SeaCloud_Kreuzfahrten_SeaCloudSpirit_Schiff_Vogelperspektive

Privacy information

We are very pleased that you are interested in our company SEA CLOUD CRUISES GmbH. The use of the SEA CLOUD CRUISES GmbH website is possible without any indication of personal data.

If you would like to use a service via our website, it may be necessary to process your personal data.

With the following information, we would like to give you an overview of the processing, type, scope and purpose of the collection of your personal data by us and your rights under data protection law. Personal data is “individual information about personal and factual circumstances of a specific or identifiable natural person” (Art. 3 para. 1 Federal Data Protection Act).

Which data is processed and used in detail depends largely on the services requested in each case.

We want to protect this data and respect your personal data.

Responsible:
SEA CLOUD CRUISES GmbH
An der Alster 9
20099 Hamburg

As the responsible party, we take all legally required measures to protect your personal data.

You can reach our company data protection officer at:

SEA CLOUD CRUISES GmbH
Data Protection Officer
An der Alster 9
20099 Hamburg
Phone: +49 (0)40 30 95 9-20
datenschutz(at)seacloud(dot)com

Please feel free to contact us directly at any time with any questions or suggestions regarding data protection.

Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the Basic Data Protection Regulation (DSGVO). This data protection declaration is intended to be clear, readable and understandable for the public as well as for our customers and business partners. For this reason, we will explain some of the terminology below:

“Personal data”

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Data subject”

A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

“Processing”

Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, is referred to as processing.

“Restriction of processing”

The marking of stored personal data for the purpose of restricting or blocking its future processing.

“Profiling”:

Profiling is any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

“Pseudonymisation”

Pseudonymisation describes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Controller or person responsible for processing”.

A controller or data controller, the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Processor”

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

“Recipient”

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

“Third party”

A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

“Consent” of the data subject”

Any freely given specific, informed and unambiguous indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed, is referred to as consent.

“Collect”

The obtaining of personal data, either with the involvement of the data subject or with the involvement of a third party.

We process personal data that we receive directly from our customers or indirectly from other companies in the course of our business relationships. In particular travel agencies, tour operators or charterers.

3.1 Contact form

The fields voluntarily filled in by you in the contact form on our website serve as the source for the processing of your personal data.

3.2 Telephone contact

Telephone contact is possible via the telephone number indicated in our catalogues or on our website.

3.3 E-mail contact

If you contact us by e-mail, we will process your details in order to process your enquiry and in the event that follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out in response to your enquiry, or if you are already our customer, for the implementation of the contract, this is the legal basis for the data processing in accordance with Art, 6 para. 1 S 1b DSGVO.

We only process further personal data if you consent to this or have a legitimate interest in processing your data. A legitimate interest in such cases is that we respond to your email.

We distinguish between the following categories of customer data:

4.1 Prospective customer data

Customers who express an interest in our company, our trips or our products and are contacted by us by post solely for advertising purposes.

Relevant personal data are: Personal details (name, address and other contact details).

4.2 Private customer data

Customers with whom we already have a business relationship.

Relevant personal data are: Personal data (name, address and other contact data, date and place of birth, nationality), identification data (identity card data, passport data), bank data (IBAN, Swift), repeater status, booking method (via SEA CLOUD CRUISES GmbH directly, your travel agency or trusted tour operator), order data and health data.

The hosting service we use is exclusively for the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance work that we use for the purpose of operating the website. In the course of this, we process meta and communication data, interested parties and visitors to our website, contact data, content data and usage data as the basis of our legitimate interests in the efficient and secure provision of our website in accordance with para. 6 para. 1 S 1f DSGVO.

We process personal data in accordance with the guidelines of the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) for the fulfilment of contractual obligations or pre-contractual measures, on the basis of your consent, legal requirements or within the framework of a balancing of interests.

6.1 Data processing for the fulfilment of contractual obligations (Art. 6. para. 1 b DSGVO)

The processing of data is carried out for the provision of our travel-related services, in particular for the performance of our contracts with you or for the implementation of pre-contractual measures (preparation of offers), which take place upon request and serve to execute your travel booking or other orders as well as all activities required with the operation and administration. The purposes of the data processing primarily depend on the specific product (e.g. cruise, excursion, transfer, flight booking) and the correct performance of all services and related official registrations (e.g. port registrations, agency registrations).

