Main content
Data Protection

Data Protection

Privacy Policy

Overview

The protection of personal data and the responsible handling of information that you entrust us with are very important and are a priority for us. AIDA Cruises collects, processes, and utilizes personal data only in accordance with the statutory regulations. These are in particular the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (German BDSG). With this data protection declaration we are informing you how, to what extent and for what purposes we collect and process personal data during your use of this website (including our career portal). We also provide you with some basic information on data processing in case you book a trip or apply for job.

1. Data Controller in the Meaning of the Data Protection Law

AIDA Cruises - German Branch of Costa Crociere S.p.A.

Am Strande 3d, 18055 Rostock, Germany

Tel.: +49 (0)381/20 27 06 00, Fax: +49 (0)381/20 27 06 01

E-Mail: info@aida.de

2. Contact Details of the Data Protection Officer

E-Mail: datenschutz@aida.de

Postal address: AIDA Cruises, Betrieblicher Datenschutzbeauftragter, Am Strande 3d, 18055 Rostock

 

3. Processing of Personal Data

The subject of data protection are personal data. Data are personal if they can be allocated to a specific or identifiable person. This includes information such as name, address, email address and telephone number. Generally, this website can be used without your personal data being collected or processed. Your personal data is collected and processed if you voluntarily provide it. This in particular concerns the following situations:

3.1 Booking of a Cruise and Performance of the Contract

Personal data you provide when you register or book a cruise are collected and processed in order to manage the cruise as well as other travel related data which you enter via our travel portal MyAIDA or make available by other means (e.g. your contact details, information on the method of payment and the data for the ship´s manifest) are processed by us for the initiation and execution of the travel contract (see Art. 6(1)(b) EU GDPR). The performance of the contract also includes customer service and the use of services on our websites, such as the travel portal MyAIDA and – if you decide to use it – the AIDA Lounge.

We may also use the aforementioned data – except the data for the ship´s manifest – and other information that you voluntarily provide to us via this website or by other means (in particular opinion surveys and the evaluation of travel services) to improve our services and for market research. In this case, we pursue a legitimate interest (see Art. 6(1)(f) EU GDPR) or request your consent (see Art. 6(1)(a) EU GDPR).

When you book a cruise, we also collect personal data concerning your fellow travellers. We therefore kindly ask you to make sure that such data is provided with the consent of the persons concerned. Personal data concerning children or minors (under 18 years of age) are only collected and processed to perform travel services.

During check-in, the identification document is compared with the manifest data to ensure the accuracy of the information and to avoid delays in late entry. We also ask you to take a photo of you for access control. Legal basis are international agreements and entry requirements regarding controls in cross-border travel (SOLAS Convention or Directive 2010/65/EU), maritime law provisions on access control to ships (ISPS Code and Regulation (EC) No 725/2004) and related legal regulations for the examination of identification documents by carriers (e.g. Section 20(4) German PAuswG).

If you make use of services on board or within the scope of the trip, e.g. take part in excursions, we will process the data required for this in each case. If you require medical assistance, you will be informed separately about the related data processing.

During the cruise, our TV team may take photos or videos in public areas. We will announce in our daily program which events and excursions will be concerned (see the camera icon in the daily program). The photos and videos are taken with the guests’ consent and will be used as described in the terms and conditions and will be offered for sale to the guests concerned. You will find further information in our terms and conditions and will also receive a reminder as part of the materials provided at the start of the cruise. If you do not wish to be photographed or filmed by our TV team, please notify the TV team or other staff of AIDA Cruises.

We use video surveillance systems (CCTV) to ensure access control and public safety at various operating locations, including ships. Only public areas are monitored. The monitored areas are designated. The use of CCTV systems serves for access control, to protect the property of the guests, company and employees and for public safety. The use of video surveillance systems on board of ships also serves to prevent incidents, to support rescue measures and to generally maintain safety within the framework of maritime law. Video recordings are only evaluated by specially authorized persons, insofar as this is necessary for the aforementioned purposes and in accordance with labour and data protection law. Video recordings may be made or evaluated with the help of a security service (data processor). They are deleted after a defined storage period (no longer than 14 days for cameras onboard of ships), unless they are required to follow up specific incidents. In case recordings are required as evidence, the records may be passed on to competent authorities, courts or other parties involved in the procedure.

