An employee must not take any personal information away from the
organization's premises (save in circumstances where he/she has
obtained the prior consent of the data protection officer to do so).
If an employee is in any doubt about what he/she may or may not do
with personal information, he/she should seek advice from the data
protection officer. If he/she cannot get in touch with the data
protection officer, he/she should not disclose the information
concerned.
RESPONSIBILITIES
All employees who works for or with MSCSMCY has the responsibility
for ensuring personal data is collected, stored and handled in line with
this policy and data protection principles.
The board of directors is ultimately responsible for ensuring that
MSCSMCY meets its legal obligations under GDPR.
The I.T. Department, is responsible for:
 ensuring all systems, services and equipment used for storing
data meet acceptable security standards
 performing regular checks and scans to ensure security
hardware and software is functioning properly
 evaluating any third-party services the company is considering
using to store or process data. For instance, cloud computing
services
DATA STORAGE
The rules in this policy describe how and where personal data should
be safely stored. Questions about storing data safely can be directed to
the Data Protection Officer.
These guidelines also apply to data that is usually stored electronically
but has been printed out for some reason:
 when not required, the paper or files should be kept in a locked
drawer or filing cabinet;
 employees should make sure paper and printouts are not left
where unauthorized people could access them; and
 data printouts should be shredded and disposed of securely
when no longer required
When data is stored electronically, it must be protected from
unauthorized access, accidental deletion and malicious hacking
attempts:
PERSONAL DATA PRIVACY POLICY
 personal data should only be stored on designated drives and
servers, and should only be uploaded to an approved cloud
computing services.
 personal data should never be saved directly to laptops or other
mobile devices like tablets or smart phones.
 personal data should be protected by strong passwords that are
changed regularly and never shared between employees.
 data should not be stored on removable media (USB drives, CD,
personal hard disks or DVD)
 servers containing personal data should be sited in a secure
location
 data should be backed up frequently and tested regularly
according to the backup procedures
 all servers and computers containing personal data should be
protected by approved security software and a firewall.
Encrypting data whilst it is being stored (e.g. on a laptop, mobile, USB
or back-up media, databases and file servers) provides effective
protection against unauthorised or unlawful processing. It is especially
effective to protect data against unauthorised access if the device
storing the encrypted data is lost or stolen. MSCSMCY operating
systems have full disk encryption built in, which will encrypt the entire
contents of the drive. The data is decrypted when the user accesses the
device.
The company as a Data Controller requires from users to provide
username/password or setting a PIN in order to access the device.
Passwords used to decrypt the hard disk or for access control are
sufficiently complex in order to provide an appropriate level of
protection.
MSCSMCY encrypts files in individually, or place groups of files within
encrypted containers. In the event of loss or theft of the device an
attacker might gain access to the device and to some data but not to
the encrypted files.
All the software applications and databases of MSCSMCY are
configured to store data in an encrypted form. Based on this the
application controls the encryption so can access the keys when needed
without relying on the underlying IT infrastructure. When data is shared
between applications then processes are required to share keys
securely.
DATA USE
Personal data is of no value to MSCSMCY unless the business can make
use of it. However, it is when personal data is accessed and used that it
can be at the greatest risk of loss, corruption or theft:
 employees should ensure the screens of their computers are
always locked when left unattended;
 personal data should not be sent by email;
 personal data must be encrypted before being transferred
electronically;
Personal data should never be transferred outside of the European
Economic Area except for the approved company business by
authorized employees only; and employees should not save copies of
personal data to their own computers.
DATA ACCURACY
The law requires MSCSMCY to take reasonable steps to ensure data is
kept accurate and up to date. The more important it is that the personal
data is accurate, the greater the effort should put into ensuring its
accuracy.
It is the responsibility of all employees who work with data to take
reasonable steps to ensure it is kept as accurate and up to date as
possible.
 personal data will be held in as few places as necessary;
 employees should not create any unnecessary additional data
sets;
 employees should take every opportunity to ensure data is
updated;
 and data should be updated as inaccuracies are discovered.
DATA SUBJECT ACCESS REQUESTS
The organization will inform each employee of:
 the types of information that it keeps about him/her;
 the purpose for which it is used; and
 the types of organization that it may be passed to, unless this is
self evident (for example, it may be self evident that an
Page 3 of 4
 employee's national insurance number is given to).
An employee has the right to access information kept about him/her
by the organization, including personnel files, sickness records,
disciplinary or training records, appraisal or performance review notes,
emails in which the employee is the focus of the email and documents
that are about the employee.
The data protection officer (D.P.O.) is responsible for dealing with data
subject access requests.
MSCSMCY may not charge for allowing employees access to
information about them however reserves the right to review this if
there are repeated requests. The organization will respond to any data
subject access request within 30 calendar days.
MSCSMCY will allow the employee access to hard copies of any
personal information. However, if this involves a disproportionate effort
on the part of the organization, the employee shall be invited to view
the information on-screen or inspect the original documentation at a
place and time to be agreed by the organization.
MSCSMCY may reserve its right to withhold the employee's right to
access data where any statutory exemptions apply.
Where a request is received by staff covering any of the GDPR Data
Subject Rights the request must be passed to the Data Protection
Officer immediately.
The request must be forwarded to dpo@mscsmcy.com. If the request
was made over the phone then as much information as possible
regarding what was requested must be typed into an email and sent to
the Data Protection Officer immediately. If the request is received in a
postal letter, this can either be scanned and sent to the Data Protection
Officer by email, or the hardcopy taken to the Data Protection officer
immediately.
RIGHTS OF DATA SUBJECT
RIGHT TO ERASURE
This Right is also known as the ‘Right to be Forgotten'. It enables Data
Subjects to request the deletion or removal of personal data where
there is no compelling reason for its continued processing by the Data
Controller. The Right to Erasure applies in the following circumstances:
 The personal data is no longer necessary in relation to the
purpose for which it was originally collected
 The processing was based on consent, and the Data Subject has
now withdrawn their consent
 The Data Subject objects to processing and there is no overriding
legitimate interest of the Data Controller
 The data was being unlawfully processed
 The data must be erased to comply with a legal obligation
RIGHT TO RESTRICT PROCESSING
When this Right is exercised MSCSMCY is permitted to store the
personal data but not further process it. Restricted information about
the individual may be retained to ensure that the restriction is
respected in the future.
The Right to Restrict Processing applies in the following circumstances:
When a Data Subject contests the accuracy of their personal data, then
processing should be restricted to storage only until accuracy is verified
When a Data Subject objects to processing which is being carried out
for the reason of performance of a task in the public interest, or for the
legitimate interests of the Data Controller, then the Data Controller
must restrict processing to storage only whilst they consider whether
their legitimate grounds override the Rights and freedoms of the
individual.
When processing is unlawful and a Data Subject opposes erasure and
requests restriction to storage instead.
When the Data Controller no longer needs the personal data but the
Data Subject requires it for the purpose of a legal claim.
RIGHT TO PORTABILITY
This Right allows individuals to obtain and reuse their personal data for
their own purposes across different services. It allows the individual to
move, copy or transfer personal data easily from one IT environment to
another in a safe and secure way in a common data format, for
example, Excel or CSV file.
The Right to Data Portability applies in the following circumstances:
 When the personal data was provided to the controller directly
by the Data Subject
PERSONAL DATA PRIVACY POLICY
 Where the processing is based on consent or performance of a
contract
 When processing is carried out by automated means
RIGHT TO OBJECT TO
Individuals have the right to object to:
 Processing based on legitimate interest or performance of a task
in the public interest/exercise of official authority (including
profiling)
 Direct marketing (including profiling)
 Processing for the purposes of scientific/historical research and
statistics
CORRECTION, UPDATING AND DELETION OF DATA
MSCSMCY has a system in place that enables employees to check their
personal information on a regular basis so that they can correct, delete
or update any data. If an employee becomes aware that the
organization holds any inaccurate, irrelevant or out-of-date information
about him/her, he/she must notify the data protection officer
immediately and provide any necessary corrections and/or updates to
the information.
MONITORING
MSCSMCY may monitor employees and premises visitors by various
means including, but not limited to, recording activities on CCTV,
checking emails, checking business laptops/computers, listening to
voicemails and monitoring telephone conversations. If this is the case,
the organization will inform the employee that monitoring is taking
place, how data is being collected, how the data will be securely
processed and the purpose for which the data will be used. The
employee will usually be entitled to be given any data that has been
collected about him/her. MSCSMCY will not retain such data for any
longer than is absolutely necessary.
In exceptional circumstances, the organization may use monitoring
covertly. This may be appropriate where there is, or could potentially
be, damage caused to the organization by the activity being monitored
and where the information cannot be obtained effectively by any non-
intrusive means (for example, where an employee is suspected of
stealing property belonging to the organization). Covert monitoring will
take place only with the approval of the data protection officer (D.P.O)
if permissible under law.
REVIEW OF PROCEDURES AND TRAINING
MSCSMCY will provide training to all employees on data protection
matters on induction and on a regular basis thereafter. If an employee
considers that he/she would benefit from refresher training, he/she
should contact the data protection coordinator (D.P.C.)
The organization will review and ensure compliance with this policy at
regular intervals.
CONSEQUENCES OF NON-COMPLIANCE
All employees are under an obligation to ensure that they have regard
to the data protection principles when accessing, using or disposing of
personal information. Failure to observe the data protection principles
within this policy may result in an employee incurring personal criminal
liability. It may also result in disciplinary action up to and including
dismissal. For example, if an employee accesses another employee's
employment records without the requisite authority, the organization
will treat this as gross misconduct and instigate its disciplinary
procedures. Such gross misconduct will also constitute a criminal
offence.
SIGNED
Rudhinkrishna Pottayil Suresh
PRINTED NAME
11/03/2024
DATE
Page 4 of 4
 PRIVACY NOTICE on file, we will hold your data on file or a further 6 (six) months for
As part of any recruitment process, MSCSMCY (hereafter the consideration for future employment opportunities. At the end of that
“MSCSMCY”) collects and processes personal data relating to job period, or once you withdraw your consent, your data is deleted or
applicants. The organisation is committed to being transparent about destroyed. You will be asked when you submit your CV whether you give
how it collects and uses that data and to meeting its data protection us consent to hold your details for the full 12 months in order to be
obligations considered for other positions or not.
WHAT INFORMATION DO WE COLLECT? If your application for employment is successful, personal data gathered
during the recruitment process will be transferred to your Human
MSCSMCY collects a range of information about you. This includes:
Resources file (electronic and paper based) and retained during your
 your name, address and contact details, including email address and
employment. The periods for which your data will be held will be
telephone number;
provided to you in a new privacy notice.
 details of your qualifications, skills, experience and employment
history; YOUR RIGHTS
 information about your current level of remuneration, including As a data subject, you have a number of rights. You can:
benefit entitlements;  access and obtain a copy of your data on request;
 whether or not you have a disability for which the organisation needs  require the organisation to change incorrect or incomplete data;
to make reasonable adjustments during the recruitment process;  require the organisation to delete or stop processing your data, for
 information about your entitlement to work in the Cyprus. example where the data is no longer necessary for the purposes of
MSCSMCY may collect this information in a variety of ways. For processing;
example, data might be contained in application forms, CVs or resumes,  and object to the processing of your data where MSCSMCY is relying
obtained from your passport or other identity documents, or collected on its legitimate interests as the legal ground for processing.
through interviews or other forms of assessment.  If you would like to exercise any of these rights, please contact
We may also collect personal data about you from third parties, such as gdpr@mscsmcy.com.
references supplied by former employers. We will seek information from  MSCSMCY is committed, as data controller, to protect your personal
third parties only once a job offer to you has been made and will inform data when using/accessing files and software applications.
you that we are doing so.  Your personal data will be collected and processed for specific
Data will be stored in a range of different places, including on your reasons by the authorized people listed below:
application record, in HR management systems and on other IT systems  HR DEPARTMENT
(including email).  PERSONNEL DEPARTMENT
WHY DOES MSCSMCY PROCESS PERSONAL DATA?  ACCOUNTS DEPARTMENT
We need to process data to take steps at your request prior to entering  GROUP LEARNING & ORGANISATIONAL DEVELOPEMENT,
into a contract with you. We may also need to process your data to enter SUSTAINABILITY & SUPPORT SERVICES
into a contract with you.  TRAVEL
In some cases, we need to process data to ensure that we are  FLEET PERFORMANCE
complying with its legal obligations. The data concerned are:
MSCSMCY has a legitimate interest in processing personal data during  Biographical information or current living situation, including dates of
the recruitment process and for keeping records of the process. birth, Social Security numbers, phone numbers and email addresses.
Processing data from job applicants allows us to manage the recruitment  Looks, appearance and behaviour, including eye colour, weight and
process, assess and confirm a candidate's suitability for employment and character traits.
decide to whom to offer a job. We may also need to process data from  Workplace data and information about education, including salary,
job applicants to respond to and defend against legal claims. tax information and tax/social insurance numbers.
MSCSMCY may process special categories of data, such as information  Private and subjective data, including religion, political opinions and
about ethnic origin, sexual orientation or religion or belief, to monitor geo-tracking data.
recruitment statistics. We may also collect information about whether or  Health, sickness and genetics, including medical history, genetic data
not applicants are disabled to make reasonable adjustments for and information about sick leave.
candidates who have a disability. We process such information to carry CONSENT
out its obligations and exercise specific rights in relation to employment. By consenting to this privacy notice you are giving us the permission to
If your application is unsuccessful, MSCSMCY may keep your personal process your personal date specifically for the purposes identified.
data on file in case there are future employment opportunities for which Consent is required for MSCSMCY to process both types of personal data,
you may be suited. We will ask for your consent before it keeps your data but must it must be explicitly given. Where we are asking you for sensitive
for this purpose and you are free to withdraw your consent at any time. personal data we will always tell you why and how the information will be
WHO HAS ACCESS TO DATA? used.
Your information may be shared internally for the purposes of the You may withdraw consent at any time.
recruitment exercise. This includes members of the HR and recruitment
team, interviewers involved in the recruitment process, managers in the
business area with a vacancy and IT staff if access to the data is necessary
for the performance of their roles.
We will not share your data with third parties, unless your application
for employment is successful and we make you an offer of employment.
We will then share your data with former employers to obtain references
for you, employment background check providers to obtain necessary
background checks. SIGNED
HOW DOES MSCSMCY PROTECT DATA?
We take the security of your data seriously. We have internal policies Rudhinkrishna Pottayil Suresh
and controls in place to ensure that your data is not lost, accidentally
destroyed, misused or disclosed, and is not accessed except by our PRINTED NAME
employees in the proper performance of their duties.
FOR HOW LONG DOES MSCSMCY KEEP DATA? 11/03/2024
If your application for employment is unsuccessful, the organisation will
hold your data on file for 6 (six) months after the end of the relevant DATE
recruitment process. If you agree to allow us to keep your personal data

