16. Notice to EU Subjects

In some regions, like the European Economic Area, you have specific rights that allow you more access and control over your personal information. These rights may include the right to request access and obtain a copy of your personal information, to request rectification or erasure; to restrict the processing of your personal information; and if applicable, to data portability. In certain cases, you may also have the right to object to the processing of your personal information. 

In case that we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.

If you are a resident in the European Economic Area and you believe we are processing your personal information unlawfully, at any time you have the right to complain to your local data protection supervisory authority. You can look up their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Personal Information. With respect to EU data subjects, “personal information,” as used in this Privacy Policy, is equivalent to “personal data” as defined in the European Union General Data Protection Regulation (GDPR).

Sensitive Data. Some of the information you provide us may constitute sensitive data as defined in the GDPR, including identification of your race or ethnicity on government-issued identification documents.

Legal Bases for Processing. Cruisewatch is required to collect certain information from its users, including some information that may be considered sensitive data, to comply with its obligations under applicable laws. We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal bases under which we process your personal information, contact us at [email protected].

 

16.1 Processing Purpose: To provide our service

Legal Basis: Our processing of your personal information is necessary to perform the contract governing our provision of the Cruisewatch service or to take steps that you request prior to signing up for the Service.

 

16.2 Processing Purpose: To communicate with you, to optimize our platform, for compliance, fraud prevention, and safety

Legal Basis: These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).

 

16.3 Processing Purpose: To comply with law

Legal Basis: We use your personal information to comply with applicable laws, including requirements for government-issued identification for purposes of international travel.

 

16.4 Processing Purpose: With your consent

Legal Basis: Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime in the manner indicated in the Service or by contact us at [email protected].

Use for New Purposes. We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.

Retention. We will only retain your personal information for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information you have provided, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your personal information (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.

Your Rights. Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.

  • Correct. Update or correct inaccuracies in your personal information.

  • Delete. Delete your personal information.

  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.

  • Restrict. Restrict the processing of your personal information.

  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to [email protected]. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected] or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer. Please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Privacy Policy by visiting our site or using our service. Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.