Thank You for Visiting Cruise.com
Based in Dania Beach, Florida, Cruise.com is a major provider of cruise and travel related services to customers all over the world. Because we offer one-stop shopping for customers seeking travel services and travel insurance protection, we collect personal data on all our customers in order to fulfill their travel needs. We do not require anyone browsing our website to provide any personal information unless and until they choose to make a purchase or sign-up to receive additional contact from us.
At Cruise.com we believe in privacy and transparency, and we're committed to providing our privacy practices to our customers which outline how we treat personal customer information. This policy explains our privacy practices as it pertains to Cruise.com and the ways in which we collect and store customer data.
Automatic Logging of Session Data
We automatically log generic information about your computer's connection to the internet, which we call "session data". Session data consists of things such as IP address, operating system and type of browser software being used and the activities conducted by the user while on our site. An IP address is a number that lets computers attach to the internet, such as our web servers, and know where to send data back to the user, such as the pages of the site the user wishes to view. We collect session data because it helps us analyze such things as what items visitors are likely to click on most, the way visitors are clicking through the site, how many visitors are surfing various pages on the site, how long visitors to the site are staying and how often they are visiting. It also helps us diagnose problems with our servers and lets us better administer our systems. It is possible to determine from an IP address a visitor's Internet Service Provider (ISP) and the approximate geographic location of his or her point of connectivity. We may also use some session data, such as the pages you visited on our site, to send you e-mail messages focused on destinations that you may be interested in, unless you had previously opted out of receiving such messages. The third-party advertising companies may also employ technology that is used to measure the effectiveness of ads. Any such information is anonymous. They may use this anonymous information about your visits to this and other sites in order to provide advertisements about goods and services of potential interest to you. No personal information about you is collected during this process. The information is anonymous and does not link online actions to an identifiable person. Basically, we use data analytics to ensure site functionality and improve the delivery of our services to you. We do not link the information we capture and store to any personally identifiable information.
Information Collected or Received
- Name and contact data
- Examples of personal data (age/date of birth, gender, country/nationality, passport # and expire date)
- Billing and payment information (including credit card information)
- Phone number
- Travel location(s)/dates of travel
- Social data (celebrating anniversaries, birthdays, other events)
If you need to review, change or remove information you can contact customer service at Cruise.com at firstname.lastname@example.org (and/or the Cruise.com sales agent if one was used).
Additionally, there is some data being collected in other ways that is external to the Travtech data collection systems and necessary to conduct the business of Cruise.com. This data includes:
- Accounting reports from some of our travel vendor partners, which includes: client names and addresses, telephone numbers, the last 4 digits of the customer's credit card number, birthdays and citizenship.
- The Customer Service desk deploys an electronic cancellation "inbox" (electronic) that contains cancellation forms that have been faxed to Cruise.com with the credit card holder signature. In addition, the Customer Service department staff makes changes and corrections directly with our travel partners. Once a confirmation is received from the travel partners of these corrections and changes, the Cruise.com agent updates our TravTech systems directly. The data collected by the Customer Service staff includes: legal names, birth dates, billing addresses, personal email addresses, credit card information and passport information.
- Cruise.com sales agents also collect the same data that customer service agents (see above) collect from customers.
- The Cruise.com Affiliate Division collects personal data, including credit card and billing information, on its Independent Contractors (ICs). ICs are required to be under contract with Cruise.com to operate with us, and credit card data is collected because there are annual and monthly dues involved, as well as some transaction and penalty fees.
When you use a browser you can control your personal data using certain features. You can control the data stored by "cookies" and withdraw consent to cookies by using browser based cookie controls. Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. You can refer to your browser's privacy or help documentation to find instructions for blocking or deleting cookies. Cookies are used to:
- Store your preference and settings
- Sign-in and authentication
- Storing information you provide to a website
- Social media
- Internet-based advertising
- Showing advertising
Choice and Control
As stated previously, the purpose for collecting your personal information and data is to successfully process and complete the travel product purchase(s) you are making with Cruise.com. You, the customer, have certain choices and control over the personal data we collect from you, as follows:
- You can request a copy of all the data we collected.
- If you say the data is inaccurate, we are required to correct it.
- You can request us to delete all your data, which we can within the legal constraints and business requirements set forth in this document.
- If you request it, we can stop processing your data within the legal constraints and business requirements set forth in this document.
- If you request it, we can transfer the data out of our service and back to you, the customer.
