We will only process your personal data in accordance with our policies (and any other information we give to you about how we process your personal data), and in accordance with the Data Protection Legislation.
For the purposes of the Site, the data controller in relation to your personal data is Viking River Cruises Inc. 5700 Canoga Ave #200, Woodland Hills, CA 91367, USA. Full contact details are provided below. The data controller is a legal terms used in the Data Protection Act 1998 (the “Act”) to signify the person who controls what do do with any given personal information.
For the purposes of this Policy:
“Personal Data” means information about an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; and “Processing” means the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, or any other use, of Personal Data.
We may collect Users’ Personal Data, and further Process those Personal Data, as set out below. Third parties may also provide Viking with Personal Data about Users. Such Personal Data will be Processed in accordance with this Policy.
COLLECTION OF PERSONAL DATA
Viking may collect Personal Data from Users or their devices when they: visit any Services, register to use any Services, use any Services, contact us by mail, email or any other means; or otherwise interact with us.
When a User visits the Site, their devices and browsers will automatically disclose certain information. The disclosed information may include a User’s browser characteristics, IP address, device operating system, language settings, dates and times of connecting to the Site and other technical communications information. Some of this information may constitute Personal Data. Viking may also collect information about your online activities over time and across third-party websites or services.
Viking may also collect any of the following types of Personal Data from Users, in the course of using the Site: contact information (e.g., name, address, email address, phone number, or social media details). If you access the services using your Facebook, Twitter or Google credentials, we may collect certain information such as your name, picture and email address. We will use all information available through Facebook, Twitter or Google in accordance with the Facebook, Twitter or Google policies respectively and your privacy settings in Facebook, Twitter or Google respectively. We may use your contact information to send you information about our Services when we feel such information is important. You may unsubscribe from these messages through your User account settings, although we reserve the right to contact you even if you unsubscribe if we believe it is necessary for connection with the Services, such as for account recovery purposes.
Viking may further collect any content that Users submit via the Site. Some of our Services may collect geolocation data. You may stop sharing this information by adjusting the location services’ settings of your mobile device.
We may receive a confirmation when you open an email from us.
We may collect statistical information about the use of the Services by unregistered and registered users. Some of this information is derived from Personal Data.
Users may refuse to supply Personal Data when using the Site and/or the Services, but doing so may prevent them from accessing the Services or certain features of the Services.
Viking may receive Personal Data about third parties from Users (for example, if third parties are identified in any communications sent from Users to Viking). Whenever Users make any such disclosures, Users must ensure that any affected third parties have consented to: (i) the disclosure of their Personal Data to Viking; and (ii) Viking’s further Processing of those Personal Data in accordance with this Policy. If Users cannot obtain such consent, Users must refrain from communicating the Personal Data of third parties to Viking.
PROCESS OF USERS’ PERSONAL DATA
Viking may Process Users’ Personal Data for the following purposes:
- to display the content of the Site and the Services and any customizations selected by the User;
- to support, enhance and improve the Site, the Services and our customer service;
- to verify the User’s identity;
- to respond to Users’ service requests and support needs;
- on an aggregate basis, to understand how Users collectively use the features of the Site and the Services;
- to administer content, promotions, surveys or other features of the Site and the Services;
- to show and send Users information and content relevant to their interests, for the purposes of lead generation;
- to send Users communications regarding administration of their accounts and the features of the Site or the Services;
- to notify Users of changes to the Site or the Services;
- to perform data analyses and other Processing (including trend analysis and financial analysis);
- to give effect to the User’s legal rights;
- to share interests and other relevant information between Users;
- to protect against fraud, identity theft, and other unlawful activity;
- to exercise legal rights or defend legal claims;
- to comply with applicable laws and regulations, relevant industry standards and our policies; and
- in any other way that we notify Users at the time of collection of their Personal Data.
