Effective date: January 1, 2020
This Policy applies to all Personal Information collected about you by Hornblower when you do any of the following (collectively, the “Services”):
(i) use our charter yacht, dining cruise and ferry services;
(ii) communicate with us during any written, electronic, and oral communications;
(iii) use our website https://www.hornblower.com/ and all corresponding webpages and websites that link to this Policy (the “Site”);
(iv) download our mobile apps and any other apps that link to this Policy; and
1. Personal Information We Collect
We collect Personal Information when you use our Services, buy tickets or submit Personal Information when requested on our Assets. Personal Information is any information that relates to you, identifies you personally or could be used to identify you, such as your user ID, name, email address, name, phone number, address and payment account number (together “Personal Information”). The types of Personal Information that we may collect about you include, but are not limited to:
a) Information You Provide to Us
We collect information you share with us when you use our Services. For example, when you book charter yacht, dining cruise and ferry services, we may ask your name, street address, email address, and payment information. When you fill out a form with us, we may collect your name, email, phone, company name and party information. We may also collect your Personal Information in connection with employment at Hornblower that you leave at our Site.
b) Information About Your Use of Our Services
We may collect information about your use of the Services. For example, we may collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
c) Location Data
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Services.
You can enable or disable location services when you use our Services at any time by way of your device settings.
d) Information You Provide to Our Affiliates and Subsidiaries
We may get your Personal Information from a company controlled by or under common control with Hornblower.
2. Cookies and Other Tracking Technologies
Generally, we use first-party and third-party cookies for the following purposes:
• to make our Services function properly;
• to provide a secure browsing experience during your use of our Services;
• to collect passive information about your use of our Services;
• to measure how you interact with our marketing campaigns;
• to help us improve our Services; and
• to remember your preferences for your convenience.
b) Types of Cookies on Our Services
We use the following types of cookies on our Services:
• Strictly Necessary Cookies – These cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, some services cannot be provided. These cookies do not gather information about you for marketing purposes. This category of cookies is essential for our Services to work and they cannot be disabled.
• Functional Cookies – We use functional cookies to remember your choices so we can tailor our Services to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name or preferences on our Services. We do not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of our Services.
• Performance or Analytic Cookies – These cookies collect passive information about how you use our Services, including webpages you visit and links you click. We use the information collected by such cookies to improve and optimize our Services. We do not use these cookies to target you with online marketing. You can disable these cookies.
• Third-Party Cookies – These are cookies that are provided by third-party service providers and belong in one of the cookie categories described above. These third-party providers process your Personal Information on our behalf pursuant to our instructions and obligations consistent with this Policy.
We may use third-party Service Providers to monitor and analyze the use of our Service. Presently, we use Google Analytics. Google Analytics is a web analytics service offered by Google LLC (“Google”) that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: https://tools.google.com/dlpage/gaoptout.
d) Behavioral Remarketing
e) Other Tracking Technologies
To see how our Site is performing we sometimes use conversion beacons, tags, scripts and pixels, which fire a short line of code to tell us when you have clicked on a particular button or reached a particular page. We also use these tracking technologies to analyze usage patterns on our Site. The use of these technologies allows us to record that a particular device, browser, or application has visited a particular webpage.
f) Your Choices
Your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. You can exercise your preferences in relation to cookies served on our Site by taking the steps outlined below:
• First-Party Cookies – You can enable, disable or delete our cookies through the browser you are using to access our Services. To do this, follow the instructions provided by your browser (usually located within the “Help“, “Tools“ or “Edit“ settings). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of our Services and parts of the Services may not work properly for you. You can find more information about how to change your browser cookie settings at http://www.allaboutcookies.org.
• Third-Party Cookies – Modern browsers also allow you to block third-party cookies using the steps described above.
• Do Not Track – We do not support Do Not Track signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
3. How We Use Your Personal Information
We will only use your Personal Information as described in this Policy or as disclosed to you prior to such processing taking place.
a) To Provide and Maintain our Service
We will use your Personal Information to provide information or deliver Services that you request and to allow you to participate in interactive features of our Service when you choose to do so. If the applicable information is to be provided or Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing applicable Services. Your information may be available or provided to third-party service providers and contractors that are contractually obligated to protect your information as disclosed in this Policy.
b) To Provide You with Service-Related Communications
We will send you administrative or account-related information to notify you about changes to our Service. Such communications may include information about Policy updates, confirmations of your transactions, security updates or tips or other relevant transaction-related information. We process your contact information to send you such communications. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.
c) To Provide Customer Support or Respond to You
We collect any information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your Personal Information, we cannot respond to you or ensure your continued use and enjoyment of the Services.
d) To Send You Marketing and Promotional Emails
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you based on the Services that you already purchased or enquired about unless you have opted not to receive such information. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.
e) For Internal Use
We will use your information to gather analysis or valuable information so that we can improve our Services and to detect, prevent and address technical issues. We may also use your information to monitor the usage of our Services including without limitation search terms entered, pages visited and documents viewed.
f) To Enforce Compliance with Our Terms and Agreements or Policies
When you access or use our Services, you are bound to our Terms and Conditions and this Policy. To ensure you comply with them, we process your Personal Information by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to: investigate, prevent or mitigate violations of our internal terms, agreements or policies; enforce our agreements with third parties and business partners; and, as applicable, collect fees based on your use of our Services. We cannot perform our Services in accordance with our terms, agreements or policies without processing your Personal Information for such purposes.
g) To Maintain Legal and Regulatory Compliance
Our Services are subject to certain laws and regulations which may require us to process your Personal Information. For example, we process your Personal Information to pay our taxes, to fulfill our business obligations, ensure compliance with employment and recruitment laws or as necessary to manage risk as required under applicable law. Without processing your Personal Information for such purposes, we cannot perform the Services in accordance with our legal and regulatory requirements.
