Privacy Policy

Overview

The protection of personal data and the responsible handling of information that you entrust us with are very important and are a priority for us. AIDA Cruises collects, processes, and utilizes personal data only in accordance with the statutory regulations. These are in particular the EU General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (German BDSG). With this data protection declaration we are informing you how, to what extent and for what purposes we collect and process personal data during your use of this website (including our career portal). We also provide you with some basic information on data processing in case you book a trip or apply for job.

1. Data Controller in the Meaning of the Data Protection Law

AIDA Cruises - German Branch of Costa Crociere S.p.A.
Am Strande 3d, 18055 Rostock, Germany
Tel.: +49 (0)381/20 27 06 00, Fax: +49 (0)381/20 27 06 01
E-Mail: info@aida.de

2. Contact Details of the Data Protection Officer

E-Mail: datenschutz@aida.de
Postal address: AIDA Cruises, Betrieblicher Datenschutzbeauftragter, Am Strande 3d, 18055 Rostock

3. Processing of Personal Data

The subject of data protection are personal data. Data are personal if they can be allocated to a specific or identifiable person. This includes information such as name, address, email address and telephone number. Generally, this website can be used without your personal data being collected or processed. Your personal data is collected and processed if you voluntarily provide it. This in particular concerns the following situations:

3.1 Booking of a Cruise and Performance of the Contract

Personal data you provide when you register or book a cruise are collected and processed in order to manage the cruise as well as other travel related data which you enter via our travel portal MyAIDA or make available by other means (e.g. your contact details, information on the method of payment and the data for the ship´s manifest) are processed by us for the initiation and execution of the travel contract (see Art. 6(1)(b) EU GDPR). The performance of the contract also includes customer service and the use of services on our websites, such as the travel portal MyAIDA and – if you decide to use it – the AIDA Lounge.

We may also use the aforementioned data – except the data for the ship´s manifest – and other information that you voluntarily provide to us via this website or by other means (in particular opinion surveys and the evaluation of travel services) to improve our services and for market research. In this case, we pursue a legitimate interest (see Art. 6(1)(f) EU GDPR) or request your consent (see Art. 6(1)(a) EU GDPR).

When you book a cruise, we also collect personal data concerning your fellow travellers. We therefore kindly ask you to make sure that such data is provided with the consent of the persons concerned. Personal data concerning children or minors (under 18 years of age) are only collected and processed to perform travel services.

During check-in, the identification document is compared with the manifest data to ensure the accuracy of the information and to avoid delays in late entry. We also ask you to take a photo of you for access control. Legal basis are international agreements and entry requirements regarding controls in cross-border travel (SOLAS Convention or Directive 2010/65/EU), maritime law provisions on access control to ships (ISPS Code and Regulation (EC) No 725/2004) and related legal regulations for the examination of identification documents by carriers (e.g. Section 20(4) German PAuswG).

If you make use of services on board or within the scope of the trip, e.g. take part in excursions, we will process the data required for this in each case. If you require medical assistance, you will be informed separately about the related data processing.

During the cruise, our TV team may take photos or videos in public areas. We will announce in our daily program which events and excursions will be concerned (see the camera icon in the daily program). The photos and videos are taken with the guests’ consent and will be used as described in the terms and conditions and will be offered for sale to the guests concerned. You will find further information in our terms and conditions and will also receive a reminder as part of the materials provided at the start of the cruise. If you do not wish to be photographed or filmed by our TV team, please notify the TV team or other staff of AIDA Cruises.

We use video surveillance systems (CCTV) to ensure access control and public safety at various operating locations, including ships. Only public areas are monitored. The monitored areas are designated. The use of CCTV systems serves for access control, to protect the property of the guests, company and employees and for public safety. The use of video surveillance systems on board of ships also serves to prevent incidents, to support rescue measures and to generally maintain safety within the framework of maritime law. Video recordings are only evaluated by specially authorized persons, insofar as this is necessary for the aforementioned purposes and in accordance with labour and data protection law. Video recordings may be made or evaluated with the help of a security service (data processor). They are deleted after a defined storage period (no longer than 14 days for cameras onboard of ships), unless they are required to follow up specific incidents. In case recordings are required as evidence, the records may be passed on to competent authorities, courts or other parties involved in the procedure.

