Privacy Notice & Cookies
GoCruise is committed to ensuring the protection of all data that we process as part of our operations, and we recognise the importance of protecting your privacy. This document outlines key information that you should know about GoCruise and the way we use the data that you provide to us.
Categories of Personal Data We Process
In order for GoCruise to facilitate your booking, we require the following personal information about you:
- Name as per passport (including middle names)
- Phone Number
- Payment Information
- Place of birth
- Passport Number
- Passport Issue/Expiry Date
- Date of Birth
- Email address
We are also obligated to obtain information that could reveal your race or ethnicity - such as nationality - and personal data of a special category such as health and medical information where necessary.
We request the name and phone number of an emergency contact and their relationship to you. We realise that your emergency contact may not have heard of GoCruise or Fred. Olsen Travel previously, and so we ask you to inform them that you will be sharing their information with us. If they have any queries they can contact us using the details we have provided in this Notice.
You are required to provide the listed personal information to us before we can confirm your booking. If you do not provide us with this information then you will not be able to book your holiday.
For enquiries, we can collect less information, which will include name and contact details as a minimum.
The Purposes of Processing Your Personal Data and Legal Basis
We process your data for a variety of purposes. As a Travel provider, we process your personal data to facilitate the booking and provisioning of your holiday and we have outlined these purposes in the table below. It will be beneficial for you to review the privacy notices of the third parties we book you with to understand how they will process your data. We always process personal data with a legal basis and the table below demonstrates our intended purposes and the legal basis we use to process your data.
Making your booking
Obtaining medical information and information that can reveal race or ethnicity
Contractual Obligation with explicit consent.
Contacting you with information relating to your booking
Arranging flights, hotels, rail and transfers
Amending your booking at your request
Contacting you with information on additional services relating to your holiday. For example: information on excursions, upgrades and special events
Legitimate Interests (‘soft opt-in’ & opt-out)
Contacting you via email and post about GoCruise Holidays and offers
(we will always give the option to opt-out of this at the point we capture your information and in every subsequent communication with you)
Legitimate Interests (‘soft opt-in’ & opt-out)
Using aggregated data to identify trends in bookings and for business reporting purposes
Contacting your emergency contact
Recipients of Your Information
In order for us to deliver our services to you, we have to transfer your information to third parties. The list below provides information on the types of third parties that we share information with. It is challenging to name specifically all of the third parties that we will transfer data to and so we have provided categories of recipients for you instead.
- Cruise companies,
- Airlines; we will inform you of the airline company we will transfer your data to when booking the flight,
- Hoteliers; we will inform you of the hotel company we will transfer your data to when booking the hotel,
- Rail operators; we will inform you of the rail company we will transfer your data to when booking the train journey,
- Transfers; we will inform you of the taxi/transfer company we will transfer your data to when booking the transfers to/from the river cruise vessel,
- Tailor-made holiday providers; where flight/hotel/transfers are organised by a single company, we will inform you of the company we will transfer your data to when booking those services,
- Specialist service providers; in the event you require a specialist service e.g. medical services
- Mailing houses; for brochures and other mailers.
We book travel and holiday arrangements for destinations across the world. When liaising with a travel or accommodation provider within Europe, the EEA, and countries on the European Commission’s data protection ‘adequacy’ list, we use the countries’ own data protection regulation as the safeguard for your data over and above the technical and organisational measures we have put in place to secure your data when transferring to them. For recipients outside of this list, we use either our standard contractual clauses with a provider where applicable, or, the fulfilment of our contract with you as the appropriate safeguard.
We will never sell your data to any third party.
Retention of Your Personal Data
We retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal, regulatory, and financial reporting requirements.
This includes the data relating to your booking for a minimum of 3 years, which is a requirement for legal purposes.
Information relating to the monetary value of your booking will be retained for a minimum of 6 years from the date of the transaction, in order to comply with statutory financial reporting requirements.
We retain your contact details until such time where you no longer wish to be contacted by GoCruise.
These retention periods are not inclusive of how long the recipients of your personal information may retain your data.
