The protection of personal data and the responsible handling of information that you entrust us with are very important and are a priority for us. AIDA Cruises collects, processes, and utilizes personal data only in accordance with the statutory regulations. These are in particular the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (German BDSG). With this data protection declaration we are informing you how, to what extent and for what purposes we collect and process personal data during your use of this website (including our career portal). We also provide you with some basic information on data processing in case you book a trip or apply for job.
AIDA Cruises - German Branch of Costa Crociere S.p.A.
Am Strande 3d, 18055 Rostock, Germany
Tel.: +49 (0)381/20 27 06 00, Fax: +49 (0)381/20 27 06 01
Postal address: AIDA Cruises, Betrieblicher Datenschutzbeauftragter, Am Strande 3d, 18055 Rostock
The subject of data protection are personal data. Data are personal if they can be allocated to a specific or identifiable person. This includes information such as name, address, email address and telephone number. Generally, this website can be used without your personal data being collected or processed. Your personal data is collected and processed if you voluntarily provide it. This in particular concerns the following situations:
Personal data you provide when you register or book a cruise are collected and processed in order to manage the cruise as well as other travel related data which you enter via our travel portal MyAIDA or make available by other means (e.g. your contact details, information on the method of payment and the data for the ship´s manifest) are processed by us for the initiation and execution of the travel contract (see Art. 6(1)(b) EU GDPR). The performance of the contract also includes customer service and the use of services on our websites, such as the travel portal MyAIDA and – if you decide to use it – the AIDA Lounge.
We may also use the aforementioned data – except the data for the ship´s manifest – and other information that you voluntarily provide to us via this website or by other means (in particular opinion surveys and the evaluation of travel services) to improve our services and for market research. In this case, we pursue a legitimate interest (see Art. 6(1)(f) EU GDPR) or request your consent (see Art. 6(1)(a) EU GDPR).
When you book a cruise, we also collect personal data concerning your fellow travellers. We therefore kindly ask you to make sure that such data is provided with the consent of the persons concerned. Personal data concerning children or minors (under 18 years of age) are only collected and processed to perform travel services.
During check-in, the identification document is compared with the manifest data to ensure the accuracy of the information and to avoid delays in late entry. We also ask you to take a photo of you for access control. Legal basis are international agreements and entry requirements regarding controls in cross-border travel (SOLAS Convention or Directive 2010/65/EU), maritime law provisions on access control to ships (ISPS Code and Regulation (EC) No 725/2004) and related legal regulations for the examination of identification documents by carriers (e.g. Section 20(4) German PAuswG).
If you make use of services on board or within the scope of the trip, e.g. take part in excursions, we will process the data required for this in each case. If you require medical assistance, you will be informed separately about the related data processing.
During the cruise, our TV team may take photos or videos in public areas. We will announce in our daily program which events and excursions will be concerned (see the camera icon in the daily program). The photos and videos are taken with the guests’ consent and will be used as described in the terms and conditions and will be offered for sale to the guests concerned. You will find further information in our terms and conditions and will also receive a reminder as part of the materials provided at the start of the cruise. If you do not wish to be photographed or filmed by our TV team, please notify the TV team or other staff of AIDA Cruises.
We use video surveillance systems (CCTV) to ensure access control and public safety at various operating locations, including ships. Only public areas are monitored. The monitored areas are designated. The use of CCTV systems serves for access control, to protect the property of the guests, company and employees and for public safety. The use of video surveillance systems on board of ships also serves to prevent incidents, to support rescue measures and to generally maintain safety within the framework of maritime law. Video recordings are only evaluated by specially authorized persons, insofar as this is necessary for the aforementioned purposes and in accordance with labour and data protection law. Video recordings may be made or evaluated with the help of a security service (data processor). They are deleted after a defined storage period (no longer than 14 days for cameras onboard of ships), unless they are required to follow up specific incidents. In case recordings are required as evidence, the records may be passed on to competent authorities, courts or other parties involved in the procedure.
