The protection of personal data and the responsible handling of information that you entrust us with are very important and are a priority for us. AIDA Cruises collects, processes, and utilizes personal data only in accordance with the statutory regulations. These are in particular the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (German BDSG). With this data protection declaration we are informing you how, to what extent and for what purposes we collect and process personal data during your use of this website (including our career portal). We also provide you with some basic information on data processing in case you book a trip or apply for job.
1. Data Controller in the Meaning of the Data Protection Law
AIDA Cruises - German Branch of Costa Crociere S.p.A.
Am Strande 3d, 18055 Rostock, Germany
Tel.: +31 (0)900 / 505 06 06
2. Contact Details of the Data Protection Officer
Postal address: AIDA Cruises, Betrieblicher Datenschutzbeauftragter, Am Strande 3d, 18055 Rostock
3. Processing of Personal Data
The subject of data protection are personal data. Data are personal if they can be allocated to a specific or identifiable person. This includes information such as name, address, email address and telephone number. Generally, this website can be used without your personal data being collected or processed. Your personal data is collected and processed if you voluntarily provide it. This in particular concerns the following situations:
3.1 Booking of a Cruise and Performance of the Contract
Collection of Your Data: Depending on the channel used for the booking, AIDA Cruises collects guest data either directly from the guests (if they are booking the cruise themselves), from the person booking the cruise (e.g. when booking via the website) or from a third party used for the booking (e.g. from a travel agency acting on behalf of the person booking the cruise).
Performance of the Contract: Personal data you provide when you register or book a cruise are collected and processed in order to manage the cruise as well as other travel related data which you enter via our travel portal MyAIDA or make available by other means (e.g. your contact details, information on the method of payment and the data for the ship´s manifest) are processed by us for the initiation and execution of the travel contract (see Art. 6(1)(b) EU GDPR). The performance of the contract also includes customer service and the use of services on our websites, such as the travel portal MyAIDA and – if you decide to use it – the AIDA Lounge.
Quality Control/Market Research: We may also use the aforementioned data – except the data for the ship´s manifest – and other information that you voluntarily provide to us via this website or by other means (in particular opinion surveys and the evaluation of travel services) to improve our services and for market research. In this case, we pursue a legitimate interest (see Art. 6(1)(f) EU GDPR) or request your consent (see Art. 6(1)(a) EU GDPR).
Information on Special Needs: We process information regarding special needs – e.g. a wheel-chair accessible room, dietary restrictions – that you may provide us with on the basis of your consent.
Fellow Travellers: When you book a cruise for more than one person, we also collect personal data concerning your fellow travellers. We therefore kindly ask you to make sure that such data is provided with the consent of the persons concerned. Personal data concerning children or minors (under 18 years of age) are only collected and processed to perform travel services.
Cruises Booked as a Gift: If you would like to book a cruise as a gift for someone else and surprise the recipient, please indicate this at the time of booking. We will then endeavour to inform the person concerned of the booking as late as possible. We would like to point out, however, that we must ensure that manifest data are collected and travel documents sent in good time in order to organise the cruise and that communication with the guests is required in good time before the start of the cruise. Contact may also be necessary in special cases such as route changes. Furthermore, AIDA Cruises is obliged to inform the person concerned that personal data has been collected within the framework of a booking in accordance with Art. 14 GDPR.
Parking Space: If you reserve a parking space via AIDA Cruises, the necessary data will be sent to the operator of the parking space. You will receive further information when you make your reservation.
Visas: For certain destinations it is necessary to apply for a visa in advance (see the AIDA website for details). As far as we support you with the application, we process the necessary data. If, for example, you require assistance in applying for an invitation letter as part of the visa procedure for Russia, we will send the necessary information (such as name and passport details) on the basis of the ship's manifest to the agency which handles the contact with the authorities.
Passport/ID Check: During check-in, the identification document is compared with the manifest data to ensure the accuracy of the information and to avoid delays during subsequent immigration and clearance procedures. We also ask you to take a photo of you for access control. Legal basis are international agreements and entry requirements regarding controls in cross-border travel (SOLAS Convention or Directive 2010/65/EU), maritime law provisions on access control to ships (ISPS Code and Regulation (EC) No 725/2004) and related legal regulations for the examination of identification documents by carriers (e.g. Section 20(4) German ID Card Act).