Accordingly, we process personal data for all ancillary activities that are conducive to the main purpose of our service or necessary for the provision of the services. These are our legal relationships with authorities, consultants, port and land agencies, airlines and government offices.

Further details on the purposes of data processing can be found in the relevant contractual documents and our General Terms and Conditions.

6.2 Data processing based on your consent (Art. 6. para. 1 a DSGVO)

  • Contact via contact form – Via our website www.seacloud.com we offer you the possibility to contact us directly. A callback service and a booking enquiry form are available for you. Our data processing for the purpose of electronic contact takes place on the basis of a voluntarily given consent. For the callback service, it is necessary and sufficient to provide your title, first and last name and telephone number. For a specific booking enquiry, your address and the number of travel participants are also required. The personal data collected by us for the use of the contact form will be deleted after the reason for contacting us has been fulfilled, unless they may be used by us for the purpose of a contract or for pre-contractual measures in accordance with Art. 6 Para. 1 1b DSGVO or on another legal basis.

6.3 Data processing due to legal requirements (Art. 6. para. 1 c DSGVO)

Due to the clearing in and out of passengers and crew, we are subject to a legal obligation to transmit your personal data to the respective port authorities you call at on your cruise. This personal data is limited exclusively to your personal details and nationality.

6.4 Data processing in the context of balancing interests (Art. 6. para. 1 f DSGVO)

Insofar as necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties, unless your interest in the protection of your personal data prevails:

  • Log files – With the purely informative use of our website, we may collect data that can be related to a person with the help of the IP address. For technical reasons, a user must inevitably use an IP address assigned to him or her by the access service as soon as a website is accessed. This IP address may allow conclusions to be drawn about a person and make that person identifiable. The following information is transmitted by you through the display of our website:
  • IP address
  • Date and time of the call to our website
  • Details of the time difference between the requesting host and the web server
  • Content of the request
  • Access status
  • Amount of data transferred in bytes
  • Website from which the access was made
  • Browser used, operating system This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data is Art. 6 para. 1 f DSGVO. However, temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The log files are stored in order to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. This purpose is also our legitimate interest in data processing according to Art. 6 Para. 1 f DSGVO. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
  • Cookies – We use so-called session cookies when you visit our website in order to optimise our website. Session cookies are small text files that are sent by the respective servers when you visit a website and are temporarily stored on your hard drive. They are not programs that can penetrate the user’s system and cause damage. Cookies can only identify the user’s terminal device but cannot store any personal data. The session cookie file as such contains a session ID. A session ID makes it possible to assign various requests from your browser to the same session. This means that your computer can be recognised when you return to our website. Our session cookies are automatically deleted when you close the browser.Our legitimate interest in the use of cookies pursuant to Art 6. para. 1 S 1f DSGVO is to make our website user-friendly, more effective and more secure. Only the following information is stored in the cookies: log-in information, language settings, search terms entered, information about the number of times our website is called up and the use of individual functions of our website.You can configure your browser in such a way that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or generally. Cookies can also be deleted at any time in the security settings of your browser.
  • Google Analytics – This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, we have contractually instructed Google to shorten your IP address beforehand so that your IP address is only processed anonymously. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The shortened IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
  • Social media plugins – Our website contains social media buttons such as Facebook, Twitter and Google+, which have their own privacy notices. The following plugins are integrated on our website: Facebook, Twitter and Google+. Each time one of the individual pages of our website is called up, the internet browser on the user’s information technology system is automatically prompted by the respective social media component to download a representation of the corresponding social media component. Within the scope of this technical procedure, the social media component receives information about which specific sub-page of our website is visited by the user. When you activate these plugins, your browser establishes a direct connection with the servers of the respective social network. The content of the plugin is transmitted by the social network directly to your browser, which then integrates it into the website. If you are logged in to the social network, it can assign the visit to your account. If the user presses a button integrated on the website (Google+ button, “Like” button), the corresponding information is transmitted from your browser directly to the social network and stored there. For the purpose and scope of the data collection and the further processing and use of the data by social networks, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection notices of the respective networks or websites. You will find the links to these below.
  • Facebook Social Plugin – Social plugins (“Plugin”) of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”), are integrated into our website. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: http://www.facebook.com/policy.php
  • Google Plus Plugin – Social plugins (“plugins”) of the Google Plus social network, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”), are integrated into our website. The purpose and scope of the data collection and the further processing and use of the data by Google Plus, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google’s data protection information: www.google.com/intl/de/policies/privacy/
  • Twitter plugin – Social plugins (“plugin”) of the Twitter social network, which is operated by Twitter Inc. with headquarters at 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”), are integrated into our website. For the purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this respect and setting options for protecting your privacy, please refer to Twitter’s privacy policy: twitter.com/privacy
  • YouTube Link – Our website refers to links on the YouTube page operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube link, a connection to the YouTube servers is established. In doing so, the YouTube server is informed which of our pages you have visited. For the purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policy of: https://www.google.de/intl/de/policies/priva
  • Vimeo.com Link – Our website refers to links of the page vimeo.com. The operator of these pages is Vimeo, Inc. 555 West 18th Street, New York, New York 10011. When you visit one of our pages equipped with a Vimeo.com link, a connection is established to the servers of Vimeo.com. In doing so, the Vimeo.com server is informed which of our pages you have visited. For the purpose and scope of the data collection and the further processing and use of the data by Vimeo.com, as well as your rights in this respect and setting options for protecting your privacy, please refer to the data protection information of: vimeo.com/privacy
  • References: SEA CLOUD CRUISES GmbH is not responsible for any contents linked or referred to from his pages – unless he has full knowledge of illegal contents and would be able to prevent the visitors of his site fromviewing those pages. If any damage occurs by the use of information presented there, only SEA CLOUD CRUISES of the respective pages might be liable, not the one who has linked to these pages. Therefore, it hereby expressly distances itself from all content and, in particular, from any damage arising from the use or non-use of information presented in this way. Only the provider of the page to which reference was made is liable, not the person who merely refers to the respective publication via links.

