What types of personal data we collect
When you register for any of our services, request information, buy our products online or by telephone or, in a limited way, browse our websites, we will collect and store your information as required:
- Your personal details, including your email address, current postal address and phone number
- Where applicable, your account login details e.g. your username and password
- Where applicable, passenger information, such as passport details, date of birth and insurance details
- Where applicable and with explicit consent, special requests such as, but not limited to, dietary and disability requirements
- Audio recordings of your voice when you make a telephone call to us and when we call you
- Payment details
- Information about your browsing behaviour on our websites and mobile apps
- Information about your purchases or registrations, including what you bought, brochures and itinerates you have requested, when and how you made the purchase or requests
- Information about when and what you click on our website and on our adverts shown on other organisations' websites
- Information on how you access our digital services, including IP address, browser and operating system
- Information on your browsing preferences in relation to our website through use of cookies. Click here to see our cookie policy
- Data relating to your preferences in relation to selected third parties, such as when you contact us in relation to a Reader Offer
- Images and video recordings
When you contact us or we contact you or you take part in competitions, surveys or questionnaires about our services, we collect:
- The personal data you provide when you connect with us, through email, post, phone or social media, such as your name, username and contact details.
- Confirmation that you have opened or interacted with emails and other digital communications we send to you.
- Your feedback and contributions to customer surveys and questionnaires.
Other sources of personal data we use
- Specialist companies that supply information, and trusted partners
- Your insurance company, their agents and medical staff exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
- If you log-in using your social network credentials e.g. Facebook and Twitter, your personal details are shared with us according to the terms and conditions of the social network. This could include your name, email address, date of birth and location. You can manage what you share via social sign-in through the social network’s own preference centre.
- We use CCTV images collected in or around our premises.
Personal data you provide about other individuals
- Personal data about other individuals, such as those people on your booking.
- By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data is used by us.
- Should the other person not agree with you having access to their data, they will have to contact us directly to manage their part of any group booking.
How we use personal data
To provide the products and services you request
- We need to process your personal data so that we can provide you with services that you have requested from us so as to provide you with the products and services you want, such as brochures and to manage your booking. If you do not provide us with your personal data, this is likely to affect our ability to provide these services to you.
- To keep your information up to date we will use a third-party to check your data, for instance in the event Of the data subject being deceased, or if the data subject has moved postal address.
To manage and improve our products, services and day-to-day operations
- We use personal data to manage and improve our products, websites, mobile apps, operations and other services.
- We use personal data to respond to and to manage security operations, accidents or other similar incidents, including for medical and insurance purposes. We use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, IT systems, security, know-how and the way we communicate with you.
- We use CCTV images to help maintain the safety of anyone working in or visiting our premises, and for the prevention, detection and prosecution of criminal offences. We will rely on the images to establish, exercise or defend our legal rights.
- We use recordings of telephone conversations with you for staff training purposes and to improve our service and to manage and respond to any complaints.
To personalise your experience
- We want to ensure that communications relating to our products and services, including our marketing information and that of our partners, including online advertising, are relevant to you.
- To do this, we use your personal data, preferences, previous transactions and browsing behaviour to better understand you, and to try to predict what other products, services and information you might find the most relevant and interesting.
- We measure your responses to marketing communications relating to products and services we offer, which enables us to offer products and services that better meet the needs of our customers.
- If you do not want to receive a personalised service from us, you can change your preference by email, over the phone or in writing at any time. We will update our records as soon as we can. Please contact us at the following email address or phone number:
info@rivierarivercruises.com
888-838-8820
To make contact and interact with you
- In the event you contact us, for example by email, post, telephone or via social media, we use personal data to provide clarification or assistance to you.
- We process your personal data so that we can manage any competitions you choose to enter. For example, if you win a prize.
- From time to time we invite our loyal customers to take part in surveys, questionnaires and other market research activities carried out by us or by other organisations on our behalf and we will process your personal data in order to improve the service we provide to you.
- We combine the personal data we collect across different sources, digital and offline, in order to provide you with relevant service and marketing communications (including online advertising relevant to your interests).
