DFDS Group Privacy Policy
DFDS IBERIA S.L.U. | DFDS DESTINATION MOROCCO, S.L.U. | Förde Reederei Seetouristik Maroc S.A.R.L.A.U | Red Fish Speedlines D.A.R.L
1. Introduction
When using the services of DFDS Group, we will need to process some of your personal data. Your privacy and personal information are important to us which is why we have prepared a policy in accordance with the obligations laid down by the legal framework on how we handle your personal data. Here you can find out how we process your personal information.
2. Our Information
We have appointed a Data Protection Officer to help ensure that your personal information is collected and processed correctly. For questions regarding the collection, processing and use of your personal data, please contact the Data Protection Officer.
DFDS Iberia S.L.U.
C/ La Línea de la Concepción, 3,
11380 Tarifa - Cádiz (España)
C.I.F. B61873519
DFDS DESTNATION MOROCCO, S.L.U.
C/La Línea de la Concepción, 3,
11380 Tarifa/Cádiz (España) C.I.F. B11529823 C.I.A.N 11669-3
Förde Reederei Seetouristik Maroc S.A.R.L.A.U
No.13 Office Building
Angle Bd.Med.V et Rue Victor Hugo
9éme étage;No.43
90000 · Tanger · Maroc
IF: 4904897
ICE: 000085205000014
Red Fish Speedlines D.A.R.L. - IF 14408035
3 office building, Angle bd Mohamed V et rue Victor Hugo 43
90000 - TANGER
Email: [email protected]
The management of DFDS Group is responsible for ensuring that we process all personal data correctly.
DFDS Iberia S.L.U.C/ La Línea de la Concepción, 3,
11380 Tarifa - Cádiz (España)
C.I.F. B61873519
DFDS DESTNATION MOROCCO, S.L.U.
C/La Línea de la Concepción, 3,
11380 Tarifa/Cádiz (España) C.I.F. B11529823 C.I.A.N 11669-3
Förde Reederei Seetouristik Maroc S.A.R.L.A.U
No.13 Office Building
Angle Bd.Med.V et Rue Victor Hugo
9éme étage;No.43
90000 · Tanger · Maroc
IF: 4904897
ICE: 000085205000014
Red Fish Speedlines D.A.R.L. - IF 14408035
3 office building, Angle bd Mohamed V et rue Victor Hugo 43
90000 - TANGER
DFDS Group uses the minimum amount of personal information required. To further ensure the data is managed in the best way, this responsibility has been transferred to managers in the various departments.
DFDS Group handles your personal data with care. Our employees are trained in data protection, to know what data is to be collected, how it is to be handled and stored and who may have access to the data.
3. Your Rights as a Data Subject
You have a right to receive information and a right to access the personal data concerning you. The requirements for verifying your correct identity are strict and we shall require proof that you are the actual beneficiary.
You also have the right to rectification, erasure (deletion) and / or restriction of processing of your personal data.
Additionally, you have the right to object to our use of your personal data, right to data portability which includes the transfer of your data to another Controller, and you also have rights in relation to automated decision making and profiling.
You can exercise any of the above rights by contacting our Data Protection Officer with the contact details given above.
4. Legal Basis of Processing your Personal Data
We process personal data on the following legitimate reasons:
Legal obligation (Art. 6 (1) c) GDPR) – We are required by law to collect certain personal information so that you, as the customer, can begin the journey you have chosen.
Contract compliance (Art. 6 (1) b) GDPR - Certain personal information must be collected to ensure that we fulfil the contracts we have with you as a customer.
Legitimate interest (Art. 6 (1) f) GDPR) – When DFDS Group processes your personal data for DFDS Group’ legitimate interests, DFDS Group will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not override your interests. DFDS Group will not use your personal data in circumstances where your rights and freedoms override our legitimate interests unless we have your consent or are otherwise required or permitted to by law.
Consent (Art. 6 (1) a) GDPR) – On agreement or request from you as customer, personal data can be processed for use of provision of information, marketing, and communication with you as customer as part of managing our relationship with you.
If personal data is processed based on a formal agreement with you, you have the right to cancel the agreement at any time. This should be done via the form of communication the consent was given i.e., opt out in cookies, SMS, email or contact the Data Protection Officer.
5. When do we collect your data?
We collect your personal data when you book with us, travel with us, when you use our websites, other services and / or when you use our call centres. We further collect your personal data when you book our freight or logistics services.
6. What information do we collect from you?
We collect only the data we are legally allowed to. This may include, depending on the specific case the following data:
- Forename and family name.
- Email address.
- Phone number.
- Address.
- Date of birth.
- Gender
- Vehicle registration number.