PRIVACY NOTICE Page 1 of 1

 SOCIAL MEDIA POLICY
GLOSSARY
MSCSMCY means MSC Shipmanagement Limited, its subsidiaries and agencies
network
MSC Shipmanagement means MSC Shipmanagement Limited having its
registered office at MSC HOUSE, 8 Spyrou Kyprianou Avenue, 3070
Limassol,Cyprus
Subsidiaries means crew management companies including, but not limited
to, MSC Crewing Services LLC Odessa, MSC Crewing Services India Private Ltd,
MSC Crewing Services Philippines Inc.
Agencies means crew management companies with whom MSCSMCY has
crew management agreements
Employee means any person who is employed by MSC on a full time or part
time or consultancy basis (including temporarily employed) and any intern.
Social Media means the private or personal use of websites and applications
used to communicate with other users, or to find people with similar interests
to one's own, including, but not limited to, Facebook and LinkedIn.
MSCSMCY Social Media means Social Media but where in addition an
Employee also reveals their Employee status with MSC, whether directly, such
as making a statement or reference to MSC, or indirectly, such as by uploading
a photograph that identifies MSC, for example with the MSC logo in the
background.
Policy means this MSC Social Media Policy, for the purposes of this document
only.
APPLICATION
Whenever an Employee engages in MSCSMCY Social Media, this Policy
applies. When an Employee discloses they are an Employee of MSCSMCY on
their Social Media, the Social Media use becomes MSCSMCY Social Media
because the Employee has brought MSC into their Social Media and therefore
this Policy applies.
This Policy also regulates MSCSMCY dedicated pages, created by Employees
on Social Media.
However, this Policy does not regulate an Employee's use of their Social
Media, except when MSCSMCY computers and handheld devices are used.
This Policy does not restrict communications or actions protected or required
by laws applicable to each Employee. Employees' rights under the law are
paramount and are not affected by this Policy.
Employees who engage in Social Media using MSCSMCY computers or
handheld devices can do so outside of their work time so long as this use does
not involve vulgar, obscene, threatening, intimidating or harassing content; is
not maliciously false or illegal; and does not breach any other MSCSMCY
policies or Employee's obligations. Employees are respectfully reminded that
they have personal responsibility for their use of Social Media.
PURPOSE
This Policy provides guidance for Employees on MSCSMCY Social Media and
how to get the most out of its use in the context of professional expertise-
sharing. In this document, MSCSMCY provides its Employees with information
about the legal and reputational risks arising from the following topics:
 Compliance with laws, related policies and agreements
 Business use of Social Media
 Guidelines for an Employee's responsible use of MSCSMCY Social Media
regarding:
o Protection of MSC's goodwill, brands and business reputation
o Respect for intellectual property and confidential information
o Respect and compliance with terms of use of all visited sites
o Respect for others
o The consequences of a breach of this Policy
o Personnel responsible for implementing this Policy
To ensure that MSCSMCY's IT resources and communications systems are
used appropriately as explained below, MSCSMCY requires each Employee to
adhere to the following guidance regarding their use of MSCSMCY Social
Media.
COMPLIANCE WITH LAWS RELATED POLICIES & AGREEMENTS
MSCSMCY Social Media should never be used in a way that breaches laws, any
other MSCSMCY
policy, MSCSMCY's contractual obligations or any Employee's obligations. If an
MSCSMCY Social
Media activity would breach any of MSCSMCY's policies in another forum, it and “me” because using “our” and “we” when making a statement involving
also breaches them in
on online forum.
SOCIAL MEDIA POLICY
For example, no Employee should use MSCSMCY Social Media to:
 Breach MSCSMCY's best practices regarding MSCSMCY's IT resources and
communications system;
 Circumvent the ethics and standards of conduct stated in the MSC Code
of Business Conduct;
 Breach their duties of confidentiality;
 Engage in harassment, discrimination or any other unacceptable activity;
 Publish or use information of which the use or publication can be illegal
or a breach of contract; or
 Breach any other law or ethical standards (for example, use Social Media
in a false or misleading way, such as by claiming to be someone else or by
creating an artificial "buzz" around our business or service).
BUSINESS USE OF SOCIAL MEDIA
MSCSMCY encourages all Employees to participate responsibly and
professionally in MSCSMCY
Social Media as a means of generating interest in MSC's services and creating
business opportunities, so long as MSCSMCY's guidance regarding MSCSMCY
Social Media usage, particularly in a business context, is adhered to. In
addition, MSCSMCY encourages Employees to use the official MSCSMCY pages
on Social Media. Every Employee can share and comment on any posts made
on the official MSCSMCY pages on Social Media.
However, MSCSMCY discourages unofficial MSC pages on Social Media and
respectfully requests Employees not to create them. Employees should be
aware that it is easy to breach rights, such as intellectual property rights (for
example by using the MSC brand or customer's or supplier's brands), on such
pages. When the MSCSMCY brand is used improperly MSC must and does take
action to close the page or site down because if a brand is not actively
protected its ownership can be challenged. MSCSMCY does not want to be in
the position of having to ask Employees to remove unofficial MSCSMCY pages,
particularly when the page has no doubt been created as a result of that
individual having pride in working for MSC. Please support the official
MSCSMCY pages instead. If you have suggestions about the official MSC pages
please send them social@mscsmcy.com.
Any Employee who, before the publication of this Policy, has created an
unofficial MSCSMCY page on Social Media on behalf of MSCSMCY should
advise MSCSMCY at social@mscsmcy.com.
If an Employee's work duties require them to speak on behalf of MSCSMCY in
a Social Media environment, the Employee must seek approval for the
contents of such communication from the MSCSMCY (which can be contacted
at social@mscsmcy.com). In cases where this is to be frequent, said Employee
may be asked to undertake training or guidance on Social Media for business
use.
If an Employee is contacted directly and requested to comment about
MSCSMCY for a publication
or particular media activity, including on any Social Media outlet, the
Employee must direct the
enquiry to MSCSMCY (which can be contacted at social@mscsmcy.com and
employee will be notified only after taking required approval from MSC Global
Media team). The Employee MUST
NOT respond themselves without prior written approval to do so.
GUIDELINE FOR EMPLOYEES' RESPONSIBLE USE OF SOCIAL MEDIA
This Policy covers specific rules, policies and contractual obligations that all
Employees must follow when using MSCSMCY Social Media. In case of a
breach of this Policy by an Employee, the Employee may be subject to
disciplinary action. The following sections of this Policy provide each
Employee with common-sense guidelines and recommendations for using
MSCSMCY Social Media responsibly and safely, in the best interests of
MSCSMCY. The following sections reflect the "duty of loyalty" each Employee
owes to their employer. They add to, and do not contradict, limit or replace,
applicable rules, policies, legal requirements, legal prohibitions and
contractual obligations.
PROTECT MSCSMCY'S GOODWILL, BRANDS AND BUSINESS
REPUTATION
Each Employee is personally responsible for their statements on MSCSMCY
Social Media. Remember that statements and comments made via Social
Media platforms might subsequently remain online for a long time into the
future, therefore making them accessible to members of the public.
Each Employee must make clear in their MSCSMCY Social Media that they are
speaking on their own behalf. You should write in the first person using “I”
MSCSMCY could be taken to also include MSC in the statement.
Use personal email addresses when communicating via Social Media (and
Page 1 of 2
establishing Social Media accounts) and do not use work email addresses. the terms of use of all Social Media sites they use and ensure their use
No Employee should post anonymously to Social Media sites when their post complies with these terms.
could be connected to MSCSMCY or its business (including customers). RESPECT FOR OTHERS AND PROFESSIONALISM
Anonymous posts can be traced back to the original sender's email address. When using MSCSMCY Social Media, in addition to complying with
If an Employee discloses their work relationship with MSCSMCY (including MSCSMCY's Code of Business Conduct, Employees should not post, or express
through pictures), the Employee must include a disclaimer that their views do a viewpoint on another's post, such as by "liking" a Facebook post, anything
not represent those of MSC. For example, that MSCSMCY or MSCSMCY's business partners would find offensive,
"the opinions expressed in postings from this account are a reflection of my including racism, ethnic slurs, sexist comments, discriminatory comments,
own personal views”. profanity, abusive language or obscenity, or statements that are maliciously
false.
Usually, these statements can be included in a permanent section of the
profile, for example, “about” or “intro” section at “details about you” of As a global shipping line, MSCSMCY has a variety of business partners and
Facebook; “summary” section on LinkedIn; “bio” section in Twitter; and so on. Employees around the world. Naturally, different cultural and political stances
will be observed by these individuals. MSCSMCY insists that all Employees
Even if a disclaimer is included, anything said by an Employee can reflect on
respect one another through their communication activity.
MSCSMCY. Employees should always strive to be accurate in their
communications about MSCSMCY and remember that their statements have Each Employee must be respectful towards others' rights regarding data
the potential to result in liability for themselves and MSCSMCY. protection and privacy, and should not post photographs of their colleagues
without prior authorisation.
RESPECT INTELLECTUAL PROPERTY & CONFIDENTIAL INFORMATION
The MSCSMCY Code of Business Conduct restricts Employees' use and CONSEQUENCES OF ANY BREACH OF THIS POLICY
disclosure of MSCSMCY's trade secrets, confidential information and Breach of this Policy may result in disciplinary action up to and including
intellectual property, save as permitted by applicable laws. termination of employment. An Employee suspected of committing a breach
of this Policy will be requested to cooperate with MSCSMCY in any
Publishing commercially sensitive information on MSCSMCY Social Media,
investigation. The Employee's cooperation may be taken into account in a
including, but not limited to, trade secrets, confidential business results or
case where disciplinary action is considered to be appropriate.
business plans, can also constitute a breach of competition laws.
An Employee may be requested to remove any MSCSMCY Social Media
Breaches of competition laws are strictly penalised, including, in many
content that MSCSMCY considers to constitute a breach of this Policy. Failure
countries, by criminal sanctions for individuals. Employees are invited to
to comply with such a request may result in disciplinary action.
attend MSCSMCY Code of Conduct training and MSCSMCY Competition
training in order to further understand the subject. PERSONNEL RESPONSIBLE FOR IMPLEMENTING THIS POLICY
Each Employee is responsible for the success of this Policy and should take
Beyond the mandatory restrictions and legal obligations, each Employee
time to read and understand it.
should treat MSCSMCY's trade secrets, intellectual property and other
proprietary information, other than information that is already public, about Please act responsibly and professionally in your use of MSCSMCY Social
MSCSMCY's customers, terminals, facilities, railways, road transport, business, Media, and your Social Media when MSCSMCY computers and handheld
vessels and services as strictly confidential and not do anything to jeopardise devices are used.
or unwittingly disclose such information through their use of MSCSMCY Social If you see any misuse of MSCSMCY Social Media or of MSCSMCY computers
Media. and handheld devices
In addition, Employees should avoid misappropriating or infringing upon the it should be reported to MSCSMCY (which can be contacted at
intellectual property of other companies and individuals, which can create social@mscsmcy.com).
liability for Employees as well as for MSCSMCY. CONFLICT OF LAWS
Please note that nearly all contracts that MSCSMCY enters into with suppliers The Policy does not replace the local laws which must always be applied.
and customers contain confidentiality clauses and sometimes these These laws may have different requirements to this Policy.
confidentiality clauses can be very broad. For example, some large well- If anyone has reason to believe that the local applicable laws will prevent it
known companies do not want the various shipping lines that they use to from implementing this Policy, it shall immediately report this conflict to the
know which other shipping lines they are doing business with, and MSCSMCY (which can be contacted at datasecurity@mscsmcy.com ). In such
consequently, the fact we are ‘doing business with them' is required to event, MSCSMCY will collaborate with the Affiliate in order to reach a
remain confidential. business like solution consistent with the Policy.
For these reasons, care must be exercised in all communication, and In case of absence of local law, the Policy shall constitute the legal framework
MSCSMCY requests that you do not refer to MSCSMCY's customers and for the concerned Affiliate.
suppliers by name and that you restrict your references to that of MSCSMCY
only.
Exceptions can apply where MSCSMCY is informed and grants permission.
In order to protect themselves and MSCSMCY against liability for copyright or
trademark infringement, where appropriate, each Employee shall refer to the
source of particular information posted or uploaded, and shall cite them
accurately.
This requirement is also applicable where an Employee copies pieces of MSC
Group Cargo's magazine Together or MSCSMCY Magazine MSC SMT. You
should be reminded that the main purpose of Together is as an INTERNAL
publication, so if you should wish to replicate content, we politely request you
seek the permission of the MSCSMCY.
SIGNED
Note that republishing part of any publication - or broadcast content - can be
a breach against that media outlet, or a breach of a specific subscription
contract which MSCSMCY has with the publisher. The publisher obtains its
income through the sale of the publication, and so the subscription contract Rudhinkrishna Pottayil Suresh
always contains restrictions on distribution and publishing.
If republishing part of a publication or broadcast has value for your business PRINTED NAME
use of MSCSMCY Social Media, please check with the MSCSMCY first, who will
be able to advise you whether this use is permitted.
If an Employee has any doubts or questions about whether a particular post 11/03/2024
or upload might breach any copyright or trademark of any person or
MSCSMCY, the Employee should ask the MSCSMCY by using DATE
social@mscsmcy.com before making the communication.
RESPECT & COMPLY WITH TERMS OF USE OF ALL VISITED SITES
No Employee should expose themselves or MSCSMCY to a legal risk by using a
Social Media site in breach of its terms of use. Each Employee should review
SOCIAL MEDIA POLICY Page 2 of 2
 MSC SHIPMANAGEMENT LTD