6.5 Online advertising

We do not use any tools for online advertising.

6.6 Subscription to the newsletter

You have the possibility to subscribe to our company’s newsletter via our website www.seacloud.com. The following mandatory information is required for newsletter registration: Salutation, first name, last name, country and valid e-mail address.

The personal data collected in the course of a newsletter registration will be used exclusively for sending our newsletter.

The subscription to our newsletter can be cancelled by the user at any time in writing or by telephone. The consent to the storage of personal data, which the user has given us for sending the newsletter, can of course be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter.

6.7 Ordering brochures

We give our website users the opportunity to order brochures about our company and products. From the input mask, the following personal data is required in the form of filling in the contact fields: Salutation, first and last name, address. We inform our customers and business partners about our company and member companies at regular intervals by means of this brochure.

Your personal data will only be passed on or transferred to third parties in the following cases:

  • You have given us your express consent in accordance with Art. 6 Para. 1 S a DSGVO.
  • The transfer is legally permissible according to Art. 6 Para. 1 S b DSGVO and is necessary for the processing of contractual relationships.
  • The disclosure is legally required according to Art. 6 Para. 1 S c DSGVO.
  • Within our company, access to your data is granted to those who need it to fulfil our contractual and legal obligations. Contractors, service providers and vicarious agents employed by us may also receive data for this purpose if they comply with our instructions under data protection law.

The controller collects and processes personal data of applicants for the purpose of handling the application procedures. The processing may be carried out both electronically and by post. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Another legitimate interest would be, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG). If we do not have a vacant position at the time of your application, we will be happy to enter you in an applicant pool after obtaining your consent so that we can contact you again at a later date.

You are welcome to use the portal of our external service provider.

Our website refers to the link of the SEA CLOUD CRUISES boutique order page distributed by SeeSource. The operator of the pages is SeeSource GmbH, Papenhuder Straße 28, 22087 Hamburg, Germany. When you visit one of our pages equipped with a SeeSource link, a connection to SeeSource’s servers is established.

The purpose and scope of the data collection and the further processing and use of the data by SeeSource GmbH, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection information from SeeSource GmbH: http://www.seacloudseason.de/de/shop/Impressum.html#data

Which personal data is processed and used in detail depends largely on the services requested in each case.

