Notes on Data Processing Information

Protecting your privacy and personal data is important to us.

According to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR), there are information requirements for the collection of personal data. For this reason, you will be informed of the following information:

Download

NAME AND CONTACT DETAILS OF THE CONTROLLER

A-ROSA Flussschiff GmbH, Loggerweg 5, 18055 Rostock, Germny
Email: service@a-rosa.de
Phone: (0381) 440 40 100
Managing director: Herr Jörg Eichler

Data protecting officer

Data protection officer of A-ROSA Flussschiff GmbH is Mr. Gunar Laaser.
Email: datenschutzbeauftragter@a-rosa.de

PURPOSE OF PROCESSING

A-ROSA Flussschiff GmbH collects, processes and uses your personal data in the administration of interested parties and as well as customer service only in accordance with legal regulations. The data will only be stored for the fulfilment of travel contracts, as proof in accordance with the requirements of the tax authorities, as well as for the sending of offers and for market research (with your consent). These include information for the ship manifest, surveys and the evaluation of travel services. Data is collected, processed and used for the above-mentioned purposes.

LEGAL BASIS FOR PROCESSING

The data is processed upon your request / interest and is necessary to proceed the travel contract according to Article 6 2 GDPR.

The legal basis for personal data processed pursuant to our obtaining the consent of the data subject is Article 6 (1) a) of the EU General Data Protection Regulation (GDPR). 

The legal basis for processing of personal data necessary for the performance of a contract to which the data subject is a party is Article 6 (1) b) GDPR. This also applies to processing performed to enable pre-contractual actions.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

Only the data required to render and invoice the travel service and to issue invitations to complete opinion surveys and submit reviews is transmitted to third parties (e.g. contract data to the airline, data from the ship manifest to the port authorities, contact data such as e-mail address for invitations to review our products / services). Further to their legal obligation to comply with all data protection regulations, these service providers are also bound by data protection provisions put in place by us..

When booking a cruise, the personal data of persons travelling with you may also be collected. We therefore request that you ensure that such data are provided with the consent of the persons travelling with you. Personal data of children and other minors (under the age of 18) are collected, stored and used solely for travel contract fulfilment.

Personal data are only collected and transferred to government institutions and authorities in accordance with compulsory legal provisions.

DATA TRANSFER TO COUNTRIES OUTSIDE THE EU

As necessary for the fulfilment of travel contracts we may also transfer your data to non-EU recipients if we are able to ensure that the data recipient guarantees an adequate level of data protection and there are no other legitimate interests against the transfer of data. In particular, we utilise the model contracts of the EU Commission for the transfer of personal data to third countries in order to ensure that the data recipient affords an adequate level of protection:

The transfer of data to A-ROSA Reederei GmbH in Switzerland, which is responsible for the operational aspects of your travel, is necessary for the fulfilment of travel contracts. The basis for data transfer to Switzerland is an adequacy decision. Switzerland provides an adequate level of protection, and does not require any special authorisation for data transfer.

ORIGIN OF DATA, PROVIDED THAT THE DATA WERE NOT COLLECTED FROM THE DATA SUBJECT

If the data were not collected directly from the data subject, we receive personal data to fulfil a contract from travel agencies, travel agents or tour operators.

TYPE OF DATA PROCESSED AND PERIODS FOR THE DELETION

The following data are necessary for the fulfilment of the contract:

Contract data: Surname, name, form of address, street, house number, postal code, city, country, credit card data (PCI standard), telephone number, email address

Contact data are deleted after a period of 10 years in accordance with legal requirements (tax law).

Manifest data: Gender, passport and identity card number, nationality, date of birth, emergency contact, voluntary additional data

Manifest data are deleted 2 years after the conclusion of travel (EU Package Travel Directive).

Trustpilot: The contact data transmitted for the purpose of issuing invitations to review our products, services and booking process will be erased by the respective service provider within 7 days.

RIGHTS OF THE DATA SUBJECT

Right of information: Pursuant to Article 15 GDPR, data subjects have the right to obtain information from a processor about which personal data of theirs is stored by that processor. 

Right to correction: If a data subject finds that his/her personal data on file are incorrect, these data must be corrected pursuant to Article 16 GDPR. 

Right of deletion („right to be forgotten“): Data subjects have the right pursuant to Article 17 GDPR to request the deletion of their data. Deletion is only permitted however after any statutory retention periods have elapsed.

Restriction from processing: You may have the right to restrict data from processing pursuant to Article 18 GDPR under certain circumstances (such as if you as the data subject disagree with the data processor as to whether data stored are correct).  

Objection: Pursuant to Article 21 GDPR, you may object to the processing of your personal data at any time with non-retrospective effect. Please note that if you file an objection with respect to mandatory data required for the use of our offer, you will no longer be able to use the offer. 

Data potability: You enjoy a right to data portability under Article 20 GDPR in certain processing cases if the data were collected on the basis of consent or for performance of a contract. 

To exercise your rights as data subject, please contact A-ROSA Flussschiff GmbH and/or the data protection officer of A-ROSA Flussschiff GmbH either in person or in writing. (Please see contact details below). 

Right to file a complaint: If you believe that your personal data have been processed in violation of data protection law, you can contact the data protection officer of A-ROSA Flussschiff GmbH in line with Article 38 (3) GDPR (see the ‘Data Protection Officer’ section for contact details), or the competent supervisory authority in line with Article 77 (1) GDPR. The supervisory authority responsible for A-ROSA Flussschiff GmbH is: 

The Commissioner for Data Protection and Freedom of Information of the Federal State of Mecklenburg-Vorpommern

Werderstraße 74a
19055 Schwerin
Germany
Phone: +49 385 59494 0
Fax: +49 385 59494 58
Email: info@datenschutz-mv.de

Website: www.datenschutz-mv.de; www.informationsfreiheit-mv.de