FRS Group Privacy Policy

Förde Reederei Seetouristik Iberia S.L.U. | Ferrys Rápidos del Sur, S.L.U.

1. Introduction

When using the services of FRS Group, we will need to process some of your personal data. Your privacy and personal information are important to us which is why we have prepared a policy in accordance with the obligations laid down by the legal framework on how we handle your personal data. Here you can find out how we process your personal information.

2. Our Information

Data Protection Officer

We have appointed a Data Protection Officer to help ensure that your personal information is collected and processed correctly. For questions regarding the collection, processing and use of your personal data, please contact the Data Protection Officer.

Förde Reederei Seetouristik Iberia S.L.U.
C/ La Línea de la Concepción, 3,
11380 Tarifa - Cádiz (España)
C.I.F. B61873519

Ferrys Rápidos del Sur, S.L.U.
C/La Línea de la Concepción, 3,
11380 Tarifa/Cádiz (España) C.I.F. B11529823 C.I.A.N 11669-3

Förde Reederei Seetouristik Maroc S.A.R.L.A.U
No.13 Office Building
Angle Bd.Med.V et Rue Victor Hugo
9éme étage;No.43
90000 · Tanger · Maroc
IF: 4904897
ICE: 000085205000014

Red Fish Speedlines D.A.R.L. - IF 14408035
3 office building, Angle bd Mohamed V et rue Victor Hugo 43
90000 - TANGER

Email:[email protected]

Data Controller

The management of FRS Portugal is responsible for ensuring that we process all personal data correctly.

Förde Reederei Seetouristik Iberia S.L.U.
C/ La Línea de la Concepción, 3,
11380 Tarifa - Cádiz (España)
C.I.F. B61873519

Ferrys Rápidos del Sur, S.L.U.
C/La Línea de la Concepción, 3,
11380 Tarifa/Cádiz (España) C.I.F. B11529823 C.I.A.N 11669-3

Förde Reederei Seetouristik Maroc S.A.R.L.A.U
No.13 Office Building
Angle Bd.Med.V et Rue Victor Hugo
9éme étage;No.43
90000 · Tanger · Maroc
IF: 4904897
ICE: 000085205000014

Red Fish Speedlines D.A.R.L. - IF 14408035
3 office building, Angle bd Mohamed V et rue Victor Hugo 43
90000 - TANGER

FRS uses the minimum amount of personal information required. To further ensure the data is managed in the best way, this responsibility has been transferred to managers in the various departments.

FRS handles your personal data with care. Our employees are trained in data protection, to know what data is to be collected, how it is to be handled and stored and who may have access to the data.

3. Your Rights as a Data Subject

You have a right to receive information and a right to access the personal data concerning you. The requirements for verifying your correct identity are strict and we shall require proof that you are the actual beneficiary.

You also have the right to rectification, erasure (deletion) and / or restriction of processing of your personal data.

Additionally, you have the right to object to our use of your personal data, right to data portability which includes the transfer of your data to another controller and you also have rights in relation to automated decision making and profiling.

You can exercise any of the above rights by contacting our Data Protection Officer with the contact details given above.

4. Legal Basis of Processing your Personal Data

We process personal data on the following legitimate reasons:

Legal obligation (Art. 6 (1) c) GDPR) – We are required by law to collect certain personal information so that you, as the customer, can begin the journey you have chosen.

Contract compliance (Art. 6 (1) b) GDPR) – Certain personal information must be collected to ensure that we fulfil the contracts we have with you as a customer.

Legitimate interest (Art. 6 (1) f) GDPR) – When FRS processes your personal data for FRS’ legitimate interests, FRS will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not override your interests. FRS will not use your personal data in circumstances where your rights and freedoms override our legitimate interests, unless we have your consent or are otherwise required or permitted to by law.

Consent (Art. 6 (1) a) GDPR) – On agreement or request from you as customer, personal data can be processed for use of provision of information, marketing and communication with you as customer as part of managing our relationship with you.

If personal data is processed based on a formal agreement with you, you have the right to cancel the agreement at any time. This should be done via the form of communication the consent was given i.e., opt out in cookies, SMS, email or contact the Data Protection Officer.

