1. Highlights
1.1. Your privacy matters. We want you to understand how we use the personal data you provide to us.
1.2. We use data about you. As a Supplier to, or Business Partner of, Royal Caribbean (defined below), we process your personal data and produce records based on that personal data.
1.3. We need to use your data. We use your personal data in furtherance of the Supplier/Business Partner relationship and our business operations.
1.4. We need to share your data with the Royal Caribbean Group, other Suppliers, and Business Partners in furtherance of our business operations. As a global business, we share your personal data within the Royal Caribbean Group and with other Suppliers, and Business Partners. We choose our Suppliers and Business Partners carefully and put in place safeguards to ensure that they protect your personal data.
2. Definitions
2.1. Affiliate: Affiliates, with respect to any entity, includes any other entity controlling, controlled by, or under common control with, such entity.
2.2. Associated Party: Associated Party includes those transferees of the benefit(s) and/or burden(s) of our Supplier/Business Partner relationships.
Business Partner: Business Partners include those individuals and entities, their affiliates and associated parties with whom we have partnered to complement the products and/or services we provide (herein referred to as “you” or “your”). This includes, without limitation, travel agents, tour operators, concessionaires, and joint venture partners. Personal data of Business Partners may include personal data of the owners, officers, directors, employees, agents, customers, suppliers and business partners.
2.3. Royal Caribbean: Unless, specifically identified herein, Royal Caribbean includes the Royal Caribbean Group (herein referred to as “we”, “us”, or “our” and their cognate terms).
2.4. Royal Caribbean Group: Royal Caribbean International, Celebrity Cruises, and Our affiliates.
2.6 Supplier: Suppliers include those individuals or entities, their affiliates and associated parties providing us products and/or services in furtherance of our business operations (herein referred to as “you” or “your”). This includes, without limitation, professional advisers (accountants, consultants and independent contractors, lawyers, etc.). Personal data of Suppliers may include personal data of their owners, officers, directors, employees, agents, customers, suppliers and business partners.
3. Contents
- Who’s responsible for your personal data?
- What personal data do we collect or receive?
- How we use your personal data
- Who we share your data with
- How we transfer data internationally
- Retention of your personal data
- Your rights in relation to your personal data
- Legal grounds for processing
- Contact us
4. Who’s responsible for your personal data?
4.1. As the data controller, we are responsible for the personal data you provide to us and will determine, either on our own or jointly with you, how that data will be processed. We will only process such data within Royal Caribbean and with other Suppliers and/or Business Partners where we have a legitimate reason(s) to do so.
4.2. Please note the following data controller relationships:
(a) Royal Caribbean Cruises Ltd., 1050 Caribbean Way, Miami, FL 33132, United States of America (“USA”), if:
(i) Your personal data relates to a business relationship with Royal Caribbean Cruises Ltd.;
(ii) You use Royal Caribbean Cruises Ltd. Or Cruising Power websites or systems outside of the European Economic Area (“EEA”);
(iii) You call a Royal Caribbean Cruises Ltd. call center based outside of the EEA;
(iv) Your personal data is processed on vessels owned or operated by Royal Caribbean Cruises Ltd. (including, Royal Caribbean International); or
(v) You book a cruise through an entity based outside of the EEA.
(b) Celebrity Cruises Inc., 1050 Caribbean Way, Miami, FL 33132, USA, if:
(i) Your personal data relates to a business relationship with Celebrity Cruises Inc.;
(ii) You use Celebrity Cruises Inc. or Cruising Power websites or systems outside of the EEA;
(iii) You call a Celebrity Cruises Inc. call center based outside of the EEA;
(iv) Your personal data is processed on vessels owned or operated by Celebrity Cruises Inc.; or
(v) You book a cruise through an entity based outside of the EEA.
(c) RCL Cruises Ltd., Building 3, The Heights, Brooklands, Weybridge, Surrey KT13 0NY, UK, if:
(i) Your personal data relates to a business relationship with RCL Cruises Ltd.;
(ii) You use RCL Cruises Ltd. or Cruising Power websites or systems inside the EEA, Australia, and New Zealand;
(iii) You call a RCL Cruises Ltd. call centers based in the EEA; or
(iv) You book a cruise through an entity based inside of the EEA.
