Privacy Policy

Privacy Notice of Swan Hellenic Cruises

Swan Hellenic Cruises is pleased about your visit to our website as well as about your interest in our company and our products. We take the protection of your personal data very seriously and would like you to know how and for what purpose your data will be saved or used.

Coverage of our Privacy Notice

The data controller are Swan Hellenic Cruises FZCO and Swan Hellenic Travel Ltd (hereinafter referred to in this Notice as “we” or “us”).

We are fully committed to GDPR compliance when it comes to how we collect, use and protect your personal data. Your privacy is very important to us, so please take your time and read carefully our Privacy Notice which explains:

  • What types of personal data we collect and why we collect it.
  • When and how we may share personal data with other organizations.
  • The choices you have, including how to access and update your personal data.

If you are not familiar with terms such as data controller, sensitive personal data, then read about these and some others in our explanatory section at the end of this policy.

Collection of your Personal Data

When you register for any of our services by visiting our website, you may provide us with:

  • Your personal details, including your residential address, email address, phone number and date of birth.

Plus when you simply browse our websites, we may collect:

  • Your Travel preferences like areas you are interested to travel to.
  • Information about your browsing behavior on our websites, i.e. Length of your attention.
  • Information about when you click on one of our adverts, including those shown on other organizations’ websites, no matter if redirected or not.
  • Information about the way you access our digital services, including your operating system, IP address, online identifiers and browser details in order to provide you with the best technical support.
  • Social preferences, interests and activities.

When you buy one of our cruise packages in our travel agencies or online, we may collect:

  • Passenger Information, Pass Port Details, other ID document details.
  • Insurance details about an existing travel insurance.
  • Relevant medical data and any special, dietary, religious or disability requests by us whether by specific forms or send by you per email.
  • Information about your purchases, including what you bought, when and where you bought it, how you paid for it and credit card or other payment information shared by you for the purpose of payment for your concrete booking.
  • Information about your browsing behavior on our website, like time spent on individual pages and offers.
  • Information about when you click on one of our adverts, including those shown on other organizations’ websites, no matter if redirected or not.
  • Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details in order to provide you with the best technical support.
  • Social preferences, interests and activities.

When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:

  • Personal data you provide when you connect with us, including by email, post and phone or through social media, such as your name, username and contact details.
  • Details of emails and other digital communications we send to you that you open, including any links in them that you click on.
  • Your feedback and contributions to customer surveys and questionnaires.

Other sources of personal data

  • We may use personal data from other sources, such as specialist companies that supply information, retail partners and public registers.
  • Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
  • If you log-in using your social network credentials to connect to our platforms and online services e.g. Facebook, Google+ and Twitter, you will agree to share your user details with us. For example, your name, email address, date of birth, location and any other information you choose to share with us.

Personal data you provide about other individuals

  • We use personal data about other individuals provided by you, in the same way as your personal data on your booking file.
  • By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.

How we use your Personal Data

We use your personal data in a variety of ways, as explained below.

To provide the products and services you request

We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.

In detail:

  • Planning and organization of the trip you have booked (cruise, shore excursion)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • Transmission to the entrance and exit ports as part of the trip you have booked
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • Transmission to hotels and restaurants (possibly to third countries outside the EU)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR) (Article 49, paragraph 1, point (b), of the GDPR)
  • Transmission to airlines (possibly to third countries outside the EU) when you book a travel package to and from departure and arrival points
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR) (Article 49, paragraph 1, point (b), of the GDPR)
  • Storage of name, telephone number and relationship for information purposes in case of emergency
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    Legitimate interest in the storage of this data consists in informing your relatives of unforeseen emergencies and, if necessary, in asking questions and initiating and/or coordinating measures in your interest.
  • Use of telephone numbers, e-mail address and address for the purpose of customer support, i.e. to advise you and answer your questions in connection with your booked cruise
    Consent (Article 6, paragraph 1, point (a), of the GDPR)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • Use of address and e-mail address for commercial communication (post and e-mail)
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    The legitimate interest consists in direct advertising for future cruises by sending catalogues and flyers with special cruise offers and/or in the context of an e-mail newsletter.
  • Processing of relevant data in response to and management of security incidents, disturbances or other similar unforeseen occurrences on board. Among others, these can be of a medical or insurance-related nature.
    Processing in order to protect the vital interests of the data subject (Article 6, paragraph 1, point (d), of the GDPR)
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    The legitimate interest consists in being able to react to unforeseen events during the itinerary.
  • Planning, organization and support of the legally valid marriage, registered civil union or symbolic promise of marriage you have booked
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)