3.2 Marketing you may Object to

If you have booked a cruise with AIDA and have not objected to receiving advertising, we will use your e-mail address to inform you about our offers. We also use your postal address to send you product information and individually optimised travel offers in the event of a booking or if you take part in a competition organised by AIDA Cruises, provided you have not objected to this. You can object to the processing of your e-mail address and/or postal address for purposes of advertising at any time, as described in section 11 of this Privacy Policy and at the end of each newsletter.

3.3 Marketing to which you have consented (e.g. subscription to the e-mail newsletter)

In case you want to receive our newsletter and register for it, we require a working e-mail address assigned to you, which enables us to check that you are the owner of the e-mail address provided. The same applies if you give us permission to contact you by telephone for advertising purposes.

You may revoke your consent to the storage of your e-mail address or telephone number and other personal data provided by you and to their use for advertising purposes at any time with effect for the future (see Section 11).

3.4 Marketing through other brands of the Carnival Group

If we ask for your consent to receive advertising, we may also ask you to share your information with other members of the Carnival group of companies so that they can send you information about their cruise products and offers. These concerns the following companies, with the respective brands shown in brackets:

Carnival Corporation (Carnival Cruise Line)

Carnival PLC (P&O, Cunard, Princess Asia)

Costa Croceire S.p.A. (AIDA Cruises und Costa Cruises)

Holland America Line N.V., general partner of Cruiseport Curacao C.V. (Holland America Line and Seabourn)

Princess Cruise Lines, Ltd (Princess, Alaska, P&O Australia and Cunard)

SeaVacations Limited (CCL business in UK)

You can withdraw your consent to advertising by directly notifying the respective companies. You can also withdraw your consent by notifying AIDA Cruises (see Section 11), we will then forward your request to the company / companies concerned.

4. Processing of Personal Data via the Career Portal and for Job Applications

4.1 
Creating a Profile on Our Career Portal

In order to use our career portal for job applications, you can create your personal user account. In that case, we ask you to provide your personal details, contact data, and user data via the registration form. Mandatory fields are indicated with an asterisk.

To secure your profile, we ask you to provide a password (you can review the password rules by clicking on “Help”) and we also ask for a security question in order to be able to reset your password in case you should forget it.

The profile information will be stored by us to maintain and manage your account. It will be reduced to name and date of birth six months after the application process has ended. The account will automatically be deleted 2 years after your application, or if you decide to delete your account.

4.2 Applying for a Job

If you decide to apply for a position through our career portal and submit an application, we ask you to provide your personal details (in particular salutation, title, name, postal address, age, nationality), contact data (e-mail and mobile phone number) and information on your earliest availability for a position. This information is mandatory if you want to submit an application. Optionally, you may also choose to provide information on your desired salary or, in case you are available for a Skype interview, your Skype account.

To complete your application, you need to go to the “Your application” section to upload a CV and relevant certificates. In addition, you may choose to upload a correspondence letter and/or a photo.

If you want to provide us with any relevant links to websites in order to support your application and to enable us to learn more about you, you can also provide us with links, e.g. to your own website, your YouTube channel or your profile on XING, LinkedIn, Facebook or Instagram. We may then visit the indicated website and take the information into account in the application process.

Before you submit your application, you can view the summary of all the information provided by you by clicking on the “Summary” tab.

You can also apply for jobs via other means, e.g. by e-mail.

All of the above data provided by you for purposes of the application will exclusively be used for the application process. If your application is successful and we enter into an employment relationship with you, we will store your application data within your personnel file. Otherwise, we will delete the data six months after the end of the application process (unless you agree to become part of the applicant pool, see 4.3); only your name and date of birth are stored for up to two years to identify repeat applications in our legitimate interest.

You can also decide to tell us where you found out about our job offers, we will only use this information for internal administrative purposes in order to optimize our advertisements of open positions.