Your RightsWe are always happy to fulfil any one of your rights wherever possible. Your rights with respect to the personal data that we process on you are:
- Right to information on how your data is processed
- Right of access to the personal data we hold on you
- Right to rectify any inaccurate data we process on you
- Right to object to us processing your personal data
- Right to erasure of your data
- Right to data portability
- Right to lodge a complaint with a data protection regulator
- Right not to be subject to automated decision making
You can invoke any of your rights at any time using the contact details listed in this Notice, subject to us having to keep the data for legitimate business or legal reasons. Please be aware that we can ask for identification documents to confirm we are disclosing information to the correct person. If you elect a representative to invoke these rights on your behalf, we will request that the representative can demonstrate they have the authority to act on your behalf and their identity.
We do not conduct any automated decision making or profiling when you make a booking with us.
Data Protection and COVID-19
This is an addendum to Fred. Olsen Travel privacy notice. It explains how Fred.Olsen Travel (as Data Controller) may use your personal data, specifically in relation to the Covid-19 (Coronavirus) Pandemic and to support the NHS Test& Trace scheme in England and NHS Scotland’s Test and Protect service.
To operate safely and effectively, we may need to ask you for sensitive personal information that you have not already supplied, or use data you have already provided, including whether you have any underlying illnesses or are what is classed as vulnerable.
If we already hold information regarding vulnerability, we may share this for vital health reasons, emergency planning purposes and to protect your vital interests by sharing with services both inside and outside Fred. Olsen Travel.
Your personal data
Personal data relates to a living individual who can be identified from that data. Some of your personal data is classed as 'special category personal data' because this information is more sensitive e.g. health information, ethnicity and religion etc.
Why we may need to share your personal data
In this current pandemic, we may share your information with other public authorities, emergency services, and other stakeholders as necessary, and only when necessary, in a proportionate and secure manner. Contact with you to obtain consent before sharing will not be required for all the reasons described in this notice. Please be assured that protection of personal data remains a priority at this time after the health and safety of everyone.
We will only share your personal information where the law allows, and we always aim to share the minimum data necessary to achieve the purpose required. Further, the information will only be used for the purposes listed and retained for limited specific times.
The General Data Protection Regulation and Data Protection Act 2018 allow us to share information for a wide variety of reasons. These are known as our 'legal bases to process data'.
Data protection laws are written to facilitate valid information sharing, especially in times of emergency which often requires more collaborative working. The legal bases for processing data at Fred.Olsen Travel while Covid-19 continues to present significant health risks areas follows:
· Protect the public
· Satisfy legal and regulatory requirements
· Provide extra support for individuals with a disability or medical condition
· Safeguard children and individuals at risk
Elements of data protection law applicable at this time
Fred. Olsen Travel will apply the following sections of the General Data Protection Regulation and Data Protection Act 2018 (other elements may be applied dependent upon emerging events):
GENERAL DATA PROTECTION REGULATION
Article 6 – Lawfulness of Processing
· Article 6.1(c) - processing is necessary for compliance with a legal obligation to which the controller is subject.
· Article 6.1(d) - processing is necessary in order to protect the vital interests of the data subject or of another natural (living) person.
Article 9 – Processing of special categories of personal data
· Article 9.2(c) - processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
· Article 9.2(g) - processing is necessary for reasons of substantial public interest
· Article 9.2(h) - processing is necessary for the purposes of preventative or occupational medicine, where is it necessary for the provision of social care,the provision of health care or treatment or for the management of a health or social care system
· Article 9.2(i) - processing is necessary for reasons of public interest in the area of public health, such as protecting against cross-border threats to health or ensuring high standards of quality and safety of health care
DATA PROTECTION ACT 2018
SCHEDULE 1, (Special categories of Personal Data), Part 1 Conditions relating to Employment, Health and Research etc
This condition is met if the processing
a) Is necessary for the reasons of public interest in the area of public health and
b) Is carried out -
I. by or under the responsibility of a health professional, or
II. by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law
SCHEDULE 1, (Special categories of Personal Data), Part 2, Substantial Public Interest Conditions
Paragraph 16, Support for individuals with a disability or medical condition
This condition is met if the processing
d) can reasonably be carried out without the consent of the data subject
e) is necessary for reasons of substantial public interest
(1) This condition is met if the processing is
a) necessary for the purposes of
I. protecting an individual from neglect or physical, mental or emotional harm, or
II. protecting the physical, mental or emotional well-being of an individual,
b) the individual is
I. aged under 18, or
II. aged 18 or over and at risk,
c) the processing is carried out without the consent of the data subject for one of the reasons listed in sub-paragraph (2), and
d) the processing is necessary for reasons of substantial public interest.
