This Privacy Notice is addressed to anybody being directly or indirectly in contact with the Company (as defined below). It explains why and how we collect your personal information (also called “personal data”), how we protect it and for how long we keep it for. Our intention is to keep your data safe and protected against loss and unauthorized disclosure or access. We treat your personal data strictly in compliance with applicable data protection legislation, in particular the General Data Protection Regulation 2016/679 of 27 April 2016 (hereinafter the “GDPR”) and the relevant national data protection legislation.

This Privacy Notice is made up in a Questions & Answer structure and must be read together with the Privacy Policy. Please read it carefully.
Please refer to if you have any questions.

1 Who will process your personal data?

Your personal data will be collected and processed by C.RO Ports or by the company you or anybody you are related to is in contact with, for example within the framework of a contract (hereinafter the “Company” and also referred to by “we”, “our” or “us”).
C.RO Ports means any company which from time to time will be part of the CLdN Lignes SA groups of companies including C.RO Ports Zeebrugge NV, C.RO Ports Nederland BV, C.RO Ports London Ltd, C.RO Ports Killingholme Ltd, C.RO Ports Sutton Bridge Ltd, C.RO Ports Dartford Ltd. and C.RO Ports Automotive Rotterdam BV.

This privacy notice is for you and you are referred to as “you” or “your”.

2 What is the purpose for the processing of your personal data?

The Company will hold and process your personal data in electronic, hard copy or automated form, for legitimate purposes. These purposes include but are not limited to:

 Execution of agreements, fulfil (pre)contractual obligations such as provision of a quotation, contractual-related data such as bank accounts, order numbers or invoices with contact information such as name and e-mail;
 Compliance with legal, regulatory and administrative obligations;
 Identity checks;
 Access to buildings / terminals / vessels;
 Health, safety and welfare purposes;
 Surveillance camera for property security and safety purposes;
 Dealing with incidents / accidents;
 Management and administration of customers and suppliers;
 Combating fraud and breaches;
 Dispute management including claims management;
 Law and criminal enforcement;
 Accounting;
 Monitoring at the workplace;
 Communication with you;
 Internal record keeping.

The Company only collects so-called special or sensitive categories of personal data (data which reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health, sex life or sexual orientation, criminal convictions or offences) in relation to the following purposes:

 Access control
 Law enforcement
 Insurance purposes and
 Fulfilling of statutory obligations such as passing on data to the public administration.

It is not possible for us to let you enter our premises or vessels without the use of your personal data. This could mean that you cannot exercise your duties and/or we cannot fulfil our legal obligations, for example regarding safety regulations.

3 What is the lawful basis for the processing of your personal data?

The Company will use your personal data on the following legal basis:

 It is necessary for the performance of our contract with you or your employer, agent, contracting party or other entity or person being related to you, directly or indirectly;
 It is necessary for the company to comply with its legal and regulatory obligations;
 The processing is necessary for the purposes of the legitimate interests pursued by the Company or those of someone else (except where your interest and rights override those interests). These legitimate interests include:

  • the operation of the Company’s business,
  • the protection of your, the Company’s or third party’s data:
    => network security and information systems security,
    => security of the data of employees, customers, suppliers and other business partners,
  • the prevention of fraud and abuse,
  • the transfer of personal data between relevant companies within the groups of companies for internal administrative purposes,
  • to keep you up to date with information about our services and products, and to respond to your queries.
Consent is usually not required.

The provision of most of your personal data is a legal or contractual obligation and is therefore a necessary condition to fulfil a contract. You are obliged to provide the data requested.
If you do not provide some of the requested personal data, the Company would not be able to comply with its legal obligations or the execution of the contract.
We will only process ‘special category data’ in specific cases. This would usually be in order to carry out the Company’s legal obligations.

4 Which categories of personal data will be processed?

Personal data include all information that relates to you or on the basis of which you can be identified. Anonymous data from which it is not possible to identify you is not therefore considered to be personal data. If you are a sole trader, all information about you is regarded as personal data.

