Hornblower Group, Inc. its parents, subsidiaries, affiliates, and related companies (collectively, the “Hornblower Group Family of Companies”, “we”, “us”, or “our”) are committed to protecting the privacy of its employees and employee candidates (collectively, “you” or “your”) and we are committed to protecting their respective Personal Data.
The Hornblower Group Family of Companies is made up of different legal entities who offer its services and products under different brand names, including, among others, Alcatraz City Cruises, Alcatraz Island Services, American Queen Voyages, Anchor, Bridgeport Shipyard, City Cruises, City Experiences, City Ferries, Devour Tours, HMS Ferries, Hornblower, Journey Beyond, Liberty Landing Ferries, Niagara City Cruises, Niagara Jet City Cruises, NYC Ferry, Seaward Services, Shore Excursions of America, Statue City Cruises, Venture Ashore, and Walks. This privacy statement is issued on behalf of the whole Hornblower Group Family of Companies so when we mention “Hornblower”, “we”, “us” or “our” in this privacy statement, we are referring to the relevant company in the Hornblower Group Family of Companies responsible for processing your information.
This Policy is not intended and shall not be read to create any express or implied promise or contract for employment, for any benefit, or for specific treatment in specific situations. Nothing in this notice should be construed to interfere with our ability to process employee data for purposes of complying with our legal obligations, or for investigating alleged misconduct or violations of company policy or law, subject to compliance with local legal requirements.
Our processing of personal data is in all cases subject to the requirements of applicable local law, internal policy, and, where applicable or appropriate, any consultation requirements with worker representatives. To the extent this notice conflicts with local law in your jurisdictions, local law controls.
For purposes of this policy:
- The term “employee” refers to all current and former employees, directors, officers and Board members of the Hornblower Group Family of Companies. For the purposes of this privacy notice, it also refers to other consultants and individual contractors engaged by the Hornblower Group Family of Companies, even though they are not otherwise employees;
- The term “employee candidate” refers to individuals who have submitted information to the Hornblower Group Family of Companies (such as a resume or job application) in order to apply to be a Hornblower Group Family of Companies employee;
- The term “personal data” means any information which relates to an identifiable, living individual and references one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. Personal data excludes anonymous data.
- The term “sensitive personal data” means personal data about physical or mental health, racial or ethnic origin, political or religious views, trade union membership, sexual orientation, genetic data, biometric information, the commission or alleged commission of crime or related proceedings, personal data of children, and, in some countries, financial information.
What Information We Collect
We collect, use, and maintain (collectively “process”) different types of personal data about you in in the operation of our business. If you are an employee, we process personal data about you (and your dependents, beneficiaries and other individuals associated with your employment) primarily for managing our employment relationship with you and your workplace facilities/information systems interactions. If you are a former employee, we process personal data about you primarily for legal compliance. If you are an employee candidate, the type of personal data we process is generally limited to what is needed to engage with you about our career opportunities, consideration of your application for employment to specific roles at the Hornblower Group Family of Companies, including candidate screening, interview scheduling and management, lawful background checks, and to on-board you at one of the entities of the Hornblower Group Family of Companies if you receive and accept an offer of employment with us.
We collect and store different types of personal data about employees and employee candidates such as:
- Identification data – such as your name, gender, photograph, date of birth, employee identification number, languages.
- Contact details – such as home address, telephone, email addresses, and emergency contact details.
- Employment details – such as job title/position, office location, hire dates, employment contracts, performance and disciplinary records, grievance procedures, sickness/holiday records.
- Educational and professional background – such as academic/professional qualifications, education, CV/résumé, reference letters and interview notes, criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
- National identifiers – such as national ID/passport, immigration status and documentation, visas, social security numbers (US only), national insurance numbers.
- Spouse, beneficiary & dependents information, marital status.
- Financial information – such as banking details, tax information, withholdings, salary, benefits, expenses, company allowances, and other information necessary to administer payroll.
- IT information – information required to provide access to our IT systems and networks such as IP addresses, log files, login information, software/hardware inventories.
- Health information – such as information about short- or long-term disabilities or illnesses that you might share with Human Resources or manager, particularly in relation to any leave of absence you may need to take.
- Other information you choose to share with us – e.g. hobbies, social preferences, etc.
We may also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, sexual orientation, and disability to help us understand the diversity of our workforce. This information, when collected, is generally done so on a voluntary consensual basis, and employee and employee applicants are not required to provide this information, unless it is necessary for us to collect such information to comply with our legal obligations.