In case you want to receive our newsletter and register for it, we require a working e-mail address assigned to you, which enables us to check that you are the owner of the e-mail address provided. The same applies if you give us permission to contact you by telephone for advertising purposes.
You may revoke your consent to the storage of your e-mail address or telephone number and other personal data provided by you and to their use for advertising purposes at any time with effect for the future (see Section 11).
If we ask for your consent to receive advertising, we may also ask you to share your information with other members of the Carnival group of companies so that they can send you information about their cruise products and offers. These concerns the following companies, with the respective brands shown in brackets:
Carnival Corporation (Carnival Cruise Line)
Carnival PLC (P&O, Cunard, Princess Asia)
Costa Croceire S.p.A. (AIDA Cruises und Costa Cruises)
Holland America Line N.V., general partner of Cruiseport Curacao C.V. (Holland America Line and Seabourn)
Princess Cruise Lines, Ltd (Princess, Alaska, P&O Australia and Cunard)
SeaVacations Limited (CCL business in UK)
You can withdraw your consent to advertising by directly notifying the respective companies. You can also withdraw your consent by notifying AIDA Cruises (see Section 11), we will then forward your request to the company / companies concerned.
In order to use our career portal for job applications, you can create your personal user account. In that case, we ask you to provide your personal details, contact data, and user data via the registration form. Mandatory fields are indicated with an asterisk.
To secure your profile, we ask you to provide a password (you can review the password rules by clicking on “Help”) and we also ask for a security question in order to be able to reset your password in case you should forget it.
The profile information will be stored by us to maintain and manage your account. It will be reduced to name and date of birth six months after the application process has ended. The account will automatically be deleted 2 years after your application, or if you decide to delete your account.
If you decide to apply for a position through our career portal and submit an application, we ask you to provide your personal details (in particular salutation, title, name, postal address, age, nationality), contact data (e-mail and mobile phone number) and information on your earliest availability for a position. This information is mandatory if you want to submit an application. Optionally, you may also choose to provide information on your desired salary or, in case you are available for a Skype interview, your Skype account.
To complete your application, you need to go to the “Your application” section to upload a CV and relevant certificates. In addition, you may choose to upload a correspondence letter and/or a photo.
If you want to provide us with any relevant links to websites in order to support your application and to enable us to learn more about you, you can also provide us with links, e.g. to your own website, your YouTube channel or your profile on XING, LinkedIn, Facebook or Instagram. We may then visit the indicated website and take the information into account in the application process.
Before you submit your application, you can view the summary of all the information provided by you by clicking on the “Summary” tab.
You can also apply for jobs via other means, e.g. by e-mail.
All of the above data provided by you for purposes of the application will exclusively be used for the application process. If your application is successful and we enter into an employment relationship with you, we will store your application data within your personnel file. Otherwise, we will delete the data six months after the end of the application process (unless you agree to become part of the applicant pool, see 4.3); only your name and date of birth are stored for up to two years to identify repeat applications in our legitimate interest.
You can also decide to tell us where you found out about our job offers, we will only use this information for internal administrative purposes in order to optimize our advertisements of open positions.
In case you are available for interviews via Skype, you may also provide your Skype user account. Please note that the Skype service is offered by Microsoft Inc. and subject to their privacy notice. We will not record Skype interviews.
We may also invite you to a live and/or recorded video interview with a different provider (such as Cammio BV, Cammio B.V. in Voorschoten, Willem de Zwijgerlaan 68, 2252VS, The Netherlands). In that case, we will ask you to provide a separate consent to the data processing in the context of such interview.
It will not have any negative impact on your application if you are not available for a video interview.
We offer you to include your application in our applicant pool with your consent. This may be helpful if we cannot currently offer you a position or none of our positions fits your profile. If you agree to add your application to the pool, as soon as a vacancy opens that would be suitable for you, we will contact you. We will store your information in our applicant pool for a maximum of twelve months.
You may withdraw your consent at any time with effect for the future by writing an e-mail to “firstname.lastname@example.org”. In that case, your application will be deleted from the pool.