Rudhinkrishna Pottayil Suresh

Dear …………………………………………………………..

MARPOL CO MPLI ANCE

MSC Shipmanagement Ltd places the very highest importance on:

1. Full and strict compliance with the MARPOL Convention, relevant

International & Local requirements established by Flag State
Administrations and Company’s Policies stated in its QSEEMS, Fleet
Circulars and Messages;
2. Proper collection, storage and disposal of all types of wastes as prescribed by
MARPOL convention, by proper use of certified equipment provided on
board the vessel and/or delivery to designated & approved reception facilities;
3. The full and correct completion of all MARPOL & QSEEMS relevant
mandatory records within all official Logs, Record Books and Company’s
QSEEMS Forms.

NON-COMPLIANCE WITH ABOVE STATED COULD LEAD TO COMPANY’S

LIABILITY FOR ILLEGAL ACTS SUCH AS BREACHES OF MARPOL
CONVENTION OR OTHER REGULATIONS ESTABLISHED BY FLAG STATE
ADMINISTRATIONS AND RESULTED IN PENAL PROCEDURES, WHICH
COULD RESULT IN YOUR IMPRISONMENT.

Therefore, strict compliance and following with requirements of Convention, Regulations

& Company’s Policies & Procedures is particularly important for the Company and Your
own employment. If you become aware of any acts of violation or facts, which could,
under circumstances lead or allow violation of MARPOL convention, Flag State
Regulations or Company’s Policies and Procedures, you’re strongly requested to call by
telephone or notify by other fastest method the Designated Person Ashore (DPA) or his
Deputy, so that Company could intervene and correct/prevent the situation.

I CONFIRM THAT I HAVE READ, UNDERSTOOD AND WILL FOLLOW THIS

INSTRUCTION THROUGHOUT THE PERIOD OF MY EMPLOYMENT:

Signed: …………………………………
Name:
Rudhinkrishna Pottayil Suresh
Date:
11/03/2024

MSC Shipmanagement Limited

8, Spyrou Kyprianou Ave., CY-3070, Limassol, Cyprus
P.O.Box 54809,CY-3728, Limassol, Cyprus
Telephone: +357 25 844 800
4TH
JULY 2018 REV : 1 PAGE 1 OF 1
 Declaration of Compliance

Please sign the below Declaration at appropriate place after you have read and understood the contents to confirm
your Compliance.

Please note the following important policy points.

1. Your employment is conditional on compliance & Declaration as per below.
2. Any use or abuse of drug/alcohol is against company Policy and will not be tolerated.
3. The Company is committed to ensuring no carriage of narcotics and dangerous drugs
(“drugs”) and prohibits the unlawful possession and handling of drugs on MSC Vessels or
shore premises, including possession, smuggling, or trafficking drugs.
4. The Company places the very highest importance on:
a) full and strict compliance with the MARPOL regulations and company policies state d
in its Safety Management System (SMS) and Circulars, including the U.S.
Environmental Protection Agency’s Vessel General Permit (VGP);
b) on the proper disposal of all oily wastes, including bilge slops and sludge, by the
proper use of the equipment on board the vessel or by sending them ashore to
approved facilities equipped to deal with them properly; and
c) The full and correct completion of all records, including those relevant to MARPOL
and the SMS, such as the Oil Record Book and the sounding book.
5. Non-compliance with the above instructions may make the company liable for illegal
breaches of MARPOL and other environmental requirements, and you will be at risk of going
through penal procedures which could result in your imprisonment.
6. All log books, environmental records and working record books must be carefully and
accurately maintained. This includes( but is not limited to) Deck and Engine Room logbooks,
oil records books, garbage record books, ballast management records, seal records and
sounding books.
7. The Company is also committed to ensuring that crewmembers comply with international,
national, and local laws in every place where the Company, its crewmembers, and vessels
operate, including laws prohibiting human trafficking, theft, fraud, and bribery.
8. If I observe or suspect any violation of any law or Company policy, or if anyone asks me to
violate any law or Company policy, I will report this immediately to the Master, the Designated
Person Ashore, or through the MSC Speak Up Line. I am aware that the MSC Speak up Line
permits me to submit such reports anonymously:
• Speak Up Line: https://mscspeakupline.com/
• Phone: +357 97772075 / 99681757 / 25844800
• Email: CY974-wbp@msc.com; CY974-ethics@msc.com

DECLARATION

9. I have read and understood the contents of MSC Code of Business Conduct and confirm:
a) I will meet the standard described in the Code,
b) I will keep myself informed and aware of any udpates to the code,
c) I will act as a role model in strict compliance with the letter and spirit of the Code,
d) I will advise the Company of any breaches in same Policies I happen to witness or if I
am asked to breach any policies, and
• This declaration must be signed at crewing office before travel to the assigned vessel. In case of transfer, this can be signed on
boarding vessel. Copy of the declaration must be included in documents to be handed over to Master on joining any vessel.
• Master to obtain signature of the crew member on leaving vessel and send scanned pdf to respective crewing office for record
keeping.
 e) I will comprehensively facilitate implementation of these Policies by my colleagues.

10. I have read, understood, and will comply with the following Company Policies:
a) Safety & Quality Policy,
b) Drug and Alcohol Policy
c) Social Media Policy
d) General Data Protection Policy
e) Anti-Bribery Policy
f) Anti-Fraud Policy
g) Conflict of Interest Policy
h) Whistle-blower Policy
i) MSC Speak-Up Line Reporting Policy
j) Anti-Drug Declaration

11. I understand the warnings given above and that I fully understand the penalties relating to each
subject.

12. I am informed of and am aware of my rights under the General Data Protection Regulation
GDPR (EU) 2016/679 as amended.

13. I have also received digital copy of above Policies for my record and future reference.

To assist me in my understanding of the above, I also confirm that:

14. I have received and understood all training as provided regarding Company requirements and
procedures concerning MARPOL and the U.S. Environmental Protection Agency’s Vessel
General Permit (VGP).
15. I will not indulge in any wilful misconduct during my tenure on board. I will follow all
Company’s procedures and will abide by all international & local regulations for the ports
the vessel will call.
16. I have no history of smuggling of illegal substances and confirm I have not been convicted
of any criminal offence, drug related or otherwise.
17. I declare that I do not have any pending legal issues in any country.

I hereby confirm that the information provided herein is accurate, correct, and complete. Any false
or fraudulent statement will hold undersigned liable for any penalties provided by law, including
any associated expenses.

Name Rudhinkrishna Pottayil Suresh

Signature Date 11/03/2024

Rank Electrical Officer Vessel MSC Harmony III

ON LEAVING VESSEL (transfer to other vessel/ proceeding on leave): I confirm compliance with
the above during my time onboard the vessel and am aware of nothing reportable as required by item
7 of this document.