Most often, the personal data we collect from employees and employee candidates is collected from them directly. In some cases, we may collect personal data about employees and employee candidates from third parties, for example, when we perform background checks that are necessary for the role to be performed by the employee. In most circumstances, we will get your permission before we collect personal data about you from a third party.
If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it.
How We Use Your Information
We use and discloses the personal data that we collect primarily for the purposes of managing our employment relationship with you, along with other business purposes. Such uses include:
- determining eligibility for hiring, including the verification of references and qualifications and, where permitted by law, administering background checks;
- administering payroll and benefits as well as processing employee work-related claims (e.g., worker compensation, insurance claims, etc.) and leave of absence requests;
- establishing training and/or development requirements;
- communications about recruitment, job applications, and where appropriate, potential career opportunities with us;
- reviewing work performance and determining performance requirements;
- disciplinary actions or termination;
- establishing emergency contacts and responding to emergencies;
- complying with laws and regulations (e.g. labor and employment laws, health and safety, tax, anti-discrimination laws), under judicial authorization, or to exercise or defend legal rights;
- fulfilling the purpose for which your provide it;
- compiling internal directories, such as employee directories;
- to detect fraud or other types of wrongdoing;
- IT security and administration; and
- for other legitimate purposes reasonably required for day-to-day operations, such as accounting, financial reporting and business planning.
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need it for another purpose that is compatible with the original purpose and there is a legal basis for further processing. For example, we may process the personal data you provide to us while researching job openings in reliance on our legitimate interests in recruiting potential candidates for roles at the Hornblower Group Family of Companies, but once you apply for a specific role and are successful, we may need to process your personal data in order to enter into an employment contract with you. We may also use your personal data for other lawful purposes which we will tell you about, and provided that we get your consent to that use, if required by law to do so.
Legal Basis for Processing (European Economic Area (“EEA”) only)
If you are an employee in the European Economic Area (EEA), our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to carry out our employment contract with you, where we need the personal data to comply with our legal obligations or exercise rights in the field of employment, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may need the personal data to protect your vital interests or those of another person (for example, we may need to share your personal data with third parties in the event of an emergency at work). If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided in the “Contact Us” section below.
Who We Share Your Data With and Why
We take care to allow your personal data to be accessed only by those who really need to in order to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it.
We may share your personal data with other employees, within the Hornblower Group Family of Companies, contractors, consultants and service providers who require the data to assist us to establish, manage or terminate your employment with us, including parties that provide products or services to us or on our behalf and parties that collaborate with us to provide services to you. For example, we engage third parties such as employee benefit plan providers and payroll support services. In some cases, these parties may also provide certain IT and data processing services to us so that we can operate our business. When we share personal data with these parties we typically require that they use or disclose that personal data only as instructed by the Hornblower Group Family of Companies and in a manner consistent with this Policy. We also enter into contracts with these parties to make sure they respect the confidentiality of your personal data and have appropriate data security measures in place.
If we go through a corporate sale, merger, reorganization, dissolution or similar event, personal data we gather from you may be transferred in connection with such an event. Any acquirer or successor of any of the entities that comprise the Hornblower Group Family of Companies may continue to use the data as described in this Policy provided that the acquirer or successor is bound by appropriate agreements or obligations and may only use or disclose your personal data in a manner consistent with the use and disclosure provisions of this notice, or unless you consent otherwise.
We may also disclose your personal data to a third party under the following circumstances:
- if we in good faith believe we are compelled by any applicable law, regulation, legal process or government authority;
- where necessary to exercise, establish or defend legal rights, including to enforce our agreements and policies;
- to protect our rights or property;
- in connection with regular reporting activities to other members of the Hornblower Group Family of Companies;
- to protect the Hornblower Group Family of Companies, our customers, or the public from harm or illegal activities;
- to respond to an emergency which we believe in good faith requires us to disclose data to prevent harm; or
- with your consent.
Please note that where legal requirements limit the sharing of your personal data, we will respect such requirements. We do not sell (as defined in applicable data protection and privacy laws) your personal data (and will not sell it without providing any required notices and/or opt-in/opt-out rights).
Looking After Your Information
The security of your data is important to us and we take steps to try to make sure your information is protected and to delete it securely when we no longer need it. However, perfect security does not exist, and we cannot guarantee the absolute security of your Personal Data. Your Personal Data may be processed in another country, and accordingly, may be accessible to courts, law enforcement and national security authorities in those countries.
We use standard security measures.