4. Disclosure of Your Personal Information
We may disclose your Personal Information as described below.
a) Within Our Corporate Organization
Hornblower is a part of a corporate organization that has many legal entities, business processes, management structures and technical systems. Hornblower may share your Personal Information with this organization in order to provide you with the Services and take actions based on your request.
b) Service Providers
We may employ third-party companies and individuals to facilitate our Services (“Service Providers”), provide the Services on our behalf, perform Service-related services or assist us in analyzing how our Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
c) Mergers and Acquisitions
d) Disclosure for Law Enforcement
Under certain circumstances, Hornblower may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). Hornblower may disclose your Personal Information in the good faith belief that such action is necessary to:
• comply with a legal obligation;
• protect and defend the rights or property of Hornblower;
• prevent or investigate possible wrongdoing in connection with the Service;
• protect the personal safety of users of the Service or the public; and
• protect against legal liability.
5. Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. Our security measures include industry-standard physical, technical and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Information. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
6. Retention of Data
Hornblower will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Hornblower will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
7. Links to Other Websites
8. Children’s Privacy
Our Services are not directed to anyone under the age of 18 (“Children”). We do not knowingly collect Personal Information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children without verification of parental consent, we take steps to remove that information from our servers.
9. California Privacy Rights
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), below is a summary of the Personal Information categories, as identified and defined by the CCPA (see California Civil Code section 1798.140 (o)), that we collect, the reason we collect your Personal Information, where we obtain the Personal Information, and the third parties that we share your Personal Information.
a) Personal Information Categories We Collect
We generally collect the following categories of Personal Information about your when you use our Services:
• identifiers such as a name, address, unique personal identifier, email, phone number, your device’s IP address, software, and identification numbers associated with your devices;
• protected classifications, such as gender;
• commercial information such as records of products or services purchased, obtained, or considered by you;
• Internet or other electronic information regarding you browsing history, search history, the webpage visited before you came to our Site, length of visit and number of page views, click-stream data, locale preferences, your mobile carrier, date and time stamps associated with transactions, and system configuration information;
• your geolocation, to the extent you have configured your device to permit us to collect such information;
• audio recordings of your voice to the extent you call us, as permitted under applicable law;
• professional or employment-related information; and
• inferences about your preferences, characteristics, behavior and attitudes.
We generally do not collect biometric information, or education-related information. For more information about the Personal Information we collect and how we collect it, please refer to sections 1 and 2 above.
b) Purposes for Processing Personal Information Under the CCPA
We collect your Personal Information for the business purposes described in sections 2 and 3. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The following activities are considered “business purposes” under the CCPA: auditing related to a current interaction with the consumer and concurrent transactions, and auditing compliance with laws and other standards; detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, verifying customer information; repairing errors that impair existing intended functionality; Internal research for technological development; verifying or maintaining the quality or safety of, and improving, upgrading, or enhancing, a service or device that is owned, manufactured by, manufactured for, or controlled by the company.
c) Third Party Sharing
The categories of third parties with whom we may share your Personal Information are listed in section 4 above.
d) CCPA Privacy Rights
If you are a California resident, you have rights in relation to your Personal Information; however, your rights are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of our network systems.
• Right Against Discrimination – You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, delete or opt-out of sales.
• Right to Know – You have the right to request in writing: (i) a list of the categories of personal information, such as name, address, email address, that a business has disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third parties. In addition, you have the right to request: (i) the categories of personal information we have collected about you, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared personal information, and (v) the specific pieces of personal information we hold about an individual. You have the right to request a copy of the specific Personal Information we collected about you during the 12 months before your request.
• Right to Delete – You have the right to request us delete any Personal Information we have collected from you or maintain about you, subject to certain exceptions.
To assert your right to know or your right to delete your Personal Information, please contact us at [email protected] or by phone at 1-888-467-6256. To verify your identity, we may ask you to verify Personal Information we already have on file for you. If we cannot verify your identity from the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.
• Right to Opt-Out of Selling – The CCPA broadly defines “personal information” and “selling” such that sharing identifiers and identifiers linked to you for a benefit may be considered a sale. You have the right to opt-out of having your Personal Information sold. We do not sell your Personal Information. However, in 2019, we were sharing identifiers and inferences about you with our business partners in such a way that, under the CCPA, may be defined as selling. As noted above, you have the right to know the categories of Personal Information that we sold about you and the categories of third parties with whom we shared such information.
