Last Updated: July 14, 2023
1. Privacy Policy Summary
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
This document describes: (a) what type of personal information we collect; (b) how your personal information is collected, (c) why we use your personal information, (d) with whom we share your personal information; (e) what type of personal information we share; (f) what type of information we share for business purposes; (g) how long we keep your personal information; (h) your rights; and (i) how to enforce your rights.
2. Key Terms. It would be helpful to start by explaining some key terms used in this policy:
|
We, us, our
|
Riverside Collection, Americas, Inc., a Delaware corporation
|
|
Personal information
|
Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household.
|
|
Sensitive personal information
|
Personal information revealing a consumer's social security number, driver's license and passport numbers, account numbers and credentials, precise geolocation, racial or ethnic origin, religious beliefs, or union membership, personal information concerning a consumer's health, sex life, or sexual orientation, contents of a consumer's mail, email and text messages where the business is not the intended recipient, genetic data, and biometric information.
|
|
Biometric Information
|
An individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), which is used or is intended to be used singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a face print, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
|
3. Types of Personal Information We Collect. We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. We may also ask for the same or similar data about other people, such as your travel companions or others for whom you are making a booking. It is your responsibility to ensure that you have consent to provide the same or similar data about other people to us.
|
Category
|
Categories of Personal Information
|
Specific Types of Personal Information Collected
|
|
A
|
Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)
|
Real name; billing address; postal address; email address; telephone number; account name(s); Internet Protocol (IP) address; logged in username (provided via one or more audit or support logs); date of birth; passport details; payment information; emergency contact information; residency information; citizenship; place of birth; or other information requested by third party suppliers providing travel services in connection with your booking.
|
|
B
|
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
|
Real name; billing address; postal address; email address; telephone number; account name; credit card number; disabilities or other medical information; dietary restrictions; date of birth; passport details; payment information; emergency contact information; residency information; citizenship; place of birth; or other information requested by third party suppliers providing travel services in connection with your booking.
|
|
C
|
Characteristics of protected classifications under California or federal law.
|
Information related to personal titles, e.g., Mr. Mrs. and Ms.; disabilities or other medical information.
|
|
D
|
Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
|
History of products or services purchased from us by you.
|
|
E
|
Biometric information
|
None
|
|
F
|
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement)
|
IP address(es) of your computer(s) that you use to connect to our website; incoming uniform resource locators (URLs) that sent you to our website; your browsing activity on our websites; the web browser type (e.g., Safari, Firefox, Chrome) of the browser that you used to browse our website; unique device identification numbers; operating system information; which pages on the website you have visited; settings you have input; links you have clicked; trips you have viewed; features used; exit page; personal settings, photos, and reviews you upload to our website.
|
|
G
|
Geolocation data
|
Geographic location related to the location of your device when you access our website.
|
|
H
|
Audio, electronic, visual, thermal, olfactory, or similar information
|
Photos you upload to our website.
|
|
I
|
Professional or employment-related information
|
None
|
|
J
|
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)
|
None
|
|
K
|
Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
|
None
|
4. How Your Personal Information is Collected. We collect most of this personal information directly from you—in person, by telephone, text, or email, and/or via our website. However, we may also collect information from the following categories of sources:
(a) Third party (e.g., advertisig networks, social networks, data analytics providers, government entities, and data brokers);
(b) Cookies on our website;
(c) Automated information collection; and
(d) Our IT systems, including automated monitoring of our websites and other technical systems, such as our computer networks and connections, email and instant messaging systems
5. Why We Use Your Personal Information. We may collect and/or share your personal information for the following business purposes:
|
What we use your personal information for
|
Our reasons
|
|
To provide products and/or services to you, including booking the requested trip, processing payments, processing or fulfilling orders and transactions, providing customer service
|
For the performance of our obligations to you under any agreements that we have with you or to take steps at your request before entering into an agreement with you.
(Legal basis: art. 6 (1) (b) GDPR)
|
|
To prevent and detect fraud against you or us
|
For our legitimate interests, i.e., to minimize fraud that could be damaging for us and for you.
(Legal basis: art. 6 (1) (f) GDPR)
|
|
Conducting checks to identify our customers and verify their identity
Screening for financial and other sanctions or embargoes
Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator
|
To comply with our legal and regulatory obligations. (Legal basis: art. 6 (1) (c) or (f) GDPR)
|
|
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
|
To comply with our legal and regulatory obligations.
(Legal basis: art. 6 (1) (f) GDPR)
|
|
Ensuring business policies are adhered to, e.g. policies covering security and internet use
|
For our legitimate interests, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you.
(Legal basis: art. 6 (1) (f) GDPR)
|
|
Operational reasons, such as improving efficiency, training and quality control
|
For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best value price.
(Legal basis: art. 6 (1) (f) GDPR)
|
|
Ensuring the confidentiality of commercially sensitive information
|
For our legitimate interests, i.e., to protect trade secrets and other commercially valuable information.
To comply with our legal and regulatory obligations.
(Legal basis: art. 6 (1) (f) GDPR)
|
|
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures
|
For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service for you at the best value price.
(Legal basis: art. 6 (1) (f) GDPR)
|
|
Preventing unauthorized access and modifications to systems
|
For our legitimate interests, i.e., to prevent and detect criminal activity that could be damaging for us and for you.