The security of your data is very important to us and we take steps to try to make sure your information is protected, but remember that no method of transmission over the Internet or method of electronic storage that is 100% secure. Our security measures include industry-standard physical, technical and administrative measures to prevent unauthorized access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information, and otherwise safeguard your Personal Data. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We will only retain your data for as long as necessary.
We will retain your Personal Data for as long as is necessary for the purposes set out in this Policy, or as otherwise required by law. Generally, this means we will keep your personal data until the end of your employment with us, plus a reasonable period of time after that where necessary to respond to any employment inquiries, deal with legal, tax, accounting or administrative matters, or to provide you with any applicable ongoing benefits. Where we have no continuing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. As such, we reserve the right to use such anonymous data for any legitimate business purpose without further notice to you or your consent.
Information Transfers both in and outside the United States.
Your Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. These countries may have data protection laws that are different the laws of your country. For example, Hornblower Group is headquartered in the United States, so personal data collected in other countries is routinely transferred to the United States for processing. We transfer Personal Data to another country, including within the Hornblower Group Family of Companies, in accordance with applicable privacy laws. For example, whenever we transfer your Personal Data out of the European Union, U.K. or Switzerland, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- Where we use certain providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
Monitoring & Workplace Security
We physically and electronically monitor our offices/premises and IT and communications systems, for specific purposes. For example, we may monitor employees’ activity and presence in our offices with badge readers, time clocks, and surveillance cameras such as closed-circuit television (“CCTV”). CCTV is primarily used at office entrance and exit points, elevator lobbies, rooms where there may be valuable equipment, such as server rooms, and in other select areas with a high risk for theft or with highly sensitive assets. CCTV is not used in private spaces such as restrooms, new mothers’ rooms or locker rooms. Nor is it used to monitor employee workstations for performance reasons. We also may monitor or record activity on our IT and communications systems and network through automated tools such as network authentication and wireless connectivity hardware and software, anti-malware software, website filtering and spam filtering software, security software for cloud-based applications, access and transaction logging, and mobile device management solutions. The primary purpose of this monitoring is our legitimate interests in protecting our employees, customers, and business partners. More information on monitoring may be found in the Crew Handbook and/or your onboarding documents.
Where permitted by law, we may also carry out monitoring for other purposes such as:
- Proof of business transactions and archiving;
- Training and evaluation of employees;
- Protection of confidential information, intellectual property and other business interests;
- To investigate breaches of company policies and procedures, or other unlawful or improper acts;
- For compliance with a legal obligation;
- Other legitimate purposes as permitted by applicable law.
You should be aware that any message, files, data, document, facsimile, audio/video, social media post or instant message communications, or any other types of information transmitted to, through or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets (included via the use of personal devices accessing corporate IT systems) are presumed to be business-related and may be monitored or accessed by us in accordance with applicable law and workplace agreements (such as works council agreements), and subject to the company’s policies concerning access to and uses of such data.
Cookies and Web Beacons
Your Privacy Rights
Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your personal data. In particular, you may have the right to:
- be informed about your personal data;
- access your personal data;
- correct any personal data that is inaccurate;
- have your personal data erased;
- restrict or suppress the processing of your personal data;
- obtain and reuse your personal data;
- object to the processing of your personal data;
- object to how your personal data is used in automated decision making, if applicable;
- lodge a complaint with a supervisory authority; and
- obtain a copy of Standard Contractual Clauses (if applicable).
Revisions to this Policy
We may, from time to time, make updates or changes to this Policy because of changes in applicable laws or regulations or because of changes in our personal data practices. We will notify you of any changes by updating the “Last Updated” date at the top of this Policy. If there are material changes, we will provide a more prominent notice such as a posting a notice or sending an email notification, if applicable. We encourage you to periodically review this privacy notice to learn how we are protecting your personal data.
Questions or inquiries about this Policy can be directed to [email protected]. Alternatively, you may also raise any questions or concerns directly with your manager, or your local Human Resources team.
For our EU employees and employee candidates:
- For present and former employees, the controller of your personal data is the Hornblower Group corporate entity that is or was your employer or to which you will or have provided services.
- For employee candidates, the controller of your personal data is the Hornblower Group corporate entity to which you have applied for a role.
- You also have the right to lodge any complaints or concerns with your local data protection authority at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
For our California employees and employee candidates:
- You may also contact us toll-free at 833-311-0971.
Hornblower Group Corporate Headquarters are located at: Pier 3, The Embarcadero, San Francisco, 94111
Copyright 2021 Hornblower Group. All rights reserved.