- Passport details (including Nationality).
- Any information concerning the need for special care or assistance in emergency situations.
- Services and products you have purchased.
- Data on how you use our website.
- Technical data including but not limited to your IP address, details about your browser, length of visit on our pages etc.
- Personal data you post on our website.
- CV and application forms.
- Other information you provide to us e.g., surveys.
7. Why and how do we use your personal data?
We will use your information to:
- To carry out the booking and further simplify the booking process when booking again.
- Details of your passport may be needed to verify your identity.
- Your phone number is needed so that we can contact you quickly in case of any changes with your booking.
- Process financial transaction to enable your purchase of our products and services.
- Enable us to comply with contractual obligations.
- Monitor, analyse, personalise, and improve the use and content of our websites and online services.
- Send you information on our products and services including marketing communication and via email, SMS, Newsletters, or other means of communication.
- Analyse the effectiveness of our advertising.
- Keep records of communication.
- Reply to any enquiries or complaints.
- Manage our business.
- Comply with legal obligations.
- We use the information collected to gather statistics, ask you to complete surveys and to analyse and improve our products and services. Our goal in this case is to offer our customers products and services that meet their needs and interests.
8. How do we protect your personal data?
When you book with us, we use secure server software, which encrypts all the information you enter before it is sent to us. This encryption ensures that the information is appropriately protected against unauthorised interception.
DFDS Group takes a proactive role to ensure privacy is embedded in every process, procedure, and system.
9. Data Storage Period
In general, an existing customer relationship with DFDS Group exists for 3 years from the last date of travel (date of departure). The personal data in the booking information will be kept for a period corresponding to the time where we can be met with claims.
10. Deletion of Data
We delete your personal data, as principle, when the purpose of collecting your data has been achieved and therefore is no longer needed. In case of a legal or contractual obligation to retain the data, then the deletion is done only after such obligation expires.
11. Data Breakdown
Customer Profile | |
---|---|
How we collect data | Customer relationship / Consent
|
Stored data | Personal details, demographic data, travel history, email statistics, responses from customer surveys. |
Purpose | Targeted marketing communication (digital & classical), analysis, statistics, and profiling. |
Length of storage | Length of customer relationship. Period in which we can be met with claims. |
Deletion | The customer profile is completely deleted after 3 years, if no interaction has been recorded in the customer profile (e.g., no booking of a new trip). Application by the customer for deletion. |
Newsletter Subscriber | |
---|---|
How we collect data | Customer relationship / Consent
|
Stored data | Personal details, demographic data, travel history, email statistics, responses from customer surveys. |
Purpose | Targeted marketing communication. |
Length of storage | As long as the newsletter is in circulation. |
Deletion | Cancellation of the Newsletter. |
Companies / Agents | |
---|---|
How we collect data | Customer relationship / Consent
|
Stored data | Company information, contact details (personal data), email statistics, responses from customer surveys |
Purpose | Targeted marketing communication, analysis, statistics, and profiling. |
Length of storage | Length of business relationship. |
Deletion | Application for deletion. End of customer relationship. |
Account | |
---|---|
How we collect data | Registration / Consent |
Stored data | Personal details, demographic data, travel history, email statistics, responses from customer surveys. |
Purpose | Booking tickets, targeted marketing communication, analysis, statistics, and profiling. |
Length of storage | Length of customer relationship. Till withdrawal of consent |
Deletion | Deletion of account by customer Application for deletion. End of customer relationship. |
App | |
---|---|
How we collect data | Registration / Consent |
Stored data | Personal details, demographic data, travel history, email statistics, responses from customer surveys. |
Purpose | Booking tickets, targeted marketing communication, analysis, statistics, and profiling. |
Length of storage | Length of customer relationship. Till withdrawal of consent |
Deletion | Deletion of account by customer Application for deletion. End of customer relationship. |
12. Security and Safety On-board
Following a thorough investigation, the names of undesirable passengers can be placed on an internal list to prevent these passengers from booking and travelling with us if the master of the vessel has reason to believe that the passengers will pose a security risk in accordance with the terms and conditions applicable for the travel.
Passengers are deemed to pose a security risk if they have endangered the safety of themselves, a vessel, the crew, or other passengers, or if their behaviour has been inappropriate during a previous trip or if they have failed to follow safety regulations or requirements.
DFDS Group will inform the passenger of the registration and register the necessary personal information of banned passengers for preventing passengers deemed a security risk from booking trips on our passenger ships for a defined period. The information will not be held for longer than necessary.
13. Sharing of personal data with third parties
Personal data will be shared internally within the DFDS Group for practical reasons. We have internal policies and agreements in place to ensure an adequate level of protection irrespective of where in DFDS Group your data is located.