5. When do we collect your data?

We collect your personal data when you book with us, travel with us, when you use our websites, other services and / or when you use our call centres. We further collect your personal data when you book our freight or logistics services.

6. What information do we collect from you?

We collect only the data we are legally allowed to. This may include, depending on the specific case the following data:

Forename and family name.
Email address.
Phone number.
Address.
Date of birth.
Gender
Vehicle registration number.
Passport details (including Nationality).
Any information concerning the need for special care or assistance in emergency situations.
Services and products you have purchased.
Data on how you use our website.
Technical data including but not limited to your IP address, details about your browser, length of visit on our pages etc.
Personal data you post on our website.
CV and application forms.
Other information you provide to us e.g., surveys.

7. Why and how do we use your personal data?

We will use your information to:

To carry out the booking and further simplify the booking process when booking again.
Details of your passport may be needed to verify your identity.
Your phone number is needed so that we can contact you quickly in case of any changes with your booking.
Process financial transaction to enable your purchase of our products and services.
Enable us to comply with contractual obligations.
Monitor, analyse, personalise, and improve the use and content of our websites and online services.
Send you information on our products and services including marketing communication and via email, SMS, Newsletters, or other means of communication.
Analyse the effectiveness of our advertising.
Keep records of communication.
Reply to any enquiries or complaints.
Manage our business.
Comply with legal obligations.
We use the information collected to gather statistics, ask you to complete surveys and to analyse and improve our products and services. Our goal in this case is to offer our customers products and services that meet their needs and interests.

8. How do we protect your personal data?

When you book with us, we use secure server software, which encrypts all the information you enter before it is sent to us. This encryption ensures that the information is appropriately protected against unauthorised interception.

FRS takes a proactive role to ensure privacy is embedded in every process, procedure, and system.

9. Data Storage Period

In general, an existing customer relationship with FRS exists for 3 years from the last date of travel (date of departure). The personal data in the booking information will be kept for a period corresponding to the time where we can be met with claims.

10. Deletion of Data

We delete your personal data, as principle, when the purpose of collecting your data has been achieved and therefore is no longer needed. In case of a legal or contractual obligation to retain the data, then the deletion is done only after such obligation expires.

11. Data Breakdown

Customer Profile
How we collect data	Customer relationship / Consent With purchase of ticket.
Stored data	Personal details, demographic data, travel history, email statistics, responses from customer surveys.
Purpose	Targeted marketing communication (digital & classical), analysis, statistics, and profiling.
Length of storage	Length of customer relationship. Period in which we can be met with claims.
Deletion	The customer profile is completely deleted after 3 years, if no interaction has been recorded in the customer profile (e.g., no booking of a new trip). Application by the customer for deletion.

Newsletter Subscriber
How we collect data	Customer relationship / Consent Declaration of consent to receive newsletter.
Stored data	Personal details, demographic data, travel history, email statistics, responses from customer surveys.
Purpose	Targeted marketing communication.
Length of storage	As long as the newsletter is in circulation.
Deletion	Cancellation of the Newsletter.

Companies / Agents
How we collect data	Customer relationship / Consent Request for quotation. Conclusion of a contract.
Stored data	Company information, contact details (personal data), email statistics, responses from customer surveys
Purpose	Targeted marketing communication, analysis, statistics, and profiling.
Length of storage	Length of business relationship.
Deletion	Application for deletion. End of customer relationship.

FRS Account
How we collect data	Registration / Consent
Stored data	Personal details, demographic data, travel history, email statistics, responses from customer surveys.
Purpose	Booking tickets, targeted marketing communication, analysis, statistics, and profiling.
Length of storage	Length of customer relationship. Till withdrawal of consent
Deletion	Deletion of account by customer Application for deletion. End of customer relationship.

FRS App
How we collect data	Registration / Consent
Stored data	Personal details, demographic data, travel history, email statistics, responses from customer surveys.
Purpose	Booking tickets, targeted marketing communication, analysis, statistics, and profiling.
Length of storage	Length of customer relationship. Till withdrawal of consent
Deletion	Deletion of account by customer Application for deletion. End of customer relationship.

12. Security and Safety On-board

Following a thorough investigation, the names of undesirable passengers can be placed on an internal list to prevent these passengers from booking and travelling with us if the master of the vessel has reason to believe that the passengers will pose a security risk in accordance with the terms and conditions applicable for the travel.