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any data for identification (e.g. your login data when you log into a secure area such as the MyAIDA travel portal or the AIDA Lounge). This also includes the technical data transmitted by your browser such as browser type, previously visited website (referrer URL), monitor resolution, etc. These data are used to provide and design the service as needed. They are always deleted as soon as they are no longer needed. For the processing of pseudonymous user profiles see section 5.3.
When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are transferred between a webserver and your browser and are stored on your computer’s disk. This makes it possible to recognize you when you re-visit the website. This way, we can offer you better functionality of our website and, for example, avoid that you have to log in repeatedly, or allow us to carry out web analysis (see section 5.3).
There are different types of cookies. A distinction must be made between cookies set by the website operator when visiting a website ("first-party cookies") and cookies set by third-party providers ("third-party cookies"). We only have technical control over first-party cookies. Also, there are cookies that are stored on your computer only during your visit to our website ("session cookies") and cookies that are stored for a longer period. In particular, the following cookies are set on our website by us (first-party-cookies):
|__sonar||Google DoubleClick: Stores the traffic source or the campaign via which the user reaches the website.||1 year|
|__utma||Google Analytics: Used to discern users and sessions.||2 years|
|__utmb||Google Analytics: Used to determine new sessions/visits.||30 minutes|
|__utmc||Google Analytics: Used to provide interoperability with the service Google Urchin.||Only for the session|
|__utmgacjtaca||Google Analytics||1 year|
|__utmz||Google Analytics: Stores the traffic source or the campaign via which the user reaches the website.||6 months|
|_ga||Google Analytics: Used to discern users.||2 years|
|_gac_UA-46228418-2||Google Analytics / Google Adwords: Contains campaign-related information on the user.||90 days|
|_gat_UA-46228418-2||Google Analytics: Used to limit the frequency of requests.||1 minute|
|_gid||Google Analytics: Used to discern users.||1 day|
|_dc_gtm_UA-46228418-2||Google Tag Manager (see 5.3.3)||1 minute|
|_uetsid||Microsoft Bing Ads||30 minutes|
|_wyidfp||WyWy TV Tracking||1,5 years|
|AWSELB||Used to distribute user requests to different webservers (so-called Load Balancing).||only for the session|
|fe_typo_user||TYPO3: This is in particular used for user login to secure areas.||only for the session|
|LtpaToken||Used for user login to secure areas (Lightweight Third-Party Authentication).||only for the session|
|optimizelyBuckets||Webtesting and targeting by Optimizely (see 5.3)||10 years|
|optimizelySegments||Webtesting and targeting by Optimizely (see 5.3)||10 years|
|OptimizelyOnce||Webtesting and targeting by Optimizely (see 5.3)||1 year|
|OptimizelyEndUserID||Webtesting and targeting by Optimizely (see 5.3)||10 years|
|REALPERSON_SESSION||Assigns an individual ID to the browser in order to deliver online-functionality for the duration of the session.||only for the session|
|__ar_v4||DoubleClick Display Advertising||4 years|
Most browsers are configured to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out that a use of our offers on the website without cookies is only possible to a limited extent. In particular, it is not possible to book a trip without cookies, as these are necessary to check the booking data.
You can also use your browser to prevent the setting of certain cookies (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser's help function for more information. For more information about third-party cookies that are set or processed when you visit our website, please refer to section 5.3 and the Privacy Policies of the providers named there.
For the purposes of advertising and market research and to optimize the user experience of our website, AIDA uses web tracking technology. Respective data regarding the use of our website is stored in pseudonymous usage profiles (your IP address is stored in anonymized form). This way, we are able to improve our website and to better adjust the content to your needs. Usage profiles are also used for so-called retargeting. This enables us to place ads with interesting offers also on other websites that you visit. Pseudonymous usage profiles will not be (re-)combined with personal data.
