• A-ROSA Reisebedingungen
loader
loader

Data protection information

Protecting your privacy and personal data is a top priority for A-ROSA Flussschiff GmbH, and in our internet activities we are very careful in this regard. We collect, process and use personal data in accordance with applicable data protection laws, including particularly the GENERAL DATA PROTECTION REGULATION (GDPR), the German Telemedia Act (TMG) and the German Telecommunications Act (TKG).

We implement technical and organisational security measures in order to optimally protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. These security measures are upgraded on an ongoing basis to keep up with technological advancements.

Privacy - Data protection information

Download A-ROSA Privacy - Data protection information from 23.10.2018

Download

11.8 MB -  PDF

Object of data protection / personal data

Personal data are the object of data protection measures. Data is personal if it is referenceable to an identified or identifiable person. This includes such information as name, address, e-mail address and telephone number. Sensitive data (such as health data) are subject to special protections. Information not directly related to your actual identity (such as favourite websites or number of page users) is not covered.

Within the meaning of the GDPR, all information relating to an identified or identifiable natural person is personal data. A natural person is deemed identifiable if the person can be directly or indirectly identified, particularly by means of referencing such identifiers as name, ID number, location data, username or one or more special attributes which characterise the physical, physiological, genetic, mental, financial, cultural or social identity of that natural person. Personal data are only stored as necessary to provide the booked services, comply with legal requirements or fulfil the purposes stated below.

Collection, process and use of personal data

Other than in the cases outlined under Automated Collection and Processing of Data of Visitors to our Websites, data collection and data processing are only allowed if you voluntarily provide your personal data. This applies in particular to the following situations:

Travel booking and contract fulfilment (purpose of collection)

Personal data provided during registration and/or booking is collected, processed and used for the purposes of fulfilling travel contracts, utilising services on our website, providing customer service and complying with legal obligations. Such data include information provided for ship manifests and customer satisfaction surveys. In accordance with applicable laws, such data are generally only collected for the purpose of providing the services you wish to receive or require. Any other information we request on our forms is provided by you on a strictly voluntary basis, and is designated as voluntary.

These personal data are forwarded to our service providers for travel contract fulfilment. When booking a cruise, the personal data of persons travelling with you may also be collected. We therefore request that you ensure that such data are provided with the consent of the persons travelling with you. Personal data of children and other minors (under the age of 18) are collected, stored and used solely for travel contract fulfilment.

Legal bases for processing

The legal basis for personal data processed pursuant to our obtaining the consent of the data subject is Article 6 (1) a) of the EU General Data Protection Regulation (GDPR).

The legal basis for processing of personal data necessary for the performance of a contract to which the data subject is a party is Article 6 (1) b) GDPR. This also applies to processing performed to enable pre-contractual actions.

Transfer of personal data to third parties

The transfer of your personal data occurs exclusively in compliance with applicable laws, including particularly data protection and competition laws.

As necessary for the performance of the contractual services or fulfilment of our legal obligations, your data may also be transferred to sub-contractors or service providers for the provision of services in our name or on our behalf (technical processing of postal and e-mail dispatch, payment processing, customer service, etc.). Data are also transferred to persons or companies in order to process your order or booking, including particularly to airlines for travel services, other tour operators, hotels, travel agencies, destination agencies and government agencies, among other parties.

We only transfer data to third parties as necessary for the provision and billing of travel services (such as transferring travel contract data to A-ROSA Reederei GmbH in Switzerland or ship manifest data to port authorities). Any data transferred to service providers of A-ROSA Flussschiff GmbH are subject to the contractual data protection terms of A-ROSA Flussschiff GmbH in addition to the statutory provisions of compulsory applicability. Personal data are only collected and transferred to government institutions and authorities in accordance with compulsory legal provisions.