TRANSFERS OF USERS’ PERSONAL DATA ABROAD
PROTECTION OF USERS’ PERSONAL DATA
Viking is committed to processing Users’ Personal Data securely. We adopt appropriate data Processing practices and appropriate technical and organisational security measures, to protect against unauthorised access, alteration, disclosure or destruction of Personal Data. Users are responsible for keeping their access credentials for the Services safe and confidential. Users should notify Viking promptly if they become aware of any misuse of their access credentials and immediately change their passwords. We provide an SSL secured communication channel, and all data transferred using this channel are encrypted and protected with appropriate digital signatures. However, Users should be aware that the Internet is not a secure environment for Personal Data. We cannot provide absolute assurances that Users’ Personal Data will be secure during transmission across the Internet. Any such transmission is entirely at Users’ own risk.
DISCLOSURE OF USERS’ PERSONAL DATA
Viking may disclose Users’ Personal Data to third parties in the following circumstances:
- We may share Users’ Personal Data with recipients within our corporate group, for the purposes of operating our business, operating the Site or the Services, for the purposes of lead generation, or otherwise for the purposes set out in this Policy.
- We may share Users’ Personal Data with recipients outside our corporate group, for the purposes of operating our business, operating the Site or the Services for the purposes of lead generation, or otherwise for the purposes set out in this Policy.
- We may use third-party service providers to help us operate our business, the Site or the Services or to administer activities on our behalf, such as sending out newsletters or we may share Users’ Personal Data with these third parties for the purposes set out in this Policy.
- We may share generic aggregated demographic information with our business partners, trusted affiliates and advertisers for the purposes outlined in this Policy. While we make all reasonable efforts to ensure that such information is anonymized, it is possible that Users’ Personal Data may be disclosed.
- Subject to obtaining appropriate consent, we may share Users’ Personal Data with our third party marketing partners, for direct marketing purposes. Users may withdraw their consent at any time, or object on legitimate grounds at any time to the Processing of their Personal Data, by contacting us via the Site or by using the contact information provided in this Policy. We will apply Users’ contact preferences going forward.
- If we sell, merge or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, liquidation or other restructuring), we may disclose Users’ Personal Data to the prospective seller or buyer, or their representatives, provided that we have first taken reasonable steps to ensure the security and confidentiality of such information.
- We also may disclose Users’ Personal Data: (i) in connection with any legal proceedings, or otherwise for the purposes of establishing, exercising or defending any legal rights; (ii) if required by applicable law, regulation or legal process; (iii) in response to requests by government agencies and law enforcement authorities; (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or material financial loss; or (v) for the purposes of investigating actual or alleged unlawful activity.
THIRD PARTY WEBSITES
Users may find hyperlinks or other content on the Services that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by third party websites linked to or from the Site or Services. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to the Site, is subject to that website’s own terms and policies.
UNSUBSCRIBING FROM MARKETING COMMUNICATIONS
From time to time, we, or our service providers, may contact Users via email or other electronic means, to provide information relating to products or services that may be of interest to those Users. If any User wishes to unsubscribe from receiving future communications, we include detailed unsubscribe instructions in each such communication. Alternatively, the User may use the unsubscribe features provided through the Services respectively. Please note that, in the event that a User unsubscribes from receiving communications relating to marketing or advertising, we may nevertheless continue to contact the User for the purposes of account administration, or as required by law.