To manage and improve our cruise products, touristic services and day-to-day operations:

In detail:

  • We use personal data to manage and improve our products, websites, customer loyalty or recognition programme(s) and other services.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in providing you with an optimal user experience when using our tele-media services.
  • We monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our services.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in protecting you and your personal data from criminal offences when using our services and recognising and preventing the misuse of services.
  • We may use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, shops, IT systems, security, know-how and the way we communicate with you.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in developing and improving our product range, services, shops and IT systems, security, expertise and the methods of our communication with you.
  • We use CCTV images to help maintain the safety of anyone working in or visiting our ships, premises and other buildings, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise or defend our legal rights.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in identifying and preventing criminal offences and the misuse of services and being able to exercise and assert claims.

How to personalize your experience:

We want to ensure that marketing communications relating to our products and services, and those of our suppliers and retail partners, including online advertising, are relevant to your interests.

In detail:

  • To do this, we may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to tailor our communications to make them more relevant and interesting to you.
  • Looking at your browsing behavior and purchases helps us to better understand you as a customer.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to offer you personalized offers and services.
  • We may also measure your responses to marketing communications relating to products and services we offer.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to offer you products and services that better meet your needs as a customer.
  • If you do not want to receive a personalized service from us, you can change your preference online (kundendaten@hl-cruises.com), over the phone or by writing to us at any time. We will update our records as soon as we can.

How to make contact and interact with you:

We want to provide you, as our customer, with even better support.

In detail:

  • When you contact us, for instance via e-mail, post, telephone or social media, we are permitted to use personal data in order to handle your matter in the best and fastest possible way.
    Consent (Article 6, paragraph 1, point (a), of the GDPR.
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • We need to process your personal data so that we can manage any promotions and competitions you choose to enter, including those we run with our suppliers and retail partners. For example, if you win a prize.
    Processing for the performance of a contract (Article 6, paragraph 1, point (f), of the GDPR)
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to conduct the promotion and competition as well as notifying you of any winnings.
  • If we have to process special categories of personal data, for example health-related data for medical reasons, we only do this if one or more additional prerequisites apply: we have your express consent; it is necessary to protect your vital interests or those of another person and you are physically or legally not in a condition to give consent; it is necessary for the justification, assertion or defense of legal claims; it is necessary for reasons of an overriding public interest.
    Article 9, paragraph 1, points (a), (c), (f) and (g), of the GDPR
  • We are permitted to combine the data which we collect when you make a purchase in an online shop with personal data that was collected via our websites and other sources.
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    The legitimate interest consists in helping us better understand you as a customer and being able to provide you with services and marketing communications (including online advertising tailored to your interests).

Your Data and our Marketing

We do not sell your personal data to third parties. From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email. We may also send you information about other companies’ products and services that we believe may be of interest to you. We will only do this if you previously agreed to receive these marketing communications.

When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, using the ‘unsubscribe’ link in our marketing emails or by writing to us (e.g. email) at any time.

You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products or services.

Within the scope of our offer, we offer you the possibility at various points to be informed by us about interesting offers and news in various ways. Provided that you have given your express consent or that the requirements according to Fair Trading Principles are fulfilled, we will use your email address and any additional voluntary personal details to send you our newsletter on a regular basis. When registering for a newsletter, you may be given the opportunity to provide additional information about yourself, for example if you would like to receive a birthday surprise. We will then process and use the data you provide for these purposes.

If you are no longer interested in receiving certain information or offers in the future or if you no longer wish to receive the information/offers via a certain channel, please inform us by email to unsubscribe(at)swanhellenic.com. The unsubscribe function for the newsletter (opt-out link) is also integrated at the end of each email. We will then comply with your request immediately.

Your requested online services and our web hosting

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online services or from websites.

Collection of Access Data and Log Files:

We, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers.

Processed data types:

Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects:

Users (e.g. website visitors, users of online services).

Legal Basis:

Legitimate Interests (Article 6 (1) (f) GDPR).

Online surveys and Market Research

We like to hear your views to help us to improve our cruise products and services, so we may contact you for market research purposes. You always have the choice about whether to take part or continue in our market research.

Passport storage onboard

We may collect your passport or ID card on our cruises, where needed, so that we can fulfil all visa as well as entry and exit requirements for the countries visited. We would like to inform you about the data protection aspects relating to this.

What are the legal grounds and purpose of processing?

The legal grounds for the collection of your passport/ID card are the fulfilment of the contractual obligations from your cruise contract concluded with you in accordance with point (b) of Article 6(1) of the GDPR. The identity documents will be collected by our trained staff on board, stored securely and returned to you at the end of the cruise. The purpose of this is to fulfil the visa as well as entry and exit requirements of destination ports and thereby facilitate your entry and exit to your utmost convenience.