Check-in photo: A photo of you will be taken during check-in. This photo is used for checking in and out of the ship in accordance with the aforementioned regulations. The check-in photo is also used in the legitimate interest of AIDA Cruises and you to identify you on board when using your board card – especially when making purchases – and thus to prevent the misuse of board cards. The photo can also be used in exercises and emergencies to ensure that all passengers are present at the mustering stations. Only with your express consent will the check-in photo be used for facial recognition within the framework of the "Photo Kiosk" and used in order to be able to offer you those photos taken by the photo team during the trip on which you are pictured (see the sections "Audio and Video Recordings" and "Photo Kiosk").
Onboard Services; Excursions: If you make use of services on board or within the scope of the trip, e.g. take part in excursions, we will process the data required for this in each case. In some cases, it is necessary for tax reasons to pass on your name to the providers of transportation services for land excursions so that they can claim VAT exemptions from the responsible tax authorities; in these cases there is a legitimate interest in passing on the data so that we can offer you the service without VAT. If you require medical assistance, you will be informed separately about the related data processing.
Board Shop: Payment in the board shops is made by means of the board cards; settlement is made via the board invoice. On some ships, the board shops are operated by a concessionaire; in these cases, AIDA Cruises and the concessionaire jointly carry out the data processing associated with the payment and invoicing (Art. 26 DSGVO). This concerns the identification and payment by means of the board card via the POS system of the board shop provided by the concessionaire as well as the subsequent accounting via the booking systems of AIDA Cruises. You may exercise your rights with regard to your personal data against AIDA Cruises at the address indicated above (point 2). If necessary, your request will be forwarded to the concessionaire. If you address complaints about purchases from the board shop to AIDA Cruises, AIDA Cruises will forward these to the concessionaire if the concessionaire is responsible for the such complaints.
Art Purchases: Personal data from the receipts regarding purchases of art made on board are used to ship the purchased art (via the partner gallery, which can take up to 12 weeks). Furthermore, if you do not expressly object to this as described under item 11, we will retain this information for 5 years in order to send you individual offers regarding art and art travels.
Audio and Video Recordings: During the cruise, our TV team may take photos or videos in public areas. We will announce in our daily program which events and excursions will be concerned (see the camera icon in the daily program). The photos and videos are taken with the guests’ consent and will be used as described in the terms and conditions and will be offered for sale to the guests concerned. You will find further information in our terms and conditions and will also receive a reminder as part of the materials provided at the start of the cruise. If you do not wish to be photographed or filmed by our TV team, please notify the TV team or other staff of AIDA Cruises.
Photo Kiosk: The photos for sale can be purchased via an on-board photo kiosk system. To simplify the selection, you can voluntarily take a reference photo at the kiosk for automatic photo matching. The reference photo is stored in the photo kiosk for the duration of the trip and compared with the photos taken by the photo team on the basis of biometric procedures in order to be able to present you with the photos relevant to you. The reference photos, the biometric data generated on their basis and the photos not ordered are only stored on board and deleted after the end of the cruise. Photographs that are ordered will be stored for three months after the end of the cruise to process warranty claims. The taking of a reference photo is voluntary, a purchase of the travel photos is also possible without this procedure.
CCTV: We use video surveillance systems (CCTV) to ensure access control and public safety at various operating locations, including ships. Only public areas are monitored. The monitored areas are designated. The use of CCTV systems serves for access control, to protect the property of the guests, company and employees and for public safety. The use of video surveillance systems on board of ships also serves to prevent incidents, to support rescue measures and to generally maintain safety within the framework of maritime law. Video recordings are only evaluated by specially authorized persons, insofar as this is necessary for the aforementioned purposes and in accordance with labour and data protection law. Video recordings may be made or evaluated with the help of a security service (data processor). They are deleted after a defined storage period (no longer than 14 days for cameras onboard of ships), unless they are required to follow up specific incidents. In case recordings are required as evidence, and if there is a statutory duty to provide such records or a clear legitimate interest the records may be passed on to competent authorities, courts or other parties involved in the procedure.