4.3 Video Interviews

In case you are available for interviews via Skype, you may also provide your Skype user account. Please note that the Skype service is offered by Microsoft Inc. and subject to their privacy notice. We will not record Skype interviews.

We may also invite you to a live and/or recorded video interview with a different provider (such as Cammio BV, Cammio B.V. in Voorschoten, Willem de Zwijgerlaan 68, 2252VS, The Netherlands). In that case, we will ask you to provide a separate consent to the data processing in the context of such interview.

It will not have any negative impact on your application if you are not available for a video interview.

4.4 Applicant pool

We offer you to include your application in our applicant pool with your consent. This may be helpful if we cannot currently offer you a position or none of our positions fits your profile. If you agree to add your application to the pool, as soon as a vacancy opens that would be suitable for you, we will contact you. We will store your information in our applicant pool for a maximum of twelve months.

You may withdraw your consent at any time with effect for the future by writing an e-mail to “career@aida.de”. In that case, your application will be deleted from the pool.

5. Automatic Collection and Processing of Data During the Use of this Website

When you visit our website, we present you with a “cookie-banner” to notify you that we use cookies and other tracking technologies in order to enhance your experience on our website and for the purposes of web analysis and targeted marketing. The related data processing is described in detail in this section 5. As notified in the cookie-banner, by continuing to use our website, you agree to the use of cookies and tracking technology as described in this section. You may decide at any time to limit or withdraw you consent; your options to do so are explained in detail below.

5.1 Data Processing to Enable the Use of the Website

When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any data for identification (e.g. your login data when you log into a secure area such as the MyAIDA travel portal or the AIDA Lounge). This also includes the technical data transmitted by your browser such as browser type, previously visited website (referrer URL), monitor resolution, etc. These data are used to provide and design the service as needed. They are always deleted as soon as they are no longer needed. For the processing of pseudonymous user profiles see section 5.3.

5.2 Cookies

When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are transferred between a webserver and your browser and are stored on your computer’s disk. This makes it possible to recognize you when you re-visit the website. This way, we can offer you better functionality of our website and, for example, avoid that you have to log in repeatedly, or allow us to carry out web analysis (see section 5.3).

There are different types of cookies. A distinction must be made between cookies set by the website operator when visiting a website ("first-party cookies") and cookies set by third-party providers ("third-party cookies"). We only have technical control over first-party cookies. Also, there are cookies that are stored on your computer only during your visit to our website ("session cookies") and cookies that are stored for a longer period. In particular, the following cookies are set on our website by us (first-party-cookies):

Name

Purpose

Storage Period

__sonar

Google DoubleClick: Stores the traffic source or the campaign via which the user reaches the website.

1 year

__utma

Google Analytics: Used to discern users and sessions.

2 years

__utmb

Google Analytics: Used to determine new sessions/visits.

30 minutes

__utmc

Google Analytics: Used to provide interoperability with the service Google Urchin.

Only for the session

__utmgacjtaca

Google Analytics

1 year

__utmz

Google Analytics: Stores the traffic source or the campaign via which the user reaches the website.

6 months

_ga

Google Analytics: Used to discern users.

2 years

_gac_UA-46228418-2

Google Analytics / Google Adwords: Contains campaign-related information on the user.

90 days

_gac_UA-XXXXX-X

90 days

_gat_UA-46228418-2

Google Analytics: Used to limit the frequency of requests.

1 minute

_gid

Google Analytics: Used to discern users.

1 day

_dc_gtm_UA-46228418-2

Google Tag Manager (see 5.3.3)

1 minute

_uetsid

Microsoft Bing Ads

30 minutes

_wyidfp

WyWy TV Tracking

1,5 years

AWSELB

Used to distribute user requests to different webservers (so-called Load Balancing).

only for the session

fe_typo_user

TYPO3: This is in particular used for user login to secure areas.

only for the session

LtpaToken

Used for user login to secure areas (Lightweight Third-Party Authentication).

only for the session

optimizelyBuckets

Webtesting and targeting by Optimizely (see 5.3)

10 years

optimizelySegments

10 years

OptimizelyOnce

1 year

OptimizelyEndUserID

10 years

REALPERSON_SESSION

Assigns an individual ID to the browser in order to deliver online-functionality for the duration of the session.

only for the session

__ar_v4

DoubleClick Display Advertising

4 years

mf_user

Mousetracking

2 months

 

Most browsers are configured to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out that a use of our offers on the website without cookies is only possible to a limited extent. In particular, it is not possible to book a trip without cookies, as these are necessary to check the booking data.

