Privacy Notice Valid as of 21.11.2019
If you are in the European Union, you may address privacy-related enquiries to our EU representative pursuant to Article 27 GDPR:
EU-REP.Global GmbH, Attn: City Cruises
Hopfenstr. 1d, 24114 Kiel, Germany
If you consider that the policy has not been followed in respect of personal information about yourself or others, or for general comments or feedback please raise the matter with the Data Protection Officer who can be contacted at [email protected].
STATUS OF THE POLICY
This policy sets out our rules on data protection and the legal conditions that must be satisfied in relation to any act taken in relation to personal information, including but not limited to the obtaining, handling, processing, storage, transportation and destruction of personal information.
When referencing citycruises.com, this also encompasses citycruisespoole.com, citycruisesyork.com and thamesjet.com.
The information is subject to certain legal safeguards and restrictions set out in
EU General Data Protection Regulation (“GDPR”) which is due to be implemented into UK law under what will likely be the Data Protection Act 2018. Roles and responsibilities.
City Cruises is the data controller over the personal data it holds, meaning it has the primary responsibility to ensure that the GDPR is complied with and for defining the purposes for processing your personal data and also for compliance with the data protection legislation.
Due to Government guidance, we now seek to collect and process your personal data in response to the recent outbreak of Coronavirus, which is above and beyond what would ordinarily be collected from you, to ensure the safety and well-being of our staff and the general public.
Such information will be limited to what is proportionate and necessary, taking into account of the latest guidance issued by the Government and health professionals, in order to manage and contain the virus.
Personal data is being collected temporarily in order to assist NHS Test and Trace with requests for that data if needed. This could help contain clusters or outbreaks.
What is our lawful basis for processing your personal data?
The General Data Protection Regulation requires specific conditions to be met to ensure that the processing of personal data is lawful. These relevant conditions are below:
- Article 6(1)(d) – is necessary in order to protect the vital interests of the data subject or another natural person.Recital 46 adds that “some processing may serve both important grounds of public interest and the vital interests of the data subject as for instance when processing is necessary for humanitarian purposes, including for monitoring epidemics and their spread”.
- Article 6(1)(e) – is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Am I required to provide my personal data under a statutory requirement, or am I obliged to provide it?
Whilst the provision of data cannot be mandated, you are strongly advised that it is in the best interests of all to provide this information to us, so we are able to take relevant steps to keep you and others safe.
The information will be managed in a confidential manner. All information will be held securely and processed on a ‘need to know’ basis by only a limited number of people. If there is a need to disclose outside of this, the minimal amount of personal data will be used.
Where Covid-19 related information is to be used for general reporting or statistics, steps will be taken to anonymise the data and general numbers used, wherever possible.
How long will my personal data be retained?
To support NHS Test and Trace, we will hold records for 21 days. This reflects the incubation period for COVID-19 (which can be up to 14 days) and an additional 7 days to allow time for testing and tracing. After 21 days, this information will be securely disposed of or deleted.
From the 4th of July we have started our services again. If you would like more information about our new social distancing and enhanced hygiene measures, please take a look at our return to service page here.
City Cruises processing of your personal data
1.2 Booking your ticket or other services
When you book any product or service with City Cruises you will be asked to provide information such as your name, phone number, e-mail address and payment details. Depending on your specific booking details, additional information might be requested, such as date of birth etc. In addition, when you request special assistance, such as special diet or wheel chair services, you might need to provide related sensitive data such as your health condition.
When you change your booking or otherwise seek other support from us, we will process the above-mentioned personal information we have collected from you. Your name as well as your contact information will be used by us to keep you informed of your bookings. This includes sending you reminders by SMS, email or phone regarding your booking and notification of any disruption if your booking is delayed or cancelled. The purpose of these processing activities is to provide you with the products and services you have booked from us.
You also have to provide your payment details (e.g. card number and expiry date) in addition to other personal data to complete your payment. These data, in particular your name, address, e-mail address and will be disclosed to our payment services providers, for the purpose of receiving your payment and completing your booking. If you request for refund of your payment, these data will also be processed.
To fulfill our legal obligations, we may disclose your data to e.g. your card issuer, maritime security services, or the police. For this purpose, the data we process may include your name, address, e-mail address, and payment details.
The information you have provided for the purposes of booking and booking management will be stored up to 10 years until it is not necessary for us to protect and defend City Cruises.
The legal basis for the processing of your data as described in this section is your acceptance of the Terms and Conditions under which you book from us and our legitimate interests to operate our business, or otherwise that it is necessary to fulfill our legal obligations.
1.3 Customer Support
City Cruises has various forms of customer support in order to help you. For us to be able to provide you with customer support, we will process your personal data to identify you and help you as best we can. On our website, you will be able to start a LiveChat or submit a questionnaire form, or you can also contact us by phone, via email or letters, or via social media; and when you communicate with us via any of these means, we will help you with enquiries, questions or feedbacks concerning our services. Depending on your enquiry, question or feedback, you may be asked to provide additional personal data.
