Protecting your privacy and personal data is a top priority for A-ROSA Flussschiff GmbH, and in our internet activities we are very careful in this regard. We collect, process and use personal data in accordance with applicable data protection laws, including particularly the GENERAL DATA PROTECTION REGULATION (GDPR), the German Telemedia Act (TMG) and the German Telecommunications Act (TKG).
We implement technical and organisational security measures in order to optimally protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. These security measures are upgraded on an ongoing basis to keep up with technological advancements.
Personal data are the object of data protection measures. Data is personal if it is referenceable to an identified or identifiable person. This includes such information as name, address, e-mail address and telephone number. Sensitive data (such as health data) are subject to special protections. Information not directly related to your actual identity (such as favourite websites or number of page users) is not covered.
Within the meaning of the GDPR, all information relating to an identified or identifiable natural person is personal data. A natural person is deemed identifiable if the person can be directly or indirectly identified, particularly by means of referencing such identifiers as name, ID number, location data, username or one or more special attributes which characterise the physical, physiological, genetic, mental, financial, cultural or social identity of that natural person. Personal data are only stored as necessary to provide the booked services, comply with legal requirements or fulfil the purposes stated below.
Other than in the cases outlined under Automated Collection and Processing of Data of Visitors to our Websites, data collection and data processing are only allowed if you voluntarily provide your personal data. This applies in particular to the following situations:
Personal data provided during registration and/or booking is collected, processed and used for the purposes of fulfilling travel contracts, utilising services on our website, providing customer service and complying with legal obligations. Such data include information provided for ship manifests and customer satisfaction surveys. In accordance with applicable laws, such data are generally only collected for the purpose of providing the services you wish to receive or require. Any other information we request on our forms is provided by you on a strictly voluntary basis, and is designated as voluntary.
These personal data are forwarded to our service providers for travel contract fulfilment. When booking a cruise, the personal data of persons travelling with you may also be collected. We therefore request that you ensure that such data are provided with the consent of the persons travelling with you. Personal data of children and other minors (under the age of 18) are collected, stored and used solely for travel contract fulfilment.
The legal basis for personal data processed pursuant to our obtaining the consent of the data subject is Article 6 (1) a) of the EU General Data Protection Regulation (GDPR).
The legal basis for processing of personal data necessary for the performance of a contract to which the data subject is a party is Article 6 (1) b) GDPR. This also applies to processing performed to enable pre-contractual actions.
The transfer of your personal data occurs exclusively in compliance with applicable laws, including particularly data protection and competition laws.
As necessary for the performance of the contractual services or fulfilment of our legal obligations, your data may also be transferred to sub-contractors or service providers for the provision of services in our name or on our behalf (technical processing of postal and e-mail dispatch, payment processing, customer service, etc.). Data are also transferred to persons or companies in order to process your order or booking, including particularly to airlines for travel services, other tour operators, hotels, travel agencies, destination agencies and government agencies, among other parties.
We only transfer data to third parties as necessary for the provision and billing of travel services (such as transferring travel contract data to A-ROSA Reederei GmbH in Switzerland or ship manifest data to port authorities). Any data transferred to service providers of A-ROSA Flussschiff GmbH are subject to the contractual data protection terms of A-ROSA Flussschiff GmbH in addition to the statutory provisions of compulsory applicability. Personal data are only collected and transferred to government institutions and authorities in accordance with compulsory legal provisions.
As necessary for the fulfilment of travel contracts we may also transfer your data to non-EU recipients if we are able to ensure that the data recipient guarantees an adequate level of data protection and there are no other legitimate interests against the transfer of data. In particular, we utilise the model contracts of the EU Commission for the transfer of personal data to third countries in order to ensure that the data recipient affords an adequate level of protection.
The transfer of data to A-ROSA Reederei GmbH in Switzerland, which is responsible for the operational aspects of your travel, is necessary for the fulfilment of travel contracts. The basis for data transfer to Switzerland is an adequacy decision. Switzerland provides an adequate level of protection, and does not require any special authorisation for data transfer.
Data are deleted in accordance with retention obligations and periods applicable for the specific processing purposes. Financial accounting and reporting data for a concluded financial year are deleted after a maximum period of 10 years in accordance with legal requirements (tax law) unless a longer retention period is required pursuant to regulations or for legitimate reasons. Manifest data are deleted 2 years after the conclusion of travel (EU Package Travel Directive).