Data transfer to countries outside the EU

As necessary for the fulfilment of travel contracts we may also transfer your data to non-EU recipients if we are able to ensure that the data recipient guarantees an adequate level of data protection and there are no other legitimate interests against the transfer of data. In particular, we utilise the model contracts of the EU Commission for the transfer of personal data to third countries in order to ensure that the data recipient affords an adequate level of protection.

The transfer of data to A-ROSA Reederei GmbH in Switzerland, which is responsible for the operational aspects of your travel, is necessary for the fulfilment of travel contracts. The basis for data transfer to Switzerland is an adequacy decision. Switzerland provides an adequate level of protection, and does not require any special authorisation for data transfer.

Standard periods for the deletion of the data

Data are deleted in accordance with retention obligations and periods applicable for the specific processing purposes. Financial accounting and reporting data for a concluded financial year are deleted after a maximum period of 10 years in accordance with legal requirements (tax law) unless a longer retention period is required pursuant to regulations or for legitimate reasons. Manifest data are deleted 2 years after the conclusion of travel (EU Package Travel Directive).

Data security

A-ROSA Flussschiff GmbH has implemented the necessary technical and organisational measures to protect your personal data against manipulation, loss, destruction or access by unauthorised persons, to protect your rights and to comply with applicable data protection laws of the EU and the Federal Republic of Germany. The measures taken are designed to ensure the confidentiality and integrity of your data and the long-term availability and reliability of our systems and services in processing your data. In addition, these measures are designed to ensure the rapid restorability of data to a state of availability and accessibility in the event of a physical or technical incident.

All of our employees and all persons involved in data processing are obliged to comply with the GDPR and other data protection laws and to comply with rules governing the confidential handling of personal data. Our employees are trained accordingly. Internal and external audits are conducted to ensure that all data protection-relevant processes at A-ROSA Flussschiff GmbH are compliant.

Our security measures include the encryption of your data. Transport Layer Security (HTTPS) is utilised for encryption of your data in transfer to us. All data you enter online are transmitted via an encrypted transmission path which ensures that they can at no point in time be viewed by unauthorised third parties.

The data processing and security measures we employ are constantly being improved in line with technological advancements.

Newsletter and postal advertising

If you wish to receive our newsletter and register for it, we need to have a functioning e-mail address referenceable to you which allows us to verify that you are the owner of the given e-mail address. In addition to your e-mail address, the data we collect include your form of address, first name and surname. This information is used to personalise the salutation of the recipient.

Consent to saving of your e-mail address and other personal data provided by you (form of address, first name, surname) and to use thereof to send out the newsletter may be withdrawn at any time with non-retrospective effect.

Registration for our newsletter involves a ‘double opt-in’ procedure. This means you receive an e-mail after registration requesting you to confirm your registration. This confirmation is necessary to eliminate the possibility of anyone registering from a different e-mail address.

Newsletter registrations are logged to document that the registration process accords with the legal requirements. This involves saving of the time of login and confirmation and of your IP address. Changes to your stored data are also logged.

To process your registration to receive the newsletter we collect technical information including data about the browser and system you are using, your IP address and the time of retrieval. These data are utilised to improve the technical performance of services based on technical data or target groups and their reading habits, based on location of retrieval (determinable via the IP address) and access times.

Statistical data gathered include determination of whether the newsletter is opened, when it is opened and which links are clicked on. For technical reasons, this information is referenceable to individual newsletter recipients. It is not our interest however to monitor individual users. Rather, analysis is performed to enable us to identify the reading habits of our users, adapt our content to their needs and send differing content based on the interests of our users.

As required under the General Data Protection Regulation (GDPR), which enters into force on 25 May 2018, we are informing you that the basis for consent to the sending of e-mail addresses is Articles 6 (1) a), 7 GDPR and Section 7 (2) no. 3 and (3) of the German Unfair Competition Act (UWG). Statistical data gathering and analysis and logging of the registration procedure are performed on the basis of our legitimate interests in line with Article 6 (1) f) GDPR. Our interest is in deploying a user-friendly and secure newsletter system which both serves our business interests and meets the expectations of our users.