You can also use your browser to prevent the setting of certain cookies (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser's help function for more information. For more information about third-party cookies that are set or processed when you visit our website, please refer to section 5.3 and the Privacy Policies of the providers named there.

5.3 Pseudonymous Usage Profiles for Marketing and Market Research (Web Tracking and Analysis)

For the purposes of advertising and market research and to optimize the user experience of our website, AIDA uses web tracking technology. Respective data regarding the use of our website is stored in pseudonymous usage profiles (your IP address is stored in anonymized form). This way, we are able to improve our website and to better adjust the content to your needs. Usage profiles are also used for so-called retargeting. This enables us to place ads with interesting offers also on other websites that you visit. Pseudonymous usage profiles will not be (re-)combined with personal data.

You can object to the building of pseudonymous usage profiles. To this end, you can configure your browser so that it does not accept cookies (see section 5.2). You can also use a browser plugin to protect your privacy – e.g. AdBlock, Ghostery or NoScript (please note that AIDA Cruises is not endorsing any specific plugins). Some providers of tracking technology have joined advertising associations (see below for details), allowing users to centrally opt-out of receiving targeted online ads by any of the members of the respective association. You can find such multi-provider opt-out solutions here:

„European Interactive Digital Advertising Alliance“ (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/

„Digital Advertising Alliance“ (DAA): www.aboutads.info/choices/

„Network Advertising Initiative“ (NAI): http://www.networkadvertising.org/choices/

The following table lists the tracking technologies used on our website (which may include cookies in particular, see Section 5.2) and the respective providers who process usage data in pseudonymous profiles for the purposes stated in each case. In addition, the link to the provider's data protection declaration is provided and we explain to you how you can specifically deactivate or activate the web tracking by the individual service providers with effect for the future. As a rule, a special cookie is stored on your device to deactivate tracking, which excludes the collection of usage data from your device by the respective provider for the future; please note that you may have to re-set the cookie if you delete cookies from your computer.

Tool/Provider

Purpose

Link to the Provider's Data Protection Declaration / Link to Deactivate or Activate the Data Processing

adition: ADITION Technologies AG, Oststraße 55, 40211 Düsseldorf, Deutschland

Web analysis, interest-oriented advertising

https://www.adition.com/kontakt/datenschutz/

 

Deactivate or activate the tracking: see Privacy Policy or the website of EDAA

AdScale/BidSwitch:

IPONWEB, 16 Garrick Street, Covent Garden, WC2E 9BA London, Großbritannien

Web analysis, interest-oriented advertising

http://www.iponweb.com/privacy-policy/

 

Deactivate or activate the tracking: see Privacy Policy

 

adspirit: AdSpirit GmbH, Ebertstr. 2, 10117 Berlin

Web analysis, interest-oriented advertising

http://www.adspirit.de/datenschutz00.0.html

 

Deactivate or activate the tracking: see Privacy Policy)

 

AppNexus: AppNexus Inc., 28 W 23rd Street, 4th floor, New York, NY - 10010, USA

Web analysis, interest-oriented advertising

https://www.appnexus.com/en/company/platform-privacy-policy-de

 

Deactivate or activate the tracking: see Privacy Policy

 

Bing Ads: Microsoft (Contact for Data Protection questions: Microsoft Privacy, Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, Vereinigte Staaten)

Web analysis, interest-oriented advertising

https://privacy.microsoft.com/en-us/privacystatement/

 

Deactivate or activate the tracking: see this website or the website of EDAA

 

Criteo: Criteo SA, 32 Rue Blanche, 75009 Paris, Frankreich

Web analysis, interest-oriented advertising

http://www.criteo.com/privacy/full-privacy-text/

 