(2) The reasons mentioned in sub-paragraph (1) c) are —
a) in the circumstances, consent to the processing cannot be given by the data subject
b) in the circumstances, the controller cannot reasonably be expected to obtain the consent of the data subject to the processing
(3) For the purposes of this paragraph,an individual aged 18 or over is "at risk" if the controller has reasonable cause to suspect that the individual —
a) has needs for care and support,
b) is experiencing, or at risk of, neglect or physical, mental or emotional harm, and
c) as a result of those needs is unable to protect himself or herself against the neglect or harm or the risk of it.
You have several rights with respect to your personal data. You can find full details on the Information Commissioner’s Office website. Any requests regarding your rights should be submitted to the Data Protection Officer. There may be a delay in responding fully to all requests within one calendar month, but we will strive to keep requestors updated with the progress of their request.
GoCruise is a franchise brand of Fred. Olsen Travel Limited. Our GoCruise franchisees help you find the perfect holiday and they do this with the support of Fred. Olsen Travel. As such, both the franchisee and Fred. Olsen Travel are considered Data Controllers and this Privacy Notice covers their processes.
We collect and process data for a number of purposes outlined in this Notice. If you ever need to contact the franchisee, please use the contact information they provide you. If you ever need to contact Fred. Olsen Travel, you can by using the details below:
Address: Olympus House, 2 Olympus Close, Ipswich IP1 5LN
Phone: (+44) 0808 250 8793
If you have a specific query relating to how we process your personal data, you can contact our Data Protection Officer on:
Statement on Cookies
By using our website, you agree to our Website Terms & Conditions.
Take a look at our Privacy Notice to find our more on how we collect and use personal data.
- Collecting information: This means we can learn more about how you use our website so we can improve our products and online experience.
- Tailoring your experience: Cookies allow us to provide you with information, products and services that we think you’ll find interesting
- Making our marketing relevant: We can show you relevant offers and promotions on our own websites and through our advertising networks.
If you receive our email updates, we tailor the information we send you based on the data our cookies have collected from your recent visits to our website. You can opt-out of this in any email we send.
READ THROUGH THIS SECTION FOR ALL YOU NEED TO KNOW ABOUT WHAT COOKIES ARE AND HOW WE USE THEM
What are cookies?
Cookies are small text files placed on your computer by us or our partners. They let us identify the device you’re using – but not you personally. This information is sent back to our systems as you move around our website.
Cookies are unique to the web browser you’re using – so if you’re using a desktop computer as well as a mobile, different data will be collected for each.
You can find more information on the About Cookies website
Cookies can be set by the owner of the website you’re on. These are known as 1st Party Cookies. There are also 3rd Party Cookies that can be set by partner websites. Only the owner of the cookie can see the anonymous information it collects.
You can choose to accept all cookies, reject 3rd Party Cookies or reject all cookies by changing your internet browser settings. If you don’t accept cookies, some features of our website won’t work.
- Make it possible for you to use our website
- Show you information and offers that are relevant to you
- Find out more about how our customers use the site
Buying our products online
Keeping track of your searches and preferences
Your recent searches and shortlisted holidays are recorded using cookies.
If you’ve searched for a holiday, left our website and then you come back later, the search panel will keep the information you provided before, so you won’t need to fill everything in again.
If you’ve made a shortlist but you haven’t saved it by entering your email address, we’ll store your shortlisted holidays using a cookie, so you’ll be able to see it when you visit us again using the same computer or device.
Improving your experience
We can also find out how you move around our website, so we can look into any errors stopping you from being able to do what you want. The data we collect from cookies is really important for us to improve your experience.
Making your experience personal
When you’re on our website, we might interact with you or show you personalised information and offers anonymously. Cookies help us to do this by letting us know how you’re using our website on your particular computer or device, which means we can work out what’s most relevant to you.
Receive our email newsletters? We link information from cookies with your email registration details so we can tailor the information we send you – unless you tell us not to. You’ll be given the chance to opt-out on every email we send you.
Adverts on other websites
Refusing cookies and changing your mind after you’ve accepted
You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don’t want, or ask to be notified when a cookie is set. Use the help feature in your browser to see how.
Changing your mind after you’ve accepted our cookies