3.2 Marketing you may Object to

If you have booked a cruise with AIDA and have not objected to receiving advertising, we will use your e-mail address to inform you about our offers. We also use your postal address to send you product information and individually optimised travel offers in the event of a booking or if you take part in a competition organised by AIDA Cruises, provided you have not objected to this. You can object to the processing of your e-mail address and/or postal address for purposes of advertising at any time, as described in section 11 of this Privacy Policy and at the end of each newsletter.

3.3 Marketing to which you have consented (e.g. subscription to the e-mail newsletter)

In case you want to receive our newsletter and register for it, we require a working e-mail address assigned to you, which enables us to check that you are the owner of the e-mail address provided. The same applies if you give us permission to contact you by telephone for advertising purposes.

You may revoke your consent to the storage of your e-mail address or telephone number and other personal data provided by you and to their use for advertising purposes at any time with effect for the future (see Section 11).

3.4 Marketing through other brands of the Carnival Group

If we ask for your consent to receive advertising, we may also ask you to share your information with other members of the Carnival group of companies so that they can send you information about their cruise products and offers. These concerns the following companies, with the respective brands shown in brackets:

Carnival Corporation (Carnival Cruise Line)
Carnival PLC (P&O, Cunard, Princess Asia)
Costa Croceire S.p.A. (AIDA Cruises und Costa Cruises)
Holland America Line N.V., general partner of Cruiseport Curacao C.V. (Holland America Line and Seabourn)
Princess Cruise Lines, Ltd (Princess, Alaska, P&O Australia and Cunard)
SeaVacations Limited (CCL business in UK)

You can withdraw your consent to advertising by directly notifying the respective companies. You can also withdraw your consent by notifying AIDA Cruises (see Section 11), we will then forward your request to the company / companies concerned.

4. Processing of Personal Data via the Career Portal and for Job Applications

4.1 Creating a Profile on Our Career Portal

In order to use our career portal for job applications, you can create your personal user account. In that case, we ask you to provide your personal details, contact data, and user data via the registration form. Mandatory fields are indicated with an asterisk.

To secure your profile, we ask you to provide a password (you can review the password rules by clicking on “Help”) and we also ask for a security question in order to be able to reset your password in case you should forget it.

The profile information will be stored by us to maintain and manage your account. It will be reduced to name and date of birth six months after the application process has ended. The account will automatically be deleted 2 years after your application, or if you decide to delete your account.

4.2 Applying for a Job

If you decide to apply for a position through our career portal and submit an application, we ask you to provide your personal details (in particular salutation, title, name, postal address, age, nationality), contact data (e-mail and mobile phone number) and information on your earliest availability for a position. This information is mandatory if you want to submit an application. Optionally, you may also choose to provide information on your desired salary or, in case you are available for a Skype interview, your Skype account.

To complete your application, you need to go to the “Your application” section to upload a CV and relevant certificates. In addition, you may choose to upload a correspondence letter and/or a photo.

If you want to provide us with any relevant links to websites in order to support your application and to enable us to learn more about you, you can also provide us with links, e.g. to your own website, your YouTube channel or your profile on XING, LinkedIn, Facebook or Instagram. We may then visit the indicated website and take the information into account in the application process.

Before you submit your application, you can view the summary of all the information provided by you by clicking on the “Summary” tab.

You can also apply for jobs via other means, e.g. by e-mail.

All of the above data provided by you for purposes of the application will exclusively be used for the application process. If your application is successful and we enter into an employment relationship with you, we will store your application data within your personnel file. Otherwise, we will delete the data six months after the end of the application process (unless you agree to become part of the applicant pool, see 4.3); only your name and date of birth are stored for up to two years to identify repeat applications in our legitimate interest.

You can also decide to tell us where you found out about our job offers, we will only use this information for internal administrative purposes in order to optimize our advertisements of open positions.

4.3 Video Interviews

In case you are available for interviews via Skype, you may also provide your Skype user account. Please note that the Skype service is offered by Microsoft Inc. and subject to their privacy notice. We will not record Skype interviews.

We may also invite you to a live and/or recorded video interview with a different provider (such as Cammio BV, Cammio B.V. in Voorschoten, Willem de Zwijgerlaan 68, 2252VS, The Netherlands). In that case, we will ask you to provide a separate consent to the data processing in the context of such interview.

It will not have any negative impact on your application if you are not available for a video interview.

4.4 Applicant pool

We offer you to include your application in our applicant pool with your consent. This may be helpful if we cannot currently offer you a position or none of our positions fits your profile. If you agree to add your application to the pool, as soon as a vacancy opens that would be suitable for you, we will contact you. We will store your information in our applicant pool for a maximum of twelve months.