Deactivate or activate the tracking: see this website or the website of EDAA

 

Facebook Exchange (FBX) / Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, Vereinigte Staaten

Web analysis, interest-oriented advertising

https://www.facebook.com/privacy/explanation

Weitere Informationen zum Datenschutz

 

Deactivate or activate the tracking: see Privacy Policy

Index Exchange: Index Exchange, Contact: Designated Privacy Officer, Steve Sullivan, 74 Wingold Avenue, Toronto, Ontario, M6B 1P5, Vereinigte Staaten

Web analysis, interest-oriented advertising

http://indexexchange.com/privacy/

 

Deactivate or activate the tracking: see Privacy Policy or via the website of DAA or NAI

NEXELLENT/ Consentric:

Deutsche Post AG (Contact: Data Protection Officer, Gabriela Krader LL.M., Deutsche Post AG, 52350 Bonn)

 

intelliAd Media (Contact: Data Protection Officer, Michael Schunke, Sendlinger Str. 7, 80331 München)

Web analysis, interest-oriented advertising

https://www.deutschepost.de/de/c/nexellent.html

http://www.intelliad.de/datenschutzbestimmungen/

 

Deactivate or activate the tracking: see the two data protection policies mentioned above

OpenX: OpenX Technologies Inc. („OpenX“, Address for data protection inquiries: OpenX Technologies, Inc., Attention: Legal Department, 888 East Walnut Street, 2nd Fl, 91101 Pasadena/CA, Vereinigte Staaten)

Web analysis, interest-oriented advertising

http://openx.com/legal/privacypolicy/

 

Deactivate or activate the tracking: see Privacy Policy or the website of EDAA or DAA

Optimizely: Optimizely, Inc., 631 Howard Street, Suite 100, San Francisco, CA, 94105

Web analysis

https://www.optimizely.com/privacy/

 

Deactivate or activate the tracking: see the instructions under http://www.optimizely.com/opt_out

 

Note: We have activated IP anonymization for the use of Optimizely; your IP address will therefore be shortened before saving.

Pub Matic: PubMatic, Inc., Attn: Privacy, 305 Main Street, Suite 100, 94063 Redwood City/CA, Vereinigte Staaten

Web analysis, interest-oriented advertising

http://www.pubmatic.com/privacy-policy.php

 

Deactivate or activate the tracking: see Privacy Policy or via the website of DAA

PulsePoint: PulsePoint Inc., Address for data protection inquiries: Pulsepoint, Inc., Attn: PulsePoint Privacy Department, 20 Broad Street, 6th Floor, 10005 New York/NY, Vereinigte Staaten)

Web analysis, interest-oriented advertising

http://www.pulsepoint.com/privacy-policy.html

 

Deactivate or activate the tracking: see Privacy Policy or via the website of EDAA or DAA

SMART AdServer: SMART AdServer, 78 Avenue des Champs-Élysées, 75008 Paris, Frankreich

Web analysis, interest-oriented advertising

http://smartadserver.com/company/privacy-policy/

 

Deactivate or activate the tracking: see Privacy Policy or via the website of EDAA

Taboola: Taboola Inc., Address for data protection inquiries: Taboola, Inc., Attn: Privacy Policy, 28 West 23rd St., 5th fl., 10010 New York/NY, Vereinigte Staaten)

Web analysis, interest-oriented advertising

https://www.taboola.com/privacy-policy

 

Deactivate or activate the tracking: see Privacy Policy

Yahoo Ad Exchange: Right Media LLC, Address for data protection inquiries: Right Media, LLC, Attn: Yield Manager Privacy Questions, 701 First Avenue, 94089 Sunnyvale/CA, Vereinigte Staaten

Web analysis, interest-oriented advertising

https://policies.yahoo.com/us/en/yahoo/privacy/index.htm

 

Deactivate or activate the tracking: see Privacy Policy or via the website of EDAA

Yahoo Analytics: Yahoo (Address for data protection inquiries: Customer Care - Privacy Policy Issues, Yahoo! Inc., 701 First Avenue, 94089 Sunnyvale, CA, Vereinigte Staaten)