You can object to the building of pseudonymous usage profiles. To this end, you can configure your browser so that it does not accept cookies (see section 5.2). You can also use a browser plugin to protect your privacy – e.g. AdBlock, Ghostery or NoScript (please note that AIDA Cruises is not endorsing any specific plugins). Some providers of tracking technology have joined advertising associations (see below for details), allowing users to centrally opt-out of receiving targeted online ads by any of the members of the respective association. You can find such multi-provider opt-out solutions here:
„European Interactive Digital Advertising Alliance“ (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
„Digital Advertising Alliance“ (DAA): http://www.aboutads.info/choices/
„Network Advertising Initiative“ (NAI): http://www.networkadvertising.org/choices/
The following table lists the tracking technologies used on our website (which may include cookies in particular, see Section 5.2) and the respective providers who process usage data in pseudonymous profiles for the purposes stated in each case. In addition, the link to the provider's data protection declaration is provided and we explain to you how you can specifically deactivate or activate the web tracking by the individual service providers with effect for the future. As a rule, a special cookie is stored on your device to deactivate tracking, which excludes the collection of usage data from your device by the respective provider for the future; please note that you may have to re-set the cookie if you delete cookies from your computer.
|Tool/Provider||Purpose||Link to the Provider's Data Protection Declaration / Link to Deactivate or Activate the Data Processing|
IPONWEB, 16 Garrick Street, Covent Garden, WC2E 9BA London, Großbritannien
|Bing Ads: Microsoft (Contact for Data Protection questions: Microsoft Privacy, Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, Vereinigte Staaten)||Web analysis, interest-oriented advertising||Deactivate or activate the tracking: see this website or the website of EDAA|
|Criteo: Criteo SA, 32 Rue Blanche, 75009 Paris, Frankreich||Web analysis, interest-oriented advertising||Deactivate or activate the tracking: see this website or the website of EDAA|
|Facebook Exchange (FBX) / Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, Vereinigte Staaten||Web analysis, interest-oriented advertising||Weitere Informationen zum Datenschutz|
Deutsche Post AG (Contact: Data Protection Officer, Gabriela Krader LL.M., Deutsche Post AG, 52350 Bonn)
intelliAd Media (Contact: Data Protection Officer, Michael Schunke, Sendlinger Str. 7, 80331 München)
|Web analysis, interest-oriented advertising||https://www.deutschepost.de/de/c/nexellent.html http://www.intelliad.de/datenschutzbestimmungen/|
Deactivate or activate the tracking: see the two data protection policies mentioned above
|Optimizely: Optimizely, Inc., 631 Howard Street, Suite 100, San Francisco, CA, 94105||Web analysis||Deactivate or activate the tracking: see the instructions under http://www.optimizely.com/opt_out|
Note: We have activated IP anonymization for the use of Optimizely; your IP address will therefore be shortened before saving.
You may refuse to have cookies stored on your device by appropriately configuring your browser (see section 5.2) or by using a privacy plugin (see section 5.3). Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Further information on the data processing in the context of Google Analytics is available under: https://www.google.de/intl/de/policies/.
We also use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. This way, in order to improve our services, we can analyse what happens after a user has clicked on one of our ads, e.g. whether a user has ordered a product or has viewed the ad from a mobile device. Furthermore, you will receive interest-based ads through these services. You can opt out of such interest-based ads via the Google Ads preferences pages: http://www.google.com/settings/ads/onweb/?hl=en.
DoubleClick places a cookie on your device to track your surf profile across webpages and to serve you interest-based ads. If you want to permanently opt out of this, you can download a plugin to deactivate this cookie under the following link: https://www.google.com/settings/u/0/ads/plugin?hl=en
We transfer the data mentioned in section 3.1 if this is necessary for the provision of the travel service, including invoicing, or if it is legally required within this framework (see Art. 6(1) lit. a and c EU GDPR). For example, we may pass on flight booking data to the respective airline (within the framework of the statutory passenger data requirements applicable to the respective destination country). In addition, we pass on the data from the ship manifest to the relevant authorities in the ports of call during your voyage; this is based on maritime law requirements (e.g. Directive 2010/65/EU and the SOLAS Convention). In this respect, the information for the ship manifest is generally necessary for the fulfilment of the contract; voluntary information is marked as such.
