Star Clippers is committed to being transparent about how we use the personal data of everyone we deal with.

This Privacy Notice is intended to inform you (collectively “you”, “your”, “yours” or “yourself”) how Fred. Olsen Travel ("we”, “us” or “our”) will collect and use your personal data when you do any of the following:

  • visit and browse our website starclippers.co.uk;
  • use our website to submit an enquiry, sign up for our newsletter or sign up to one of our mailing lists;
  • submit information to make a booking or buy any of our services, including any modification, cancellation, or similar activity;
  • contact us, make an enquiry, or communicate with us in any way, including by email, direct message, video chat, phone, and text;
  • provide information to us and communicate with us in any way, including through our website, in writing and verbally.

Categories of Personal Data We Collect

The personal data we collect about you depends on whether you are making an enquiry, you are, or may be, a customer, visiting our website or you are, or may be, a supplier.  We will collect and use some or all the following personal data about you (and if you are making a booking, all persons to be included in that booking):

INFORMATION TYPE

DETAILS

Personal information

Names, title, address, phone number(s), email address, emergency contact details (name, phone number and their relationship to you), date and place of birth, nationality, gender, photographs (for security), social media identifiers

Official documentation

This includes passport number, expiry date, issue date, place of issue

Payment method information

Credit card information, transactional history and purchases, amount paid for services, bank information

Health details

Information you submit to us related to disability, dietary requirements, medical and contagious disease and vaccination information

Account information

Email address and password, and information provided to set up a My Cruises account, sign up for our newsletter or for a promotion or special offer, and/or to use our mobile app

Website use & communications

In addition to the personal information described above, we may collect your social media name(s), username(s), account ID and password, IP address, website use information, browser information, device type, location, image and video and audio recording

Commercial information

Job title, contact details, email address, work address, details of company you work for, professional experience, qualifications

Other information

Any information that is relevant to your interaction with us, your visit to our website, making an enquiry and making a booking. This may include details of family members and persons who may travel with you, travel insurance details, and 24-hour medical emergency number

In order to facilitate a booking we are also obligated to obtain personal data of a special category such as contagious disease vaccination information, health and medical information and information that could reveal your race or ethnicity.

We realise that your emergency contact may not have heard of Fred. Olsen Travel previously, and so we ask you to inform them that you will be sharing their information with us. If they have any queries, they can contact us using the details we have provided in this Notice.

You are required to provide personal information to us before we can confirm your booking. If you fail to provide us with this information, then you will not be able to book your holiday.

Receiving Data Through Third-Parties

We are proud to have a wide network of travel partners. If you have concerns that we may have received your information in error or would like to find out where we have received your information from, please contact us using the details in this notice.

Purposes of Processing Your Personal Data and Legal Basis

We process your data for a variety of purposes. As a Travel Agent, we process personal data primarily to facilitate bookings and providing holidays. We always process personal data with a legal basis and the table below demonstrates our intended purposes and the legal basis we use to process your data.

 

Purpose

 

Legal Basis

Setting you up as a customer (including storing, processing and analysing your information to make reservations and arrangements related to your holiday) or setting you up as a supplier

Contractual Obligation
Legitimate Interests

Making your booking, which can include package holidays and arranging cruise, flights, hotels, rail, and transfers

Contractual Obligation

Obtaining medical information and information that can reveal race or ethnicity

Contractual obligation with explicit consent.

Your explicit consent is obtained through the provision of this information from yourself directly or the third party passing us this information to us. You can withdraw or decline consent, however without knowing your nationality we will not be able to book your holiday, and without knowing any medical conditions we could not ensure adequate medical care or provision.

Vaccination information, shielding and/or clinically extremely vulnerable status    

Legitimate Interest
Consent

Recording voice calls, online chat conversations via text, audio and video images

Legitimate Interests

Contacting you with information relating to your booking

Contractual Obligation

Amending your booking at your request

Contractual obligation

Contacting you with information on additional services relating to your holiday. For example: information on excursions, upgrades and special events

Legitimate Interests (‘soft opt-in’ & opt-out)

Contacting you via email, phone and post about offers, products, and holidays
(we will always give the option to opt-out of email and postal communications at the point we capture your information and in every subsequent communication with you)

Legitimate Interests (‘soft opt-in’ & opt-out)

Communicating with you about information that directly relates to you while providing services to you and/or in connection with your communication with us

Contractual Obligation
Legitimate Interest

Using aggregated data to identify trends in bookings, to improve our services and for business reporting purposes

Legitimate Interests

Market research, insight, and customer segmentation

Legitimate Interest

Contacting your emergency contact in the event of an emergency

Contractual Obligation

Receiving your enquiry, recording relevant details, and processing your data in order to respond

Legitimate Interests

Processing feedback and complaints

Legitimate Interest

Disclosing information to public authorities, immigration authorities, customs and port inspection, Interpol and police for the prevention and detection of crime and law enforcement purposes.