3.2 Ship Visits
AIDA Cruises offers you the opportunity to discover cruise ships as part of a day visit. Here, too, the maritime safety regulations apply, including the regulations for the safety of port facilities. We therefore collect the necessary identification and manifest data (passport/ID card data, name, date of birth, nationality and sex) from all day visitors – be they guests, employees or their relatives, technicians or other third parties. This information is processed by the responsible employees on the ship and, if required by law, passed on to the relevant authorities (e.g. port authority, port master's office) and deleted after 30 days.
3.3 Purchase of Vouchers and Gifts for Third Parties
If you purchase vouchers or gifts for third parties that are to be personalized or delivered directly to the recipients, we may collect and process the email or postal address of the third party for this purpose in accordance with your order. In this case, please make sure that the recipient agrees to the use of his or her e-mail or postal address for this purpose.
3.4 Marketing You May Object To
3.5 Marketing to Which You Have Consented (e.g. Subscription to the E-mail Newsletter)
In case you want to receive our newsletter and register for it, we require a working e-mail address assigned to you, which enables us to check that you are the owner of the e-mail address provided. In order to address you correctly and personally, we ask your for salutation and name. Our newsletter offers are made to persons of 18 years of age and above, therefore we ask you to provide your age. The same applies if you give us permission to contact you by telephone for advertising purposes.
You may revoke your consent to the storage of your e-mail address or telephone number and other personal data provided by you and to their use for advertising purposes at any time with effect for the future (see Section 11).
3.6 Marketing Through Other Brands of the Carnival Group
If we ask for your consent to receive advertising, we may also ask you to share your information with other members of the Carnival group of companies so that they can send you information about their cruise products and offers. These concerns the following companies, with the respective brands shown in brackets:
Carnival Corporation (Carnival Cruise Line)
Carnival PLC (P&O, Cunard, Princess Asia)
Costa Croceire S.p.A. (AIDA Cruises und Costa Cruises)
Holland America Line N.V., general partner of Cruiseport Curacao C.V. (Holland America Line and Seabourn)
Princess Cruise Lines, Ltd (Princess, Alaska, P&O Australia and Cunard)
SeaVacations Limited (CCL business in UK)
You can withdraw your consent to advertising by directly notifying the respective companies. You can also withdraw your consent by notifying AIDA Cruises (see Section 11), we will then forward your request to the company / companies concerned.
4. Processing of Personal Data via the Career Portal and for Job Applications
4.1 Creating a Profile on Our Career Portal
In order to use our career portal for job applications, you can create your personal user account. In that case, we ask you to provide your personal details, contact data, and user data via the registration form. Mandatory fields are indicated with an asterisk.
To secure your profile, we ask you to provide a password (you can review the password rules by clicking on “Help”) and we also ask for a security question in order to be able to reset your password in case you should forget it.
The profile information will be stored by us to maintain and manage your account. It will be reduced to name and date of birth six months after the application process has ended. The account will automatically be deleted 2 years after your application, or if you decide to delete your account.
4.2 Applying for a Job
If you decide to apply for a position through our career portal and submit an application, we ask you to provide your personal details (in particular salutation, title, name, postal address, age, nationality), contact data (e-mail and mobile phone number) and information on your earliest availability for a position. This information is mandatory if you want to submit an application. Optionally, you may also choose to provide information on your desired salary or, in case you are available for a Skype interview, your Skype account.
To complete your application, you need to go to the “Your application” section to upload a CV and relevant certificates. In addition, you may choose to upload a correspondence letter and/or a photo.
If you want to provide us with any relevant links to websites in order to support your application and to enable us to learn more about you, you can also provide us with links, e.g. to your own website, your YouTube channel or your profile on XING, LinkedIn, Facebook or Instagram. We may then visit the indicated website and take the information into account in the application process.
Before you submit your application, you can view the summary of all the information provided by you by clicking on the “Summary” tab.
You can also apply for jobs via other means, e.g. by e-mail.
All of the above data provided by you for purposes of the application will exclusively be used for the application process. If your application is successful and we enter into an employment relationship with you, we will store your application data within your personnel file. Otherwise, we will delete the data six months after the end of the application process (unless you agree to become part of the applicant pool, see 4.3); only your name and date of birth are stored for up to two years to identify repeat applications in our legitimate interest.