Signature Date

• This declaration must be signed at crewing office before travel to the assigned vessel. In case of transfer, this can be signed on
boarding vessel. Copy of the declaration must be included in documents to be handed over to Master on joining any vessel.
• Master to obtain signature of the crew member on leaving vessel and send scanned pdf to respective crewing office for record
keeping.
 CONSENT FORM
DATA PROTECTION ACT: EMPLOYEE CONSENT FORM

PERMISSION TO STORE AND PROCESS YOUR DATA

To comply with the European General Data Protection Regulation Company as Employer must ask for your
permission to store and process your personal and sensitive data for this purpose.
I give my consent to MSC Shipmanagement Limited recording sensitive personal information about me

Name Rudhinkrishna Pottayil Suresh

Signature Date 11/03/2024

European General Data Protection Regulation Employee Information Sheet

What is personal and sensitive data?
Personal data is data which can be used to identify you. This may include your name, date of birth, address,
telephone number etc. Sensitive personal data is information related to any of the following: racial or ethnic
origin, political opinions, religious beliefs, trade union membership, health, sexuality or sex life, offences and/or
convictions.
Where will you store my data?
The record of your data will be stored in an electronic database system accessed by authorized employees of
MSC Shipmanagement Limited. Paper copies of your data may also be stored securely and accessed by authorized
employees only.
How will company use your data?
Your data will primarily be used for the purpose of:
 Recruitment, promotion, training, redeployment and/or career development
 Administration and payment of wages
 Calculation of certain benefits including pensions
 Disciplinary or performance management purposes
 Performance review
 Recording of communication with employees and their representatives
 Compliance with legislations
 Provision of references to financial institutions, to facilitate entry onto educational courses and/or to assist
future potential employers
 Staffing levels and career planning
 Training which means classroom, e-learning or any other means
 Marketing or company's promotion purposes only after obtaining your specific consent for such activity
What is a Data Controller?
A Data Controller is someone who is responsible for your data and who must make sure that your data is
processed according to the law. For example they are responsible for making sure that the information held about
you is accurate and that it is kept secure.
Why might you share my personal and sensitive personal data? Who will you share it with?
We will only ever share your information with your permission, for the purposes we have stated (unless required
to do so by law).
Obtaining the information we hold about you
You have a right to ask for a copy of your information and to correct any inaccuracies. Under the EU General
Data Protection Regulation, MSC Shipmanagement Limited is required to respond to your request within 30 days.
If you would like a copy of the information we hold about you, please write to the D.P.O officer at
dpo@mscsmcy.com

CONSENT FORM Page 1 of 1

 SOCIAL MEDIA POLICY
GLOSSARY
MSCSMCY means MSC Shipmanagement Limited, its subsidiaries and agencies
network
MSC Shipmanagement means MSC Shipmanagement Limited having its
registered office at MSC HOUSE, 8 Spyrou Kyprianou Avenue, 3070
Limassol,Cyprus
Subsidiaries means crew management companies including, but not limited
to, MSC Crewing Services LLC Odessa, MSC Crewing Services India Private Ltd,
MSC Crewing Services Philippines Inc.
Agencies means crew management companies with whom MSCSMCY has
crew management agreements
Employee means any person who is employed by MSC on a full time or part
time or consultancy basis (including temporarily employed) and any intern.
Social Media means the private or personal use of websites and applications
used to communicate with other users, or to find people with similar interests
to one's own, including, but not limited to, Facebook and LinkedIn.
MSCSMCY Social Media means Social Media but where in addition an
Employee also reveals their Employee status with MSC, whether directly, such
as making a statement or reference to MSC, or indirectly, such as by uploading
a photograph that identifies MSC, for example with the MSC logo in the
background.
Policy means this MSC Social Media Policy, for the purposes of this document
only.
APPLICATION
Whenever an Employee engages in MSCSMCY Social Media, this Policy
applies. When an Employee discloses they are an Employee of MSCSMCY on
their Social Media, the Social Media use becomes MSCSMCY Social Media
because the Employee has brought MSC into their Social Media and therefore
this Policy applies.
This Policy also regulates MSCSMCY dedicated pages, created by Employees
on Social Media.
However, this Policy does not regulate an Employee's use of their Social
Media, except when MSCSMCY computers and handheld devices are used.
This Policy does not restrict communications or actions protected or required
by laws applicable to each Employee. Employees' rights under the law are
paramount and are not affected by this Policy.
Employees who engage in Social Media using MSCSMCY computers or
handheld devices can do so outside of their work time so long as this use does
not involve vulgar, obscene, threatening, intimidating or harassing content; is
not maliciously false or illegal; and does not breach any other MSCSMCY
policies or Employee's obligations. Employees are respectfully reminded that
they have personal responsibility for their use of Social Media.
PURPOSE
This Policy provides guidance for Employees on MSCSMCY Social Media and
how to get the most out of its use in the context of professional expertise-
sharing. In this document, MSCSMCY provides its Employees with information
about the legal and reputational risks arising from the following topics:
 Compliance with laws, related policies and agreements
 Business use of Social Media
 Guidelines for an Employee's responsible use of MSCSMCY Social Media
regarding:
o Protection of MSC's goodwill, brands and business reputation
o Respect for intellectual property and confidential information
o Respect and compliance with terms of use of all visited sites
o Respect for others
o The consequences of a breach of this Policy
o Personnel responsible for implementing this Policy
To ensure that MSCSMCY's IT resources and communications systems are
used appropriately as explained below, MSCSMCY requires each Employee to
adhere to the following guidance regarding their use of MSCSMCY Social
Media.
COMPLIANCE WITH LAWS RELATED POLICIES & AGREEMENTS
MSCSMCY Social Media should never be used in a way that breaches laws, any
other MSCSMCY
policy, MSCSMCY's contractual obligations or any Employee's obligations. If an
MSCSMCY Social
Media activity would breach any of MSCSMCY's policies in another forum, it and “me” because using “our” and “we” when making a statement involving
also breaches them in
on online forum.
SOCIAL MEDIA POLICY
For example, no Employee should use MSCSMCY Social Media to:
 Breach MSCSMCY's best practices regarding MSCSMCY's IT resources and
communications system;
 Circumvent the ethics and standards of conduct stated in the MSC Code
of Business Conduct;
 Breach their duties of confidentiality;
 Engage in harassment, discrimination or any other unacceptable activity;
 Publish or use information of which the use or publication can be illegal
or a breach of contract; or
 Breach any other law or ethical standards (for example, use Social Media
in a false or misleading way, such as by claiming to be someone else or by
creating an artificial "buzz" around our business or service).
BUSINESS USE OF SOCIAL MEDIA
MSCSMCY encourages all Employees to participate responsibly and
professionally in MSCSMCY
Social Media as a means of generating interest in MSC's services and creating
business opportunities, so long as MSCSMCY's guidance regarding MSCSMCY
Social Media usage, particularly in a business context, is adhered to. In
addition, MSCSMCY encourages Employees to use the official MSCSMCY pages
on Social Media. Every Employee can share and comment on any posts made
on the official MSCSMCY pages on Social Media.
However, MSCSMCY discourages unofficial MSC pages on Social Media and
respectfully requests Employees not to create them. Employees should be
aware that it is easy to breach rights, such as intellectual property rights (for
example by using the MSC brand or customer's or supplier's brands), on such
pages. When the MSCSMCY brand is used improperly MSC must and does take
action to close the page or site down because if a brand is not actively
protected its ownership can be challenged. MSCSMCY does not want to be in
the position of having to ask Employees to remove unofficial MSCSMCY pages,
particularly when the page has no doubt been created as a result of that
individual having pride in working for MSC. Please support the official
MSCSMCY pages instead. If you have suggestions about the official MSC pages
please send them social@mscsmcy.com.
Any Employee who, before the publication of this Policy, has created an
unofficial MSCSMCY page on Social Media on behalf of MSCSMCY should
advise MSCSMCY at social@mscsmcy.com.
If an Employee's work duties require them to speak on behalf of MSCSMCY in
a Social Media environment, the Employee must seek approval for the
contents of such communication from the MSCSMCY (which can be contacted
at social@mscsmcy.com). In cases where this is to be frequent, said Employee
may be asked to undertake training or guidance on Social Media for business
use.
If an Employee is contacted directly and requested to comment about
MSCSMCY for a publication
or particular media activity, including on any Social Media outlet, the
Employee must direct the
enquiry to MSCSMCY (which can be contacted at social@mscsmcy.com and
employee will be notified only after taking required approval from MSC Global
Media team). The Employee MUST
NOT respond themselves without prior written approval to do so.
GUIDELINE FOR EMPLOYEES' RESPONSIBLE USE OF SOCIAL MEDIA
This Policy covers specific rules, policies and contractual obligations that all
Employees must follow when using MSCSMCY Social Media. In case of a
breach of this Policy by an Employee, the Employee may be subject to
disciplinary action. The following sections of this Policy provide each
Employee with common-sense guidelines and recommendations for using
MSCSMCY Social Media responsibly and safely, in the best interests of
MSCSMCY. The following sections reflect the "duty of loyalty" each Employee
owes to their employer. They add to, and do not contradict, limit or replace,
applicable rules, policies, legal requirements, legal prohibitions and
contractual obligations.
PROTECT MSCSMCY'S GOODWILL, BRANDS AND BUSINESS
REPUTATION
Each Employee is personally responsible for their statements on MSCSMCY
Social Media. Remember that statements and comments made via Social
Media platforms might subsequently remain online for a long time into the
future, therefore making them accessible to members of the public.
Each Employee must make clear in their MSCSMCY Social Media that they are
speaking on their own behalf. You should write in the first person using “I”
MSCSMCY could be taken to also include MSC in the statement.
Use personal email addresses when communicating via Social Media (and
Page 1 of 2
establishing Social Media accounts) and do not use work email addresses. the terms of use of all Social Media sites they use and ensure their use
No Employee should post anonymously to Social Media sites when their post complies with these terms.
could be connected to MSCSMCY or its business (including customers). RESPECT FOR OTHERS AND PROFESSIONALISM
Anonymous posts can be traced back to the original sender's email address. When using MSCSMCY Social Media, in addition to complying with
If an Employee discloses their work relationship with MSCSMCY (including MSCSMCY's Code of Business Conduct, Employees should not post, or express
through pictures), the Employee must include a disclaimer that their views do a viewpoint on another's post, such as by "liking" a Facebook post, anything
not represent those of MSC. For example, that MSCSMCY or MSCSMCY's business partners would find offensive,
"the opinions expressed in postings from this account are a reflection of my including racism, ethnic slurs, sexist comments, discriminatory comments,
own personal views”. profanity, abusive language or obscenity, or statements that are maliciously
false.
Usually, these statements can be included in a permanent section of the
profile, for example, “about” or “intro” section at “details about you” of As a global shipping line, MSCSMCY has a variety of business partners and
Facebook; “summary” section on LinkedIn; “bio” section in Twitter; and so on. Employees around the world. Naturally, different cultural and political stances
will be observed by these individuals. MSCSMCY insists that all Employees
Even if a disclaimer is included, anything said by an Employee can reflect on
respect one another through their communication activity.
MSCSMCY. Employees should always strive to be accurate in their
communications about MSCSMCY and remember that their statements have Each Employee must be respectful towards others' rights regarding data
the potential to result in liability for themselves and MSCSMCY. protection and privacy, and should not post photographs of their colleagues
without prior authorisation.
RESPECT INTELLECTUAL PROPERTY & CONFIDENTIAL INFORMATION
The MSCSMCY Code of Business Conduct restricts Employees' use and CONSEQUENCES OF ANY BREACH OF THIS POLICY
disclosure of MSCSMCY's trade secrets, confidential information and Breach of this Policy may result in disciplinary action up to and including
intellectual property, save as permitted by applicable laws. termination of employment. An Employee suspected of committing a breach
of this Policy will be requested to cooperate with MSCSMCY in any
Publishing commercially sensitive information on MSCSMCY Social Media,
investigation. The Employee's cooperation may be taken into account in a
including, but not limited to, trade secrets, confidential business results or
case where disciplinary action is considered to be appropriate.
business plans, can also constitute a breach of competition laws.
An Employee may be requested to remove any MSCSMCY Social Media
Breaches of competition laws are strictly penalised, including, in many
content that MSCSMCY considers to constitute a breach of this Policy. Failure
countries, by criminal sanctions for individuals. Employees are invited to
to comply with such a request may result in disciplinary action.
attend MSCSMCY Code of Conduct training and MSCSMCY Competition
training in order to further understand the subject. PERSONNEL RESPONSIBLE FOR IMPLEMENTING THIS POLICY
Each Employee is responsible for the success of this Policy and should take
Beyond the mandatory restrictions and legal obligations, each Employee
time to read and understand it.
should treat MSCSMCY's trade secrets, intellectual property and other
proprietary information, other than information that is already public, about Please act responsibly and professionally in your use of MSCSMCY Social
MSCSMCY's customers, terminals, facilities, railways, road transport, business, Media, and your Social Media when MSCSMCY computers and handheld
vessels and services as strictly confidential and not do anything to jeopardise devices are used.
or unwittingly disclose such information through their use of MSCSMCY Social If you see any misuse of MSCSMCY Social Media or of MSCSMCY computers
Media. and handheld devices
In addition, Employees should avoid misappropriating or infringing upon the it should be reported to MSCSMCY (which can be contacted at
intellectual property of other companies and individuals, which can create social@mscsmcy.com).
liability for Employees as well as for MSCSMCY. CONFLICT OF LAWS
Please note that nearly all contracts that MSCSMCY enters into with suppliers The Policy does not replace the local laws which must always be applied.
and customers contain confidentiality clauses and sometimes these These laws may have different requirements to this Policy.
confidentiality clauses can be very broad. For example, some large well- If anyone has reason to believe that the local applicable laws will prevent it
known companies do not want the various shipping lines that they use to from implementing this Policy, it shall immediately report this conflict to the
know which other shipping lines they are doing business with, and MSCSMCY (which can be contacted at datasecurity@mscsmcy.com ). In such
consequently, the fact we are ‘doing business with them' is required to event, MSCSMCY will collaborate with the Affiliate in order to reach a
remain confidential. business like solution consistent with the Policy.
For these reasons, care must be exercised in all communication, and In case of absence of local law, the Policy shall constitute the legal framework
MSCSMCY requests that you do not refer to MSCSMCY's customers and for the concerned Affiliate.
suppliers by name and that you restrict your references to that of MSCSMCY
only.
Exceptions can apply where MSCSMCY is informed and grants permission.
In order to protect themselves and MSCSMCY against liability for copyright or
trademark infringement, where appropriate, each Employee shall refer to the
source of particular information posted or uploaded, and shall cite them
accurately.
This requirement is also applicable where an Employee copies pieces of MSC
Group Cargo's magazine Together or MSCSMCY Magazine MSC SMT. You
should be reminded that the main purpose of Together is as an INTERNAL
publication, so if you should wish to replicate content, we politely request you
seek the permission of the MSCSMCY.
Note that republishing part of any publication - or broadcast content - can be
a breach against that media outlet, or a breach of a specific subscription
contract which MSCSMCY has with the publisher. The publisher obtains its
income through the sale of the publication, and so the subscription contract
always contains restrictions on distribution and publishing.
If republishing part of a publication or broadcast has value for your business
use of MSCSMCY Social Media, please check with the MSCSMCY first, who will
be able to advise you whether this use is permitted.
If an Employee has any doubts or questions about whether a particular post
or upload might breach any copyright or trademark of any person or
MSCSMCY, the Employee should ask the MSCSMCY by using
social@mscsmcy.com before making the communication.
RESPECT & COMPLY WITH TERMS OF USE OF ALL VISITED SITES
No Employee should expose themselves or MSCSMCY to a legal risk by using a
Social Media site in breach of its terms of use. Each Employee should review
SOCIAL MEDIA POLICY Page 2 of 2
LAUNCH OF MSC SPEAK-UP LINE
Geneva, October 17, 2018