  • Personal identification data, e.g. title, first and last name, address, previous address, telephone number, fax, e-mail address.
  • Electronic identification data, e.g. IP address, cookies, connection times, log files
  • Financial identification data, e.g. bank identification and bank account number (IBAN, Swift)
  • Contract data, e.g. travel registrations
  • Usage data
  • Billing data

Unless specifically stated, personal data collected by us will only be stored for as long as is necessary to fulfil the purposes pursued or the data subject has consented to the storage of personal data beyond this period in accordance with the provisions of the GDPR.
The personal data collected for the purposes of a contract will be stored until the expiry of the statutory retention obligations arising for our activities. Thereafter, they will be deleted unless processing is still necessary for the fulfilment of a legal obligation to which we are subject. The retention and documentation obligations under tax and commercial law provide for a retention obligation of six and ten years respectively for the commercial documents referred to in § 238 and § 257 of the German Commercial Code.

According to the applicable law, you have various rights regarding your personal data. If you wish to exercise these rights, we kindly ask you to send your request by e-mail or by post, taking into account your unique identification, to the address mentioned under 1.

12.1. according to Art. 15 DSGVO – Right to confirmation and information

You have the right to obtain confirmation or information from us at any time as to whether we are processing personal data about you. You have the right to receive information free of charge, as well as a copy of the data stored about you. You will be able to obtain the following information: Purpose of processing, category, recipients of your data (third countries or international organisations), and the planned duration of data storage.

12.2. Pursuant to Art. 16 DSGVO – Right to rectification.

You have the right to correct or, if necessary, complete personal data concerning you.

12.3. according to Art. 16 DSGVO – right to deletion

The right to request that personal data concerning them be erased without delay, provided that one of the grounds set out in the provision applies. These are:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) DSGVO.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the member states to which we are subject.

12.4. in accordance with Art. 18 of the GDPR – right to request limited processing.

Provided the following conditions are met, you have the right to request restriction of your personal data.

The accuracy of your personal data is disputed. Data processing may be restricted for the duration of the review.

  • The processing is unlawful, but you refuse the deletion.
  • The personal data is no longer required for the purposes of processing, but you need this data to assert, exercise or defend legal claims.
  • You have objected to the processing pursuant to Art. 21 (1) DSGVO, but the examination of whether our reasons outweigh yours has not been completed.

12.5. in accordance with Art. 21 DSGVO – rights arising from a specific situation.

If the processing is based on our legitimate interests, you have the right to object to the processing at any time. The data will then no longer be processed unless we can demonstrate compelling legitimate grounds for the processing.

12.6. Pursuant to Art. 20 DSGVO – Right to transmission

The right to receive the personal data concerning them that data subjects have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us

  • if the processing is based on consent pursuant to Art. 6 para. 1 S 1a DSGVO or Art. 9 para. 2a or on the basis of a contract Art. 6 para. 1 S 1b
  • and the processing is carried out with the aid of automated procedures.

You have the right to object to the lawful processing of your personal data by us if you consider this to be justified by a special situation and our interests in the processing are not overriding. The prerequisite for this is that the data processing is carried out on the basis of our balancing of interests in accordance with Art. 6 (1f) DSGVO.
In the event of an objection, the data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject. This is also the case if the personal data serve the assertion, exercise or defence of legal claims.
The objection can be made informally with the subject “Objection”, stating your name, address and date of birth. Please send your objection to the address of the data protection officer mentioned under 1.

If we have received consent from you to process personal data for a specific purpose, the processing of that data is lawful. However, you can revoke this consent at any time.

The revocation of your consent can be made informally with the subject “Revocation”, stating your name, address and date of birth. Please send your objection to the address of the data protection officer mentioned under 1.

You have the right to complain about us to a supervisory authority, in particular in the member state of your residence, workplace or the place of the alleged breach, with regard to our handling of your personal data.

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

To protect your data, we maintain organisational and technical security measures in accordance with Art. 32 DSGVO, which we will of course always adapt to the state of the art.

This data protection notice replaces all previous versions. It may be necessary to adapt our data protection declaration as well as the underlying technical settings to changed framework conditions of a factual or legal nature. If the changes are significant, we will provide a clearly recognisable message on our website. Therefore, please check our data protection notice from time to time.

If you have any further questions regarding our privacy policy or our data protection guidelines, please do not hesitate to contact us:

SEA CLOUD CRUISES GmbH
Datenschutzbeauftragter
An der Alster 9
20099 Hamburg
Telefon: +49 (0)40 30 95 9-20
datenschutz(at)seacloud(dot)com