Privacy Policy

Thank You for Visiting Cruise.com

Based in Dania Beach, Florida, Cruise.com is a major provider of cruise and travel related services to customers all over the world. Because we offer one-stop shopping for customers seeking travel services and travel insurance protection, we collect personal data on all our customers in order to fulfill their travel needs. We do not require anyone browsing our website to provide any personal information unless and until they choose to make a purchase or sign-up to receive additional contact from us.

At Cruise.com we believe in privacy and transparency, and we're committed to providing our privacy practices to our customers which outline how we treat personal customer information. This policy explains our privacy practices as it pertains to Cruise.com and the ways in which we collect and store customer data.

Our booking engine and invoicing technology is a platform provided by Travtech, Inc., called "Cruisebase", which follows Travtech's information policy specific to privacy protection. This is the primary way we collect much of the personal data on our customers. The privacy policy of Travtech can be found at http://www.travtech.com/privacy-policy, and it includes much of how our data is collected, stored and protected for our customers. Any requests concerning cybersecurity or the deletion of data may be directed to the CISO@cruise.com.

Accepting the Privacy Policy

In order to run our business it is necessary to collect and process customers' personal information. By accepting the terms of our Privacy Policy, you, our customer, confirm that you have read and understand this policy and the policy of our third party service provider. If you are not in agreement with how we collect and process your personal information then we would advise using an alternative service provider. If you use the services of any of our affiliates or independent contractors, we are not responsible for the privacy policies or practices of any independent contractors EXCEPT for any data collection or storage tools or websites that WE have provided to them and control as a condition of their contractual relationship with us. Any data collection and storage tools that are independently maintained and controlled by our affiliates and their businesses are not under the purview of this privacy policy.

By using our services, you are acknowledging that Cruise.com, through all its data collection tools, will use your information to complete any transaction required to fulfill the service you have come to us to transact for you. In addition, we will only transfer that part of your information to other service providers we have contracted with, who provide the necessary products and services, in order to fulfill your travel-related needs ONLY. Please be aware that Cruise.com does not control the privacy standards of these partner service providers and our privacy policy does not include how that data is accessed and stored by them. We only transfer personal information to those service providers who are required to fulfill your personal travel needs AND that we are permitted by law to transfer personal information to. In addition, your personal information may be divulged when required by law or when protecting the legal rights and/or property of Cruise.com.

Automatic Logging of Session Data

We automatically log generic information about your computer's connection to the internet, which we call "session data". Session data consists of things such as IP address, operating system and type of browser software being used and the activities conducted by the user while on our site. An IP address is a number that lets computers attach to the internet, such as our web servers, and know where to send data back to the user, such as the pages of the site the user wishes to view. We collect session data because it helps us analyze such things as what items visitors are likely to click on most, the way visitors are clicking through the site, how many visitors are surfing various pages on the site, how long visitors to the site are staying and how often they are visiting. It also helps us diagnose problems with our servers and lets us better administer our systems. It is possible to determine from an IP address a visitor's Internet Service Provider (ISP) and the approximate geographic location of his or her point of connectivity. We may also use some session data, such as the pages you visited on our site, to send you e-mail messages focused on destinations that you may be interested in, unless you had previously opted out of receiving such messages. The third-party advertising companies may also employ technology that is used to measure the effectiveness of ads. Any such information is anonymous. They may use this anonymous information about your visits to this and other sites in order to provide advertisements about goods and services of potential interest to you. No personal information about you is collected during this process. The information is anonymous and does not link online actions to an identifiable person. Basically, we use data analytics to ensure site functionality and improve the delivery of our services to you. We do not link the information we capture and store to any personally identifiable information.

Information Collected or Received

In the course of providing our services and completing the business transaction, we do collect or receive your personal data. You may be submitting your data through our website or directly to one of our sales and service staff members, an affiliate of Cruise.com, or other representatives of Cruise.com. (NOTE: We do record phone conversations with our customers and data can be collected in that manner. We use those recorded conversations to improve our service to the customer and for training purposes, and as a record of any real or potential transaction). The vast majority of this personal data is collected though our booking engine and invoicing technology, which are the software products of our third-party service provider, Travtech, Inc. The privacy policy of Travtech can be found at http://www.travtech.com/privacy-policy. The data we collect depends on the context of your interactions with Cruise.com and the choices you make, the services and features you use, and whether you use our website or contact a live agent or representative. The data we collect can include the following:

• Name and contact data
• Examples of personal data (age/date of birth, gender, country/nationality, passport # and expire date)
• Address
• Billing and payment information (including credit card information)
• Phone number
• Travel location(s)/dates of travel
• Social data (celebrating anniversaries, birthdays, other events)

If you need to review, change or remove information you can contact customer service at Cruise.com at customersupport@cruise.com (and/or the Cruise.com sales agent if one was used).

Additionally, there is some data being collected in other ways that is external to the Travtech data collection systems and necessary to conduct the business of Cruise.com. This data includes:

• Accounting reports from some of our travel vendor partners, which includes: client names and addresses, telephone numbers, the last 4 digits of the customer's credit card number, birthdays and citizenship.
• The Customer Service desk deploys an electronic cancellation "inbox" (electronic) that contains cancellation forms that have been faxed to Cruise.com with the credit card holder signature. In addition, the Customer Service department staff makes changes and corrections directly with our travel partners. Once a confirmation is received from the travel partners of these corrections and changes, the Cruise.com agent updates our TravTech systems directly. The data collected by the Customer Service staff includes: legal names, birth dates, billing addresses, personal email addresses, credit card information and passport information.
• Cruise.com sales agents also collect the same data that customer service agents (see above) collect from customers.
• The Cruise.com Affiliate Division collects personal data, including credit card and billing information, on its Independent Contractors (ICs). ICs are required to be under contract with Cruise.com to operate with us, and credit card data is collected because there are annual and monthly dues involved, as well as some transaction and penalty fees.