After you have contacted Customer Support, we will examine the content of our communication with you, for instance, the recording of our communication with you when we deal with your complaint. This is to control the quality of the service we have provided to you. For this purpose, your personal data such as your name and contact detail may be processed.
To maintain our service level, we may conduct data testing regarding our websites and mobile applications when an error occurs or when any change is made to our system, and this involves processing your personal data. This enables us to debug (to eliminate technical errors) our systems, to correctly display any changes made by you or us that is relevant to you, and to ensure the proper functioning of these websites and mobile applications.
We also produce reports and statistics by analyzing the data you have provided to us, such as your name and contact details. The purpose is to improve our service and to provide you a better user experience next time when you use our services.
If we detect irregular activities on your account, we will take necessary steps. These might include processing your personal data.
Aiming to help you make the most of the offers provided by us, we will send you or in other ways make you aware of various activities and offers via email, which may include newsletter, e-shots, unique offers based on your preferences, or information on other special or seasonal offers. For this purpose we will process your e-mail address, booking history and campaign participation history.
We may also send you offers related to your upcoming booking via email; for this purpose we will process your e-mail address and booking history. In addition, we will also remind you via email about your uncompleted booking, and provide you easy access to your uncompleted booking process; for this purpose your email address and your web-behavior data concerning your uncompleted booking will be processed.
City Cruises strives to be as relevant as possible for each customer across different digital channels. If you have visited our website, we may present relevant offers to you on other digital media based on your web clicks. Anonymized IP in cookies will be processed for this purpose. When you visit our website we will use your on-line behavior in order to present relevant offers through our internet portals, e-mail campaign and in other digital media.
For the purpose of improving our communications with you, we also carry out market research, which can be conducted by using your personal data to connect various data sets. Personal data in analytical data sets will always be deleted after the analysis.
You are free to request deletion of your personal data used for marketing by contacting as at the details given below. As for anonymous user cookies, they are not identifiable to a specific person but will nonetheless be deleted according to industry practice.
The legal basis for processing your personal data is your consent and our legitimate interests to operate and improve our business. Please note that withdrawal of any consent does not affect the lawfulness of the processing that has taken place based on a consent given prior to the withdrawal.
2. IP Addresses
City Cruises may also track your domain name or IP address to assist our marketing efforts as described above. For some computers, the IP address is a globally unique identifier of your computer. Multiple users of the same computer will share the same IP address. However, in most cases your ISP (or network server, if a business user) will allocate you an IP address only for the duration of your online session (about 80% of all surfers are using “temporary“ IP addresses). This means that, even when your IP address is noted, it is unlikely you will have the same IP address next time you use the internet.
City Cruises uses its own cookies and cookies supplied by large and small advertising and analysis companies to assist with transactions, to advertise to consumers and to understand the behaviour of users on the company’s websites in order to make them easier to use.
If you do not wish to have cookies placed on your computer, you can disable cookies through your Internet browser. Disabling cookies will not prevent you from accessing any portions of the City Cruises site or service.
4. Opt-In and Opt-Out
The City Cruises site always requires users to actively select that they receive promotional communications from City Cruises. We will never assume acceptance. In addition, every e-mail sent out by City Cruises will contain instructions on removing that e-mail address from lists for further mailings.
6. Images rights terms and conditions
Approved Instagram content terms and conditions
When accepting rights requests you are allowing City Cruises to use your content in future marketing campaigns with no copyright.
Rights will be requested by City Cruises via commenting on your Instagram and require a response to approve use of your content. To agree to City Cruises reusing your content simply reply using the hashtag #YesCityCruises.
Copyright: Upon approval, photos become the property of City Cruises and each participant relinquishes any claims of ownership or rights therein upon approval of their content to be used.
7. Right to Erase
City Cruises must erase personal data at the request of the data subject, but only in limited circumstances, namely where:
– the personal data is no longer necessary for the purpose it was processed;
– City Cruises originally relied on consent, that consent is withdrawn and has no other legal basis for processing;
– the data subject has objected to the use of their personal data for direct marketing purposes, and City Cruises only uses that personal data for direct
– the personal data is unlawfully processed; or
– the personal data has to be erased for compliance with a legal obligation to which City Cruises is subject.
Under the GDPR City Cruises as a data controller, when instructing a data processor to process personal data on its behalf, must ensure that there is a written contract between City Cruises and the processor dealing with a prescribed list of matters.
9. Notification of breaches
City Cruises is required to report certain security breaches (as defined above) to the ICO and the data subject.
All security breaches should therefore be notified to City Cruises’s Data Protection Officer – [email protected].
10. Transfers overseas
Where personal data must be transferred outside of the United Kingdom, City Cruises is required to ensure certain safeguards are in place guaranteeing a similar level of protection to the data subject as they would have within the United Kingdom.
We consider good privacy practices to be very important. If you believe this document or our practices can be improved, please e-mail [email protected]cruises.com.
City Cruises Ltd
Cherry Garden Pier
Cherry Garden Street
London SE16 4TU