We will not transfer personally identifiable information about our visitors or customers to a third party, except in the following cases:
- If we are legally required to do so e.g., to police and customs. In which case, we only publish this data if the following conditions are met:
i. | A written enquiry must be submitted. |
ii. | The relevant legal basis for obtaining the data must be cited. |
iii. | The enquiry must include a formal request to have the personal data provided. |
- Service providers and advisors that we use to provide certain services, such as hotels and activity providers, who fulfil your travel reservations. In such case, the suppliers will be individual data controllers.
- DFDS Group may provide aggregate statistics about our customers, sales, traffic patterns and related site information to third-party partners.
- Additionally, DFDS Group may provide information about our customers to third parties who provide services or functions on our behalf, including payment card processing, business analytics, customer service, marketing, or distribution of surveys.
- In the event we sell property of DFDS Group, its employees, and others, or in the event we sell or liquidate any part of our business or assets.
Any such sharing will be in compliance with data protection law and only to trustworthy third parties.
We always strive to clearly inform you regarding the uses and possible disclosure of your information when such information is obtained. If it is not practical to do so at the point of collection, we will inform you as soon as possible, unless there is a legitimate basis for not doing so. For example, where it is necessary for the prevention or detection of a crime or where otherwise permitted by law.
Travel Companion
Travel Companion is an offer that we provide to our customers as part of the customer account. Here, the customer has the option of saving the travel data of his fellow travellers in a personal address book and retrieving it as needed, for example, in the event of a booking. In this way, we would like to make the booking process easier for our customers. The personal data of fellow travellers are specially protected within the customer account. Access by us or our service provider is not possible. DFDS Group remains responsible for the data in the sense of the DSGVO.
14. Data Processing Agreements
DFDS Group contracts various partner companies with the handling of personal data. These companies are contractually guaranteed to use your data according to the same high data protection principles as DFDS Group. Compliance with data protection law is a matter of course. For example, such a contract will specify the intended use of the personal information as well as the security requirements for storage and access and the requirement to delete the data.
The Controller of the data in each case remains DFDS Group.
Google platforms .
We conduct the following Audience targeting through
- Remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
- Data Collection with Google Analytics
At DFDS, we use Google Analytics in conjunction with integrated services to enhance advertising targeting through the collection of data via advertising cookies and identifiers. This enables us to deliver personalised advertising content.
- Personalised Advertising
We utilise Google Analytics Audiences to display advertisements tailored to your interests, based on your interactions with our website. This remarketing approach allows us to re-engage users who have previously visited our site by showing relevant ads across the Google Display Network and other third-party platforms.
- Monitoring Ad Performance
Google Display Network Impression Reporting is used to monitor the effectiveness of our ads, providing insights that help us improve the relevance of our adverts online.
- Demographic and Interest Data
We collect demographic and interest data through Google Analytics to better understand and serve our customers by offering the most relevant advertisements to them online. This data may also include information from social networks and search engines, depending on your privacy settings.
To honour your privacy, we provide clear choices for managing your data:
- Opt out of Google's personalised ads via Google's Ads Settings.
- Reject third-party cookies using the Network Advertising Initiative opt-out page.
- Adjust device identifiers in your device’s settings for further privacy control.
Links:
Integrated services
https://support.google.com/analytics/answer/7011855
Ads Settings
https://myadcenter.google.com/kids
Opt-out page
Device’s settings
https://support.google.com/My-Ad-Center-Help/answer/12155656
15. Data processed outside the European Union
All personal data is processed in the European Union and therefore protected under the GDPR. If any data is to be processed outside, DFDS Group ensures that the stipulated country though not governed by the GDPR, that the collection, storage and use of your personal data will at all times continue to be governed by this Private Policy.
16. Collection and processing of data when accessing our website
Cookies and Analytical tools
It is important to us that our website is user-friendly. For that reason, we use cookies and analytical tools to enable certain features on our web pages, e.g.
- Increase the speed at which the website pages load
- Learn more about your usage behaviour to enable us to constantly improve our website.
Cookies are small text files in which personal information can be stored for a limited or unlimited time by your browser. The cookies we use do not install or start any programs or other applications on your computer. They do not damage your device in any way.
You can prevent the storage of cookies in the security settings of your browser; however the use of our website might be restricted. You can also delete text information that has already been saved.
Log Files
With each access to our Sites, information is sent to our servers via the respective Internet browser of your respective terminal and stored temporarily in log files. The records stored until automatic deletion in this case contain the following data: date and time of retrieval, name of the page requested, IP address of the requesting device, referrer URL (origin URL from which you access our web pages have come), the amount of data transferred, load time, as well as product and version information of the particular browser used and the name of their access provider.