Dear all,

Consistent with MSC’s Values, the ability to speak-up is a cornerstone for building an open and accountable
workplace culture.

In this regard, MSC is making available worldwide a new online tool called “MSC Speak-Up Line” to report
simply, anonymously and securely any misconduct especially violations of applicable laws, internal policies and
procedures including the MSC Code of Business Conduct, Anti-fraud Policy, Anti-bribery policy etc.

The reporting tool, which complements existing reporting procedures, will be accessible from the following website
(https://mscspeakupline.com/index.php). For Data protection reasons, please copy and paste this link to your web
browser to have access to the MSC Speak-Up Line.

Developed by an independent third party called EQS Integrity Lines, the platform is easy to use and secure. It
guarantees employee anonymity, in line with legal requirements, unless the reporters decide to disclose their
identity, or if this is not permitted by applicable laws.

Compliance is a key element of MSC’s commitment to undertaking business in a fair, ethical and responsible
manner.

The tool is designed for reporting serious misconducts and violations of laws. It is not intended to address day-to-
day management of the workplace.

Every report will be handled confidentially and investigated by authorized and entrusted personnel in Geneva.
There will be no retaliation measures against any employee making a report in good faith.

In case of questions please contact MSC Geneva Corporate Legal Compliance Team (ethic@msc.com).

Thank you and best regards.

MSC MEDITERRANEAN SHIPPING COMPANY SA msc.com

12-14 Chemin Rieu CH-1208 Geneva, Switzerland
T: +41 22 703 8888 E: info@msc.com Page 1 of 1
 PERSONAL DATA PRIVACY POLICY Coordinators.
Personal Data means any information or data that relates to an
INTRODUCTION
identified or identifiable natural person. Personal Data is each piece of
The MSC SHIPMANAGAMENT LIMITED (hereafter the “MSCSMCY”) is information related to such person, regardless of the form in which it is
committed to all aspects of personal data protection and takes seriously expressed and the format of the information (storage media, paper,
its duties, and the duties of its employees, under the European Union tape, film, electronic media, etc.). For the purpose of this Policy, legal
General Data Protection Regulation. MSC SHIPMANAGEMENT LIMITED entities shall be excluded of its scope, unless otherwise provided under
needs to gather and use information about individuals. These include local data protection law.
employees, clients, suppliers, business contacts, contractors, candidates
Personal Data covers any information that relates to an identifiable
and other people.
person. There are different ways in which a person can be considered
This policy ensures that MSCSMCY and its employees on shore, ‘identifiable'. A person's full name is a direct identifier. Other combined
onboard, subsidiaries and agencies offices information may also be sufficient to identify a person.
 Comply with the European Union General Data Protection Sensitive Personal Data means any Personal Data related to:
Regulation and follow good privacy practices
 racial or ethnic origin;
 Protect the confidentiality and security of personal data
 religious or philosophical beliefs;
 Protect the privacy rights of individuals
 political opinions or activities;
 Properly collects, stores, handles and destroys personal data
 trade union activities;
 Protect itself from the risks of data breach
 physical or mental health;
This policy supports the adoption all the technical and organizational
measures necessary to prevent the loss, misuse, alteration,  genetic or biometric data;
unauthorized access, and theft of the personal data provided, taking  administrative and criminal proceedings and sanctions; or
into account the technological state, the nature of the personal data, the creation or use of personality profile which enables the assessment
and the risks to which is exposed. of the essential characteristics of the personality of a Data Subject.
POLICY SCOPE Process or Processing or Processed means any operation or set of
operations which is performed on Personal Data or on sets of Personal
This policy applies to:
Data, whether or not by automated means, such as collection,
 MSCSMCY, its subsidiaries and crewing agencies network recording, organisation, structuring, storage, adaptation or alteration,
 All employees, job candidates, contractors, suppliers and other retrieval, consultation, use, disclosure by transmission, dissemination or
people working for and on behalf of MSCSMCY otherwise making available, alignment or combination, restriction,
Any relevant parties associated to the organization's handling of erasure or destruction
personal data. Sub-processing means a Processing carried out by any Subprocessor
CONFLICT OF LAWS Sub-processor means any company or natural person engaged by a
The Policy applies recognised international data protection principles Data Processor, or by any other Subprocessor, which agrees to receive
but does not replace the local laws which must always be complied with from such Data Processor or Subprocessor, Personal Data exclusively
by Agencies and Employees. These laws may have different intended for the Processing to be carried out on behalf of the Data
requirements than this Policy. Controller in accordance with its instructions and a written agreement.
In case of absence of local law, the Policy shall constitute the legal DATA PROTECTION OFFICER (D.P.O)
framework for the concerned Agency. The organization's data protection officer is responsible for the
If an Agency has reason to believe that any local applicable law or management and monitoring this policy. If employees have any
regulation will prevent it from implementing this Policy, it shall questions about data protection in general, this policy or their
immediately report this conflict to the Compliance Team. In such event, obligations under it, they should direct them to D.P.O , contable by
MSCSMCY will provide guidance to the Agency in order to reach a email on dpo@mscsmcy.com.
businesslike solution that safeguards MSCSMCY's interests and complies The role of a company D.P.O is also to inform the company about its
with applicable data protection laws and regulations. compliance with the GDPR, monitor its compliance and be the first
DEFINITIONS point of contact with the ICO (Information Commisioner's Office) and
MSCSMCY means MSC Shipmanagement Limited, its subsidiaries and other supervisory bodies. The D.P.O will report to the highest
agencies network management level of the company and he is allowed to operate
MSC Shipmanagement means MSC Shipmanagement Limited having independently with adequate resources and with no internal/external
its registered office at MSC HOUSE, 8 Spyrou Kyprianou Avenue, 3070 interference which may result in being penalised or dismissal for
Limassol,Cyprus performing the allotted task.
Subsidiaries means crew management companies including, but not DATA PROTECTION COORDINATOR (D.P.C)
limited to, MSC Crewing Services LLC Odessa, MSC Crewing Services Data Protection Coordinator should (1) report directly to the Managing
India Private Ltd, MSC Crewing Services Philippines Inc. Director or the person(s) designated by them, (2) be the focal point of
Agencies means crew management companies with whom MSCSMCY the Compliance Team and (3) implement any of its instructions as well
has crew management agreements as all other MSCSMCY's and MSC data protection policies. As deem
appropriate, the Compliance Team may approve the appointment of a
Data Breach means a breach of security leading to the accidental or
Data Protection Coordinator in charge of multiple Agencies.
illegal destruction, loss, alteration, unauthorized disclosure of or access
to Personal Data, notably when transferred to another country, or to The Data Protection Coordinator is in charge of implementing the
any other illegal means of Processing. Principles within their Agency, by putting in place day to day good
practices and procedures and taking all necessary steps to ensure
Data Controller means a company or a natural person which, alone or
compliance with this Policy and applicable data protection laws and
jointly with others, determines the purposes and means of the
regulations, contactable by email on dpc@mscsmcy.com
Processing of Personal Data.
Therefore, the Data Protection Coordinator shall notably:
Data Processor means a company or a natural person which processes
Personal Data on behalf of the Data Controller in accordance with its  maintain a register listing the data processing's carried out in
instructions and a written agreement. their Agencies;
Data Protection Coordinator means the person in charge of  train and raise awareness according to Compliance Team
instructions;
addressing data protection issues at Agency level and of monitoring and
reporting to the Compliance Team such issues.  be a direct point of contact for Employees and Data Subjects in
relation to the Policy;
Data Subject(s) means any natural person who is the subject of the
 inform, receive instructions from and provide all necessary
Personal Data.
support to the Compliance Team to address enquiries from Data
Employees means MSCSMCY's and Agencies' employees, Subjects in relation to their data protection rights; and
representatives, officers, and directors, including Data Protection
PERSONAL DATA PRIVACY POLICY Page 1 of 4
  inform, receive instructions from and provide all necessary The Company considers that the following personal data falls within
support to the Compliance Team to address requests from data the categories set out above:
protection supervisory authorities.  personal details including name, address, age, status and
DATA PROTECTION PRINCIPLES qualifications. Where specific monitoring systems are in place,
At each stage of the Personal Data lifecycle, MSCSMCY is committed to ethnic origin and nationality will also be deemed as relevant
Process Personal Data in its possession in compliance with applicable  references and CVs
data protection laws and regulations and all the following core  emergency contact details
principles (hereafter the “Principles”). As such, each Employee shall (1)  notes on discussions between management and the employee
be aware of their responsibilities and obligations with respect to
 appraisals and documents relating to grievance, discipline,
Personal Data and confidentiality, and (2) follow the Compliance Team promotion, demotion or termination of employment
and the Agency Data Protection Coordinators' instructions.
 training records
The Principles cover on the one hand the collection and use of the
 salary, benefits and bank/building society details
Personal Data and on the other hand the management of such data.
 absence and sickness information
Principles for the collection and use of a personal data
THE USE OF PERSONAL INFORMATION
The collection of use of Personal Data shall be carried out: The General Data Protection Regulation applies to personal
 lawfully, fairly, and on legitimate grounds information that is "processed". This includes obtaining personal
information, retaining and using it, allowing it to be accessed, disclosing
 transparently with respect to information obligations it and, finally, disposing of it.
 for specific, explicit and legitimate purposes and not further Processing is defined as any operation performed on personal data
Processed in a manner which is incompatible with those
purposes including automated means.
 for adequate, relevant and limited period of time and to what is This include:
necessary in relation to the aforementioned purposes  Collection
 in a manner that ensures appropriate security of the Personal  Recording
Data, including protection against unauthorised or unlawful  Organisation
Processing and against accidental loss, destruction or damage,  Structuring
using appropriate technical or organisational measures
 Storage
 in a way that Data Subjects will not suffer adverse effect unless
such use is authorized by applicable laws.  Adaptation or alteration
Principles for the management of personal data  Retrieval
 Consultation
 Personal Data shall be:  Use
 kept accurate, complete and, where necessary, up to date.  Disclosure by transmission, dissemination, or otherwise making
 retained no longer than necessary to fulfil the purpose(s) for available.
which such data have been collected unless otherwise required  Alignment or combination
by applicable laws, and where applicable always strictly in
accordance with the data protection notice or the consent form  Restriction
delivered to the Data Subject  Erasure or destruction
 tracked throughout its lifecycle, ensuring when required that the
different processing actions performed are appropriately This personal data can be received from a variety of sources which in
documented order to be GDPR compliant is important to monitor the incoming
 disclosed or shared to third parties only on a “need to know channels of data. These sources can include:
basis” and in line with the purpose(s) for which the data was  Applicants for employment
collected, unless otherwise required by the applicable law(s)
 Employees including access via portals
 transferred across borders only based on a legitimate
justification, fulfilling applicable legal requirements and after  Clients / Vendors
having consulted the Data Protection Coordinator to ensure that  Contractors / Sub-contractors
such transfers are documented, legitimate and lawful.  Port Agents
Personal information covered by this policy can be stored:  Doctors and Clinics
 electronically such as on computers and servers, and  Manning / Crewing Agencies
 physically as part of a filing system, such as records on paper and  Ship managers
indexed in a well- structured cabinet.  Governments
Personal Data relating to employees may be collected primarily for the  Insurers
purposes of:  Other companies
 Institutions in third countries
 Recruitment, promotion, training, redeployment and/or career
development GENERAL CONTROLS FOR PERSONAL DATA PROTECTION
 Administration and payment of wages MSCSMCY will protect personal data based on the following
 Calculation of certain benefits including pensions controls:
 Disciplinary or performance management purposes  personal data will not be transferred outside the European
 Performance review Economic Area without explicit consent of the individual
 Recording of communication with employees and their involved;
representatives  generally accepted standard of technology and data security will
 Compliance with legislations be implementing to prevent data loss, misuse, authorized
alteration and/or destruction;
 Provision of references to financial institutions, to facilitate entry
onto educational courses and/or to assist future potential  personal data will be transferred by secure systems;
employers  individuals affected by any personal data breach will be
 Staffing levels and career planning promptly notified if the event might create a serious risk;
 Training which means classroom, e-learning or any other means  hard copies of personal information will be locked at filing
cabinets accessible only by authorized personnel.
 Marketing or company's promotion purposes only after
obtaining your specific consent for EMPLOYEES' OBLIGATION REGARDING PERSONAL INFORMATION
 such activity If an employee acquires any personal information in the course of