How long is my data stored?

We will keep your identity document safe until the end of your cruise. If it is no longer necessary for us to keep your document during a cruise, it will be returned to you sooner. We do not keep any copies of your passport/ID card.

Who will receive my data?

We show your identity document to the port authorities responsible for entry and exit procedures during your cruise. Our trained staff are always present.

Will my data be shared with third countries (i.e. outside of the European Economic Area)?

Identity documents are presented to the port authorities only on their request for processing at each port we visit on our cruises.

Is the provision of my data mandatory?

In some countries (e.g. Kenya, South Africa), the authorities require the collection of identity documents. In other countries, this is a service we provide to make the process as pleasant for you as possible. You do not usually need to be present in person when we present your passport/ID card to the authorities early in the morning or late at night. However, as official regulations change and we are therefore unable to guarantee the actual organization of your booked cruise, we collect the identity documents of our guests as a matter of course. We therefore ask that you discuss with our service team prior to the start of the cruise the possibility of keeping your identity document with you.

Will automated decision-making, including profiling, take place?

Automated decision-making, including profiling, will not take place.

Sharing your Personal Data with Suppliers

In order to provide our best cruise products or touristic services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies.

We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services. We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud, reducing credit risk and checking international sanction lists.

When we share personal data with other organizations we require them to keep it safe in accordance with strict GDPR rules as contractual implementation, and they must not use your personal data for their own marketing purposes.

We only share the necessary minimum personal data that enable our suppliers and retail partners to provide their services to you and us.

For the purposes of performing the travel contract concluded with you, we transmit your personal data to, among others, the above-mentioned recipients in countries outside of the jurisdiction of European data protection laws for which the European Commission has determined that there is not an appropriate level of data protection. In particular, this transmission is carried out for the preparation of the cruise and is required due to local legal requirements to register passengers upon docking in ports. Separate data protection agreements contracts exist with service providers who support us in carrying out the cruise.

Sharing your Personal Data with Regulatory Bodies and Government Authorities

So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.

Some countries will only permit travel if you provide your advance passenger data (for example, EU APIS flight Data, Caricom API Data and US Secure Flight Data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may assist where appropriate.

We may share the necessary minimum personal data necessary with other public authorities if the law says we must, and/or we are legally allowed to do so.

For the purposes of performing the travel contract concluded with you, we transmit your personal data to, among others, the above-mentioned recipients in countries outside of the jurisdiction of European data protection laws for which the European Commission has determined that there is not an appropriate level of data protection. In particular, this transmission is carried out for the preparation of the cruise and is required due to local legal requirements to register passengers upon docking in ports.

ACTA as licensing and insolvency bonding authority

ACTA ( Association of Cyprus Travel Agents) Since 2018, tour operators are obliged to be partners of ACTA in Cyprus for insolvency insurance. In the event of a claim the ACTA requires all essential information about your trip in order to perform its duties. Therefore, we would like to inform you in the course of this data privacy notice what personal data we transmit to the ACTA in the unlikely event of an insolvency claim:

  • Your master data
  • Your booking-related data
  • Your flight data and transfer data (if any)
  • Data in the event of repatriation (if any)

Your data will be sent to:
ACTA Cyprus,
24 Stasikratous Street,
1065 Nicosia

Mailing Address:
P.O Box 22369
1521 Lefkosia

Telephones:+357 22666435

Fax:+357 22660330

Email:acta@acta.org.cy

ACTA is acting as an independent data controller according to the General Data Protection Regulation of the European Union (GDPR).

Your Data Protection rights and Informational Options

You have the right to information, correction, erasure or restriction of processing, data portability and objection to the processing of personal data concerning you. You also have the right to complain to a data protection authority. However, if you have questions or complaints, we ask that you first contact our corporate data protection officer at dpo@swanhellenic.com In the event that you have consented to us processing your personal data, you can withdraw this consent at any time. The processing of your data prior to the time you withdraw consent will remain lawful even if you do withdraw consent. If you would like to withdraw your consent, please write to unsubscribe@swanhellenic.com and provide your customer number. Please note that, in the event of a withdrawal of your consent, processing may still be possible under certain circumstances on a legal basis, for example if this is necessary to fulfil a legal obligation or if there is a legitimate interest in further processing.

We are protecting Your Personal Data at best

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorized access, use, alteration and disclosure.

The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services as i.e. my-swan-login, you are responsible for keeping this password confidential.