You can also decide to tell us where you found out about our job offers, we will only use this information for internal administrative purposes in order to optimize our advertisements of open positions.
4.3 Video Interviews
In case you are available for interviews via Skype, you may also provide your Skype user account. Please note that the Skype service is offered by Microsoft Inc. and subject to their privacy notice. We will not record Skype interviews.
We may also invite you to a live and/or recorded video interview with a different provider (such as Cammio BV, Cammio B.V. in Voorschoten, Willem de Zwijgerlaan 68, 2252VS, The Netherlands). In that case, we will ask you to provide a separate consent to the data processing in the context of such interview.
It will not have any negative impact on your application if you are not available for a video interview.
4.4 Applicant pool
We offer you to include your application in our applicant pool with your consent. This may be helpful if we cannot currently offer you a position or none of our positions fits your profile. If you agree to add your application to the pool, as soon as a vacancy opens that would be suitable for you, we will contact you. We will store your information in our applicant pool for a maximum of twelve months.
You may withdraw your consent at any time with effect for the future by writing an e-mail to “email@example.com”. In that case, your application will be deleted from the pool.
5. Automatic Collection and Processing of Data During the Use of this Website
5.1 Data Processing to Enable the Use of the Website
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any data for identification (e.g. your login data when you log into a secure area such as the MyAIDA travel portal or the AIDA Lounge). This also includes the technical data transmitted by your browser such as browser type, previously visited website (referrer URL), monitor resolution, etc. These data are used to provide and design the service as needed. They are always deleted as soon as they are no longer needed. For the processing of pseudonymous user profiles see section 5.3.
When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are transferred between a webserver and your browser and are stored on your computer’s disk. This makes it possible to recognize you when you re-visit the website. This way, we can offer you better functionality of our website and, for example, avoid that you have to log in repeatedly, or allow us to carry out web analysis (see section 5.3).
There are different types of cookies. A distinction must be made between cookies set by the website operator when visiting a website ("first-party cookies") and cookies set by third-party providers ("third-party cookies"). We only have technical control over first-party cookies. Also, there are cookies that are stored on your computer only during your visit to our website ("session cookies") and cookies that are stored for a longer period. In particular, the following cookies are set on our website by us (first-party-cookies):
|_ga||Google Analytics: Used to discern users.||2 years|
|_gat_UA-118275266-14||Google Analytics / Google Adwords: Contains campaign-related information on the user.||90 days|
|_gcl_au||Google Tag Manager: to store and track conversions.||90 days|
|_gid||Google Analytics: Used to discern users.||1 day|
|privacy_consent||Settings to store website cookies||1 year|
Most browsers are configured to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out that a use of our offers on the website without cookies is only possible to a limited extent. In particular, it is not possible to book a trip without cookies, as these are necessary to check the booking data.
You can also use your browser to prevent the setting of certain cookies (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser's help function for more information. For more information about third-party cookies that are set or processed when you visit our website, please refer to section 5.3 and the Privacy Policies of the providers named there.
5.3 Pseudonymous Usage Profiles for Marketing and Market Research (Web Tracking and Analysis)
For the purposes of advertising and market research and to optimize the user experience of our website, AIDA uses web tracking technology. Respective data regarding the use of our website is stored in pseudonymous usage profiles (your IP address is stored in anonymized form). This way, we are able to improve our website and to better adjust the content to your needs. Usage profiles are also used for so-called retargeting. This enables us to place ads with interesting offers also on other websites that you visit. Pseudonymous usage profiles will not be (re-)combined with personal data.
You can object to the building of pseudonymous usage profiles. To this end, you can configure your browser so that it does not accept cookies (see section 5.2). You can also use a browser plugin to protect your privacy – e.g. AdBlock, Ghostery or NoScript (please note that AIDA Cruises is not endorsing any specific plugins). Some providers of tracking technology have joined advertising associations (see below for details), allowing users to centrally opt-out of receiving targeted online ads by any of the members of the respective association. You can find such multi-provider opt-out solutions here:
„European Interactive Digital Advertising Alliance“ (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
„Digital Advertising Alliance“ (DAA): http://www.aboutads.info/choices/
„Network Advertising Initiative“ (NAI): http://www.networkadvertising.org/choices/
The following table lists the tracking technologies used on our website (which may include cookies in particular, see Section 5.2) and the respective providers who process usage data in pseudonymous profiles for the purposes stated in each case. In addition, the link to the provider's data protection declaration is provided and we explain to you how you can specifically deactivate or activate the web tracking by the individual service providers with effect for the future. As a rule, a special cookie is stored on your device to deactivate tracking, which excludes the collection of usage data from your device by the respective provider for the future; please note that you may have to re-set the cookie if you delete cookies from your computer.