- You have a special right to object to your data being used for certain purposes, like direct marketing.
Information Uses, Sharing and Disclosure
We rely on a variety of legal reasons and permissions ("legal bases") to process data, including with your consent, a balancing of legitimate interests, necessity to enter into and perform business transactions, and compliance with legal obligations, for a variety of purposes. These legal bases include where:
- It is necessary to perform our business obligations to you the customer and in order to provide our services to you;
- you have consented to the processing, which you may revoke at any time;
- you have expressly made the information public;
- necessary to the public interest; and
- occasionally necessary to protect your vital interests or those of others.
Note that we principally rely on consent to send marketing messages and for third-party data sharing.
Where we process your information on the basis of legitimate interests, we do it to provide and improve our services and keep our services safe and secure. We use personal data to:
- provide our services to you and to provide support to you.
- improve and develop our services and products further, and to make them more personalized; this includes sharing data when it is required to provide the service or carry out the transactions you request.
- advertise and market to you, which include sending promotional communications, targeted advertising, and presenting relevant offers.
- operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce and doing research.
When we process personal data about you, we do so with your consent and/or as necessary to provide the products you request from us, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, and to fulfill other legitimate interests of Cruise.com.
When we share your personal data, we do it with your consent or as necessary to complete any transaction or provide a product or service you have requested or authorized. For example, we often share your personal data with a third-party travel-related service or product provider in order to complete the business transaction. Cruise companies, hotels, airlines, excursion groups and a travel insurance company are among the third parties we share your information with. And when you provide payment data to make a purchase, we share that payment data with an applicable third-party provider.
Finally, we will retain, access, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary to do any of the following:
- Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
- Protect our customers, or to help prevent loss of life or serious injury.
- Operate and maintain the security of our products, including preventing or stopping an attack on our computer systems or networks.
- Protect the rights or property of Cruise.com.
Cruise.com will retain your information only for as long as is necessary for the purposes set out in this policy, or as needed to provide services to you. If you no longer want Cruise.com to use your information to provide services to you, including any marketing material, you can make a request in writing to Customer Service at Cruise.com at the following email address: email@example.com; or, in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004. Cruise.com will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to comply with applicable tax/revenue laws), resolve disputes, enforce agreements, or as otherwise described in this policy. NOTE: additional data retention policy requirements can be found in the Travtech third-party policy at http://www.travtech.com/privacy-policy.
The security of your personal information is important to us. In order to protect your personal data, we maintain physical, electronic and procedural safeguards. We review those safeguards regularly in keeping with technological advancements. We restrict access to your personal data, and we also train our employees in the proper handling of your personal data.
Cruise.com's technology partner, Travtech, encrypts certain information (such as credit card numbers) through its technology platform. Cruise.com and its technology partner, Travtech, follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and after it is received. Unfortunately, no method of transmission, whether direct person-to-person or over the internet, or method of electronic storage, is 100% secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.
The purpose for collecting personal information and data is to successfully process and complete the travel product purchase(s) made on the Cruisebase platform.
From the perspective of GDPR, a traveler has the following rights:
- Right to be informed
- Right of access
- Right of rectification
- Right of erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated processing and profiling
If you would like to manage, change, or limit your personal information you can do so by contacting Cruise.com Customer Service at the following email address: firstname.lastname@example.org; or in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004. A stated previously, if you want data deleted you can make that request via email to CISO@cruise.com.
If we process your information based on our legitimate interests as explained previously, or on the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing purposes, you can always object by contacting our Customer Service department at the following email address: email@example.com; or in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004.
Where you have provided or implied your consent (by entering into a business transaction with us) you have the right to withdraw your consent to our processing of your information and your use of our services. Keep in mind that if a payment of services is involved and payment has been made and processed, there are limits to what degree you can withdraw consent once a payment has been made. If Cruise.com has made an error in processing your information or processing payment for services, Cruise.com will do everything it can to correct the situation.
You can choose to withdraw your consent to our processing of your information and your use of our services by contacting Cruise.com Customer Service at the following email address: firstname.lastname@example.org; or in writing to: Customer Service Manager 255 E. Dania Beach Blvd, Dania Beach, Florida 33004, which will evaluate to what degree withdrawal of consent pertains to where the business transaction stands. You can request your personal information to be deleted, except for information that we are required to retain, especially pertaining to legal or financial requirements. Requests to delete data should be made via email to CISO@cruise.com.