You may withdraw your consent at any time with effect for the future by writing an e-mail to “career@aida.de”. In that case, your application will be deleted from the pool.

5. Automatic Collection and Processing of Data During the Use of this Website

When you visit our website, we present you with a “cookie-banner” to notify you that we use cookies and other tracking technologies in order to enhance your experience on our website and for the purposes of web analysis and targeted marketing. The related data processing is described in detail in this section 5. As notified in the cookie-banner, by continuing to use our website, you agree to the use of cookies and tracking technology as described in this section. You may decide at any time to limit or withdraw you consent; your options to do so are explained in detail below.

5.1 Data Processing to Enable the Use of the Website

When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end and subject of your use of the website as well as any data for identification (e.g. your login data when you log into a secure area such as the MyAIDA travel portal or the AIDA Lounge). This also includes the technical data transmitted by your browser such as browser type, previously visited website (referrer URL), monitor resolution, etc. These data are used to provide and design the service as needed. They are always deleted as soon as they are no longer needed. For the processing of pseudonymous user profiles see section 5.3.

5.2 Cookies

When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are transferred between a webserver and your browser and are stored on your computer’s disk. This makes it possible to recognize you when you re-visit the website. This way, we can offer you better functionality of our website and, for example, avoid that you have to log in repeatedly, or allow us to carry out web analysis (see section 5.3).

There are different types of cookies. A distinction must be made between cookies set by the website operator when visiting a website ("first-party cookies") and cookies set by third-party providers ("third-party cookies"). We only have technical control over first-party cookies. Also, there are cookies that are stored on your computer only during your visit to our website ("session cookies") and cookies that are stored for a longer period. In particular, the following cookies are set on our website by us (first-party-cookies):

NamePurposeStorage Period
__sonarGoogle DoubleClick: Stores the traffic source or the campaign via which the user reaches the website. 1 year
__utmaGoogle Analytics: Used to discern users and sessions.2 years
__utmbGoogle Analytics: Used to determine new sessions/visits.30 minutes
__utmcGoogle Analytics: Used to provide interoperability with the service Google Urchin.Only for the session
__utmgacjtacaGoogle Analytics1 year
__utmzGoogle Analytics: Stores the traffic source or the campaign via which the user reaches the website.6 months
_gaGoogle Analytics: Used to discern users.2 years
_gac_UA-46228418-2Google Analytics / Google Adwords: Contains campaign-related information on the user.90 days
_gac_UA-XXXXX-X90 days
_gat_UA-46228418-2Google Analytics: Used to limit the frequency of requests.1 minute
_gidGoogle Analytics: Used to discern users.1 day
_dc_gtm_UA-46228418-2Google Tag Manager (see 5.3.3)1 minute
_uetsidMicrosoft Bing Ads30 minutes
_wyidfpWyWy TV Tracking1,5 years
AWSELBUsed to distribute user requests to different webservers (so-called Load Balancing).only for the session
fe_typo_userTYPO3: This is in particular used for user login to secure areas.only for the session
LtpaTokenUsed for user login to secure areas (Lightweight Third-Party Authentication).only for the session
optimizelyBucketsWebtesting and targeting by Optimizely (see 5.3)10 years
optimizelySegmentsWebtesting and targeting by Optimizely (see 5.3)10 years
OptimizelyOnceWebtesting and targeting by Optimizely (see 5.3)1 year
OptimizelyEndUserIDWebtesting and targeting by Optimizely (see 5.3)10 years
REALPERSON_SESSIONAssigns an individual ID to the browser in order to deliver online-functionality for the duration of the session.only for the session
__ar_v4DoubleClick Display Advertising4 years
mf_userMousetracking2 months

Most browsers are configured to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out that a use of our offers on the website without cookies is only possible to a limited extent. In particular, it is not possible to book a trip without cookies, as these are necessary to check the booking data.

You can also use your browser to prevent the setting of certain cookies (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser's help function for more information. For more information about third-party cookies that are set or processed when you visit our website, please refer to section 5.3 and the Privacy Policies of the providers named there.

5.3 Pseudonymous Usage Profiles for Marketing and Market Research (Web Tracking and Analysis)

For the purposes of advertising and market research and to optimize the user experience of our website, AIDA uses web tracking technology. Respective data regarding the use of our website is stored in pseudonymous usage profiles (your IP address is stored in anonymized form). This way, we are able to improve our website and to better adjust the content to your needs. Usage profiles are also used for so-called retargeting. This enables us to place ads with interesting offers also on other websites that you visit. Pseudonymous usage profiles will not be (re-)combined with personal data.