THE USER’S RIGHTS
It is the responsibility of each User to ensure that their Personal Data held by Viking is complete, accurate and up-to-date. Subject to applicable law, users may have the right to access their Personal Data held by Viking, correct any errors in those Personal Data, an object on legitimate grounds to the Processing of those Personal Data, and/or request the deletion of those Personal Data. These rights may be exercised by sending a request to firstname.lastname@example.org
HOW TO CONTACT US
ACCEPTANCE OF THIS POLICY
REVISION TO THIS POLICY
OUR USE OF YOUR PERSONAL DATA
For as long as We have access to your personal data, We will use it for the following purposes, unless otherwise required as a result of You exercising Your data protection rights. We may use Your personal data for any of the following purposes, whether we obtained it directly from You (or someone you trust) or Your travel agent, or another source:
|(1) To provide You with Our services in accordance with Our contract with You, once you have completed a booking.||If you provide us with special category data: we will ask you for explicit consent, and it is likely that we will be unable to process this data without Your consent. For Your other personal data: processing by us, and by our Data Processors, will be necessary for Us to perform the contract with You.|
|(2) To process Your payment for Our services.||Our legitimate interest in obtaining payment before performing Our contract with You.|
(3) To provide You with information that You request from Us, or responding to Your enquiries made directly to us or via Your travel agent.
|Our legitimate interest in responding to Your requests and enquiries, e.g. by email, telephone, post or social media (or Your preferred one, if you tell us Your preferences).|
(4) To understand and identify Your requirements of Us, by building a profile about You and your preferences relevant to your interest in cruises.
(5) To send you solicited or unsolicited direct marketing (unless you ask us to stop), consisting of relevant information about future cruises and similar services that We provide, such as offers of goods and services, brochures, new products, forthcoming events, loyalty programmes, clubs or competitions from Us or Our group companies.
(6) To measure the effectiveness of our advertising and marketing to You.
If you are an existing customer: Our legitimate interest in staying in touch with you, as part of our after-cruise service and to seek repeat business.
If you are a prospective customer: Your consent for us to obtain your personal data and send unsolicited direct marketing to you.
We may send notifications by e.g. by email, telephone, post or social media (or Your preferred one, if you tell us Your preferences). You can stop the above notifications at any time by contacting data.protection@ vikingcruises.com.
(7) To ensure that features and content from the Website are available for You (if you choose to use them) and are presented in the most effective manner for You and for Your devices.
(8) To check and confirm that we carry out your instructions accurately, to enable us to review and improve our products, services and operations and develop new and changed products, services and operations.
|Our legitimate interest in providing products, services, choices, operations and Websites that meet the requirements of our existing and prospective customers.|
|(9) To carry out credit checking. services and operations and develop new and changed products, services and operations.||Our legitimate interest in assessing Your credit-worthiness before offering or committing to provide you with credit.|
|(10) To help us detect and take action against security breaches, fraud and other crimes, and other risks to Us.||Our legitimate interest in addressing security breaches, frauds and other crimes or risks that may affect our business.|
|(11) For us to take legal or administrative action, including to collect debts, resolve disputes with You, and to deal with regulators.||
In the case of personal data: Our legitimate interest in enforcing our contract with You and in resolving any disputes with You and in dealing with regulators.
In the case of special category data: as necessary for us to establish, exercise or defend legal claims.
|(12) To contact you by email.||
For prospective customers: Normally we will ask for your consent and will not contact you by email if you have specifically withheld or withdrawn Your consent to this. See above, “How We may contact You”.
For existing customers: It is lawful for us to contact You by email provided that We give you an easy method to unsubscribe.
You can stop Us contacting you by email at any time by contacting
|(13) To contact you by telephone||We will ask for your explicit consent, and will not contact you by telephone unless we have your consent, unless covered by legitimate interest.|
|(14) To transfer your personal data overseas (see below).||Normally we will ask for your explicit consent and may be unable to process Your personal data unless We have Your consent.|
|(15) To use other people’s personal data that You provide to Us.||Our legitimate interest in providing our service to you. We do ask you to ensure that you have the other people’s permission for you to share their personal data, and that you make them aware that you have shared it with Us for use as described in this Privacy Notice.|
DATA PROTECTION OFFICER
Our Data Protection Officer can be contacted at email@example.com.