PERSONAL DATA PRIVACY POLICY Page 2 of 4

his/her duties, he/she must ensure that:
 the information is accurate and up to date, insofar as it is
practicable to do so;
 the use of the information is necessary for a relevant purpose
and that it is not kept longer than necessary; and
 the information is secure.
Personal data should not be disclosed to unauthorized people, either
within the company or externally. In particular, an employee should
ensure that he/she:
 uses password-protected and encrypted software for the
transmission and receipt of emails;
 sends fax transmissions to a direct fax where possible and with a
secure cover sheet;
 requests access to confidential information from their line
managers; and
 locks files in a secure cabinet.
Data should be regularly reviewed and updated if it is found to be out
of date. If no longer required, it should be deleted and disposed of.
Where information is disposed of, employees should ensure that it is
destroyed. This may involve the permanent removal of the information
from the server, so that it does not remain in an employee's inbox or
trash folder. Hard copies of information may need to be confidentially
shredded. Employees should be careful to ensure that information is
not disposed of in a recycle bin.
If an employee acquires any personal information in error by whatever
means, he/she shall inform the data protection coordinator (D.P.C.)
immediately and, if it is not necessary for him/her to retain that
information, arrange for it to be handled by the appropriate individual
within the organization.
Where an employee is required to disclose personal data to any other
country, he/she must ensure first that there are adequate safeguards
for the protection of data in the host country. For further guidance on
the transfer of personal data outside Cyprus, please refer to the data
protection coordinator (D.P.C.)
An employee must not take any personal information away from the
organization's premises (save in circumstances where he/she has
obtained the prior consent of the data protection officer to do so).
If an employee is in any doubt about what he/she may or may not do
with personal information, he/she should seek advice from the data
protection officer. If he/she cannot get in touch with the data
protection officer, he/she should not disclose the information
concerned.
RESPONSIBILITIES
All employees who works for or with MSCSMCY has the responsibility
for ensuring personal data is collected, stored and handled in line with
this policy and data protection principles.
The board of directors is ultimately responsible for ensuring that
MSCSMCY meets its legal obligations under GDPR.
The I.T. Department, is responsible for:
 ensuring all systems, services and equipment used for storing
data meet acceptable security standards
 performing regular checks and scans to ensure security
hardware and software is functioning properly
 evaluating any third-party services the company is considering
using to store or process data. For instance, cloud computing
services
DATA STORAGE
The rules in this policy describe how and where personal data should
be safely stored. Questions about storing data safely can be directed to
the Data Protection Officer.
These guidelines also apply to data that is usually stored electronically
but has been printed out for some reason:
 when not required, the paper or files should be kept in a locked
drawer or filing cabinet;
 employees should make sure paper and printouts are not left
where unauthorized people could access them; and
 data printouts should be shredded and disposed of securely
when no longer required
When data is stored electronically, it must be protected from
unauthorized access, accidental deletion and malicious hacking
attempts:
PERSONAL DATA PRIVACY POLICY
 personal data should only be stored on designated drives and
servers, and should only be uploaded to an approved cloud
computing services.
 personal data should never be saved directly to laptops or other
mobile devices like tablets or smart phones.
 personal data should be protected by strong passwords that are
changed regularly and never shared between employees.
 data should not be stored on removable media (USB drives, CD,
personal hard disks or DVD)
 servers containing personal data should be sited in a secure
location
 data should be backed up frequently and tested regularly
according to the backup procedures
 all servers and computers containing personal data should be
protected by approved security software and a firewall.
Encrypting data whilst it is being stored (e.g. on a laptop, mobile, USB
or back-up media, databases and file servers) provides effective
protection against unauthorised or unlawful processing. It is especially
effective to protect data against unauthorised access if the device
storing the encrypted data is lost or stolen. MSCSMCY operating
systems have full disk encryption built in, which will encrypt the entire
contents of the drive. The data is decrypted when the user accesses the
device.
The company as a Data Controller requires from users to provide
username/password or setting a PIN in order to access the device.
Passwords used to decrypt the hard disk or for access control are
sufficiently complex in order to provide an appropriate level of
protection.
MSCSMCY encrypts files in individually, or place groups of files within
encrypted containers. In the event of loss or theft of the device an
attacker might gain access to the device and to some data but not to
the encrypted files.
All the software applications and databases of MSCSMCY are
configured to store data in an encrypted form. Based on this the
application controls the encryption so can access the keys when needed
without relying on the underlying IT infrastructure. When data is shared
between applications then processes are required to share keys
securely.
DATA USE
Personal data is of no value to MSCSMCY unless the business can make
use of it. However, it is when personal data is accessed and used that it
can be at the greatest risk of loss, corruption or theft:
 employees should ensure the screens of their computers are
always locked when left unattended;
 personal data should not be sent by email;
 personal data must be encrypted before being transferred
electronically;
Personal data should never be transferred outside of the European
Economic Area except for the approved company business by
authorized employees only; and employees should not save copies of
personal data to their own computers.
DATA ACCURACY
The law requires MSCSMCY to take reasonable steps to ensure data is
kept accurate and up to date. The more important it is that the personal
data is accurate, the greater the effort should put into ensuring its
accuracy.
It is the responsibility of all employees who work with data to take
reasonable steps to ensure it is kept as accurate and up to date as
possible.
 personal data will be held in as few places as necessary;
 employees should not create any unnecessary additional data
sets;
 employees should take every opportunity to ensure data is
updated;
 and data should be updated as inaccuracies are discovered.
DATA SUBJECT ACCESS REQUESTS
The organization will inform each employee of:
 the types of information that it keeps about him/her;
 the purpose for which it is used; and
 the types of organization that it may be passed to, unless this is
self evident (for example, it may be self evident that an
Page 3 of 4
 employee's national insurance number is given to).
An employee has the right to access information kept about him/her
by the organization, including personnel files, sickness records,
disciplinary or training records, appraisal or performance review notes,
emails in which the employee is the focus of the email and documents
that are about the employee.
The data protection officer (D.P.O.) is responsible for dealing with data
subject access requests.
MSCSMCY may not charge for allowing employees access to
information about them however reserves the right to review this if
there are repeated requests. The organization will respond to any data
subject access request within 30 calendar days.
MSCSMCY will allow the employee access to hard copies of any
personal information. However, if this involves a disproportionate effort
on the part of the organization, the employee shall be invited to view
the information on-screen or inspect the original documentation at a
place and time to be agreed by the organization.
MSCSMCY may reserve its right to withhold the employee's right to
access data where any statutory exemptions apply.
Where a request is received by staff covering any of the GDPR Data
Subject Rights the request must be passed to the Data Protection
Officer immediately.
The request must be forwarded to dpo@mscsmcy.com. If the request
was made over the phone then as much information as possible
regarding what was requested must be typed into an email and sent to
the Data Protection Officer immediately. If the request is received in a
postal letter, this can either be scanned and sent to the Data Protection
Officer by email, or the hardcopy taken to the Data Protection officer
immediately.
RIGHTS OF DATA SUBJECT
RIGHT TO ERASURE
This Right is also known as the ‘Right to be Forgotten'. It enables Data
Subjects to request the deletion or removal of personal data where
there is no compelling reason for its continued processing by the Data
Controller. The Right to Erasure applies in the following circumstances:
 The personal data is no longer necessary in relation to the
purpose for which it was originally collected
 The processing was based on consent, and the Data Subject has
now withdrawn their consent
 The Data Subject objects to processing and there is no overriding
legitimate interest of the Data Controller
 The data was being unlawfully processed
 The data must be erased to comply with a legal obligation
RIGHT TO RESTRICT PROCESSING
When this Right is exercised MSCSMCY is permitted to store the
personal data but not further process it. Restricted information about
the individual may be retained to ensure that the restriction is
respected in the future.
The Right to Restrict Processing applies in the following circumstances:
When a Data Subject contests the accuracy of their personal data, then
processing should be restricted to storage only until accuracy is verified
When a Data Subject objects to processing which is being carried out
for the reason of performance of a task in the public interest, or for the
legitimate interests of the Data Controller, then the Data Controller
must restrict processing to storage only whilst they consider whether
their legitimate grounds override the Rights and freedoms of the
individual.
When processing is unlawful and a Data Subject opposes erasure and
requests restriction to storage instead.
When the Data Controller no longer needs the personal data but the
Data Subject requires it for the purpose of a legal claim.
RIGHT TO PORTABILITY
This Right allows individuals to obtain and reuse their personal data for
their own purposes across different services. It allows the individual to
move, copy or transfer personal data easily from one IT environment to
another in a safe and secure way in a common data format, for
example, Excel or CSV file.
The Right to Data Portability applies in the following circumstances:
 When the personal data was provided to the controller directly
by the Data Subject
PERSONAL DATA PRIVACY POLICY
 Where the processing is based on consent or performance of a
contract
 When processing is carried out by automated means
RIGHT TO OBJECT TO
Individuals have the right to object to:
 Processing based on legitimate interest or performance of a task
in the public interest/exercise of official authority (including
profiling)
 Direct marketing (including profiling)
 Processing for the purposes of scientific/historical research and
statistics
CORRECTION, UPDATING AND DELETION OF DATA
MSCSMCY has a system in place that enables employees to check their
personal information on a regular basis so that they can correct, delete
or update any data. If an employee becomes aware that the
organization holds any inaccurate, irrelevant or out-of-date information
about him/her, he/she must notify the data protection officer
immediately and provide any necessary corrections and/or updates to
the information.
MONITORING
MSCSMCY may monitor employees and premises visitors by various
means including, but not limited to, recording activities on CCTV,
checking emails, checking business laptops/computers, listening to
voicemails and monitoring telephone conversations. If this is the case,
the organization will inform the employee that monitoring is taking
place, how data is being collected, how the data will be securely
processed and the purpose for which the data will be used. The
employee will usually be entitled to be given any data that has been
collected about him/her. MSCSMCY will not retain such data for any
longer than is absolutely necessary.
In exceptional circumstances, the organization may use monitoring
covertly. This may be appropriate where there is, or could potentially
be, damage caused to the organization by the activity being monitored
and where the information cannot be obtained effectively by any non-
intrusive means (for example, where an employee is suspected of
stealing property belonging to the organization). Covert monitoring will
take place only with the approval of the data protection officer (D.P.O)
if permissible under law.
REVIEW OF PROCEDURES AND TRAINING
MSCSMCY will provide training to all employees on data protection
matters on induction and on a regular basis thereafter. If an employee
considers that he/she would benefit from refresher training, he/she
should contact the data protection coordinator (D.P.C.)
The organization will review and ensure compliance with this policy at
regular intervals.
CONSEQUENCES OF NON-COMPLIANCE
All employees are under an obligation to ensure that they have regard
to the data protection principles when accessing, using or disposing of
personal information. Failure to observe the data protection principles
within this policy may result in an employee incurring personal criminal
liability. It may also result in disciplinary action up to and including
dismissal. For example, if an employee accesses another employee's
employment records without the requisite authority, the organization
will treat this as gross misconduct and instigate its disciplinary
procedures. Such gross misconduct will also constitute a criminal
offence.
Page 4 of 4
 PRIVACY NOTICE on file, we will hold your data on file or a further 6 (six) months for
As part of any recruitment process, MSCSMCY (hereafter the consideration for future employment opportunities. At the end of that
“MSCSMCY”) collects and processes personal data relating to job period, or once you withdraw your consent, your data is deleted or
applicants. The organisation is committed to being transparent about destroyed. You will be asked when you submit your CV whether you give
how it collects and uses that data and to meeting its data protection us consent to hold your details for the full 12 months in order to be
obligations considered for other positions or not.
WHAT INFORMATION DO WE COLLECT? If your application for employment is successful, personal data gathered
during the recruitment process will be transferred to your Human
MSCSMCY collects a range of information about you. This includes:
Resources file (electronic and paper based) and retained during your
 your name, address and contact details, including email address and
employment. The periods for which your data will be held will be
telephone number;
provided to you in a new privacy notice.
 details of your qualifications, skills, experience and employment
history; YOUR RIGHTS
 information about your current level of remuneration, including As a data subject, you have a number of rights. You can:
benefit entitlements;  access and obtain a copy of your data on request;
 whether or not you have a disability for which the organisation needs  require the organisation to change incorrect or incomplete data;
to make reasonable adjustments during the recruitment process;  require the organisation to delete or stop processing your data, for
 information about your entitlement to work in the Cyprus. example where the data is no longer necessary for the purposes of
MSCSMCY may collect this information in a variety of ways. For processing;
example, data might be contained in application forms, CVs or resumes,  and object to the processing of your data where MSCSMCY is relying
obtained from your passport or other identity documents, or collected on its legitimate interests as the legal ground for processing.
through interviews or other forms of assessment.  If you would like to exercise any of these rights, please contact
We may also collect personal data about you from third parties, such as gdpr@mscsmcy.com.
references supplied by former employers. We will seek information from  MSCSMCY is committed, as data controller, to protect your personal
third parties only once a job offer to you has been made and will inform data when using/accessing files and software applications.
you that we are doing so.  Your personal data will be collected and processed for specific
Data will be stored in a range of different places, including on your reasons by the authorized people listed below:
application record, in HR management systems and on other IT systems  HR DEPARTMENT
(including email).  PERSONNEL DEPARTMENT
WHY DOES MSCSMCY PROCESS PERSONAL DATA?  ACCOUNTS DEPARTMENT
We need to process data to take steps at your request prior to entering  GROUP LEARNING & ORGANISATIONAL DEVELOPEMENT,
into a contract with you. We may also need to process your data to enter SUSTAINABILITY & SUPPORT SERVICES
into a contract with you.  TRAVEL
In some cases, we need to process data to ensure that we are  FLEET PERFORMANCE
complying with its legal obligations. The data concerned are:
MSCSMCY has a legitimate interest in processing personal data during  Biographical information or current living situation, including dates of
the recruitment process and for keeping records of the process. birth, Social Security numbers, phone numbers and email addresses.
Processing data from job applicants allows us to manage the recruitment  Looks, appearance and behaviour, including eye colour, weight and
process, assess and confirm a candidate's suitability for employment and character traits.
decide to whom to offer a job. We may also need to process data from  Workplace data and information about education, including salary,
job applicants to respond to and defend against legal claims. tax information and tax/social insurance numbers.
MSCSMCY may process special categories of data, such as information  Private and subjective data, including religion, political opinions and
about ethnic origin, sexual orientation or religion or belief, to monitor geo-tracking data.
recruitment statistics. We may also collect information about whether or  Health, sickness and genetics, including medical history, genetic data
not applicants are disabled to make reasonable adjustments for and information about sick leave.
candidates who have a disability. We process such information to carry CONSENT
out its obligations and exercise specific rights in relation to employment. By consenting to this privacy notice you are giving us the permission to
If your application is unsuccessful, MSCSMCY may keep your personal process your personal date specifically for the purposes identified.
data on file in case there are future employment opportunities for which Consent is required for MSCSMCY to process both types of personal data,
you may be suited. We will ask for your consent before it keeps your data but must it must be explicitly given. Where we are asking you for sensitive
for this purpose and you are free to withdraw your consent at any time. personal data we will always tell you why and how the information will be
WHO HAS ACCESS TO DATA? used.
Your information may be shared internally for the purposes of the You may withdraw consent at any time.
recruitment exercise. This includes members of the HR and recruitment
team, interviewers involved in the recruitment process, managers in the
business area with a vacancy and IT staff if access to the data is necessary
for the performance of their roles.
We will not share your data with third parties, unless your application
for employment is successful and we make you an offer of employment.
We will then share your data with former employers to obtain references
for you, employment background check providers to obtain necessary
background checks.
HOW DOES MSCSMCY PROTECT DATA?
We take the security of your data seriously. We have internal policies
and controls in place to ensure that your data is not lost, accidentally
destroyed, misused or disclosed, and is not accessed except by our
employees in the proper performance of their duties.
FOR HOW LONG DOES MSCSMCY KEEP DATA?
If your application for employment is unsuccessful, the organisation will
hold your data on file for 6 (six) months after the end of the relevant
recruitment process. If you agree to allow us to keep your personal data