You can object to the building of pseudonymous usage profiles. To this end, you can configure your browser so that it does not accept cookies (see section 5.2). You can also use a browser plugin to protect your privacy – e.g. AdBlock, Ghostery or NoScript (please note that AIDA Cruises is not endorsing any specific plugins). Some providers of tracking technology have joined advertising associations (see below for details), allowing users to centrally opt-out of receiving targeted online ads by any of the members of the respective association. You can find such multi-provider opt-out solutions here:

„European Interactive Digital Advertising Alliance“ (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
„Digital Advertising Alliance“ (DAA): http://www.aboutads.info/choices/
„Network Advertising Initiative“ (NAI): http://www.networkadvertising.org/choices/

The following table lists the tracking technologies used on our website (which may include cookies in particular, see Section 5.2) and the respective providers who process usage data in pseudonymous profiles for the purposes stated in each case. In addition, the link to the provider's data protection declaration is provided and we explain to you how you can specifically deactivate or activate the web tracking by the individual service providers with effect for the future. As a rule, a special cookie is stored on your device to deactivate tracking, which excludes the collection of usage data from your device by the respective provider for the future; please note that you may have to re-set the cookie if you delete cookies from your computer.

Tool/ProviderPurposeLink to the Provider's Data Protection Declaration / Link to Deactivate or Activate the Data Processing
adition: ADITION Technologies AG, Oststraße 55, 40211 Düsseldorf, DeutschlandWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or the website of EDAA
AdScale/BidSwitch:
IPONWEB, 16 Garrick Street, Covent Garden, WC2E 9BA London, Großbritannien
Web analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy
adspirit: AdSpirit GmbH, Ebertstr. 2, 10117 BerlinWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy
AppNexus: AppNexus Inc., 28 W 23rd Street, 4th floor, New York, NY - 10010, USAWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy
Bing Ads: Microsoft (Contact for Data Protection questions: Microsoft Privacy, Microsoft Corporation, One Microsoft Way, 98052 Redmond/WA, Vereinigte Staaten)Web analysis, interest-oriented advertisingDeactivate or activate the tracking: see this website or the website of EDAA
Criteo: Criteo SA, 32 Rue Blanche, 75009 Paris, FrankreichWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see this website or the website of EDAA
Facebook Exchange (FBX) / Facebook Custom Audience: Facebook, 1601 S. California Avenue, Palo Alto, 94304 CA, Vereinigte StaatenWeb analysis, interest-oriented advertisingWeitere Informationen zum Datenschutz
Deactivate or activate the tracking: see Privacy Policy
Index Exchange: Index Exchange, Contact: Designated Privacy Officer, Steve Sullivan, 74 Wingold Avenue, Toronto, Ontario, M6B 1P5, Vereinigte StaatenWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or via the website of DAA or NAI
NEXELLENT/ Consentric:
Deutsche Post AG (Contact: Data Protection Officer, Gabriela Krader LL.M., Deutsche Post AG, 52350 Bonn)

intelliAd Media (Contact: Data Protection Officer, Michael Schunke, Sendlinger Str. 7, 80331 München)
Web analysis, interest-oriented advertisinghttps://www.deutschepost.de/de/c/nexellent.html http://www.intelliad.de/datenschutzbestimmungen/
Deactivate or activate the tracking: see the two data protection policies mentioned above
OpenX: OpenX Technologies Inc. („OpenX“, Address for data protection inquiries: OpenX Technologies, Inc., Attention: Legal Department, 888 East Walnut Street, 2nd Fl, 91101 Pasadena/CA, Vereinigte Staaten)Web analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or the website of EDAA or DAA
Optimizely: Optimizely, Inc., 631 Howard Street, Suite 100, San Francisco, CA, 94105Web analysisDeactivate or activate the tracking: see the instructions under http://www.optimizely.com/opt_out
Note: We have activated IP anonymization for the use of Optimizely; your IP address will therefore be shortened before saving.
Pub Matic: PubMatic, Inc., Attn: Privacy, 305 Main Street, Suite 100, 94063 Redwood City/CA, Vereinigte StaatenWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or via the website of DAA
PulsePoint: PulsePoint Inc., Address for data protection inquiries: Pulsepoint, Inc., Attn: PulsePoint Privacy Department, 20 Broad Street, 6th Floor, 10005 New York/NY, Vereinigte Staaten)Web analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or via the website of EDAA or DAA
SMART AdServer: SMART AdServer, 78 Avenue des Champs-Élysées, 75008 Paris, FrankreichWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or via the website of EDAA
Taboola: Taboola Inc., Address for data protection inquiries: Taboola, Inc., Attn: Privacy Policy, 28 West 23rd St., 5th fl., 10010 New York/NY, Vereinigte Staaten)Web analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy
Yahoo Ad Exchange: Right Media LLC, Address for data protection inquiries: Right Media, LLC, Attn: Yield Manager Privacy Questions, 701 First Avenue, 94089 Sunnyvale/CA, Vereinigte StaatenWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy or via the website of EDAA
Yahoo Analytics: Yahoo (Address for data protection inquiries: Customer Care - Privacy Policy Issues, Yahoo! Inc., 701 First Avenue, 94089 Sunnyvale, CA, Vereinigte Staaten)Web analysisDeactivate or activate the tracking: see Privacy Policy or via the website of EDAA
Zanox: zanox Ltd, Stralauer Allee 2, 10245 BerlinWeb analysis, interest-oriented advertisingDeactivate or activate the tracking: see Privacy Policy