INFORMATION WE COLLECT ABOUT YOU
We obtain your personal data from the following sources:
HOW LONG WE RETAIN YOUR PERSONAL DATA
We will hold Your personal data until we find your contact details are not current, or you can’t be reached after 6 months of trying, or we are notified that you are deceased, or you or a regulator ask Us to stop processing Your personal data.
YOUR RIGHTS UNDER THE DATA PROTECTION LEGISLATION:
(1) You have the right to access personal data that We hold about You. Your right of access can be exercised in accordance with the Data Protection Legislation. You can submit a data access request at any time. In order to do this, please contact Us at firstname.lastname@example.org.
(2) If You become aware of any inaccuracies in Your personal data which We process on Your behalf, You have a right to ask us to rectify the inaccuracies. On receiving Your request We will either fulfil it or explain why We have decided not to.
(3) To the extent that (a) We no longer need to use Your personal data (e.g. You no longer wish to receive marketing from Us, or You tell us that You no longer wish to go on cruises) for purposes described in our Notices, or (b) We rely on Your consent and You have withdrawn it, or (c) You object to our legitimate interests for using Your personal data and no exception applies to permit Us to keep using it, or (d) it is established that We did not have the lawful right to process Your personal data, or (e) the law requires us to erase Your personal data, You may ask us to erase Your personal data. If we erase Your personal data, Your ability to use our services will be affected, as described above.
(4) You have the right to ask Us not to process Your personal data for marketing purposes (including profiling). You may unsubscribe at any time by emailing Us directly at email@example.com.
(5) You have the right to object to Our processing of your personal data to the extent that (a) We use the personal data on grounds of Our legitimate interests and no exception applies to permit us to keep using it, or (b) We use it for direct marketing purposes, or (c) We use it for scientific or historical research purposes or statistical purposes and no exception applies to permit Us to keep using it.
(6) You have the right to ask us to restrict Our processing of your personal data to the extent that (a) You have questioned the accuracy of the personal data and We are still checking its accuracy, (b) it is established that We did not have the lawful right to process the personal data,
(c) We no longer need to use Your personal data for the purposes We collected or used it for but You need it to be preserved for the purposes of legal claims, or (d) You have exercised Your right to object to Our use of your personal data and no exception applies to permit us to keep using it.
(7) You have the right to request that We provide to You, or to another data controller on Your behalf, a copy of any of Your personal data which We process using automated means based on your consent, so that You may reuse such personal data for Your own purposes on alternative services.
(8) You have the right not to be subject to automated processing which significantly affects You, unless We need to carry out the automated decision-making to enter into or perform Our contract with You, or We are authorised by law to use the personal data for automated decision- making, or We have Your explicit consent.
(9) You have the right to complain to the Information Commissioner (http://www.ico.gov.uk/) if You have any concerns in respect of the handling of Your personal data by the Company.
If You would like to exercise any of the above rights, including to withdraw Your consent (where Our processing of Your personal information relies on Your consent), please contact Us at firstname.lastname@example.org.
OUR PROTECTION OF YOUR PERSONAL INFORMATION
We have taken reasonable steps to put in place appropriate security measures to protect Your personal data when it is processed by Us or on our behalf.
We do not accept any responsibility for the policies of third party Data Controllers, such as providers of search engines and social media services. Your use of such third parties, their websites and services is at Your own risk.
Please check the third parties’ Privacy Notices before You submit any personal data to them.
CHANGES TO PRIVACY NOTICE
We reserve the right to make changes to this Privacy Notice from time to time. If this Privacy Notice changes in any way, We will place an updated version on our Website. Regularly reviewing our Website ensures that You are always aware of what information We collect, how We use it and under what circumstances, if any, We will share it with other parties.
If You do not agree to the changes that we make from time to time, please tell us via email@example.com. If material changes are made to this Privacy Notice, We will notify You by placing a prominent notice on the Website.
YOUR COMMENTS ARE APPRECIATED
If You have any questions or comments regarding the Privacy Notice, You can send Us an email at firstname.lastname@example.org.