Under the CCPA, you have the right to request a copy of your personal information, and to have your personal information deleted. You can do this via email or phone as referenced above, or you can submit a request via the web through our online form. To do so, click the “Make a Request” button.
Under the CCPA, you may also opt-out of sales and share your information. Visit our Do Not Sell My Personal Information webpage for more information.
e) Shine the Light Law
If you are a California resident you may request a notice from us describing what categories of Personal Information (if any) we have shared with third parties, including our corporate affiliates, for direct marketing purposes during the preceding calendar year. You may request such notice once a year and free of charge. To request a notice, please email us at [email protected] In your request, please specify that you want a “California Privacy Rights Notice.” We will respond to you with thirty (30) days or as permitted by law.
10. International Transfers of Personal Information
Your Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Information, to United States and process it there.
Hornblower will take all the steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Information. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Services.
Individuals located in the European Economic Area (“EEA”), the United Kingdom or Switzerland at the time they access our Services, please see section 11, below.
11. Special Notice to Individuals in the European Economic Area, the United Kingdom and Switzerland
This section only applies to individuals that access or use our Services while located in the EEA, United Kingdom and/or Switzerland (collectively, the “Designated Countries”). We may ask you to identify which country you are located in when you use some of the Services or we may rely on your IP address to identify which country you are located in.
When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to users in the Designated Countries.
a) International Transfers of Personal Information
We may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.
We transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of the Designated Countries, we have the required contractual provisions for transferring personal information in place with the third parties to which your information is transferred. For such transfers, we rely on legal transfer mechanisms such as Binding Corporate Rules, Standard Contractual Clauses, or we work with U.S.-based third parties that are certified under the EU-US and Swiss-US Privacy Shield Framework.
b) Our Relationship to You
Hornblower is a controller with regard to any Personal Information collected from individuals accessing or using its Services. A “controller” is an entity that determines the purposes for which and the manner in which any Personal Information is processed.
We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the individual’s consent. When we rely on legitimate interest, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your Personal Information in this way or to disclose your Personal Information to third parties for marketing purposes, please click an unsubscribe link in your emails or contact us at [email protected] You can object to direct marketing at any time and free of charge.
d) Legal Bases for Processing Your Personal Information
Below is a list of the purposes described in our Policy with the corresponding legal bases for processing.
Purposes of Processing (along with corresponding sections of this Policy) Legal Bases for Processing
Section 3 a) To Provide You Our Services
Section 3 b) To Provide You with Service-Related Communications
Section 3 c) To Provide Customer Support or Respond to You
Section 3 e) For Internal Use
Section 3 f) To Enforce Compliance with Our Terms and Agreements or Policies
Section 4 b) Disclosure to Our Service Providers Based on our contract with you or to take steps at your request prior to entering into a contract.
Section 3 d) Send You Marketing and Promotional Emails
Section 4 b) Disclosure to Our Service Providers Based on your consent.
Section 3 e) For Internal Use
Section 3 f) To Enforce Compliance with Our Terms and Agreements or Policies
Section 4 d) Disclosure for Law Enforcement Based on our legal obligations.
Section 4 d) Disclosure for Law Enforcement To protect your vital interests.
Section 3 b) To Provide You with Service-Related Communications
Section 3 c) To Provide Customer Support or Respond to You
Section 3 e) For Internal Use
Section 4 a) Disclosure Within Our Corporate Organization
Section 4 b) Disclosure to Our Service Providers
Section 4 c) Disclosure Relating to Mergers and Acquisitions Based on our legitimate interests. When we process your personal data for our legitimate business interests we always ensure that we consider and balance any potential impact on you and your rights.
e) Your Individual Rights
We provide you with the rights described below when you use our Services. We may limit your individual rights requests in the following ways: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; and (d) where the request is frivolous or burdensome.
If you would like to exercise your rights under applicable law, please contact us at [email protected] When we fulfill your individual rights requests for correct (or rectification), erasure or restriction of processing, we will notify third parties also handling the relevant Personal Information unless this proves impossible or involves disproportionate effort. In certain circumstances, you have the following data protection rights:
• The Right to Access, Update or Delete the Information We Have on You -Whenever made possible, you can access, update or request deletion of your Personal Information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
• The Right of Rectification – You have the right to have your information rectified if that information is inaccurate or incomplete.
• The Right to Object – You have the right to object to our processing of your Personal Information.
• The Right of Restriction – You have the right to request that we restrict the processing of your personal information.
• The Right to Data Portability – You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
• The Right to Withdraw Consent – You also have the right to withdraw your consent at any time where Hornblower relied on your consent to process your personal information.
• Automated Individual Decision-Making, Including Profiling – While you do have the right not to be subject to a decision based solely on automated processing of your Personal Information, including profiling, under applicable law, we do not subject your Personal Information to such processing activities.
Please note that we may ask you to verify your identity before responding to such requests.
If you believe that we have infringed or violated your rights under this Policy, please contact us at [email protected] so that we can work with you to resolve your concerns. You also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA.
12. Contact Us