(d) Silversea Cruises (UK) Ltd, 3 The Heights, Brooklands, Weybridge KT13 0NY, UK, if:
(i) Your personal data relates to a business relationship with Silversea Cruises (UK) Ltd;
(ii) You use Silversea Cruises (UK) Ltd or Cruising Power websites or systems inside the EEA;
(iii) You call a Silversea Cruises (UK) Ltd call center based inside the EEA;
(iv) Your personal data is processed on vessels owned or operated by Silversea Cruises (UK) Ltd; or
(v) You book a cruise through an entity based inside the EEA.
4.3. This Privacy Notice does not determine your relationship with us insofar as your status as a data processor, data controller or joint data controller under certain data privacy laws, including the General Data Protection Regulation.
This determination is based on each Supplier’s and Business Partner’s particular business relationship with Royal Caribbean. Accordingly. Not all sections of this Privacy Notice may be applicable to you and this Privacy Notice does not relieve you of any obligations, legal or otherwise, that may result from the determination of your relationship with us. sp;(v) You book a cruise through an entity based outside of the EEA.
5. What personal data do we collect or receive?
5.1. The following are categories of your personal data that we may process:
Categories of personal data |
When/how we got it |
Personal Information |
|
In addition to the items of information in Personal Information, above, information related to safety, health, medical, and other incidents which may take place involving or related to Suppliers or Business Partners in, on, and/or at our sites
|
We may collect information related to the incident, including the names of individuals involved, circumstances of the incident, and health and medical data (if an individual seeks medical treatment as a result of an incident in, on, and/or at our sites). Personal Information may be provided by you during and after the incident. Personal Information may be provided by third party providers, such as health care providers, etc.
|
Financial Information |
|
Financial details (bank information and tax information) required for payment, investment, contribution, tax, etc. purposes
|
Financial Information is provided by you prior to and during your business relationship with us.
|
Records |
|
Records related to the business relationship that may contain personal information. note- this may include customer information.
|
Records may be prepared by you in your normal course of your business and may be provided to us from time to time prior to, during, and after your business relationship with us.
We may request that you prepare and provide us certain records during and after your business relationship with us (e.g., performance, investigations, etc.).
Records may be prepared by us related to the Supplier/Business Partner relationship (e.g., performance, quality assurance, education and training, participation in certain offers and incentive programs).
We may prepare and provide you certain records during the business relationship to facilitate the business relationship (e.g., for tour operators, names and certain other required information regarding those individuals who have purchased tours).
|
5.2. In addition to the above, the below categories apply to Suppliers or Business Partners providing products and/or services, or otherwise conducting or engaging in activities in furtherance of the business relationship in our offices, on our vessels, or at our project or operation sites (e.g., newbuilds, dry docks, in-port, and alongside our vessels) (collectively, “sites”):
Categories of personal data |
When/how we got it |
Personal Information |
|
in addition to the items of information in Personal Information, above, information related to safety, health, medical, and other incidents which may take place involving or related to Suppliers or Business Partners in, on, and/or at our sites.
|
We may collect information related to the incident, including the names of individuals involved, circumstances of the incident, and health and medical data (if an individual seeks medical treatment as a result of an incident in, on, and/or at our sites). Personal Information may be provided by you during and after the incident. Personal Information may be provided by third party providers, such as health care providers, etc.
|
Documentation |
|
documents related to identity (e.g., passport, driver’s license), employment eligibility (e.g., work permit, visa, etc.), travel, and documentation to establish, substantiate, or support certain personal information and other information provided to Royal Caribbean or otherwise required for the employment relationship (e.g., tax documentation, etc.).
note- documentation may contain specific identification numbers or other identifiers; our receipt of which may include the document itself and/or any identification numbers, identifiers, etc. thereon.
|
Documentation may be provided by you prior to, during, and after your business relationship with us.
|
Communication and Site Access Records |
|
information and records related to use of Royal Caribbean’s information technology and communication systems (creation, transmission, and/or storage of information or communications on or using those systems, internet provider (IP) address, computer usage, including browser history, telephone call history, and voicemail) and access to, and use of, the site and other assets owned or operated by Royal Caribbean (e.g., closed-circuit television (CCTV), body camera, and still photo imagery, site access, etc.)
|
Royal Caribbean generally produces, including by through its use of electronic monitoring systems.
|
5.3. In providing us information containing the personal data, including sensitive data, of individuals, you represent that you have been duly authorized by those individuals to do so prior to so providing, including by, where applicable, obtaining their consent.
