This Privacy Information applies to the processing of personal data carried out by Hurtigruten AS (Hurtigruten/we/us) when you travel with us, use our services, visit our websites or mobile applications or otherwise interact with us.
It is important for us to use your data only in accordance with applicable data protection legislation and your expectations, and to be transparent with you in how we use your data.
This Privacy Information will explain what data is collected, why it is collected, how the collected data is used and your options and rights regarding the collection of your personal data.
2. WHAT DATA MAY WE COLLECT
In connection with the different ways we may interact with you and the various services that we provide, we may collect the following categories of data:
C1: Contact information, including name, address, passport number, telephone number and e-mail address.
C2: Identity data, including gender, data of birth and nationality.
C3: Passport data.
C4: Information on next of kin.
C5: Transaction data, including credit/debit card number, payment method and purchase history.
C6: Booking data and activity data, including data related to your booked voyages and expeditions, flight reservations, bus and train transportation arrangements, hotel bookings, itinerary, travel companions, the activities you have participated in while travelling with us etc.
C7: Communication data between you and us, including recordings of calls to our service centres, e-mail communication, online chats, comments and reviews collected through surveys or posted on our channels and on social media platforms.
C8: Digital information data collected when you visit our websites, applications or other digital platforms, including IP-addresses, browser data, traffic data, booking history, social media behaviour, and user patterns. If you subscribe to our newsletters, we may collect data regarding which newsletters you open, your location when opening them and whether you access any links inserted in the newsletters.
C9: Health data, including information related to allergies, disabilities and illnesses.
C10: Religious beliefs or ethnic origin.
C11: Video surveillance footage
3. WHERE WE COLLECT YOUR DATA FROM
Most of the data that we have about you are provided by you. We may also receive C1, C2, C5, C6 and C7 data from our cooperation partners, such as travel operators, airlines, hotels, activity providers, transportation providers, affiliates, branch offices and agents, if they have such information about you. We collect C8 data from our websites, applications and similar digital platforms.
4. WHY WE USE YOUR DATA
We process your personal data for the following reasons:
Description: We use C1, C2, C4, C5, C6 and C7 data to arrange, process and confirm bookings for you. We collect your passport number because of an obligation to provide such data to port authorities. In addition, we need to collect your C9 data to make sure that any allergies, disabilities or illnesses you may have are considered during your voyage with us. We may also indirectly collect C10 data if you inform us of any dietary restrictions or preferences etc.
Legal basis: Such data is processed to fulfil the agreement with you (the booking of Hurtigruten voyage). We will only collect C9 and C10 data on the basis of your consent. Note that for safety reasons, we may not be able to book your selected voyages, if you do not want to provide us with C9 data.
Disclosure: In order for us to make arrangements for your voyage, we may need to disclose your data to our affiliates, branches and agents and cooperation partners.
Facilitating the cruise
Description: We use C1, C2, C4, C5, C6, C7, C9 and C10 data to facilitate your voyage. This includes providing you with the services and products you need or wish for, and to ensure that you are permitted entry to the ports. We may process C9 and C10 data to make sure that any dietary preferences, allergies, illnesses or disabilities are taken into consideration during the voyage and if you seek assistance from our medical personnel on board.
Legal basis: We use such data to fulfil our agreement with you (facilitating your voyage). We will only process C9 and C10 data if you have given your consent.
Disclosure: We may disclose your data to our cooperation partners or port authorities in the countries that we visit, if this is necessary to fulfil an agreement with you or if required by port authorities to give you entry to the port.
Description: If you choose to book an explorer expedition, we use C3 data in addition to the data processed for booking purposes.
Legal basis: We only collect your medical certificate (C9 data) if you have given your consent. Note that, for safety reasons, we may not be able to book your selected expeditions if you do not want to provide us with such data. We collect your C3 data as the port authorities and ISPS rules require unambiguous identification of the passengers to permit entry to the ports.
Disclosure: We may be required to disclose C3 data to port authorities in the countries that you visit.
Description: If you choose to participate in any activities, we use C1, C5 and C9 data to make reservations on your behalf.
Legal basis: Such data is processed to fulfil an agreement (booking the activity) with you. C9 data will only be collected if you have given your consent. Note that, for safety reasons, we may not be able to book your selected activities if you do not want to provide us with C9 data.
Disclosure: We may be required to disclose such data to cooperation partners as a prerequisite for your participation.
Description: We use C1 and C7 data to provide you with relevant information related to your voyages and expeditions. This includes information related to departure times, cancellations and check-in times at hotels etc. We may provide such information by electronic or other means.