You can unsubscribe from the newsletter at any time, i.e. revoke your consent to use of your data for that purpose. This means your consent to newsletter dispatch and to related statistical analysis is revoked. Unfortunately it is not possible to separately revoke your consent to sending of the newsletter and to statistical analysis.

If you no longer wish to receive our newsletter, click on the link "Unsubscribe from the newsletter" which appears at the end of every newsletter we send out.

If you have booked a trip with A-ROSA Flussschiff GmbH or are interested in booking a trip, we utilise your postal address to send you product information and individually optimised travel offers. You can object to the use of your postal address for advertising purposes at any time as outlined in the aforementioned section of this data protection policy (Right to Information, Correction, Deletion and Restriction, Rights of Objection and Revocation).

Data collection by third-party providers/social networks

Our website contains links to social networks (Facebook, Google Plus, Twitter, Instagram, XING, YouTube, Pinterest, etc.). These social networks are exclusively operated by third parties. If you follow the corresponding links, data may be transmitted to these third parties (but no personal data within the meaning of the GDPR). Please see the data privacy policies of the respective operators for information regarding the purpose and scope of data collection by the social networks, further processing of and use of your data by those networks, your relevant rights and the settings you can configure to protect your privacy.

Our social media presence

We also use social media to present our company to users and facilitate communication with them.

When visiting these social media pages, it may occur that user data is processed outside the European Union. In general, German and/or European data protection legislation is not valid in these jurisdictions. This can make it more difficult to exercise your rights. US providers with Privacy Shield certification have undertaken to comply with EU data protection standards.

The data collected from social media users is normally processed for market research and advertising purposes. The content retrieved can be used to set up user profiles that are in turn used to display advertisements both on and off social media that are intended to match the user's interests. This process is usually facilitated by cookies stored on the user's computer.

However, providers can also use other methods to store data collected from social media users, particularly if these users are registered with and logged into the respective social media platforms.

The user's personal data is processed on the basis of Art. 6(1) lit. f GDPR. As the operator of a social media page, we have a legitimate interest in communicating with users and ensuring that they receive information in an efficient manner. If the user has agreed to the processing of their data – for example by clicking on a check box – the legal basis for processing this data is Art. 6(1) lit. a, Art. 7 GDPR.

Additional information about data processing and opt-out possibilities is available from the respective providers, who are listed below.

Requests for information and communications relating to the exercise of other user rights are best directed to the providers themselves. This is because they are the only parties with access to all user data and are thus the only ones able to provide the desired information or initiate the relevant measures.

– Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Privacy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com/de/praferenzmanagement/, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Activ.

– Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated?hl=de, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

YouTube video plug-ins

This website contains content from third-party providers. This content is provided by Google Inc ("the Provider").

YouTube is operated by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).

The advanced privacy setting is enabled for YouTube videos that are embedded on our website. This means that no data of website visitors are collected and stored by YouTube unless such a video is played.

Please see the Google data privacy policy at www.google.com/intl/de/+/policy/+1button.html for information regarding the purpose and scope of data collection, further processing and use of your data by providers, your relevant rights and the settings you can configure to protect your privacy.

Automated collection and processing of data when visiting our websites

Data processing to enable website usage

When you visit our websites, we collect the data necessary to enable your usage of the site (usage data). These include your IP address and data about the start and end points of your usage of the website and why you are using the website and potentially certain identification data (such as your login data if you log in to a secure area). These data are required to provide services and design services to meet user needs. These data are deleted if and when you revoke consent to processing. See below regarding the processing of pseudonymous user profiles.

A-ROSA website

// for end customers

End customers (consumers) can utilise the A-ROSA website to find out about offers of A-ROSA Flussschiff GmbH, directly book travel, order additional cruise services and transmit data. The booking, reservation and transmission of data are only possible if the necessary personal data are entered.

Information on the website is made available publicly in the form of text, images, video and downloads with no data entry required.