Legitimate Interest

Personalising and improving our communication and services

Legitimate Interest

Health & safety reporting

Legal Obligation

Improving website content, record keeping and account creation

Legitimate Interest

Carrying out anti-fraud screening and verifying your identity

Public Interest

We do not target our website or offer any of our products or services for sale to anyone under the age of 18 (a “Minor”), nor do we knowlingly collect personal data from a Minor.  Any adult that submits information about a Minor may only do so on the basis that they are the parent or legal guardian of that Minor and waive all claims in relation to that Minor. 

Artificial Intelligence

We use software and tools containing Artificial Intelligence (AI) for business efficiency and analytical purposes. AI helps us may manage emails and content you provide and process documents from suppliers related to your booking, enquiry and/or query.  Personal data is only used in line with the original purposes for which it was provided and processed in accordance with this notice.

Recipients of Your Information

We share information for a variety of reasons, including when you request us to do so, for the prevention and detection of crime, where required by law and regulation, for us to deliver our services, to enhance, improve, develop, and promote our services, and otherwise conduct our business. The list below provides information on the types of third parties that we share information with.

  • Package holiday organisers;
  • Tailor-made holiday providers; where flight/hotel/transfers are organised by a single company, we will inform you of the company we will transfer your data to when booking those services,
  • Airlines: we will inform you of the airline company we will transfer your data to when booking,
  • Hoteliers: we will inform you of the airline company we will transfer your data to when booking,
  • Rail operators; we will inform you of the rail company we will transfer your data to when booking the train journey,
  • Other ancillary service providers; we will inform you of the ancillary service provider we will transfer your data to when booking such a service (for example car hire)
  • Specialist service providers, such as where you require a specialist service e.g. medical services
  • Health service providers, including NHS Agencies, such as GPs, hospitals, and ambulance services
  • Government and public agencies, such the Department of Health and Public Health agencies
  • External hosting providers for the administration of our website, for example our video chat host and our email letter distributor
  • Mailing houses: for brochures and other mailers
  • Our employees and contractors, selected third parties and service providers, including marketing agencies, marketing research agencies, PR agencies and data hosting service providers, so that we can develop, enhance, and promote our business generally and our services and provide customers with information and marketing messages about products and services
  • Our affiliates and companies in the Fred. Olsen family of companies, who may use your information in the same way as we can under this notice
  • Technology subprocess providers: we may share your data with technology subprocess providers, such as Traveltek (reservations system), Microsoft Fabric, and Google BigQuery (data warehousing), and GlideApps (data management and processing), to facilitate more efficient and accurate processing of your data to support our business operations.
  • Third parties as legally required to comply with law and law enforcement, to enforce our terms, to protect the security or integrity of our services, and to exercise or protect the rights, property, and safety of us and other third-parties.
  • Our professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities

We book travel and holiday arrangements for destinations across the world. When liaising with a travel or accommodation provider within Europe, the EEA, and countries on the European Commission’s data protection ‘adequacy’ list, we use the countries’ own data protection regulation as the safeguard for your data over and above the technical and organisational measures we have put in place to secure your data when transferring to them. For recipients outside of this list, we use either our standard contractual clauses with a provider where applicable, or the fulfilment of our contract with you as the appropriate safeguard.

We will never sell your data to any third party.

Retention of Your Personal Data

We retain your personal data for only as long as it reasonably necessary for the uses set out in this Privacy Notice and/or to meet legal, regulatory, and financial reporting requirements.

This includes the data relating to your booking for a minimum of 3 years, which is a requirement for legal purposes.

Information relating to the monetary value of your booking will be retained for a minimum of 6 years from the date of the transaction, to comply with statutory financial reporting requirements.

We retain your contact details until such time where you no longer wish to be contacted by Fred. Olsen Travel.

These retention periods are not inclusive of how long the recipients of your personal information may retain your data.

Your Rights

We are always happy to fulfil any one of your rights wherever possible. Your rights with respect to the personal data that we process on you are:

  • Right to information on how your data is processed
  • Right of access to the personal data we hold on you
  • Right to rectify any inaccurate data we process on you
  • Right to object to us processing your personal data
  • Right to erasure of your data
  • Right to data portability
  • Right to lodge a complaint with a data protection regulator
  • Right not to be subject to automated decision making

You can invoke any of your rights at any time using the contact details listed in this Notice, subject to us having to keep the data for legitimate business or legal reasons. Please be aware that we can ask for identification documents to confirm we are disclosing information to the correct person. If you elect a representative to invoke these rights on your behalf, we will request that the representative can demonstrate they have the authority to act on your behalf and their identity.

We do not conduct any automated decision making or profiling when you make a booking with us.

Data Protection and COVID-19

This is an addendum to Fred. Olsen Travel privacy notice.  It explains how Fred. Olsen Travel (as Data Controller) may use your personal data, specifically in relation to the Covid-19 (Coronavirus) Pandemic and to support the NHS Test& Trace scheme in England and NHS Scotland’s Test and Protect service.