|Tool/Provider||Purpose||Link to the Provider's Data Protection Declaration / Link to Deactivate or Activate the Data Processing|
IPONWEB, 16 Garrick Street, Covent Garden, WC2E 9BA London, Großbritannien
|Bing Ads: Microsoft (Contact for Data Protection questions: Microsoft Privacy, Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, Vereinigte Staaten)||Web analysis, interest-oriented advertising||Deactivate or activate the tracking: see this website or the website of EDAA|
|Criteo: Criteo SA, 32 Rue Blanche, 75009 Paris, Frankreich||Web analysis, interest-oriented advertising||Deactivate or activate the tracking: see this website or the website of EDAA|
|Facebook Exchange (FBX) / Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, Vereinigte Staaten||Web analysis, interest-oriented advertising||Weitere Informationen zum Datenschutz
|Maxymizer: Oracle Deutschland B.V. & Co. KG, Riesstraße 25, 80992 München||A/B testing (improvement of the website)||https://www.oracle.com/de/legal/privacy/marketing-cloud-data-cloud-privacy-policy.html
Deactivate or activate the tracking:
Deutsche Post AG (Contact: Data Protection Officer, Gabriela Krader LL.M., Deutsche Post AG, 52350 Bonn)
intelliAd Media (Contact: Data Protection Officer, Michael Schunke, Sendlinger Str. 7, 80331 München)
|Web analysis, interest-oriented advertising||https://www.deutschepost.de/de/c/nexellent.html http://www.intelliad.de/datenschutzbestimmungen/
Deactivate or activate the tracking: see the two data protection policies mentioned above
|Optimizely: Optimizely, Inc., 631 Howard Street, Suite 100, San Francisco, CA, 94105||Web analysis||Deactivate or activate the tracking: see the instructions under http://www.optimizely.com/opt_out
Note: We have activated IP anonymization for the use of Optimizely; your IP address will therefore be shortened before saving.
5.3.1 Google Analytics
You may refuse to have cookies stored on your device by appropriately configuring your browser (see section 5.2) or by using a privacy plugin (see section 5.3). Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Further information on the data processing in the context of Google Analytics is available under: https://www.google.de/intl/de/policies/.
5.3.2 Google Double-Click (including Floodlight and Spotlight), Google AdWords Conversion, Google Dynamic Remarketing
We also use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. This way, in order to improve our services, we can analyse what happens after a user has clicked on one of our ads, e.g. whether a user has ordered a product or has viewed the ad from a mobile device. Furthermore, you will receive interest-based ads through these services. You can opt out of such interest-based ads via the Google Ads preferences pages: http://www.google.com/settings/ads/onweb/?hl=en.
DoubleClick places a cookie on your device to track your surf profile across webpages and to serve you interest-based ads. If you want to permanently opt out of this, you can download a plugin to deactivate this cookie under the following link: https://www.google.com/settings/u/0/ads/plugin?hl=en
5.3.3 Google Tag Manager
6. Data Collection by Third Parties / Social Networks
7. Transfer to Third Parties
We transfer the data mentioned in section 3.1 if this is necessary for the provision of the travel service, including invoicing, or if it is legally required within this framework (see Art. 6(1) lit. a and c EU GDPR). For example, we may pass on flight booking data to the respective airline (within the framework of the statutory passenger data requirements applicable to the respective destination country). In addition, we pass on the data from the ship manifest to the relevant authorities in the ports of call during your voyage; this is based on maritime law requirements (e.g. Directive 2010/65/EU and the SOLAS Convention). In this respect, the information for the ship manifest is generally necessary for the fulfilment of the contract; voluntary information is marked as such.