5.3.1 Google Analytics

Our website uses Google Analytics, a web analytics service by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google Analytics uses cookies (see section 4.2) in order to analyse your use of this website. The information about your use of this website collected using cookies is usually transferred to and stored on servers of Google Inc. in the US. Prior to the transfer to the US, Google masks and thereby anonymizes your IP address within the territory of the EU or of EEA. Only in exceptional cases, the full IP address is sent to and masked by Google servers in the US. On behalf of the website provider Google will use this information to analyse your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not combine your IP address with any other data held by Google.

You may refuse to have cookies stored on your device by appropriately configuring your browser (see section 5.2) or by using a privacy plugin (see section 5.3). Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Further information on the data processing in the context of Google Analytics is available under: https://www.google.de/intl/de/policies/.

5.3.2 Google Double-Click (including Floodlight and Spotlight), Google AdWords Conversion, Google Dynamic Remarketing

We also use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. This way, in order to improve our services, we can analyse what happens after a user has clicked on one of our ads, e.g. whether a user has ordered a product or has viewed the ad from a mobile device. Furthermore, you will receive interest-based ads through these services. You can opt out of such interest-based ads via the Google Ads preferences pages: http://www.google.com/settings/ads/onweb/?hl=en.

DoubleClick places a cookie on your device to track your surf profile across webpages and to serve you interest-based ads. If you want to permanently opt out of this, you can download a plugin to deactivate this cookie under the following link: https://www.google.com/settings/u/0/ads/plugin?hl=en

5.3.3 Google Tag Manager

This website uses Google Tag Manager to manage website tags. A tag is a JavaScript snippet that can be used to send information from a website to a third party, in particular in the context of web tracking. The tool Google Tag Manager itself does not collect personal data. Rather, the tool triggers other tags that may collect data (such as the tag of Google Analytics). Google Tag Manager does not access such data. A deactivation on the domain level or cookie level will affect all tracking tags implemented via Google Tag Manager. This facilitates the implementation of an effective opt-out of web tracking.

6. Data Collection by Third Parties / Social Networks

Our Website contains links to social networks (such as Facebook, XING, Google Plus, LinkedIn, Twitter). These social networks are exclusively operated by third parties. If you follow these links, information may be transferred to these third parties. For information on the scope and purpose of the processing and use of data by these social networks and on your rights and options regarding the protection of your privacy, please refer to the privacy policy of the respective operator of the social network (for the operators listed above you will find the respective policies under the following links: Facebook, XING, Google Plus, LinkedIn, Twitter).

7. Transfer to Third Parties

We transfer the data mentioned in section 3.1 if this is necessary for the provision of the travel service, including invoicing, or if it is legally required within this framework (see Art. 6(1) lit. a and c EU GDPR). For example, we may pass on flight booking data to the respective airline (within the framework of the statutory passenger data requirements applicable to the respective destination country). In addition, we pass on the data from the ship manifest to the relevant authorities in the ports of call during your voyage; this is based on maritime law requirements (e.g. Directive 2010/65/EU and the SOLAS Convention). In this respect, the information for the ship manifest is generally necessary for the fulfilment of the contract; voluntary information is marked as such.