PRIVACY NOTICE Page 1 of 1

 respective MSC Crewing Services and/or the Management of MSC
DECLARATION FOR ANTI-DRUG TRAFFICKING
Shipmanagement Limited, Cyprus (Phone number +357
DECLARATION BY THE CREW MEMBER JOINING VESSELS MANAGED
97772075/99681757), MSC Geneva Security department (Phone +41
BY MSC SHIPMANAGEMENT LIMITED WITH THEIR PLEDGE TO ABIDE
227038888) details of the unlawful acts. Such information should be
BY MSC GROUP POLICY FOR PREVENTION OF DRUG SMUGGLING ON passed by using any convenient traceable communication means
BOARD ITS VESSELS AND THE VOLUNTARY DENOUNCING BY THE
available, such as telephone calls, emails, SMS, smart phone
SEASTAFF SERVING ON MSC OPERATED VESSELS, OF UNLAWFUL/ photographs etc. or, ideally, by using the dedicated email address:
ILLEGAL ACTIVITIES PERPETRATED ON BOARD BY ANY MEMBER OF
wbp@mscsmcy.com . The Company undertakes to keep, upon
THE COMPLEMENT.
request, the identity of the denouncing crew member strictly
MSC is a Company founded on strong values and the Company
confidential, in which case any rewards due will be paid directly into
strives to ensure that her reputation in the market remains at all
the account of the person concerned with the Company. The
times at the highest possible level and that her relations with her
Company also undertakes to maintain a policy of non-retaliation
clients and the authorities of all countries remain excellent and against such denouncing crewmembers. The Company will pay to the
therefore any act direct or indirect related to possession, smuggling
denouncing crew member, an award of USD Fifty Thousand Dollars
or supporting any related activities for drug trafficking will be
(USD 50,000) for each proven unlawful act denounced as described
considered by the Company as Barratry (= willful fraud by a Master or
above in which the perpetrator(s) is (are) identified.
the crew at the expense of the owner/operator of the ship or its
cargo) and will be treated as such. MSC has undertaken various
measures to prevent any kind of drug trafficking and some of these
measure include; employing external security guards on board ships
during port stay in concerned ports, security guards on board during
navigation between sensitive ports, use of dogs for drug search in
ports, diving inspection of vessels in case of any concern etc. These
security guards will be authorized by the MSC to inspect any and all
areas of the ship without any notice and this includes cabins and
personal belongings of any crew member. Any non-compliance or
non-cooperation will immediate attract disciplinary measures leading
to dismissal and reporting to authorities.
PLEDGE
I Rudhinkrishna Pottayil Suresh ,
employed with MSC Shipmanagement Limited in the rank of
Electrical Officer am fully aware of the enormous
degree of trust that the Company has shown in me by providing me
with an employment and I undertake to reciprocate on my part by
diligently executing all the duties assigned to me, following Company
procedures and protecting ship’s property and Company reputation. I
am aware of the fact that any kind of involvement in possession,
smuggling or trafficking of drugs either by direct involvement or
simply be aware that another crew member is involved, is a serious
criminal act and Company will immediately notify concerned
authorities and my employment will be terminated immediately and
Company will have no obligation to support me. I fully understand
that in most of the countries the punishment for such offense would
be life imprisonment besides other actions that may be undertaken
by the authorities.
I, hereby declare that I will not indulge in any such activity during
my tenure on board during my employment contract. I agree to
indemnify MSC Shipmanagement Limited from their responsibility to
rendering assistance to me in such a case and also agreed that any
penalty, damage or other costs incurred by the Company due to
above mention actions on my part will be fully
reimbursed/compensated by me to the Company.
REWARD OF USD FIFTY THOUSAND DOLLARS
(US $ 50,000) BY MSC TO THE CREW MEMBER:
I have been made aware of the Company policy to reward those,
law abiding, members of the crew who will voluntarily denounce any
such practices to the MSC by informing the Management of the