A-ROSA Website: https://www.a-rosa.de/en/river-cruises/index.html

In addition, customer club members can make use of the A-ROSA Club area after logging in. This requires providing personal data for registration.

A-ROSA Club: https://www.a-rosa.de/en/river-cruises/my-a-rosa/a-rosa-club.html

// for travel agencies

Travel agencies can utilise the A-ROSA extranet to find out about offers of A-ROSA Flussschiff GmbH and make direct bookings for their customers.

Travel agencies receive login credentials after successful registration which must be used to take advantage of the additional functionalities of the A-ROSA extranet.

Information on the A-ROSA extranet is made available to travel agencies in the form of text, images, video and downloads; data entry is required in some cases.

A-ROSA extranet: https://www.a-rosa.de/a-rosa-extranet.html

The entire A-ROSA website is encrypted.

A-ROSA BLOG

The A-ROSA BLOG contains information on A-ROSA cruises, travel photos and special cruise offers. This content is freely accessible to the public in the form of text, images and video.

A-ROSA BLOG (german): https://blog.a-rosa.de/kreuzfahrt-blog/

The entire A-ROSA BLOG is encrypted.

KURS A-ROSA

The KURS A-ROSA website is an exclusive online series of training units for travel agents for enhancing their A-ROSA sales knowledge. Registration is required to utilise all course functionalities.

Kurs A-ROSA (german): https://www.kurs.a-rosa.de

The entire KURS A-ROSA website is encrypted.

Cookies

When you visit our websites and you agree to the use of cookies, data may be stored on your computer in placed cookies. Cookies are small text files sent from a web server to your browser which are stored on your computer's hard drive. These make it possible to identify you when you revisit the respective website. They serve to improve website functionality and avoid your having to log in repeatedly or perform a web analysis (see ‘Web tracking and analysis’).
If you do not consent to the use of cookies, you may not be able to make full use of our websites or mobile apps.

You can disable the storage of cookies via your browser configurations and delete them from your hard drive at any time. Please be advised that only limited use of our offers on the website is possible without cookies. In particular, it is not at all possible to book travel without cookies, as these are required to verify booking data.

You can however prevent certain cookies (e.g. third-party cookies) from being placed via your browser settings, for example if you wish to prevent web tracking. See the Help function of your browser for more detailed information.

The cookie storage period is 60 days.

How do I configure the cookie settings of my browser?

Browsers differ as to how to configure cookie settings. The procedure for changing your cookie settings is outlined in the Help menu of every browser. These can be found for the respective browsers via the following links:

Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Safari™: http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-loeschen-so-geht-s/

Chrome™: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Firefox™ https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html

Pseudonymous usage profiles for advertising and market research (web tracking and analysis)

A-ROSA uses web tracking systems (if you have consented to the use of cookies) for advertising and market research purposes and to optimise the user-friendliness of our website. Data on usage of our website are stored in the form of pseudonymous user profiles (your IP address is anonymised). This enables us to further develop our website and tailor our content to your needs. User profiles are also utilised for what is known as ‘retargeting’, which allows A-ROSA Flussschiff GmbH to place offers of potential interest on other websites you visit. Pseudonymous user profiles are not combined with personal data.

If you object to the creation of pseudonymous user profiles you can prevent the placement of cookies via your browser settings (see ‘Cookies’) or by installing a plug-in such as AdBlock, Ghostery or NoScript on your browser to protect your privacy by preventing tracking (see the data privacy policy of the respective plug-in provider). Some tracking providers are members of industry associations (see below for details) which provide an opportunity for you to centrally object to usage-based online advertising by association members on their respective websites.

An explanation is provided below of how to notify the individual service providers of your objection to web tracking.