Web analysis

https://policies.yahoo.com/us/en/yahoo/privacy/index.htm

 

Deactivate or activate the tracking: see Privacy Policy or via the website of EDAA

Zanox: zanox Ltd, Stralauer Allee 2, 10245 Berlin

Web analysis, interest-oriented advertising

http://www.zanox.com/gb/about-zanox/privacy/

 

Deactivate or activate the tracking: see Privacy Policy

 

5.3.1 Google Analytics

Our website uses Google Analytics, a web analytics service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google Analytics uses cookies (see section 4.2) in order to analyse your use of this website. The information about your use of this website collected using cookies is usually transferred to and stored on servers of Google Inc. in the US. Prior to the transfer to the US, Google masks and thereby anonymizes your IP address within the territory of the EU or of EEA. Only in exceptional cases, the full IP address is sent to and masked by Google servers in the US. On behalf of the website provider Google will use this information to analyse your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not combine your IP address with any other data held by Google.

You may refuse to have cookies stored on your device by appropriately configuring your browser (see section 5.2) or by using a privacy plugin (see section 5.3). Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Further information on the data processing in the context of Google Analytics is available under: https://www.google.de/intl/de/policies/.

5.3.2 Google Double-Click (including Floodlight and Spotlight), Google AdWords Conversion, Google Dynamic Remarketing

We also use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. This way, in order to improve our services, we can analyse what happens after a user has clicked on one of our ads, e.g. whether a user has ordered a product or has viewed the ad from a mobile device. Furthermore, you will receive interest-based ads through these services. You can opt out of such interest-based ads via the Google Ads preferences pages: http://www.google.com/settings/ads/onweb/?hl=en.

DoubleClick places a cookie on your device to track your surf profile across webpages and to serve you interest-based ads. If you want to permanently opt out of this, you can download a plugin to deactivate this cookie under the following link: https://www.google.com/settings/u/0/ads/plugin?hl=en

5.3.3 Google Tag Manager

This website uses Google Tag Manager to manage website tags. A tag is a JavaScript snippet that can be used to send information from a website to a third party, in particular in the context of web tracking. The tool Google Tag Manager itself does not collect personal data. Rather, the tool triggers other tags that may collect data (such as the tag of Google Analytics). Google Tag Manager does not access such data. A deactivation on the domain level or cookie level will affect all tracking tags implemented via Google Tag Manager. This facilitates the implementation of an effective opt-out of web tracking.

6. Data Collection by Third Parties / Social Networks

Our Website contains links to social networks (such as Facebook, XING, Google Plus, LinkedIn, Twitter). These social networks are exclusively operated by third parties. If you follow these links, information may be transferred to these third parties. For information on the scope and purpose of the processing and use of data by these social networks and on your rights and options regarding the protection of your privacy, please refer to the privacy policy of the respective operator of the social network (for the operators listed above you will find the respective policies under the following links: Facebook, XING, Google Plus, LinkedIn, Twitter).

7. Transfer to Third Parties

We transfer the data mentioned in section 3.1 if this is necessary for the provision of the travel service, including invoicing, or if it is legally required within this framework (see Art. 6(1) lit. a and c EU GDPR). For example, we may pass on flight booking data to the respective airline (within the framework of the statutory passenger data requirements applicable to the respective destination country). In addition, we pass on the data from the ship manifest to the relevant authorities in the ports of call during your voyage; this is based on maritime law requirements (e.g. Directive 2010/65/EU and the SOLAS Convention). In this respect, the information for the ship manifest is generally necessary for the fulfilment of the contract; voluntary information is marked as such.

Within the scope of the purposes stated in sections 3.1-3.4, the data described there will also be passed on to service providers who work for us and in particular support us in providing our services (e.g. port agencies in the respective destinations and ports of call; as well as IT service providers). This includes our group-internal call center (AIDA Kundencenter GmbH, Am Strande 4, 18055 Rostock, Germany). The data described under section 4 is processed on our behalf by d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany, in order to offer the career portal functionality and to support our application process; data from CVs received for application purposes is temporarily processed on our behalf by Textkernel BV, Nieuwendammerkade 28/a17, 1022 AB, Amsterdam, The Netherlands. In addition to their legal obligation to comply with all data protection regulations, all service providers that have access to personal data are bound by us with further contractual regulations on data protection. This regularly includes a data processing agreement pursuant to Art. 28(3) EU GDPR.