The categories of personal data about you that will be processed by the Company depend on our relationship and are, if applicable:

 Standard information related to your identity (first name, family name, date of birth, place of birth, address) and other personal information that relates to your identity
 Signature
 Data related to your employer or the company contracting with us and you
 Contact details such as e-mail address and mobile/landline telephone numbers
 Education and employment information, e.g. certificates or professional activity, current job function
 Disciplinary and grievance information
 Number of ID document and national identification numbers
 Copies of identification or other official documents if legally required
 License plate
 Vehicle data including geo-position and vehicle identification data
 Remote diagnostics, repair and maintenance planning
 Badge number(s)
 Camera surveillance (CCTV)
 Photographs and video images
 Incident and accident registration and prevention
 Information related to the access to and use of portals such as username, IP address, PC name
 Financial and billing data such as bank account numbers or credit card numbers
 In exceptional circumstances details of your marital status, dependents and family  Biometric data for ID-purposes if lawful and in accordance with applicable legal requirements.

If you are an employee of or otherwise related to an organisation or company that has a direct contractual or indirect relationship with our Company (e.g. supplier, customer, customer of our customer, ... ), we will process your business data (e.g. business e-mail address, business phone number, ...) and personal data (e.g. surname, first name, ...) in the context of the execution of that relationship, legitimate interests like informing you on relevant issues and/or to fulfil legal obligations like accounting obligations.

5 Where do your personal data come from?

Most of your personal data is given to the Company by the contracting party of the Company. This can be your employer or a contractor you work for. It is usually the person who is in direct contact with the Company and has booked in our systems, for example.
Information can also be provided directly by you and/or collected by us. Some personal data can be collected when you are creating or using access to any (online) services provided by the Company.

6 Who will have access to your personal data?

Internal use
Your personal data will be accessed by the Company’s departments and related companies having a legitimate interest in using them. An example is the use by a ferry booking department and the port facilities. Another example is the registration of your visit to our office.

External use
Personal data may be communicated to and possibly processed by third parties in connection with your employment/occupation for the purposes set out above, such as:

 Port facilities management
 Security service providers such as gate security
 CCTV and photograph service providers
 Badge system providers
 The Company’s accountant
 The Company’s auditor
 Insurance brokers and insurance providers
 Company medical (insurance) providers
 Occupational health service providers
 Internet security providers
 Internal and external IT helpdesks
 Telephone, internet, tracking and other telecommunications providers
 Professional counsellors
 Inspection services and other government services
 Administrative and judicial authorities
 Other private companies in relation with the Company such as service providers performing services on behalf of the Company
 Platforms of customers, suppliers or any other business partners
 Individuals and organizations in direct contact with the data controller(s)
 Credit reference agencies.

Employees, managers and / or representatives of the above-mentioned service providers or institutes and the specialist service providers appointed by them must respect the confidential nature of these data and may only use this information in accordance with the instructions of the Company. Above that, these companies can also have their own privacy policy.

7 Will my personal data be transferred outside my country of residence or the European Union/ European Economic Area?

Your data will not be passed outside your country of residence respectively the European Union/European Economic Area without adequate safeguards in place.

8 Will the Company apply automated decision-making?

Automated decision-making is where decisions about individuals are made using processing without human involvement.

The Company will not make decisions about you solely on the basis of automated decision making. If it proposes to at any time, you will be informed.

9 How long will my personal data be kept?

Your personal data will not be kept longer than necessary for the purposes set out above. In some cases we will keep your data longer, including where we are required by law to keep data for a minimum period.

10 What rights do I have about my personal data that the Company holds?

You have the right to contact the Company at any time with the request to:

 Access, modify or erase your personal data
 Limit or object to data processing or transmission
 Withdraw your consent for data processing or transfer to the extent that the processing of data would be based on your consent (this does not, however, effect the legality of previous processing)
 Receive your personal data in order to pass it on to another data controller in case the processing is based on your consent or a contract ('right to transferability')
 Submit a complaint to a supervisory authority.

If you have any question regarding your privacy, you can send an e-mail to
We will handle your request with utmost care.

11 Changes

The Company reserves the right to update its privacy policies from time to time, in accordance with applicable privacy and data protection regulations, including by issuing further Privacy Notices.

v. 2.2019