A-ROSA Flussschiff GmbH has implemented the necessary technical and organisational measures to protect your personal data against manipulation, loss, destruction or access by unauthorised persons, to protect your rights and to comply with applicable data protection laws of the EU and the Federal Republic of Germany. The measures taken are designed to ensure the confidentiality and integrity of your data and the long-term availability and reliability of our systems and services in processing your data. In addition, these measures are designed to ensure the rapid restorability of data to a state of availability and accessibility in the event of a physical or technical incident.
All of our employees and all persons involved in data processing are obliged to comply with the GDPR and other data protection laws and to comply with rules governing the confidential handling of personal data. Our employees are trained accordingly. Internal and external audits are conducted to ensure that all data protection-relevant processes at A-ROSA Flussschiff GmbH are compliant.
Our security measures include the encryption of your data. Transport Layer Security (HTTPS) is utilised for encryption of your data in transfer to us. All data you enter online are transmitted via an encrypted transmission path which ensures that they can at no point in time be viewed by unauthorised third parties.
The data processing and security measures we employ are constantly being improved in line with technological advancements.
If you wish to receive our newsletter and register for it, we need to have a functioning e-mail address referenceable to you which allows us to verify that you are the owner of the given e-mail address. In addition to your e-mail address, the data we collect include your form of address, first name and surname. This information is used to personalise the salutation of the recipient.
Consent to saving of your e-mail address and other personal data provided by you (form of address, first name, surname) and to use thereof to send out the newsletter may be withdrawn at any time with non-retrospective effect.
Registration for our newsletter involves a ‘double opt-in’ procedure. This means you receive an e-mail after registration requesting you to confirm your registration. This confirmation is necessary to eliminate the possibility of anyone registering from a different e-mail address.
Newsletter registrations are logged to document that the registration process accords with the legal requirements. This involves saving of the time of login and confirmation and of your IP address. Changes to your stored data are also logged.
To process your registration to receive the newsletter we collect technical information including data about the browser and system you are using, your IP address and the time of retrieval. These data are utilised to improve the technical performance of services based on technical data or target groups and their reading habits, based on location of retrieval (determinable via the IP address) and access times.
Statistical data gathered include determination of whether the newsletter is opened, when it is opened and which links are clicked on. For technical reasons, this information is referenceable to individual newsletter recipients. It is not our interest however to monitor individual users. Rather, analysis is performed to enable us to identify the reading habits of our users, adapt our content to their needs and send differing content based on the interests of our users.
As required under the General Data Protection Regulation (GDPR), which enters into force on 25 May 2018, we are informing you that the basis for consent to the sending of e-mail addresses is Articles 6 (1) a), 7 GDPR and Section 7 (2) no. 3 and (3) of the German Unfair Competition Act (UWG). Statistical data gathering and analysis and logging of the registration procedure are performed on the basis of our legitimate interests in line with Article 6 (1) f) GDPR. Our interest is in deploying a user-friendly and secure newsletter system which both serves our business interests and meets the expectations of our users.
You can unsubscribe from the newsletter at any time, i.e. revoke your consent to use of your data for that purpose. This means your consent to newsletter dispatch and to related statistical analysis is revoked. Unfortunately it is not possible to separately revoke your consent to sending of the newsletter and to statistical analysis.
If you no longer wish to receive our newsletter, click on the link "Unsubscribe from the newsletter" which appears at the end of every newsletter we send out.
If you have booked a trip with A-ROSA Flussschiff GmbH or are interested in booking a trip, we utilise your postal address to send you product information and individually optimised travel offers. You can object to the use of your postal address for advertising purposes at any time as outlined in the aforementioned section of this data protection policy (Right to Information, Correction, Deletion and Restriction, Rights of Objection and Revocation).
Our website contains links to social networks (Facebook, Google Plus, Twitter, Instagram, XING, YouTube, Pinterest, etc.). These social networks are exclusively operated by third parties. If you follow the corresponding links, data may be transmitted to these third parties (but no personal data within the meaning of the GDPR). Please see the data privacy policies of the respective operators for information regarding the purpose and scope of data collection by the social networks, further processing of and use of your data by those networks, your relevant rights and the settings you can configure to protect your privacy.