Bing Ads

Our website contains Microsoft tracking technology (for privacy issues contact: Microsoft Privacy, Microsoft Corporation, One Microsoft Way, 98052 Redmond, WA, USA). This may involve the use of cookies (see ‘Cookies’). Microsoft collects and stores usage data in pseudonymous profiles for the purpose of conducting web analytics and for interest-based advertising. You can object to such data collection and storage at any time with non-retrospective effect through the placement of an opt-out cookie on your device (http://choice.microsoft.com/en-US/opt-out). See the Microsoft privacy statement (https://privacy.microsoft.com/en-us/privacystatement/) regarding data processing by Microsoft and this opt-out procedure.

Google Analytics

This website utilises Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics employs cookies (see ‘Cookies’) to enable analysis of website usage. The information generated by the cookie about the use of this website is generally transmitted to a Google server in the USA, where it is then stored. However, your IP address is truncated and anonymised by Google within member states of the European Union and other countries party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide for the website operator further services connected to the website use and the Internet use. The IP address transmitted by your browser as part of Google Analytics shall not be combined with other Google data.

You can prevent the storage of cookies by configuring your browser software accordingly (see ‘Cookies’) or utilising a privacy plug-in. You can also prevent recorded data generated by the cookie concerning your use of the website (including your IP address) from being sent to Google and the processing of these data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can prevent collection by Google Analytics by placing an ‘opt-out cookie’ on your computer. For more information about data protection and Google Analytics, see: https://www.google.com/intl/en/policies/.

Google AdWords Conversion

We utilise Google Analytics for statistical analysis of data derived from the Google AdWords service. This enables us to analyse behaviour after a user clicks on our ad – whether the user purchased our product or viewed the ad from a mobile phone, for example – and thereby improve our offers. These services are also utilised so that you receive interest-based advertising. If you are opposed to this, you can disable the functionality via the Google Ads Settings: http://www.google.com/settings/ads/onweb/?hl=en

Google Tag Manager

This website utilises Google Tag Manager to manage website tags. A tag is a JavaScript snippet which sends data from a website to third parties, principally as part of web tracking. The Google Tag Manager tool itself does not collect personal data. The tool triggers other tags (like the Google Analytics tag) which may collect data. Google Tag Manager does not access these data. If disabled at the domain or cookie level, all tracking tags placed by Google Tag Manager are disabled. This is to ensure effective implementation of your objection to tracking.

Zanox/AWIN

Our website utilises tracking technology offered by zanox Ltd / AWIN, Stralauer Allee 2, 10245 Berlin (Zanox/AWIN). This may involve the use of cookies (see ‘Cookies’). Zanox / AWIN collects and stores usage data in pseudonymous profiles for the purpose of conducting web analytics and for interest-based advertising. You can object to such data collection and storage at any time with non-retrospective effect through the placement of an opt-out cookie on your device. See the Zanox / AWIN privacy statement regarding data processing by Zanox / AWIN and this opt-out procedure (https://www.zanox.com/gb/about-zanox/privacy/).

VE Interactive DACH GmbH

We use the services of Ve Interactive DACH GmbH (Französische Straße 47, 10117 Berlin, hereinafter "Ve"). In providing its services, Ve collects personal data from users who visit our websites. For this purpose Ve uses cookies and other similar technologies. Detailed information about the technologies Ve uses is available in Ve's cookie policy. A listing of the purposes for which Ve collects personal data is listed in Ve's privacy policy. In general, through the use of cookies, Ve collects personal data from users, especially contact information and behavioral data. Ve uses this personal information to draw conclusions about the user's personal preferences and to personalize the user's web experience, for example by displaying personalized offers when visiting customer websites or similarly personalizing the customer's website to the user and displaying personalized advertisements when visiting customer websites or websites of third parties. Ve and we are jointly responsible for the collection of personal data according to Art. 26 GDPR. Details can be found in Ve's privacy policy.

End users can prevent the processing of their personal data by Ve by various means. The available options for preventing data processing are contained in Ve's privacy policy, among others operating the opt-out button under https://www.ve.com/de/datenschutzerklaerung#opting-out or using the opt-out mechanism of IAB Europe at http://www.youronlinechoices.com/opt-out-interface.