Within the scope of the purposes stated in sections 3.1-3.4, the data described there will also be passed on to service providers who work for us and in particular support us in providing our services (e.g. port agencies in the respective destinations and ports of call; as well as IT service providers). This includes our group-internal call center (AIDA Kundencenter GmbH, Am Strande 4, 18055 Rostock, Germany). The data described under section 4 is processed on our behalf by d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany, in order to offer the career portal functionality and to support our application process; data from CVs received for application purposes is temporarily processed on our behalf by Textkernel BV, Nieuwendammerkade 28/a17, 1022 AB, Amsterdam, The Netherlands. In addition to their legal obligation to comply with all data protection regulations, all service providers that have access to personal data are bound by us with further contractual regulations on data protection. This regularly includes a data processing agreement pursuant to Art. 28(3) EU GDPR.
In all other respects we transmit personal data to third parties only, if a legal permission exists or if you have agreed before. Any consent given can be withdrawn at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or following an official order or court decision and only insofar as this is permitted under data protection law.
If necessary for our purposes, we may also transfer your data to recipients outside the EU/EEA. This is particularly the case if we have to transmit this data within the scope of contract processing or due to legal regulations to consignees in ports or countries that are destinations within the scope of a journey booked by you (e.g. the manifest data to the local immigration authorities; passenger data to airlines for feeder flights). Apart from that, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the EU GDPR and there are no other interests worthy of protection that stand against the transfer of the data. To ensure an adequate level of protection for the recipient of the data, we use in particular the model contracts of the EU Commission for the transfer of personal data to third countries.
We do not transfer data outside of the EU/EEA for the purposes described under section 4. If you are located outside of the EU and want to apply for a crew position, we may however suggest you to apply via a local manning agency.
Data from job applications will be deleted as described in section 4. The pseudonymous profiles created via Google Analytics (see 5.3.1) will automatically be deleted 38 months after the last piece of information has been added to the profile.
In general, we delete your personal data when it is no longer required for the purposes for which it has been collected and processed, unless there are statutory obligations to archive the data. Under German law, relevant archiving periods under tax and commercial law are six years (for business letters in any form) and 10 years (for information relevant for activities subject to tax accounting).
AIDA Cruises has taken the necessary technical and organisational measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in the data processing are obliged to observe the EU GDPR and the German BDSG and other data protection legislation and are obliged to keep personal data confidential. Our employees receive respective training. Both internal and external audits ensure that all procedures relevant to data protection are observed at AIDA Cruises.
To protect your personal data, we use a secure online transmission protocol called “Secure Socket Layer” (SSL). You can see this by the fact that there is an “s” added to the URL part “http://” (making it “https://”) or by a green, closed lock icon shown in your browser. By clicking the lock icon, you will get information on the SSL certificate used. The appearance of the icon depends on the type and version of your browser. SSL-encryption ensures an encrypted and complete transmission of your data. The SSL connection used by us was certified for security and confidentiality by the company GeoTrust.
You may at any time and free of charge request information about the personal data stored by AIDA Cruises and - insofar as the legal requirements are met - the rectification, erasure and restriction of the processing of these data. If AIDA Cruises processes your data to pursue legitimate interests, in particular for advertising purposes, you may exercise your right of objection. Whether and to what extent these rights exist in individual cases and what conditions apply to them is governed by the law (until 25 May 2018 under the German BDSG, and from 25 May 2018 also under the EU GDPR). The EU GDPR also grants you a right to data portability under certain circumstances. If you have given your consent under data protection law, you can revoke this consent at any time with effect for the future.
For the exercise of these rights and for other questions regarding data protection, please contact our company data protection officer (see section 2). In order to process your request quickly, we recommend that you inform us of your surname, first name, date of birth and, if available, your e-mail address and, in the event of an objection, send us a copy of the advertising material after receipt of advertising.
You have also the right to lodge a complaint with a supervisory authority. However, if you have any questions or complaints about data protection at AIDA Cruises, we recommend that you first contact our data protection officer.
We do not use your personal data for automated individual decisions in the sense of Art. 22(1) EU GDPR.
Last Update: Mai 2018