Marketing information and business to business activities
- With your permission or based on a valid soft opt-in legitimate interest assessment, we may send you relevant information from time to time about our products and services, such as new product launches. This includes our email newsletter. We will also keep you informed by post by using our legitimate business interest.
- We may share your personal data with relevant providers of reader offers, published online, in newspapers and magazines, (including their third parties), where you have either consented to this of there is a relevant soft opt-in for this processing activity
- When you request a brochure, book or create an account with us we will ask if you would like to receive marketing communications. You can change your contact preferences at any time by email, phone, in writing or by clicking the unsubscribe link that you will find on all our emails. This is entirely your choice, but this will prevent you from receiving content or marketing information that we hope is of interest to you. You may still receive service-related communications from us that provide important information about the use of our products and service, e.g., booking confirmations.
- So that we can improve our products and services, we like to hear your views, so from time to time we will contact you for market research purposes. You always have the choice about whether to take part in our market research.
- To change your contact preferences please contact us at:
info@rivierarivercruises.com, 888-838-8820
How we share your personal data
International data transfers
We will only carry out international data transfers of your personal data to a country outside of the UK where the recipient is compliant with UK data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data transfer agreement, incorporating the international data transfer agreements / addendums (as appropriate), current standard contractual clauses adopted by the European Commission for the transfer of personal data
- Such other international transfer safeguard mechanism as detailed within the UK General Data Protection Regulation
- Where a derogation applies, such as where the transfer is necessary for the performance of a contract between us
We may also undertake a transfer
- where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract
- where you have expressly consented to the data transfer, for example, if you go on a holiday with us, the hotel needs to know who you are. If you take out an insurance policy provided by a third party, they will need your details in order to administer the policy, verify the quote given to you and process any claims. For further details about how your insurer handles your information, please see their Privacy Notice which can be found on their website. See your policy schedule documentation for your insurer contact details.
We may also undertake a transfer:
- where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract
- where you have expressly consented to the data transfer.
With suppliers and partners, such as airlines, hotels, railways, shipping vessels, and other suppliers of service for your contract with us.
- In order to provide products or services requested by you we share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies. We use Easyjet as one of our airline suppliers. Easyjet's group booking facility is used to reserve flights for specific departures. While each customer will be provided with individual boarding passes as part of your travel documentation, the information contained on boarding passes for all clients on the same departure will be accessible for view via Easyjet's website using the booking reference provided by all customers on that group booking, this includes your full name and passport number.
- We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services.
- When we share personal data with other reputable service providers it is conducted under contractual agreements where we require them to keep it safe, and we do not allow them to use your personal data for their own purposes including marketing.
- We only share the minimum personal data that enable our suppliers and partners to provide their services to you and us.
- On occasion, we need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.
- In the event that we enter into negotiations to sell or transfer any of our businesses or any of our rights or obligations under any agreement we have with you we will share your personal data with that organisation as necessary. If the transfer or sale goes ahead, the organisation receiving your personal data can use your data in the same way as us.
With regulatory authorities
- So that you can travel, it is sometimes mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
- Some countries will only permit travel if your advance passenger data is provided. These requirements differ depending on your destination and you are advised to check. Even if not mandatory, we assist where appropriate.
- We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.
Legal basis for processing personal data
Where you have entered into a contract with us, failure to provide personal data may mean that we are unable to properly implement the contract and that you are unable to exercise certain contractual rights.
We will only collect and use your personal data if at least one of the following conditions applies:
- We have your consent, e.g. you have opted in when ordering a brochure, which you can withdraw at any time
- It is necessary for a contract with you or to take steps at your request prior to entering into a contract, e.g. to complete a booking
- It is necessary for us to comply with a legal obligation, e.g. to meet the entry requirements of the country you are visiting
- It is necessary to protect the vital interests of you or another individual, e.g. the exchange of personal data with your insurance company and medical staff in an emergency situation
- It is in the public interest, or we have official authority, e.g. to respond to and manage security operations
-
Where we have a legitimate interest, including personalised direct marketing offers, digital feedback (for instance Reevoo, Trustpilot and FeeFo), welcome home surveys and potential follow up telephone calls, telephone call recordings, marketing profiling, data management services, data cleansing, sending you vouchers, magazines and offers for an extension of your holiday, hospitality activities, including customer special occasions and communications following a first booking.
Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if this complies with data protection law. This will include but is not limited to:
- We have your explicit consent
- It is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent
- It is necessary to establish, exercise or defend legal claims
- It is necessary for reasons of substantial public interest
How we protect your personal data
We take our responsibility to protect and manage your personal data very seriously and we use appropriate technical tools to manage and secure your personal data.
Technical Measures
- We take appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access when it is being transmitted, stored or otherwise processed. Where you have been provided or chosen usernames and passwords for restricted areas of the websites, e.g. our Managing My Booking area, you are responsible for keeping this information confidential.
- Where applicable, and to fulfil the requirements of your holiday, we need to share your data with companies situated outside the UK. Your personal data will be securely transferred from us or to one of our reputable service providers who store and process this information outside the UK / EEA. Only the minimal amount of personal data required for a processing activity will be transferred and we can assure you that we have taken all appropriate steps to ensure your data is handled securely. We have appropriate agreements in place with our suppliers. Please refer to our service providers for their privacy notices.
- Use of cookies - Cookies are small text files that are stored on your computer or mobile device. They can't harm your computer and don't store personally identifiable information such as credit card details but help us to provide features and functionality on our websites and mobile apps that we use to improve your customer experience. Please see our cookie notice for further information.
- Use of Analytics - When you visit our website, we use a third-party service, Google Analytics, to collect information and details of user browsing patterns and habits. We do this to monitor visits to various areas of our website. We also use this software to assign a unique Google Analytics ID to each user to provide a more personalised experience on our website. This software enables us to link your IP address to your browsing on our website and to tailor your browsing experience. Please see Google's privacy policy for further information on Google Analytics.
- Links from our website to other organisations, and social media - Our websites or mobile apps contain links to websites operated by other organisations. They will have their own privacy notices so please make sure you read their privacy notice carefully before providing any personal data as we do not accept any responsibility or liability for websites of other organisations. Our websites or mobile apps contain social media features such as Trip Advisor, Facebook and Twitter that have their own privacy notices. Please make sure you read their privacy notices carefully before providing any personal data as we do not accept any responsibility or liability for these features.
How long do we keep your personal data for?
We will retain your personal data for as long as it is necessary for the uses set out in this privacy notice and no longer than necessary in order to meet our legal and regulatory requirements / best practice. After this period, we will securely erase personal data or take appropriate measures to anonymise it.
How to access and update your personal data, make requests and complaints
There may be limits to some of your rights in relation to your personal data, for example your right to erasure. Where this is the case, we will inform you of the extent we can comply with your requests and detail our reasons why. More information can be found by visiting the ICO's website https://ico.org.uk/
1. You have the right to request access to your personal data
You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data
2. You have the right to ask us to rectify your personal data
You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if you object to the way we process your personal data (see right 6 below).
3. You have the right to ask us to erase your personal data
You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if you object to the way we process your personal data (see right 6 below).
4. You have the right to ask us to restrict or block the processing of your personal data
You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don't need to use your personal data for the purpose we collected it for but you may require it to establish, exercise or defend legal claims.
5. You have the right to portability your personal data
You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you
6. You have the right to object to our processing of your personal data
You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
If you would like to make a request, please email or write to:
Data Protection Lead
Riviera River Cruises
715 Bayshore Drive,
Suite 904
Ft. Lauderdale, Florida 33304
info@rivierarivercruises.com
For your security, we can ask you to verify your identity before we can act on your request or complaint.
You can also contact the Data Protection Lead if you have a complaint about how we collect, store or use your personal data.
Alternatively, you can contact our data protection officer, RGDP LLP, using the email address info@rgdp.co.uk.
We aim to resolve all concerns and complaints but, if you are dissatisfied with our response, you may complain to the relevant national supervisory authority. In the UK, this is the Information Commissioner's Office, contactable via Information Commissioner's House, Wycliffe House, Water Lane, Wilmslow SK9 5AF; 0303 123 1113; or https://ico.org.uk/concerns
We have appointed GDPR Local, as our EU representative, who can be contacted by calling them +44 1772
217800.