In all other respects we transmit personal data to third parties only, if a legal permission exists or if you have agreed before. Any consent given can be withdrawn at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or following an official order or court decision and only insofar as this is permitted under data protection law.

8. Transfer of Data to non-EU/EEA Countries

If necessary for our purposes, we may also transfer your data to recipients outside the EU/EEA. This is particularly the case if we have to transmit this data within the scope of contract processing or due to legal regulations to consignees in ports or countries that are destinations within the scope of a journey booked by you (e.g. the manifest data to the local immigration authorities; passenger data to airlines for feeder flights). Apart from that, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the EU GDPR and there are no other interests worthy of protection that stand against the transfer of the data. To ensure an adequate level of protection for the recipient of the data, we use in particular the model contracts of the EU Commission for the transfer of personal data to third countries.

We do not transfer data outside of the EU/EEA for the purposes described under section 4. If you are located outside of the EU and want to apply for a crew position, we may however suggest you to apply via a local manning agency.

9. Deletion

Data from job applications will be deleted as described in section 4. The pseudonymous profiles created via Google Analytics (see 5.3.1) will automatically be deleted 38 months after the last piece of information has been added to the profile.

In general, we delete your personal data when it is no longer required for the purposes for which it has been collected and processed, unless there are statutory obligations to archive the data. Under German law, relevant archiving periods under tax and commercial law are six years (for business letters in any form) and 10 years (for information relevant for activities subject to tax accounting).

 

10. Data Security

AIDA Cruises has taken the necessary technical and organisational measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in the data processing are obliged to observe the EU GDPR and the German BDSG and other data protection legislation and are obliged to keep personal data confidential. Our employees receive respective training. Both internal and external audits ensure that all procedures relevant to data protection are observed at AIDA Cruises.

To protect your personal data, we use a secure online transmission protocol called “Secure Socket Layer” (SSL). You can see this by the fact that there is an “s” added to the URL part “http://” (making it “https://”) or by a green, closed lock icon shown in your browser. By clicking the lock icon, you will get information on the SSL certificate used. The appearance of the icon depends on the type and version of your browser. SSL-encryption ensures an encrypted and complete transmission of your data. The SSL connection used by us was certified for security and confidentiality by the company GeoTrust.

11. Your Rights


You may at any time and free of charge request information about the personal data stored by AIDA Cruises and - insofar as the legal requirements are met - the rectification, erasure and restriction of the processing of these data. If AIDA Cruises processes your data to pursue legitimate interests, in particular for advertising purposes, you may exercise your right of objection. Whether and to what extent these rights exist in individual cases and what conditions apply to them is governed by the law (until 25 May 2018 under the German BDSG, and from 25 May 2018 also under the EU GDPR). The EU GDPR also grants you a right to data portability under certain circumstances. If you have given your consent under data protection law, you can revoke this consent at any time with effect for the future.

For the exercise of these rights and for other questions regarding data protection, please contact our company data protection officer (see section 2). In order to process your request quickly, we recommend that you inform us of your surname, first name, date of birth and, if available, your e-mail address and, in the event of an objection, send us a copy of the advertising material after receipt of advertising.

You have also the right to lodge a complaint with a supervisory authority. However, if you have any questions or complaints about data protection at AIDA Cruises, we recommend that you first contact our data protection officer.

12. No automated individual decision-making

We do not use your personal data for automated individual decisions in the sense of Art. 22(1) EU GDPR.

13. Links to other websites

The AIDA Cruises website contains links to other websites. Please note that AIDA Cruises' privacy policy does not apply to these other websites.

14. Changes to this Data Protection Declaration

New legal requirements, business decisions or technical developments may require changes to our Privacy Policy. This Privacy Policy will then be updated. The most current version is always available on our website.

Last Update: Mai 2018