6. How we use your personal data
6.1. We process personal data for the purpose of our business relationship with you, the legitimate interests of Royal Caribbean, and to comply with certain legal and regulatory obligations, including:
(a) evaluating prospective business relationships;
(b) establishing the business relationship, including setting up payment and where applicable, access to our sites and/or information technology and communications systems;
(c) managing and assessing the business relationship, including performance, compliance with mutual obligations, etc.;
(d) records and business management, including auditing, compliance, and risk management activities;
(e) complying with:
(i) requests from, and reporting obligations of, governmental, quasi-governmental, and judicial bodies, including port and customs authorities and law enforcement agencies;
(ii) disclosure obligations in the context of litigation or government/regulatory investigations; and
(iii) health and safety obligations, documenting incidents, obtaining medical help, and reporting injuries for claim purposes
(f) protecting the rights and property of Royal Caribbean and any of its staff, customers, and others, ensuring the safety of the aforementioned and conducting related investigations.
7. Who we share your data with (Data sharing)
We may share your personal data with the following recipients for the purposes listed above:
(a) Members of the Royal Caribbean Group
As a global business, we may need to share your personal data with other companies in the Royal Caribbean Group.
(b) Our Suppliers and Business Partners
The integration of your products and/or services into our business operations may require us to share your personal data with other Suppliers and/or Business Partners. For example, we use cloud software providers (a Supplier) to provide booking software for travel agents (a Business Partner).
We choose our Suppliers and Business Partners carefully and put in place safeguards to protect your personal data.
(c) Ports, customs and other government authorities, law enforcement agencies and courts and parties to litigation T
The laws of countries in which we operate may require us to share certain personal information.
For example, ports and customs authorities require vessel manifests prior to permitting entry, law enforcement agencies may require access to personal data, including in connection with criminal investigations, and Royal Caribbean may be ordered to disclose personal data by a court or in connection with legal proceedings.
8. Retention of your personal data
We retain your Personal Data only for as long as necessary: (i) for the purposes set out in this privacy notice; and/or (ii) to comply with our legal obligations and/or internal policies and procedures.
9. Your Rights - Changes to this Privacy Notice
This privacy notice may be updated from time to time in Royal Caribbean’s sole discretion. Updates to this privacy notice are effective on the date published to our websites and/or digital platforms.
10. Contact us
If you require any other information about any part of this notice, you can contact our Data Protection Officer at Royal Caribbean Cruise Ltd. at the mailing addresses above or via email at privacy@rccl.com.
Section II: Heightened European Union requirements/ compliance with the General Data Protection Regulation
1. Application
This Section supplements the provisions set out in Section I and applies to you if:
(a) you are located in the EEA;
(b) you are providing products/services, or otherwise conducting or engaging in activities in furtherance of the business relationship, to or at our sites located in the EEA (including on our vessels located outside the EEA);
(c) your personal data is processed on one of our ships; and/or (d) your data controller is RCL Cruises Ltd.
2. Legal grounds for processing
We process your personal data to the extent that one or more of the following legal grounds applies:
(a) where you have given your express consent;
(b) where necessary for the performance of a contract;
(c) where necessary to comply with our legal obligations;
(d) where we need to process your personal data to protect your (or somebody else’s) vital interests, including where you are physically or legally incapable of giving consent, for example in case of a medical emergency;
(e) the establishment, exercise, or defense of legal claims; and/or
(f) where the processing is necessary for our legitimate interests or the legitimate interest of the those whom we transfer your personal data (provided that such legitimate interests are not overridden by your interests or your fundamental rights and freedoms).
3. International data transfers
As a global business, we may need to share your personal data with other members of the Royal Caribbean Group and others for the purposes as outlined in this Privacy Notice. This means that we may transfer your personal data outside of the EEA (including to the United States as this is where the servers that we use for our business and on which your personal data is stored are located). We use the European Commission’s standard data protection clauses (also known as Model Clauses) to provide safeguards for your personal data that is transferred outside the EEA so you can rest assured that the we adhere to the strict European standards of data security and usage.
4. Your rights in relation to your personal data
You certain rights in relation to your personal data we maintain, including the right to:
(a) accurate and complete personal data;
(b) request information about, and access to, your personal data;
(c) object to the processing of your personal data;
(d) request that we restrict the processing of your personal data;
(e) request that we erase your personal data;
(f) request receipt of your personal data and transmission to another controller;
(g) withdraw your consent at any time where the processing of your personal data is based on consent; and
(h) lodge a complaint with a supervisory authority.