Within the scope of the purposes stated in sections 3.1-3.4, the data described there will also be passed on to service providers who work for us and in particular support us in providing our services (e.g. port agencies in the respective destinations and ports of call; as well as IT service providers). This includes our group-internal call center (AIDA Kundencenter GmbH, Am Strande 4, 18055 Rostock, Germany). The data described under section 4 is processed on our behalf by d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany, in order to offer the career portal functionality and to support our application process; data from CVs received for application purposes is temporarily processed on our behalf by Textkernel BV, Nieuwendammerkade 28/a17, 1022 AB, Amsterdam, The Netherlands. In addition to their legal obligation to comply with all data protection regulations, all service providers that have access to personal data are bound by us with further contractual regulations on data protection. This regularly includes a data processing agreement pursuant to Art. 28(3) EU GDPR.
In all other respects we transmit personal data to third parties only, if a legal permission exists or if you have agreed before. Any consent given can be withdrawn at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or following an official order or court decision and only insofar as this is permitted under data protection law.
8. Transfer of Data to non-EU/EEA Countries
If necessary for our purposes, we may also transfer your data to recipients outside the EU/EEA. This is particularly the case if we have to transmit this data within the scope of contract processing or due to legal regulations to consignees in ports or countries that are destinations within the scope of a journey booked by you (e.g. the manifest data to the local immigration authorities; passenger data to airlines for feeder flights). Apart from that, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the EU GDPR and there are no other interests worthy of protection that stand against the transfer of the data. To ensure an adequate level of protection for the recipient of the data, we use in particular the model contracts of the EU Commission for the transfer of personal data to third countries.
We do not transfer data outside of the EU/EEA for the purposes described under section 4. If you are located outside of the EU and want to apply for a crew position, we may however suggest you to apply via a local manning agency.
Data from job applications will be deleted as described in section 4. The pseudonymous profiles created via Google Analytics (see 5.3.1) will automatically be deleted 38 months after the last piece of information has been added to the profile.
In general, we delete your personal data when it is no longer required for the purposes for which it has been collected and processed, unless there are statutory obligations to archive the data. Under German law, relevant archiving periods under tax and commercial law are six years (for business letters in any form, such as booking requests) and 10 years (for information relevant for activities subject to tax accounting).
10. Data Security
AIDA Cruises has taken the necessary technical and organisational measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in the data processing are obliged to observe the EU GDPR and the German BDSG and other data protection legislation and are obliged to keep personal data confidential. Our employees receive respective training. Both internal and external audits ensure that all procedures relevant to data protection are observed at AIDA Cruises.
To protect your personal data, we use a secure online transmission protocol called “Secure Socket Layer” (SSL). You can see this by the fact that there is an “s” added to the URL part “http://” (making it “https://”) or by a green, closed lock icon shown in your browser. By clicking the lock icon, you will get information on the SSL certificate used. The appearance of the icon depends on the type and version of your browser. SSL-encryption ensures an encrypted and complete transmission of your data. The SSL connection used by us was certified for security and confidentiality by the company GeoTrust.
11. Your Rights
You may at any time and free of charge request information about the personal data stored by AIDA Cruises and - insofar as the legal requirements are met - the rectification, erasure and restriction of the processing of these data. If AIDA Cruises processes your data to pursue legitimate interests, in particular for advertising purposes, you may exercise your right of objection. Whether and to what extent these rights exist in individual cases and what conditions apply to them is governed by the law (until 25 May 2018 under the German BDSG, and from 25 May 2018 also under the EU GDPR). The EU GDPR also grants you a right to data portability under certain circumstances. If you have given your consent under data protection law, you can revoke this consent at any time with effect for the future.
For the exercise of these rights and for other questions regarding data protection, please contact our company data protection officer (see section 2). In order to process your request quickly, we recommend that you inform us of your surname, first name, date of birth and, if available, your e-mail address and, in the event of an objection, send us a copy of the advertising material after receipt of advertising.
You have also the right to lodge a complaint with a supervisory authority. However, if you have any questions or complaints about data protection at AIDA Cruises, we recommend that you first contact our data protection officer.
12. No automated individual decision-making
We do not use your personal data for automated individual decisions in the sense of Art. 22(1) EU GDPR.
13. Links to other websites
14. Changes to this Data Protection Declaration
Last Update: Mai 2018