To comply with our legal and regulatory obligations.
Legal basis: art. 6 (1) (c) or (f) GDPR)
|
|
Updating and enhancing customer records
|
For the performance of our obligations to you under any agreements that we have with you or to take steps at your request before entering into an agreement with you
To comply with our legal and regulatory obligations
For our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new products
Legal basis: art. 6 (1) (c) or (f) GDPR)
|
|
Statutory returns
|
To comply with our legal and regulatory obligations
Legal basis: art. 6 (1) (c) or (f) GDPR)
|
|
Ensuring safe working practices, staff administration and assessments
|
To comply with our legal and regulatory obligations
For our legitimate interests, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Legal basis: art. 6 (1) (c) or (f) GDPR)
|
|
Marketing our services to:
- existing and former customers;
- third parties who have previously expressed an interest in our services;
- third parties with whom we have had no previous dealings.
|
For our legitimate interests, i.e., to promote our business to existing and former customers as far as legally permitted. Otherwise, we only process your data if we have your consent.
Legal basis: art. 6 (1) (a) or (f) GDPR)
|
|
Collecting and displaying reviews you have provided to us
|
For our legitimate interests, i.e., to promote our business to existing and former customers as far as legally permitted. Otherwise, we only process your data if we have your consent.
Legal basis: art. 6 (1) (a) or (f) GDPR)
|
6. Promotional Communications. We may use your personal information to send you updates (by email, text message, telephone or postal mail) about our products and/or services, including exclusive offers, promotions or new products and/or services.
We have a legitimate interest in processing your personal information for promotional purposes (see above “How and why we use your personal information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal information with the utmost respect and never sell or share it with other organizations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
- Contacting us at legal@riverside-cruises.com ; or
- Using the “unsubscribe” link in emails or “STOP” number in texts; or
- updating your marketing preferences in your account.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
7. With Whom We Share Your Personal Information. We may share your personal information with the parties described below:
(a) Our affiliates, including Riverside Collection GmbH & Co. KG, Wexstrasse 16, 20355 Hamburg, Germany and Seaside Hotel Hamburg Verwaltungs- GmbH Wexstraße 16, 20355 Hamburg, Germany;
(b) Other third parties and service providers we use to help us run our business, such as marketing agencies, website hosts, payment service providers, social media sites you choose to link your account and/or data services providers;
(c) Credit reporting agencies;
(d) Our insurers and brokers;
(e) Our banks; or
(f) External auditors.
We only allow our service providers to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. The recipient of the information will be bound by confidentiality obligations.
When we share your personal information with our affiliates, the personal information is transferred to, stored in, and accessible from Germany, which may not have the same data protection laws as the jurisdiction applicable to your personal information.
8. Types of Personal Information We Share and/or Disclose for Business Purposes. We share the information as described in Section 3 with the parties described above.
9. Personal Information We Sold or Disclosed for a Business Purpose.
In the preceding 12 months, we have not sold to third party any of your personal information (as defined above) and we will not sell any of your personal information.
In the preceding 12 months, we may have disclosed for a business purpose to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household: Categories A, B, C, D, F, G, and H (defined Section 2).
The business purpose may include processing transactions that you have requested. For example, we may share your name, email address, and billing address to with third parties, such as credit card companies and shipping companies, in order to process your transactions, e.g., the purchase of products and/or services from us and/or the delivery of your purchased products to you). The business purpose may also include providing products and/or services to you, including booking the requested trip, and providing customer service. The business purpose may also include sharing information with third-parties, e.g., cloud service providers, in order to enable us to provide you with the purchased products and services.
10. Where Your Personal Information is Held. Information may be held at our offices and at our digital storage locations in Germany.
11. How Long Your Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:
(a) To respond to any questions, complaints or claims made by you or on your behalf;
(b) To show that we treated you fairly; or
(c) To keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. We will de-identify, aggregate, or otherwise anonymize your personal information if we intend to use it for analytical purposes or trend analysis over longer periods of time.
12. Your Rights. You have the right to exercise free of charge the rights listed in the following table.
|
Disclosure of Personal Information We Collect About You
|
You have the right to know:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting or selling personal information;
- The categories of third parties with whom we share personal information, if any; and
- The specific pieces of personal information we have collected about you.
- Please note that we are not required to:
- Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
- Re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
Provide the personal information to you more than twice in a 12-month period.
|
|
Your Right of Access
|
You have the right to ask us for copies of your personal information.
|
|
Your Right to Rectification
|
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
|
|
Your Right to Restriction of Processing
|
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
|
|
Right to Information
|
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this turns out to be impossible or requires a disproportionate effort. We will inform the applicable recipients upon your request.
|
|
Your Right to Data Portability
|
You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
|
13. Keeping Your Personal Information Secure.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
14. How to Contact Us and Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, you can do so here: www.riverside-cruises.com or 833-305-3313.
Please note that you may only make a CCPA/CPRA-related data access or data portability disclosure request twice within a 12-month period.
If you choose to contact us directly you will need to provide us with:
(a) Enough information to identify you (e.g., your full name, address and customer or matter reference number);
(b) Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
(c) A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
15. Changes to This Privacy Notice.
We may change this privacy notice from time to time–when we do, we will inform you via our website.
Do You Need Extra Help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us (see "How to contact us" above).