Passengers are deemed to pose a security risk if they have endangered the safety of themselves, a vessel, the crew, or other passengers, or if their behaviour has been inappropriate during a previous trip or if they have failed to follow safety regulations or requirements.

FRS will inform the passenger of the registration and register the necessary personal information of banned passengers for preventing passengers deemed a security risk from booking trips on our passenger ships for a defined period. The information will not be held for longer than necessary.

13. Sharing of personal data with third parties

Personal data will be shared internally within the FRS Group for practical reasons. We have internal policies and agreements in place to ensure an adequate level of protection irrespective of where in FRS your data is located. 

We will not transfer personally identifiable information about our visitors or customers to a third party, except in the following cases:

If we are legally required to do so e.g., to police and customs. In which case, we only publish this data if the following conditions are met:

i. A written enquiry must be submitted.

ii. The relevant legal basis for obtaining the data must be cited.

iii. The enquiry must include a formal request to have the personal data provided.
Service providers and advisors that we use to provide certain services, such as hotels and activity providers, who fulfil your travel reservations. In such case, the suppliers will be individual data controllers.
FRS may provide aggregate statistics about our customers, sales, traffic patterns and related site information to third-party partners.
Additionally, FRS may provide information about our customers to third parties who provide services or functions on our behalf, including payment card processing, business analytics, customer service, marketing, or distribution of surveys.
In the event we sell property of FRS, its employees, and others, or in the event we sell or liquidate any part of our business or assets.

Any such sharing will be in compliance with data protection law and only to trustworthy third parties.

We always strive to clearly inform you regarding the uses and possible disclosure of your information when such information is obtained. If it is not practical to do so at the point of collection, we will inform you as soon as possible, unless there is a legitimate basis for not doing so. For example, where it is necessary for the prevention or detection of a crime or where otherwise permitted by law.

Travel Companion

Travel Companion is an offer that we provide to our customers as part of the customer account. Here, the customer has the option of saving the travel data of his fellow travellers in a personal address book and retrieving it as needed, for example, in the event of a booking. In this way, we would like to make the booking process easier for our customers. The travel data is transmitted to our service provider FRS Systems International GmbH. The personal data of fellow travellers are specially protected within the customer account. Access by us or our service provider is not possible. FRS remains responsible for the data in the sense of the DSGVO.

14. Data Processing Agreements

FRS contracts various partner companies with the handling of personal data. These companies are contractually guaranteed to use your data according to the same high data protection principles as FRS. Compliance with data protection law is a matter of course. For example, such a contract will specify the intended use of the personal information as well as the security requirements for storage and access and the requirement to delete the data.

The Controller of the data in each case remains FRS.

15. Data processed outside the European Union

All personal data is processed in the European Union and therefore protected under the GDPR. If any data is to be processed outside, FRS ensures that the stipulated country though not governed by the GDPR, that the collection, storage and use of your personal data will at all times continue to be governed by this Private Policy.

16. Collection and processing of data when accessing our website

Cookies and Analytical tools

It is important to us that our website is user-friendly. For that reason, we use cookies and analytical tools to enable certain features on our web pages, e.g.

Increase the speed at which the website pages load
Learn more about your usage behaviour to enable us to constantly improve our website.

Cookies are small text files in which personal information can be stored for a limited or unlimited time by your browser. The cookies we use do not install or start any programs or other applications on your computer. They do not damage your device in any way.

You can prevent the storage of cookies in the security settings of your browser; however the use of our website might be restricted. You can also delete text information that has already been saved.

Log Files

With each access to our Sites, information is sent to our servers via the respective Internet browser of your respective terminal and stored temporarily in log files. The records stored until automatic deletion in this case contain the following data: date and time of retrieval, name of the page requested, IP address of the requesting device, referrer URL (origin URL from which you access our web pages have come), the amount of data transferred, load time, as well as product and version information of the particular browser used and the name of their access provider.

The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest results from ensuring a smooth connection setup, comfortable use of our Sites and evaluation of system security and stability.

A direct inference to your identity is not possible based on the information and will not be drawn by us.