Intercom live chat tool

We utilise the Intercom service as a live chat tool for handling your enquiries and providing information. You can use this enhancement of our offer to contact us and then receive any information you require via the communication channel of your preference. When you use the live chat tool to contact us, the data you voluntarily enter there (e.g. name, e-mail address, message, company name, phone no.) are stored by our service provider and we process these data solely for the purpose of responding to your enquiry, after which the data are deleted. Tracking technology also allows determination of the location of the user. For information on data protection at Intercom see: docs.intercom.io/privacy. You can read the Intercom terms and policies here: https://www.intercom.com/terms-and-policies

Registration for services

WhatsApp Messenger by MessengerPeople

You can register for our free WhatsApp Messenger service. Upon registration, A-ROSA does not collect data and no other services of A-ROSA are bound to the registration process. This registration is another way to receive information and offers from A-ROSA. We use the provider MessengerPeople for implementing the service. Information on usage of the news service by MessengerPeople can be found on our website. For detailed information about MessengerPeople´s usage of personal data please see the Privacy Policy of MessengerPeople at https://www.messengerpeople.com/privacy/

Rights of the data subject

You can request information about which personal data of yours is stored by A-ROSA Flussschiff GmbH at any time and free of charge, as well as the correction, restriction and deletion of these data if the legal conditions for such are met. You can exercise your right of objection in the aforementioned cases and if you receive marketing communications from A-ROSA Flussschiff GmbH. You can revoke any consent granted per data protection law at any time with non-retrospective effect.

Right to information

Pursuant to Article 15 GDPR, data subjects have the right to obtain information from a processor about which personal data of theirs is stored by that processor.

Right to correction

If a data subject finds that his/her personal data on file are incorrect, these data must be corrected pursuant to Article 16 GDPR.

Right to deletion ("right to be forgotten")

Data subjects have the right pursuant to Article 17 GDPR to request the deletion of their data. Deletion is only permitted however after any statutory retention periods have elapsed.

Restriction from processing

You may have the right to restrict data from processing pursuant to Article 18 GDPR under certain circumstances (such as if you as the data subject disagree with the data processor as to whether data stored are correct).

Objection

Pursuant to Article 21 GDPR, you may object to the processing of your personal data at any time with non-retrospective effect. Please note that if you file an objection with respect to mandatory data required for the use of our offer, you will no longer be able to use the offer.

Data portability

You enjoy a right to data portability under Article 20 GDPR in certain processing cases if the data were collected on the basis of consent or for performance of a contract.

To exercise your rights as data subject, please contact A-ROSA Flussschiff GmbH and/or the data protection officer of A-ROSA Flussschiff GmbH either in person or in writing.

Name and contact details of the controller

A-ROSA Flussschiff GmbH
Loggerweg 5
18055 Rostock
Germany

Email: service@a-rosa.de
Phone: +49 381 440 40 100

Managing director: Jörg Eichler

Data protection officer:

The external data protection officer of A-ROSA Flussschiff GmbH is Mr Gunar Laaser (Laaser Consulting)

Email: datenschutzbeauftragter@a-rosa.de

Right to file a complaint

If you believe that your personal data have been processed in violation of data protection law, you can contact the data protection officer of A-ROSA Flussschiff GmbH in line with Article 38 (3) GDPR (see the ‘Data Protection Officer’ section for contact details), or the competent supervisory authority in line with Article 77 (1) GDPR. The supervisory authority responsible for A-ROSA Flussschiff GmbH is:

The Commissioner for Data Protection and Freedom of Information of the Federal State of Mecklenburg-Vorpommern

Werderstraße 74a
9055 Schwerin
Germany

Phone: +49 385 59494 0; Fax: +49 385 59494 58
Email: info@datenschutz-mv.de

Website: www.datenschutz-mv.de; www.informationsfreiheit-mv.de