Hapag-Lloyd Cruises is pleased about your visit to our website as well as about your interest in our company and our products. We take the protection of your personal data very seriously and would like you to know how and for what purpose your data will be saved or used.
The data controller is Hapag-Lloyd Kreuzfahrten GmbH (referred to in this Notice as “we” or “us”), part of the TUI Group.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:
We have tried to keep this Notice as simple as possible, but if you are not familiar with terms such as data controller, special categories of personal data, then read about these and some others in Key terms.
When you register for any of our services, you may provide us with:
When you browse our websites or use our mobile apps, we may collect:
When you buy our trips in our travel agencies or online, we may collect:
When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:
Other sources of personal data
Personal data you provide about other individuals
We use your personal data in a variety of ways, as explained below.
To provide the products and services you request
We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for. In detail, these are the following purposes in particular:
To manage and improve our products, services and day-to-day operations
In detail, these are the following purposes in particular:
To personalise your experience
We want to ensure that marketing communications relating to our products and services, and those of our suppliers and retail partners, including online advertising, are relevant to your interests. In detail, these are the following purposes in particular:
To make contact and interact with you
We want to provide you, as our customer, with even better support. In detail, these are the following purposes in particular:
We do not sell your personal data to third parties.
From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email. We may also send you information about other companies’ products and services that we believe may be of interest to you. We will only do this if you previously agreed to receive these marketing communications.
When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, using the ‘unsubscribe’ link in our marketing emails or by writing to us (e.g. email) at any time.
You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products or services.
We like to hear your views to help us to improve our products and services, so we may contact you for market research purposes. You always have the choice about whether to take part or continue in our market research.
In order to provide products or services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies.
We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services. We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.
When we share personal data with other organisations we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.
For the purposes of performing the travel contract concluded with you, we transmit your personal data to, among others, the above-mentioned recipients in countries outside of the jurisdiction of European data protection laws for which the European Commission has determined that there is not an appropriate level of data protection. In particular, this transmission is carried out for the preparation of the cruise and is required due to local legal requirements to register passengers upon docking in ports. Some separate data protection agreements contracts exist with service providers who support us in carrying out the cruise. You can request copies of any existing data protection contracts from our data protection officer.
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
Some countries will only permit travel if you provide your advance passenger data (for example Caricom API Data and US Secure Flight Data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may assist where appropriate.
We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.
For the purposes of performing the travel contract concluded with you, we transmit your personal data to, among others, the above-mentioned recipients in countries outside of the jurisdiction of European data protection laws for which the European Commission has determined that there is not an appropriate level of data protection. In particular, this transmission is carried out for the preparation of the cruise and is required due to local legal requirements to register passengers upon docking in ports.
We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.
The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice. These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission, and appropriate security measures.
We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.
Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. Please see our separate Cookie Notice.
Our may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.
Thank you for your interest in the social media profiles of Hapag-Lloyd Cruises, provided by Hapag-Lloyd Kreuzfahrten GmbH.
We have the following social network channels:
Please note that by registering for the social networks, you also agree to the privacy policies of the networks in question that also apply to services such as our profiles.
Data processing and intended purpose
We take the protection of your personal data on the social networks very seriously and want you to be aware of how and why your data are stored or used.
Personal data include your name, date of birth, e-mail address and phone number. We and the companies operating on our behalf only collect and process the personal data concerning you that we obtain from you through our social media channels for the purposes of communication and only insofar as necessary for the purposes of our profiles. Specifically, we process data in the following instances:
We will erase these data after the end of the communication. The storage periods of the networks might deviate from this. The personal data you transmit to us through direct messages and contact forms will not be disclosed to third parties by us.
Please note that other users can see what you post on our profiles and how you interact with our pages, i.e. what posts you share or “Like” and so on.
If we post links to third-party websites, this privacy policy does not apply to those links.
Addendum: data processing on Facebook
Your personal data will be collected if you visit our Facebook page. If you are logged in, the data will be your Facebook profile data. In any case, the data will include your IP address and browser information.
The data will be processed by Facebook and by us as joint controllers. The data are processed on the basis of point (f), Article 6, paragraph 1, of the European General Data Protection Regulation (GDPR; our legitimate business and communicative interests in the provision of an information and communication channel on social media, in this case Facebook).
You have a right to ask for a copy of the personal data we hold about you. You can write to us asking for a copy of other personal data we hold about you.
Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.
You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.
We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.
You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority https://www.datenschutz-hamburg.de/.
Please submit your request or complaint in writing to the Legal Department/Data Protection Officer:
Hapag-Lloyd Kreuzfahrten GmbH, Datenschutz, Ballindamm 25, 20095 Hamburg
E-Mail: datenschutz(at)hl-cruises.com
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.
We will only collect and use your personal data if at least one of the following conditions applies:
Example: Booking
You give us permission to process your personal data when you book a trip.
Example: To provide the products and services you request
We need to process your personal data so that we can manage your booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.
Example: Sharing personal data with regulatory authorities
So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
Example: In an emergency
Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
Example: Security operations
We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.
Example: To personalise your experience
We may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.
Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest.
This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Privacy Notice changes.
Last update: October 2018
Data controller: The data controller determines the purpose and manner in which personal data is used.
European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.
Online advertising: Marketing messages that you may see on the internet.
Special categories of personal data: This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.
Caricom API Data: Some or all of the Caricom states have entered into an agreement with the USA whereby advance passenger data, required by and provided to Caricom states for border security purposes, will be passed to the USA Department for Homeland Security for processing on behalf of those Caricom states. Please see the Caricom website Caricom webseitef or more details.
US Secure flight Data:The Transportation Security Administration (TSA) requires you to provide your full name, date of birth and gender for the purpose of watch list screening. You may also provide your Redress Number, if available. Failure to provide details may result in denial of transport or denial of authority to enter the boarding area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. Please see the TSA webseite for more details.
Cookies are small data files that allow a website or a mobile app to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. With our permission, cookies may be placed on our websites and mobile apps by other organisations. For example, we use cookies to do the following:
To improve the way our websites and mobile apps work
Cookies allow us to assess and improve the way our websites and mobile apps work so that we can personalise your experience and allow you to use many of their useful features. For example, cookies help us to keep track of what you are booking as you move through each stage of the booking process; they help us to remember your preferences such as recent searches or shortlisted holidays, and the contents of your online shopping basket.
To improve the performance of our websites and mobile apps
Cookies can help us to understand how our websites and mobile apps are being used, for example, by telling us if you get an error messages as you browse, to test different designs of our website and mobile app pages. Website analytics, including Google Analytics, provides information about the number of visitors to our website and mobile apps, which parts of our website and mobile apps are most popular and if there are any trends such as one specific page being viewed mostly by people in a particular country. These cookies help us to improve your experience.
To deliver relevant online advertising
We use cookies to help us deliver online advertising that we believe is most relevant to you on our websites, mobile apps and other organisations’ websites. For example, these cookies help us to suggest flights from your nearest airport, holidays in destinations you have shown interest in or products you might like.
These cookies may collect data about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket.
This means that you may see our adverts on our websites, mobile apps and on other organisations’ websites. You may also see adverts for other organisations on our websites and mobile apps.
To help us to deliver online advertising that is relevant to you, we may also combine data we collect through cookies in the browser of your devices with other data that we have collected.
To measure the effectiveness of our marketing communications, including online advertising
Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert so it does not become too repetitive. We also use cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you.
You can use your browser settings to accept or reject new cookies and to delete existing cookies. You can also set your browser to notify you each time new cookies are placed on your computer or other device. You can find more detailed information about how you can manage cookies at the All About Cookies and Your Online Choices websites.
If you choose to disable some or all cookies, you may not be able to make full use of our websites or mobile apps. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.
Where we display personalised adverts on other organisations’ websites, the AdChoices icon will usually be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.
This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Cookie Notice changes..
Last update: May 2019
Website analytics:
Website analytics, including Google Analytics, help us understand how visitors engage with our website. We can view a variety of reports about how visitors interact with our website and mobile apps so that they can improve it.
Website analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our website and mobile apps. We then use the information to compile reports and to help us improve our site.
For example, Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit Google [https://tools.google.com/dlpage/gaoptout].
Privacy Statement for the use of Mouseflow:
This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (using anonymized IP address only). The result is a log of mouse movements and clicks with the intention of randomly sampling individual website visits and deriving potential improvements for the website. The information is not personal and will not be shared. If you do not want a recording, you can disable it on all websites using Mouseflow, by deactivating the following link: mouseflow.com/opt-out/.
Online advertising: Marketing messages that you may see on the internet.