The data will be stored and automatically deleted after the above mentioned purposes. The deletion period depends on the requirement of necessity.

Booking sites and FRS Travel App

The technical part of all booking sites of all FRS entities and the FRS Travel App are operated by

FRS Systems International GmbH
Norderhofenden 19-20
24937 Flensburg

Contact form, e-mail inquiries

If you contact us by e-mail or via the contact form provided on our website, we will collect and store your information for the purpose of processing the request and any follow-up questions.

Payments Online

When you pay online, you will be transferred to a secure webpage where you will add your payment card details.

All payments are processed by our trusted partner platforms and are validated against the highest standards of securing and safeguarding of card data. We do not process or store any payment card information in FRS. However, in case you have questions about the processing of your payment card details, please contact FRS, and we will reach out to our payment partner.

External Links / Links to other Sites

Our Sites may contain links to or from several third-party websites (hereinafter referred to as “Third-Party Sites”). FRS does not, in any way, control or operate the Third-Party Sites. FRS is not responsible for the privacy practices, content, policies or actions of the Third-Party Sites. This Privacy Policy is only applicable to general information processed by our Sites, pursuant to information collected on our Sites. The use of any information you may provide to third parties on Third-Party Sites, or which such parties may otherwise collect on other websites, is not governed by this Privacy Policy.

Social Networks

Social media plug-ins of social networks such as Facebook, Instagram or services with user-generated content features may be integrated into our Sites. Where our Sites contain a plug-in to a social network site, these are clearly marked (e.g., with a Facebook button), if you choose to click on one of these buttons or links, your browser connects directly to the servers of the relevant social network. The other website’s privacy policy applies to any personal information you provide to that website. If you do not want the social network to collect the information about you, please review the privacy policy of the relevant social network and/or log out of the relevant social network before you visit our Sites.

17. Webcams

We have installed webcams based on our legitimate interests pursuant to Art. 6 (1) f) GDPR, for purposes of clients and potential clients checking the weather, arrival of the ferry (whether it is on time or whether there are delays), the situation at the port whether it is full and whether there are waiting times etc. and for our own statistical purposes. The webcams are installed in such a manner that people and the vehicle licence plates are not easily identifiable.

In some instances, the images are saved as proof for payment by invoice, in such cases, only the licence plates are identifiable.

To ensure that privacy is not affected, we have made sure that the following has been addressed:

Public Privacy: The cameras are situated in a way that the focus of activity is the arrival and the departure of the ferry, and no other person or activity are in focus. It gives a general image of the area of the port where the ferry docks.
Data Protection: The cameras provide a live feed or motion picture. Therefore, no images are recorded or kept as part of this feature on site apart from those needed for payment by invoice. Such images will be stored for as long as is statutorily required.

18. Video and CCTV use on vessels

We use video and CCTV on certain areas of the vessel e.g., the deck for purposes of security. We ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data.

Furthermore, we ensure that no panning function, no zoom function, no automatic face recognition, and no sound recordings are used.

All areas are marked separately by signs.

The recorded video is automatically overwritten when the allocated memory is full. The storage period ranges from 14 to 21 days depending on the motion detected by the cameras and the purposes for longer storage e.g., for legal claims.

We do not carry out covert monitoring or surveillance.

19. Newsletter

For registering for the newsletter, we will pass on the data to the following recipient:

Mailchimp

The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA

For the operation of our e-mail newsletter, we use an external service provider where the processing and use of the data takes place. This is the american service provider Mailchimp. The use of Mailchimp represents a transfer of your personal data to a so-called non-secure third country. The data security measures taken by Mailchimp correspond to the level of data protection required in Europe. Mailchimp has subjected itself to the so-called EU standard contract clauses ("SCC"), which continue to guarantee a fundamentally effective secure data export mechanism.