We also use social media to present our company to users and facilitate communication with them.
When visiting these social media pages, it may occur that user data is processed outside the European Union. In general, German and/or European data protection legislation is not valid in these jurisdictions. This can make it more difficult to exercise your rights. US providers with Privacy Shield certification have undertaken to comply with EU data protection standards.
The data collected from social media users is normally processed for market research and advertising purposes. The content retrieved can be used to set up user profiles that are in turn used to display advertisements both on and off social media that are intended to match the user's interests. This process is usually facilitated by cookies stored on the user's computer.
However, providers can also use other methods to store data collected from social media users, particularly if these users are registered with and logged into the respective social media platforms.
The user's personal data is processed on the basis of Art. 6(1) lit. f GDPR. As the operator of a social media page, we have a legitimate interest in communicating with users and ensuring that they receive information in an efficient manner. If the user has agreed to the processing of their data – for example by clicking on a check box – the legal basis for processing this data is Art. 6(1) lit. a, Art. 7 GDPR.
Additional information about data processing and opt-out possibilities is available from the respective providers, who are listed below.
Requests for information and communications relating to the exercise of other user rights are best directed to the providers themselves. This is because they are the only parties with access to all user data and are thus the only ones able to provide the desired information or initiate the relevant measures.
– Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Privacy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com/de/praferenzmanagement/, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Activ.
– Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated?hl=de, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
This website contains content from third-party providers. This content is provided by Google Inc ("the Provider").
YouTube is operated by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).
The advanced privacy setting is enabled for YouTube videos that are embedded on our website. This means that no data of website visitors are collected and stored by YouTube unless such a video is played.
When you visit our websites, we collect the data necessary to enable your usage of the site (usage data). These include your IP address and data about the start and end points of your usage of the website and why you are using the website and potentially certain identification data (such as your login data if you log in to a secure area). These data are required to provide services and design services to meet user needs. These data are deleted if and when you revoke consent to processing. See below regarding the processing of pseudonymous user profiles.
End customers (consumers) can utilise the A-ROSA website to find out about offers of A-ROSA Flussschiff GmbH, directly book travel, order additional cruise services and transmit data. The booking, reservation and transmission of data are only possible if the necessary personal data are entered.
Information on the website is made available publicly in the form of text, images, video and downloads with no data entry required.
A-ROSA Website: https://www.a-rosa.de/en/river-cruises/index.html
In addition, customer club members can make use of the A-ROSA Club area after logging in. This requires providing personal data for registration.
Travel agencies can utilise the A-ROSA extranet to find out about offers of A-ROSA Flussschiff GmbH and make direct bookings for their customers.
Travel agencies receive login credentials after successful registration which must be used to take advantage of the additional functionalities of the A-ROSA extranet.
Information on the A-ROSA extranet is made available to travel agencies in the form of text, images, video and downloads; data entry is required in some cases.
A-ROSA extranet: https://www.a-rosa.de/a-rosa-extranet.html
The entire A-ROSA website is encrypted.
The A-ROSA BLOG contains information on A-ROSA cruises, travel photos and special cruise offers. This content is freely accessible to the public in the form of text, images and video.
A-ROSA BLOG (german): https://blog.a-rosa.de/kreuzfahrt-blog/
The entire A-ROSA BLOG is encrypted.
The KURS A-ROSA website is an exclusive online series of training units for travel agents for enhancing their A-ROSA sales knowledge. Registration is required to utilise all course functionalities.
Kurs A-ROSA (german): https://www.kurs.a-rosa.de
The entire KURS A-ROSA website is encrypted.
You can disable the storage of cookies via your browser configurations and delete them from your hard drive at any time. Please be advised that only limited use of our offers on the website is possible without cookies. In particular, it is not at all possible to book travel without cookies, as these are required to verify booking data.
You can however prevent certain cookies (e.g. third-party cookies) from being placed via your browser settings, for example if you wish to prevent web tracking. See the Help function of your browser for more detailed information.
The cookie storage period is 60 days.