Within the scope of the purposes stated in sections 3.1-3.4, the data described there will also be passed on to service providers who work for us and in particular support us in providing our services (e.g. port agencies in the respective destinations and ports of call; as well as IT service providers). This includes our group-internal call center (AIDA Kundencenter GmbH, Am Strande 4, 18055 Rostock, Germany). The data described under section 4 is processed on our behalf by d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany, in order to offer the career portal functionality and to support our application process; data from CVs received for application purposes is temporarily processed on our behalf by Textkernel BV, Nieuwendammerkade 28/a17, 1022 AB, Amsterdam, The Netherlands. In addition to their legal obligation to comply with all data protection regulations, all service providers that have access to personal data are bound by us with further contractual regulations on data protection. This regularly includes a data processing agreement pursuant to Art. 28(3) EU GDPR.

In all other respects we transmit personal data to third parties only, if a legal permission exists or if you have agreed before. Any consent given can be withdrawn at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or following an official order or court decision and only insofar as this is permitted under data protection law.

8. Transfer of Data to non-EU/EEA Countries

If necessary for our purposes, we may also transfer your data to recipients outside the EU/EEA. This is particularly the case if we have to transmit this data within the scope of contract processing or due to legal regulations to consignees in ports or countries that are destinations within the scope of a journey booked by you (e.g. the manifest data to the local immigration authorities; passenger data to airlines for feeder flights). Apart from that, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the EU GDPR and there are no other interests worthy of protection that stand against the transfer of the data. To ensure an adequate level of protection for the recipient of the data, we use in particular the model contracts of the EU Commission for the transfer of personal data to third countries.

We do not transfer data outside of the EU/EEA for the purposes described under section 4. If you are located outside of the EU and want to apply for a crew position, we may however suggest you to apply via a local manning agency.

9. Deletion

Data from job applications will be deleted as described in section 4. The pseudonymous profiles created via Google Analytics (see 5.3.1) will automatically be deleted 38 months after the last piece of information has been added to the profile.

In general, we delete your personal data when it is no longer required for the purposes for which it has been collected and processed, unless there are statutory obligations to archive the data. Under German law, relevant archiving periods under tax and commercial law are six years (for business letters in any form) and 10 years (for information relevant for activities subject to tax accounting).

10. Data Security

AIDA Cruises has taken the necessary technical and organisational measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in the data processing are obliged to observe the EU GDPR and the German BDSG and other data protection legislation and are obliged to keep personal data confidential. Our employees receive respective training. Both internal and external audits ensure that all procedures relevant to data protection are observed at AIDA Cruises.

To protect your personal data, we use a secure online transmission protocol called “Secure Socket Layer” (SSL). You can see this by the fact that there is an “s” added to the URL part “http://” (making it “https://”) or by a green, closed lock icon shown in your browser. By clicking the lock icon, you will get information on the SSL certificate used. The appearance of the icon depends on the type and version of your browser. SSL-encryption ensures an encrypted and complete transmission of your data. The SSL connection used by us was certified for security and confidentiality by the company GeoTrust.

11. Your Rights

You may at any time and free of charge request information about the personal data stored by AIDA Cruises and - insofar as the legal requirements are met - the rectification, erasure and restriction of the processing of these data. If AIDA Cruises processes your data to pursue legitimate interests, in particular for advertising purposes, you may exercise your right of objection. Whether and to what extent these rights exist in individual cases and what conditions apply to them is governed by the law (until 25 May 2018 under the German BDSG, and from 25 May 2018 also under the EU GDPR). The EU GDPR also grants you a right to data portability under certain circumstances. If you have given your consent under data protection law, you can revoke this consent at any time with effect for the future.

For the exercise of these rights and for other questions regarding data protection, please contact our company data protection officer (see section 2). In order to process your request quickly, we recommend that you inform us of your surname, first name, date of birth and, if available, your e-mail address and, in the event of an objection, send us a copy of the advertising material after receipt of advertising.

You have also the right to lodge a complaint with a supervisory authority. However, if you have any questions or complaints about data protection at AIDA Cruises, we recommend that you first contact our data protection officer.

12. No automated individual decision-making

We do not use your personal data for automated individual decisions in the sense of Art. 22(1) EU GDPR.

13. Links to other websites

The AIDA Cruises website contains links to other websites. Please note that AIDA Cruises' privacy policy does not apply to these other websites.

14. Changes to this Data Protection Declaration

New legal requirements, business decisions or technical developments may require changes to our Privacy Policy. This Privacy Policy will then be updated. The most current version is always available on our website.

Last Update: Mai 2018