20. Data processing base on the German Coronavirus Entry Regulation (CoronaEinreiseV)

Under the German Ordinance on Coronavirus Entry Regulations (CoronaEinreiseV), we are required to collect the following data from our international ferry passengers:

Previous stay within the last 10 days in an area of virus variant of concern
Covid-19 test result
Exceptions according to section 6 CoronaEinreiseV
Address of the place of stay in Germany (data according to the ‘digital registration on entry’ (digitale Einreiseanmeldung) or ‘substitute registration’ (Ersatzmitteilung))

The data is collected on the basis of Art. 6 para. 1 lit. c) GDPR in conjunction with. section 7 CoronaEinreiseV. Within the scope of Art. 6 Abs. 1 lit. c) GDPR in conjunction with section 8 CoronaEinreiseV, we may be obliged to transmit the data to the competent authority (within the meaning of the German Protection Against Infection Act (Infektionsschutzgesetz)). The storage period of the data collected on the basis of the CoronaEinreiseV is a maximum of 30 days.

21. The right to appeal to a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority near us about our processing of your personal data. Kindly contact our Data Protection Officer first to give us an opportunity to improve.

22. Changes to our Privacy Policy

We regularly update our policy to address new issues or reflect changes on our website. Please refer to this Privacy Policy regularly. Revisions shall be effective immediately upon notice thereof. The latest version will always be found on this page. Any use of our site or services by you after such notice shall be deemed to constitute acceptance by you of such revision.

FRS Group Data Protection Notice Update: March 2023

Name	category	Purpose	Expires	Legal Basis
VSF1080	Strictly necessary	The VSF Cookie is required to support the development of our pages.	Session-End	Art. 6 (1) f) GDPR

Name	Category	Purpose	Expires	Legal Basis
		Google Analytics is a web analytics service provided by Google, Inc. (“Google”), to help us see how our website is used. In doing so information about your use of our website, including your IP address, may be transmitted to Google and stored on servers in the United States. The data collected by Google Analytics is used to analyse how frequently the same people revisit our Sites, how the website is found (from advertising or referring websites), and which pages are most frequently viewed. This information is combined with data from thousands of other users to create an overall picture of website use, and is never identified individually or personally and is not linked to any other information we store about you.	The longest lasting cookie expires 2 years after your last visit to the website. Others are deleted 6 months, 30 minutes and the moment you close your browser	Art. 6 (1) a) GDPR
_ga	Performance	Used to distinguish users.	2 years	Art. 6 (1) a) GDPR
_gid	Performance	Used to distinguish users.	24 hours	Art. 6 (1) a) GDPR
_gat	Performance	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.	1 minute	Art. 6 (1) a) GDPR
AMP_TOKEN	Performance	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	30 seconds to 1 year	Art. 6 (1) a) GDPR
_gac_<property-id>	Performance	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.	90 days	Art. 6 (1) a) GDPR

Name	Category	Purpose	Expires	Legal Basis
	Performance	Hotjar gives us the big picture on how to improve your User experience and our performance and conversion rates. It enables you to have a better experience and service. It also assists us in diagnosing technical problems and analysing our trends. This results in our Site being more user friendly, more valuable and it being simpler to use.	One year	Art. 6 (1) a) GDPR
_hjid	Performance	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.	One year	Art. 6 (1) a) GDPR
_hjIncludedInSample	Performance	This cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate Funnels. This is a session cookie which is destroyed when the user leaves the site.	Session End	Art. 6 (1) a) GDPR

Name	Category	Purpose	Expires	Legal Basis
Various DoubleClick Cookies are set to reveal the online behaviour of our Users.	Targeting	These cookies are placed by a third party (DoubleClick.net) and used for remarketing, reporting and the optimization of online advertising, including the selection of relevant advertisements.	14 days	Art. 6 (1) a) GDPR
IDE	Targeting	Contains a randomly generated User-ID. Google can use this ID to recognize the user across different websites and display personalized advertising.	1 Year	Art. 6 (1) a) GDPR

Name	Category	Purpose	Expires	Legal Basis
fr	Targeting	This Cookie is placed by Facebook. It enables FRS to measure, optimize and build audiences for advertising campaigns served on Facebook. It enables FRS to see how our users move between devices when accessing the FRS web site and Facebook, to ensure that FRS’ Facebook advertising is seen by our users most likely to be interested in such advertising by analysing which content a user has viewed and interacted with on the FRS web site.	4 months	Art. 6 (1) a) GDPR

i.	A written enquiry must be submitted.
ii.	The relevant legal basis for obtaining the data must be cited.
iii.	The enquiry must include a formal request to have the personal data provided.