The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest results from ensuring a smooth connection setup, comfortable use of our Sites and evaluation of system security and stability.
A direct inference to your identity is not possible based on the information and will not be drawn by us.
The data will be stored and automatically deleted after the above mentioned purposes. The deletion period depends on the requirement of necessity.
Booking sites and App
The technical part of all booking sites of all DFDS Group entities and the App are operated by
Förde Reederei Seetouristik Iberia S.L.U., with address at c/ La Línea de la Concepción, 3, 11380 Tarifa - Cádiz (Spain)
Contact form, e-mail inquiries
If you contact us by e-mail or via the contact form provided on our website, we will collect and store your information for the purpose of processing the request and any follow-up questions.
Payments Online
When you pay online, you will be transferred to a secure webpage where you will add your payment card details.
All payments are processed by our trusted partner platforms and are validated against the highest standards of securing and safeguarding of card data. We do not process or store any payment card information in DFDS Group. However, in case you have questions about the processing of your payment card details, please contact DFDS Group, and we will reach out to our payment partner.
External Links / Links to other Sites
Our Sites may contain links to or from several third-party websites (hereinafter referred to as “Third-Party Sites”). DFDS Group does not, in any way, control or operate the Third-Party Sites. DFDS Group is not responsible for the privacy practices, content, policies or actions of the Third-Party Sites. This Privacy Policy is only applicable to general information processed by our Sites, pursuant to information collected on our Sites. The use of any information you may provide to third parties on Third-Party Sites, or which such parties may otherwise collect on other websites, is not governed by this Privacy Policy.
Social Networks
Social media plug-ins of social networks such as Facebook, Instagram or services with user-generated content features may be integrated into our Sites. Where our Sites contain a plug-in to a social network site, these are clearly marked (e.g., with a Facebook button), if you choose to click on one of these buttons or links, your browser connects directly to the servers of the relevant social network. The other website’s privacy policy applies to any personal information you provide to that website. If you do not want the social network to collect the information about you, please review the privacy policy of the relevant social network and/or log out of the relevant social network before you visit our Sites.
17. Webcams
We have installed webcams based on our legitimate interests pursuant to Art. 6 (1) f) GDPR, for purposes of clients and potential clients checking the weather, arrival of the ferry (whether it is on time or whether there are delays), the situation at the port whether it is full and whether there are waiting times etc. and for our own statistical purposes. The webcams are installed in such a manner that people and the vehicle licence plates are not easily identifiable.
In some instances, the images are saved as proof for payment by invoice, in such cases, only the licence plates are identifiable.
To ensure that privacy is not affected, we have made sure that the following has been addressed:
- Public Privacy: The cameras are situated in a way that the focus of activity is the arrival and the departure of the ferry, and no other person or activity are in focus. It gives a general image of the area of the port where the ferry docks.
- Data Protection: The cameras provide a live feed or motion picture. Therefore, no images are recorded or kept as part of this feature on site apart from those needed for payment by invoice. Such images will be stored for as long as is statutorily required.
18. Video and CCTV use
We use video and CCTV in various locations such as areas facing the entrances of the ticket offices and the vessels and on certain areas of the vessel e.g., the deck for purposes of security. We ensure that live feeds from cameras and recorded images are only viewed by approved members of staff whose role requires them to have access to such data.
Furthermore, we ensure that no panning function, no zoom function, no automatic face recognition, and no sound recordings are used.
All areas are marked separately by signs.
The recorded video is automatically overwritten when the allocated memory is full. The storage period ranges from 14 to 21 days depending on the motion detected by the cameras and the purposes for longer storage e.g., for legal claims.
We do not carry out covert monitoring or surveillance.
19. Newsletter
For registering for the newsletter, we will pass on the data to the following recipient:
Mailchimp
The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
For the operation of our e-mail newsletter, we use an external service provider where the processing and use of the data takes place. This is the American service provider Mailchimp. The use of Mailchimp represents a transfer of your personal data to a so-called non-secure third country. An adequate level of data protection is guaranteed by the EU-U.S. Data Privacy Framework. Mailchimp is certified according to this Data Privacy Framework.
20. The right to appeal to a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority near us about our processing of your personal data. Kindly contact our Data Protection Officer first to give us an opportunity to improve.
21. The right to appeal to a Supervisory Authority
We regularly update our policy to address new issues or reflect changes on our website. Please refer to this Privacy Notice regularly. Revisions shall be effective immediately upon notice thereof. The latest version will always be found on this page. Any use of our site or services by you after such notice shall be deemed to constitute acceptance by you of such revision.