DECLARATION FOR ANTI-DRUG TRAFFICKING Page 1 of 1

 DECLARATION AND AWARENESS FOR COMPANY criminal justice in their own country of origin and to recover from them
the street value of any stolen cargoes and the amounts of Customs fines
WHISTLE BLOWER POLICY
and penalties imposed to the Company as a result of their acts.
DECLARATION BY THE CREW MEMBER JOINING VESSELS MANAGED BY
MSC SHIPMANAGEMENT LIMITED WITH THEIR PLEDGE TO ABIDE BY MSC PLEDGE
GROUP POLICY FOR PREVENTION OF DRUG SMUGGLING ON BOARD ITS I Rudhinkrishna Pottayil Suresh ,
VESSELS AND THE VOLUNTARY DENOUNCING BY THE SEASTAFF SERVING employed with MSC Shipmanagement Limited in the rank of
ON MSC OPERATED VESSELS, OF UNLAWFUL / ILLEGAL ACTIVITIES Electrical Officer am fully aware of the enormous
PERPETRATED ON BOARD BY ANY MEMBER OF THE COMPLEMENT. degree of trust that the Company has shown in me by providing me with
MSC is a Company founded on strong values and the Company strives an employment and I undertake to reciprocate on my part by diligently
to ensure that her reputation in the market remains at all times at the executing all the duties assigned to me, following Company procedures
highest possible level and that her relations with her clients and the and protecting ship’s property and Company reputation. I am aware of
authorities of all countries remain excellent. It has come to the attention the fact that any kind of involvement in any unlawful acts either by direct
of the Company that, on some occasions, sea staff serving on board her involvement or simply be aware that another crew member is involved, is
operated vessels has committed acts infringing the word and spirit of a serious offense and Company will immediately take disciplinary action
their employment contracts, violating the law and being contrary to the and or notify concerned authorities as appropriate and my employment
customary exercise of professional maritime practice and therefore such will be terminated immediately and Company will have no obligation to
acts will be considered by the Company as Barratry (= willful fraud by a support me. I fully understand that in the punishment for such offense
Master or the crew at the expense of the owner of the ship or its cargo) would be quite strong besides other actions that may be undertaken by
and will be treated as such. the authorities.
Examples of such acts are, among others, as follows: I, hereby declare that I will not indulge in any such activity during my
1. Breaking into the cargo containers for the purpose of pilfering the tenure on board during my employment contract. I agree to indemnify
cargo. MSC Shipmanagement Limited from their responsibility to rendering
2. Removal of cargo from the containers and secretly hiding it in assistance to me in such a case and also agreed that any penalty, damage
places of the ship not destined for the stowage of cargo. or other costs incurred by the Company due to above mention actions on
3. Selling the stolen cargo to third parties for own profit, thus causing my part will be fully reimbursed/compensated by me to the company.
cargo claims against the owners of the ship. REWARD OF USD TWO THOUSAND FIVE HUNDRED
4. Selling property of the owners of the ship, such as fuel oil, sludge, DOLLARS (US $ 2,500) BY MSC TO THE CREW MEMBER:
equipment, spares, accessories or stores, for own profit. I have been made aware of the Company policy to reward those, law
5. Smuggling on board alcohol or bonded stores on for the purpose of abiding, members of the crew who will voluntarily denounce any such
reselling as contraband for own profit, or in violation of Company practices to the MSC by informing the Management of the respective
Zero Alcohol Policy. MSC Crewing Services and/or the Management of MSC Shipmanagement
6. Violation of Company MARPOL Policies with respect to bilge, sludge Limited, Cyprus (Phone number +357 97772075/99681757) and/or by
and garbage. email wbp@mscsmcy.com details of the unlawful acts. The Company will
In an effort to put an end to such practices the Company hereby pay to the denouncing crew member, an award of USD Two thousand five
establishes a policy, commonly known as “Whistle- Blower policy”. The hundred Dollars (USD 2,500) for each proven unlawful act denounced as
scheme will reward those, law abiding, members of the crew who will described above in which the perpetrator(s) is (are) identified.
voluntarily denounce any such practices to the Ship Owners by informing
the Management of the respective MSC Crewing Services and/or the
Management of MSC Ship Management Limited, Cyprus, details of the
unlawful acts. Such information should be passed by using any convenient
traceable communication means available, such as telephone calls
((Phone number +357 97772075/99681757), emails, SMS, smart phone
photographs etc. or, ideally, by using the dedicated email address:
wbp@mscsmcy.com . The Company undertakes to keep, upon request,
the identity of the denouncing crew member strictly confidential, in
which case any rewards due will be paid directly into the account of the
person concerned with the Company. The Company also undertakes to
maintain a policy of non-retaliation against such denouncing crew
members. The Company will pay to the denouncing crew member, for
each proven unlawful act denounced as described above in which the
perpetrator(s) is (are) identified, a reward in accordance with the
following schedule:
a) US$ 2,500 in respect of proof of breaking into each cargo
container.
b) US$ 2,500 in respect of identifying the location where the
stolen cargo has been secretly hidden.
c) US$ 2,500 in respect of proof regarding the selling of stolen
cargo.
d) US$ 2,500 in respect of proof of selling property of the ship per
item 4 hereof.
e) US$ 2,500 in respect of proof of customs contravention per
item 5 hereof.
f) US$ 2,500 in respect of proof of MARPOL violation per item 6
hereof.
The Company may, depending upon the severity of the case, inform the
facts and the identity of the perpetrators to the respective National
Seafarers’ Federation and reserves the right to pursue the perpetrators in

DECLARATION AND AWARENESS FOR COMPANY WHISTLE BLOWER POLICY Page 1 of 1

LAUNCH OF MSC SPEAK-UP LINE
Geneva, October 17, 2018

Dear all,

Consistent with MSC’s Values, the ability to speak-up is a cornerstone for building an open and accountable
workplace culture.

In this regard, MSC is making available worldwide a new online tool called “MSC Speak-Up Line” to report
simply, anonymously and securely any misconduct especially violations of applicable laws, internal policies and
procedures including the MSC Code of Business Conduct, Anti-fraud Policy, Anti-bribery policy etc.

The reporting tool, which complements existing reporting procedures, will be accessible from the following website
(https://mscspeakupline.com/index.php). For Data protection reasons, please copy and paste this link to your web
browser to have access to the MSC Speak-Up Line.

Developed by an independent third party called EQS Integrity Lines, the platform is easy to use and secure. It
guarantees employee anonymity, in line with legal requirements, unless the reporters decide to disclose their
identity, or if this is not permitted by applicable laws.

Compliance is a key element of MSC’s commitment to undertaking business in a fair, ethical and responsible
manner.

The tool is designed for reporting serious misconducts and violations of laws. It is not intended to address day-to-
day management of the workplace.

Every report will be handled confidentially and investigated by authorized and entrusted personnel in Geneva.
There will be no retaliation measures against any employee making a report in good faith.

In case of questions please contact MSC Geneva Corporate Legal Compliance Team (ethic@msc.com).

Thank you and best regards,

Diego Aponte

I acknowledge understanding

Rank Electrical Officer Date 11/03/2024

Name Rudhinkrishna Pottayil Suresh Signature

MSC MEDITERRANEAN SHIPPING COMPANY SA msc.com

12-14 Chemin Rieu CH-1208 Geneva, Switzerland
T: +41 22 703 8888 E: info@msc.com Page 1 of 1
 DECLARATION AND AWARENESS FOR COMPANY
WHISTLE BLOWER POLICY
DECLARATION BY THE CREW MEMBER JOINING VESSELS MANAGED BY
MSC SHIPMANAGEMENT LIMITED WITH THEIR PLEDGE TO ABIDE BY MSC
GROUP POLICY FOR PREVENTION OF DRUG SMUGGLING ON BOARD ITS
VESSELS AND THE VOLUNTARY DENOUNCING BY THE SEASTAFF SERVING
ON MSC OPERATED VESSELS, OF UNLAWFUL / ILLEGAL ACTIVITIES
PERPETRATED ON BOARD BY ANY MEMBER OF THE COMPLEMENT.
MSC is a Company founded on strong values and the Company strives
to ensure that her reputation in the market remains at all times at the
highest possible level and that her relations with her clients and the
authorities of all countries remain excellent. It has come to the attention
of the Company that, on some occasions, sea staff serving on board her
operated vessels has committed acts infringing the word and spirit of
their employment contracts, violating the law and being contrary to the
customary exercise of professional maritime practice and therefore such
acts will be considered by the Company as Barratry (= willful fraud by a
Master or the crew at the expense of the owner of the ship or its cargo)
and will be treated as such.
Examples of such acts are, among others, as follows:
1. Breaking into the cargo containers for the purpose of pilfering the
cargo.
2. Removal of cargo from the containers and secretly hiding it in
places of the ship not destined for the stowage of cargo.
3. Selling the stolen cargo to third parties for own profit, thus causing
cargo claims against the owners of the ship.
4. Selling property of the owners of the ship, such as fuel oil, sludge,
equipment, spares, accessories or stores, for own profit.
5. Smuggling on board alcohol or bonded stores on for the purpose of
reselling as contraband for own profit, or in violation of Company
Zero Alcohol Policy.
6. Violation of Company MARPOL Policies with respect to bilge, sludge
and garbage.
In an effort to put an end to such practices the Company hereby
establishes a policy, commonly known as “Whistle- Blower policy”. The
scheme will reward those, law abiding, members of the crew who will
voluntarily denounce any such practices to the Ship Owners by informing
the Management of the respective MSC Crewing Services and/or the
Management of MSC Ship Management Limited, Cyprus, details of the
unlawful acts. Such information should be passed by using any convenient
traceable communication means available, such as telephone calls
((Phone number +357 97772075/99681757), emails, SMS, smart phone
photographs etc. or, ideally, by using the dedicated email address:
wbp@mscsmcy.com . The Company undertakes to keep, upon request,
the identity of the denouncing crew member strictly confidential, in
which case any rewards due will be paid directly into the account of the
person concerned with the Company. The Company also undertakes to
maintain a policy of non-retaliation against such denouncing crew
members. The Company will pay to the denouncing crew member, for
each proven unlawful act denounced as described above in which the
perpetrator(s) is (are) identified, a reward in accordance with the
following schedule:
a) US$ 2,500 in respect of proof of breaking into each cargo
container.
b) US$ 2,500 in respect of identifying the location where the
stolen cargo has been secretly hidden.
c) US$ 2,500 in respect of proof regarding the selling of stolen
cargo.
d) US$ 2,500 in respect of proof of selling property of the ship per
item 4 hereof.
e) US$ 2,500 in respect of proof of customs contravention per
item 5 hereof.
f) US$ 2,500 in respect of proof of MARPOL violation per item 6
hereof.
The Company may, depending upon the severity of the case, inform the
facts and the identity of the perpetrators to the respective National
Seafarers’ Federation and reserves the right to pursue the perpetrators in
DECLARATION AND AWARENESS FOR COMPANY WHISTLE BLOWER POLICY
criminal justice in their own country of origin and to recover from them
the street value of any stolen cargoes and the amounts of Customs fines
and penalties imposed to the Company as a result of their acts.
PLEDGE
I Rudhinkrishna Pottayil Suresh ,
employed with MSC Shipmanagement Limited in the rank of
Electrical Officer am fully aware of the enormous
degree of trust that the Company has shown in me by providing me with
an employment and I undertake to reciprocate on my part by diligently
executing all the duties assigned to me, following Company procedures
and protecting ship’s property and Company reputation. I am aware of
the fact that any kind of involvement in any unlawful acts either by direct
involvement or simply be aware that another crew member is involved, is
a serious offense and Company will immediately take disciplinary action
and or notify concerned authorities as appropriate and my employment
will be terminated immediately and Company will have no obligation to
support me. I fully understand that in the punishment for such offense
would be quite strong besides other actions that may be undertaken by
the authorities.
I, hereby declare that I will not indulge in any such activity during my
tenure on board during my employment contract. I agree to indemnify
MSC Shipmanagement Limited from their responsibility to rendering
assistance to me in such a case and also agreed that any penalty, damage
or other costs incurred by the Company due to above mention actions on
my part will be fully reimbursed/compensated by me to the company.
REWARD OF USD TWO THOUSAND FIVE HUNDRED
DOLLARS (US $ 2,500) BY MSC TO THE CREW MEMBER:
I have been made aware of the Company policy to reward those, law
abiding, members of the crew who will voluntarily denounce any such
practices to the MSC by informing the Management of the respective
MSC Crewing Services and/or the Management of MSC Shipmanagement
Limited, Cyprus (Phone number +357 97772075/99681757) and/or by
email wbp@mscsmcy.com details of the unlawful acts. The Company will
pay to the denouncing crew member, an award of USD Two thousand five
hundred Dollars (USD 2,500) for each proven unlawful act denounced as
described above in which the perpetrator(s) is (are) identified.
11/03/2024
DATE
Delhi
PLACE
Rudhinkrishna Pottayil Suresh
Electrical Officer
CREW MEMBER NAME, RANK AND SIGNATURE
COMPANY AUTHORIZED REPRESENTATIVE SIGNATURE
Page 1 of 1