Browsers differ as to how to configure cookie settings. The procedure for changing your cookie settings is outlined in the Help menu of every browser. These can be found for the respective browsers via the following links:
An explanation is provided below of how to notify the individual service providers of your objection to web tracking.
This website utilises Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics employs cookies (see ‘Cookies’) to enable analysis of website usage. The information generated by the cookie about the use of this website is generally transmitted to a Google server in the USA, where it is then stored. However, your IP address is truncated and anonymised by Google within member states of the European Union and other countries party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide for the website operator further services connected to the website use and the Internet use. The IP address transmitted by your browser as part of Google Analytics shall not be combined with other Google data.
You can prevent the storage of cookies by configuring your browser software accordingly (see ‘Cookies’) or utilising a privacy plug-in. You can also prevent recorded data generated by the cookie concerning your use of the website (including your IP address) from being sent to Google and the processing of these data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can prevent collection by Google Analytics by placing an ‘opt-out cookie’ on your computer. For more information about data protection and Google Analytics, see: https://www.google.com/intl/en/policies/.
We utilise Google Analytics for statistical analysis of data derived from the Google AdWords service. This enables us to analyse behaviour after a user clicks on our ad – whether the user purchased our product or viewed the ad from a mobile phone, for example – and thereby improve our offers. These services are also utilised so that you receive interest-based advertising. If you are opposed to this, you can disable the functionality via the Google Ads Settings: http://www.google.com/settings/ads/onweb/?hl=en
We utilise the Intercom service as a live chat tool for handling your enquiries and providing information. You can use this enhancement of our offer to contact us and then receive any information you require via the communication channel of your preference. When you use the live chat tool to contact us, the data you voluntarily enter there (e.g. name, e-mail address, message, company name, phone no.) are stored by our service provider and we process these data solely for the purpose of responding to your enquiry, after which the data are deleted. Tracking technology also allows determination of the location of the user. For information on data protection at Intercom see: docs.intercom.io/privacy. You can read the Intercom terms and policies here: https://www.intercom.com/terms-and-policies
You can request information about which personal data of yours is stored by A-ROSA Flussschiff GmbH at any time and free of charge, as well as the correction, restriction and deletion of these data if the legal conditions for such are met. You can exercise your right of objection in the aforementioned cases and if you receive marketing communications from A-ROSA Flussschiff GmbH. You can revoke any consent granted per data protection law at any time with non-retrospective effect.
Pursuant to Article 15 GDPR, data subjects have the right to obtain information from a processor about which personal data of theirs is stored by that processor.
If a data subject finds that his/her personal data on file are incorrect, these data must be corrected pursuant to Article 16 GDPR.
Right to deletion ("right to be forgotten")
Data subjects have the right pursuant to Article 17 GDPR to request the deletion of their data. Deletion is only permitted however after any statutory retention periods have elapsed.
You may have the right to restrict data from processing pursuant to Article 18 GDPR under certain circumstances (such as if you as the data subject disagree with the data processor as to whether data stored are correct).
Pursuant to Article 21 GDPR, you may object to the processing of your personal data at any time with non-retrospective effect. Please note that if you file an objection with respect to mandatory data required for the use of our offer, you will no longer be able to use the offer.
You enjoy a right to data portability under Article 20 GDPR in certain processing cases if the data were collected on the basis of consent or for performance of a contract.
To exercise your rights as data subject, please contact A-ROSA Flussschiff GmbH and/or the data protection officer of A-ROSA Flussschiff GmbH either in person or in writing.
If you believe that your personal data have been processed in violation of data protection law, you can contact the data protection officer of A-ROSA Flussschiff GmbH in line with Article 38 (3) GDPR (see the ‘Data Protection Officer’ section for contact details), or the competent supervisory authority in line with Article 77 (1) GDPR. The supervisory authority responsible for A-ROSA Flussschiff GmbH is:
The Commissioner for Data Protection and Freedom of Information of the Federal State of Mecklenburg-Vorpommern
Phone: +49 385 59494 0; Fax: +49 385 59494 58
A-ROSA Flussschiff GmbH
Phone: +49 381 440 40 100
Managing director: Jörg Eichler
Data protection officer:
The external data protection officer of A-ROSA Flussschiff GmbH is Mr Gunar Laaser (Laaser Consulting)