Privacy Policy

In order to ensure the protection of your personal data, Förde Reederei Seetouristik Iberia S.L.U., in its role as data controller, hereby informs you of its privacy policy.

In accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), FÖRDE REEDEREI SEETOURISTIK IBERIA, S.L.U. (FRS), whose address is Polígono Industrial de la Vega, c/ La Línea de la Concepción, 3, 11380 Tarifa, Cadiz (Spain), informs you that personal data collected via its website will be processed for the following purposes:

- To manage bookings involving package tours.

- To allow it to provide its maritime transport service by issuing boarding cards, and to send information relating to said service.

- To send out advertising related to the services booked, as well as our newsletter, with the aim of keeping you informed about our offers and any news which may be of interest to you. Your personal data will also be used for certain social media advertising initiatives, as well as for competitions and giving away prizes.

The legitimate bases for processing your personal data are:

· Fulfilment of a contract/commercial relationship.

· The informed consent that you expressly, freely and unequivocally provide us with when you accept the present LEGAL NOTICE and PRIVACY POLICY included in it when you send us the relevant form.

· Fulfilment by FRS of its various legal obligations.

· Our legitimate interest, based on reasons relating to security and improving our services, as well as handling queries, complaints and fraud.

The personal data we ask you to provide us with, both your own and that of other individuals on your booking, is adequate, relevant and limited to what is necessary for the above purposes for which it is processed. Online bookings will be automatically confirmed by email. You may request a summary of all the bookings you have made online, based on the information we have on our system. You may also withdraw consent at any time, without this affecting the lawfulness of processing already carried out prior to withdrawal, based on the consent you provided. You are required to provide us with correct, accurate and true information, as well as keep the information you have provided us with up to date at all times. You are solely responsible for any false or inaccurate information you provide us with, in addition to all damage caused by such information.

We will store your personal data for the duration of your contract or commercial relationship with us, provided you do not exercise your right to erasure, cancellation and/or restriction of processing. Once said period has ended, FRS will delete, destroy, block or pseudonymise your personal data. In the event of blocking your personal data, it will continue to be stored, but will not be used or processed. However, if such data is needed to handle a complaint or to comply with our legal or contractual obligations (including as part of court proceedings), it may be recovered, used and processed.

Assignment of data

The personal data you provide us with may be transferred to Ferrys Rápidos del Sur, S.L.U. and FlexIt GmbH in order for the aforementioned services to be provided.

Furthermore, users are informed that their personal data will be transferred to the company The Rocket Science Group, LLC in order for our newsletter to be sent to them via Mailchimp.

If you are a member of a large family, a member of the Armed Forces or resident of Ceuta, your personal data may be passed on to the relevant authorities in order for the discount in question to be applied.

Your personal data will be made available to the relevant Spanish authorities, regardless of whether you are travelling to or from Ceuta, Melilla or any other place in Spain. The personal data of those going on excursions to Morocco may be passed on to the local Moroccan authorities.

When booking a trip with us, we will ask you for your name, sex, address, other contact details, and password. Spanish Law requires us to send a list of all passengers and vehicles on board to the port authorities. This is the reason why we ask all passengers for their sex, nationality, date of birth and identity document details.

If you pay by credit card, the details will be encrypted and sent to our payment service providers. Your personal data will only be used internally by the FRS Group and will not be transferred to any third-party companies or entities other than those detailed herein.

If you opt to take out travel insurance through us, your personal data will be transferred to the insurance company MAPFRE in order to allow it to manage your coverage.

Travel Insurance - General Conditions

Summary - Basic Travel Insurance

Lastly, if you send us your CV for the purpose of applying to work with us, this will be included in a file belonging to Förde Reederei Seetouristik Iberia S.L.U. The purpose of this file is to select candidates. When you send us your CV and personal data as part of a speculative job application, you expressly consent to your personal data being used for future staff recruitment and selection processes. Said data will be transferred to Ferrys Rapidos del Sur, S.L.U. for the same purpose.

Excercise of rights

You may exercise your right of access, rectification, erasure, as well as your right to restrict, cancel or object to processing, and to data portability, by writing to FRS, Polígono Industrial de la Vega, c/ Línea de la Concepción, nº 3, 11380, Tarifa, Cadiz (Spain) or by sending an email to our DATA PROTECTION OFFICER ([email protected]). You may also submit a complaint to the Spanish Data Protection Agency through its website (www.agpd.es) or by writing to it at c/ Jorge Juan, 6, 28001, Madrid (Spain). You may exercise your personal data protection rights in Spanish, French, English or German.

Security measures

In order to safeguard your personal data, we hereby inform you that FRS has put all necessary technical and organisational measures into place, including:

The pseudonymisation and encryption of personal data, where appropriate.
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Name	Category	Purpose	Expires	Legal Basis
		Google Analytics is a web analytics service provided by Google, Inc. (“Google”), to help us see how our website is used. In doing so information about your use of our website, including your IP address, may be transmitted to Google and stored on servers in the United States. The data collected by Google Analytics is used to analyse how frequently the same people revisit our Sites, how the website is found (from advertising or referring websites), and which pages are most frequently viewed. This information is combined with data from thousands of other users to create an overall picture of website use, and is never identified individually or personally and is not linked to any other information we store about you.	The longest lasting cookie expires 2 years after your last visit to the website. Others are deleted 6 months, 30 minutes and the moment you close your browser	Art. 6 (1) a) GDPR
_ga	Performance	Used to distinguish users.	2 years	Art. 6 (1) a) GDPR
_gid	Performance	Used to distinguish users.	24 hours	Art. 6 (1) a) GDPR
_gat	Performance	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.	1 minute	Art. 6 (1) a) GDPR
AMP_TOKEN	Performance	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	30 seconds to 1 year	Art. 6 (1) a) GDPR
_gac_<property-id>	Performance	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.	90 days	Art. 6 (1) a) GDPR

Name	Category	Purpose	Expires	Legal Basis
Various DoubleClick Cookies are set to reveal the online behaviour of our Users.	Targeting	These cookies are placed by a third party (DoubleClick.net) and used for remarketing, reporting and the optimization of online advertising, including the selection of relevant advertisements.	14 days	Art. 6 (1) a) GDPR
IDE	Targeting	Contains a randomly generated User-ID. Google can use this ID to recognize the user across different websites and display personalized advertising.	1 Year	Art. 6 (1) a) GDPR

Name	Category	Purpose	Expires	Legal Basis
	Targeting	Google Conversion Linker is a part of Google Analytics and helps us see how our website is used. In doing so information about your use of our website, including your IP address, may be transmitted to Google and stored on servers in the United States. The data collected by Google Analytics is used to analyse how frequently the same people revisit our Sites, how the website is found (from advertising or referring websites), and which pages are most frequently viewed. This information is combined with data from thousands of other users to create an overall picture of website use, and is never identified individually or personally and is not linked to any other information we store about you.	The longest lasting cookie expires 2 years after your last visit to the website. Others are deleted 6 months, 30 minutes and the moment you close your browser	Art. 6 (1) a) GDPR
_gcl_au	Targeting	Contains a randomly generated User-ID.	90 days	Art. 6 (1) a) GDPR
_gcl_aw	Targeting	This cookie is set when a user clicks on a Google ad to visit the website. It contains information about which ad was clicked, so that achieved successes such as orders or contact requests can be assigned to the ad.	90 days	Art. 6 (1) a) GDPR