Legal basis: We use such data to provide important information about your voyage that is necessary to fulfil our contract with you (to organise your travel). Further, we use such data to provide you with other information necessary to fulfil our legitimate interests, including to ensure that your travels are as comfortable and smooth as possible. We will only record phone calls with you if you have given your consent to such recording.
Disclosure: We may disclose C1 and C7 data to our cooperation partners, as they may need this information to communicate with you and to provide support and assistance.
Description: We use C1, C2, C7 and C8 data to provide you with newsletters and offers from us and our cooperation partners.
Legal basis: As long as you have an existing customer relationship with us, our use of such data to promote our services is based on our legitimate interest in providing you with relevant information and offers. You may at any time opt out of receiving such information and offers. If you do not have an existing customer relationship with us, we will only use your data to send you marketing if you have given your consent. We will only disclose your data to cooperation partners for marketing purposes if you have given your consent.
Disclosure: We may disclose your data to cooperation partners to enable such partners to send you information and offers if you have consented to this.
Description: We may use and compile C1, C2, C6 and C8 data for profiling purposes. Profiling is an automated processing of personal data where your personal data is used to evaluate, analyse and predict your preferences, interests and behaviour (profiling). We use this data to provide you with customised information about activities and offers that you may appreciate.
Legal basis: We carry out profiling to fulfil a legitimate interest, which is to customise our services for your benefit. You may at any time object to our use of your personal data for profiling purposes.
Disclosure: We will not disclose the profiles we have generated based on your data to third parties other than our affiliates and branch offices.
Security on board
Description: We may carry out video surveillance on board and store C11 data to prevent crime and ensure your safety.
Legal basis: We carry out video surveillance that is necessary to comply with the ISPS code or necessary to fulfil a legitimate interest which is to prevent crime and ensure your safety while you travel with us.
Disclosure: We will not disclose video surveillance footage to third parties unless required by law or on request from authorities.
Statistics and Analysis
We use anonymised data to generate statistics and analysis
5. HOW LONG WE STORE YOUR DATA FOR
We will only store your data for as long as it is necessary to fulfil the purpose of the processing of your data.
We will store your C1, C2, C3, C4, C6, C7, C9 and C10 data from the point in time when you placed a booking request until your voyage is completed. We may store your data longer if you wish for us to keep your data until your next travel and you have consented to this.
If you have logged on to Hurtigruten's portal, we will store C1, C2, C5, C6, C7 and C8 data that you have provided in the portal for as long as you are a user of this portal.
We will store C5 data as required by applicable law, such as bookkeeping legislation.
If you have consented to receiving information and marketing, we will store your C1, C2 C6, C7 and C8 data for as long as you wish to receive such information and marketing.
We may also store your C1, C2, C5, C7, C8 and C9 data for a period of three years after your voyage ended, if we believe this is necessary to handle potential complaints or claims.
We store video surveillance footage for a period of 48 hours. If we deem it necessary to deliver video surveillance footage to the police due to a criminal incident or similar, we may store the video surveillance footage for 30 days.
6. INTERNATIONAL TRANSFER OF DATA
We have affiliates, branch offices, agents and cooperation partners that are established outside of the European Economic Area to which we may transfer data, as described in section 4 above.
We will ensure that your data is adequately protected by the receiving parties in such countries. Adequate protection may typically be to impose on the receiving party contractual obligations that ensure that it maintains the same level of privacy and data security as practised by us. You may ask for further information or a copy of the safeguards that we have in place to ensure lawful transfer of your data.
Hurtigruten provides services worldwide and has operations and partners in all European Countries, Asia Pacific, Africa and the Americas.
7. HOW YOU CAN ACCESS, RECTIFY OR ERASE YOUR DATA AND FILE COMPLAINTS
You may contact us at any time if you wish to receive access to or rectify your data. Further, you may request a copy of the data that we have collected from you.
You may ask us to erase data that we have collected from you. We must however keep data as necessary to fulfil our agreement with you and as necessary to comply with law or on request from authorities.
If you consider that our use of your personal data is inappropriate, you may file a complaint with the Information Commissioner's Office. Before filing such complaint, we ask that you contact us, as we may be able to provide you with answers and to correct potential misunderstandings.
9. CHANGES IN THIS PRIVACY INFORMATION
We may update this Privacy Information from time to time. You will be notified of such changes where this is appropriate; otherwise they will be published on our home page. Any changes will apply only after it has been communicated/published.
10. CONTACT INFORMATION
If you want to get in touch with us, you can email us at [email protected] or send post to Hurtigruten LTD, Att: DPO, 2nd Floor, Bedford House, 69-79 Fulham High Street, London SW6 3JW.