Cookies

When you use a browser you can control your personal data using certain features. You can control the data stored by "cookies" and withdraw consent to cookies by using browser based cookie controls. Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. You can refer to your browser's privacy or help documentation to find instructions for blocking or deleting cookies. Cookies are used to:

• Store your preference and settings
• Sign-in and authentication
• Security
• Storing information you provide to a website
• Social media
• Feedback
• Internet-based advertising
• Showing advertising
• Analytics
• Performance

Choice and Control

As stated previously, the purpose for collecting your personal information and data is to successfully process and complete the travel product purchase(s) you are making with Cruise.com. You, the customer, have certain choices and control over the personal data we collect from you, as follows:

1. You can request a copy of all the data we collected.
2. If you say the data is inaccurate, we are required to correct it.
3. You can request us to delete all your data, which we can within the legal constraints and business requirements set forth in this document.
4. If you request it, we can stop processing your data within the legal constraints and business requirements set forth in this document.
5. If you request it, we can transfer the data out of our service and back to you, the customer.
6. You have a special right to object to your data being used for certain purposes, like direct marketing.

Information Uses, Sharing and Disclosure

We rely on a variety of legal reasons and permissions ("legal bases") to process data, including with your consent, a balancing of legitimate interests, necessity to enter into and perform business transactions, and compliance with legal obligations, for a variety of purposes. These legal bases include where:

• It is necessary to perform our business obligations to you the customer and in order to provide our services to you;
• you have consented to the processing, which you may revoke at any time;
• you have expressly made the information public;
• necessary to the public interest; and
• occasionally necessary to protect your vital interests or those of others.

Note that we principally rely on consent to send marketing messages and for third-party data sharing.

Where we process your information on the basis of legitimate interests, we do it to provide and improve our services and keep our services safe and secure. We use personal data to:

• provide our services to you and to provide support to you.
• improve and develop our services and products further, and to make them more personalized; this includes sharing data when it is required to provide the service or carry out the transactions you request.
• advertise and market to you, which include sending promotional communications, targeted advertising, and presenting relevant offers.
• operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce and doing research.

When we process personal data about you, we do so with your consent and/or as necessary to provide the products you request from us, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, and to fulfill other legitimate interests of Cruise.com.

When we share your personal data, we do it with your consent or as necessary to complete any transaction or provide a product or service you have requested or authorized. For example, we often share your personal data with a third-party travel-related service or product provider in order to complete the business transaction. Cruise companies, hotels, airlines, excursion groups and a travel insurance company are among the third parties we share your information with. And when you provide payment data to make a purchase, we share that payment data with an applicable third-party provider.

Finally, we will retain, access, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary to do any of the following:

• Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
• Protect our customers, or to help prevent loss of life or serious injury.
• Operate and maintain the security of our products, including preventing or stopping an attack on our computer systems or networks.
• Protect the rights or property of Cruise.com.

Data Retention

Cruise.com will retain your information only for as long as is necessary for the purposes set out in this policy, or as needed to provide services to you. If you no longer want Cruise.com to use your information to provide services to you, including any marketing material, you can make a request in writing to Customer Service at Cruise.com at the following email address: customersupport@cruise.com; or, in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004. Cruise.com will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to comply with applicable tax/revenue laws), resolve disputes, enforce agreements, or as otherwise described in this policy. NOTE: additional data retention policy requirements can be found in the Travtech third-party policy at http://www.travtech.com/privacy-policy.

Security

The security of your personal information is important to us. In order to protect your personal data, we maintain physical, electronic and procedural safeguards. We review those safeguards regularly in keeping with technological advancements. We restrict access to your personal data, and we also train our employees in the proper handling of your personal data.

Cruise.com's technology partner, Travtech, encrypts certain information (such as credit card numbers) through its technology platform. Cruise.com and its technology partner, Travtech, follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and after it is received. Unfortunately, no method of transmission, whether direct person-to-person or over the internet, or method of electronic storage, is 100% secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.

Your Rights

The purpose for collecting personal information and data is to successfully process and complete the travel product purchase(s) made on the Cruisebase platform.

From the perspective of GDPR, a traveler has the following rights:

1. Right to be informed
2. Right of access
3. Right of rectification
4. Right of erasure
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights in relation to automated processing and profiling

If you would like to manage, change, or limit your personal information you can do so by contacting Cruise.com Customer Service at the following email address: customersupport@cruise.com; or in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004. A stated previously, if you want data deleted you can make that request via email to CISO@cruise.com.

If we process your information based on our legitimate interests as explained previously, or on the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing purposes, you can always object by contacting our Customer Service department at the following email address: customersupport@cruise.com; or in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004.

Withdrawing Consent

Where you have provided or implied your consent (by entering into a business transaction with us) you have the right to withdraw your consent to our processing of your information and your use of our services. Keep in mind that if a payment of services is involved and payment has been made and processed, there are limits to what degree you can withdraw consent once a payment has been made. If Cruise.com has made an error in processing your information or processing payment for services, Cruise.com will do everything it can to correct the situation.

You can choose to withdraw your consent to our processing of your information and your use of our services by contacting Cruise.com Customer Service at the following email address: customersupport@cruise.com; or in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004, which will evaluate to what degree withdrawal of consent pertains to where the business transaction stands. You can request your personal information to be deleted, except for information that we are required to retain, especially pertaining to legal or financial requirements. Requests to delete data should be made via email to CISO@cruise.com.

Privacy Policy Changes

We may amend or update this policy from time to time. Change to the privacy policy will be made promptly and posted and presented as current policy. If we collected personal information from you, we encourage you to check back regularly and review the policy.