To operate safely and effectively, we may need to ask you for sensitive personal information that you have not already supplied, or use data you have already provided, including whether you have any underlying illnesses or are what is classed as vulnerable.

If we already hold information regarding vulnerability, we may share this for vital health reasons, emergency planning purposes and to protect your vital interests by sharing with services both inside and outside Fred. Olsen Travel.

Your personal data

Personal data relates to a living individual who can be identified from that data.  Some of your personal data is classed as 'special category personal data' because this information is more sensitive e.g. health information, ethnicity and religion etc.

Why we may need to share your personal data

We may share your information with other public authorities, emergency services, and other stakeholders as necessary, and only when necessary, in a proportionate and secure manner.  Contact with you to obtain consent before sharing will not be required for all the reasons described in this notice.  Please be assured that protection of personal data remains a priority at this time after the health and safety of everyone.

We will only share your personal information where the law allows, and we always aim to share the minimum data necessary to achieve the purpose required.  Further, the information will only be used for the purposes listed and retained for limited specific times.

Data protection laws allow us to share information for a wide variety of reasons. These are known as our 'legal bases to process data'.

Data protection laws are written to facilitate valid information sharing, especially in times of emergency which often requires more collaborative working.  The legal bases for processing data at Fred. Olsen Travel while Covid-19 continues to present significant health risks are:

  •        Protect the public
  •        Satisfy legal and regulatory requirements
  •        Provide extra support for individuals with a disability or medical condition
  •        Safeguard children and individuals at risk

Fred. Olsen Travel will apply the following sections of the General Data Protection Regulation and Data Protection Act 2018 (other elements may be applied dependent upon emerging events):

General Data Protection Regulation

Article 6 – Lawfulness of Processing

  •        Article 6.1(c)- processing is necessary for compliance with a legal obligation to which the controller is subject.
  •        Article 6.1(d)- processing is necessary in order to protect the vital interests of the data subject or of another natural (living) person.

Article 9 – Processing of special categories of personal data

  •        Article 9.2(c)- processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
  •       Article 9.2(g)- processing is necessary for reasons of substantial public interest
  •       Article 9.2(h)- processing is necessary for the purposes of preventative or occupational medicine, where is it necessary for the provision of social care, the provision of health care or treatment or for the management of a health or social care system
  •       Article 9.2(i)- processing is necessary for reasons of public interest in the area of public health, such as protecting against cross-border threats to health or ensuring high standards of quality and safety of health care

Data Protection Act 2018

SCHEDULE 1, (Special categories of Personal Data), Part 1 Conditions relating to Employment, Health and Research etc

This condition is met if the processing

a) Is necessary for the reasons of public interest in the area of public health and
b) Is carried out -

I.  by or under the responsibility of a health professional, or

II. by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law

SCHEDULE 1, (Special categories of Personal Data), Part 2, Substantial Public Interest Conditions

Paragraph 16, Support for individuals with a disability or medical condition

This condition is met if the processing

d) can reasonably be carried out without the consent of the data subject

e) is necessary for reasons of substantial public interest

(1) This condition is met if the processing is

a) necessary for the purposes of

I.  protecting an individual from neglect or physical, mental or emotional harm, or

II. protecting the physical, mental or emotional well-being of an individual,

b) the individual is

I.  aged under 18, or

II. aged 18 or over and at risk,

c)  the processing is carried out without the consent of the data subject for one of the reasons listed in sub-paragraph (2), and

d) the processing is necessary for reasons of substantial public interest.

(2) The reasons mentioned in sub-paragraph (1) c) are —

a) in the circumstances, consent to the processing cannot be given by the data subject

b) in the circumstances, the controller cannot reasonably be expected to obtain the consent of the data subject to the processing

(3) For the purposes of this paragraph, an individual aged 18 or over is "at risk" if the controller has reasonable cause to suspect that the individual —

a) has needs for care and support,

b) is experiencing, or at risk of, neglect or physical, mental, or emotional harm, and

c)  as a result of those needs is unable to protect himself or herself against the neglect or harm or the risk of it.

How to Contact Us

Fred. Olsen Travel Ltd is a data controller. We collect and process data for several purposes outlined in this Notice. If you ever need to contact us, you can by using the details below:

Address: 42 White House Road, Ipswich, IP1 5LL
Phone: (+44) 0808 250 8793

If you have a specific query relating to how we process your personal data, you can contact our Data Protection Officer on:

Email: 

Our European Representative

We have appointed a European representative to act on our behalf regarding EU General Data Protection Regulation compliance, and to deal with any supervisory authorities or individuals based in the EEA.

Our European representative is:

Natural Power Consultants (Ireland) Limited

Address: Suite 6, The Mall, Beacon Court, Sandyford, Dublin 18, D18 A3W8, Ireland

Phone: +353 1 697 1344

Email: 

Changes To This Notice

We may change this privacy notice from time to time.  You are encouraged to revisit our website from time to time to view the current version of this notice.