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by organizations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate (contractual) protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice. These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission as long as those standards are still applicable and compliant, and appropriate other security measures, similar to NIS and NIS2 directive rules and regulations.

Data retention

We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymize this data.

Cookie Policy and Use of similar technologies

Cookies are small data files that allow a website to collect and store a range of data on your desktop-computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. Please see our separate Cookie Notice.

Links to other websites

Our own website may contain links to websites operated by other organizations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organization’s website as we do not accept any responsibility or liability for websites of other organizations.

Our Social Media Channels and data usage

Thank you for your interest in the social media profiles of Swan Hellenic Cruises, provided by Swan Hellenic Cruises FZCO, all kind of request please to claudia.resta@swanhellenic.com

We have the following social network channels:

  • Facebook: https://www.facebook.com/swanhellenic/
  • Instagram: www.instagram.com/swanhellenic/
  • X/:https://twitter.com/i/flow/login?redirect_after_login=%2Fswanhellenic
  • Pinterest: www.pinterest.de/swanhellenic/
  • YouTube: https://www.youtube.com/@swanhellenicYTChannel

Please note that by registering for the social networks, you also agree to the privacy policies of the networks in question that also apply to services such as our profiles.

Informational Request and Complaints – Access to your Personal Data

You have a right to ask for a copy of the personal data we hold about you. You can write to us asking for a copy/ written information of other personal data we hold about you.

Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.

We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.

You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organization.

We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.

You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority.

Please submit your request or complaint in writing to our International Legal Department/Data Protection Officer:
Swan Hellenic Cruises FZCO,
E-Mail: dpo@swanhellenic.com
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorized to make such a request or complaint when you contact us on behalf of someone else.

Legal basis for processing personal data

We will only collect and use your personal data if at least one of the following conditions applies:

  • We have your consent;
    Example: Booking
    You give us permission to process your personal data when you book a cruise (package).
  • It is necessary for a contract with you or to take steps at your request prior to entering into a contract;
    Example: To provide the cruise products and touristic services you request
    We need to process your personal data so that we can manage your cruise booking, provide you with the additional products and touristic services you want to buy and help you with any orders and refunds you may ask for- also from our third party suppliers.
  • It is necessary for us to comply with a legal obligation;
    Example: Sharing personal data with regulatory authorities
    So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.
  • It is necessary to protect your vital interests or those of another individual;
    Example: In an emergency
    Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
  • It is in the public interest or we have official authority; or
    Example: Security operations
    We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.
  • It is in our or a third party’s legitimate interests and these are not overridden by your interests or rights.
    Example: To personalize your experience
    We may use your personal data to better understand your interests so that we can try to predict what other partner products, touristic services and helpful information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.

Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example:

  • we have your explicit consent written on file; or
  • it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; or
  • it is necessary to establish, exercise or defend legal claims; or
  • it is necessary for reasons of substantial public interest.

Data transfer on another basis

In light of the judgment of the European Court of Justice (ECJ) in the Schrems II case (Case C-311/18), we comply with the recommendations of the European Data Protection Board (EDPB) on the transfer of personal data to countries outside the EEA. We follow and implement the EDPB recommendations as set out below.

We assess and analyze all cases in which we export personal data to non-EEA countries (third countries) and analyze the necessity to disclose data in clear text or in pseudonymized or encrypted form.

We verify which of the transfer tools set out in Chapter V of the GDPR our transfer relies on and whether an adequacy decision pursuant to Article 45 of the GDPR exists in relation to the third country (a detailed list can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
Where the third country is covered by an adequacy decision, the transfer to that third country is made on the basis of Article 45 of the GDPR.

- in other cases -

We assess whether there is anything in the law or practice of the third country at issue concerning the specific transfer of personal data that may impinge on the effectiveness of the appropriate safeguards of the transfer tools on which we rely in the context of the specific transfer. We focus primarily on third country legislation that is relevant to our transfer and the Article 46 GDPR transfer tool on which we rely and that may undermine its level of protection.

We then verify if we can use standard contractual clauses (SCC) for the country concerned (Article 46(2)(c) GDPR). We transfer data to third countries only where it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection militate against the transfer of the data. To ensure that the recipient of the data has an adequate level of protection in place, we use, in particular, the model contractual clauses (SCC) adopted by the European Commission for the transfer of personal data to third countries and, where appropriate, in addition, binding corporate rules (BCR).

We verify whether, using the SCC, we can transfer the data to the country concerned and negotiate additional safeguards for the transfer of the data to that country. These include, in particular, measures to avoid onward transfer or access by others (encryption, agreement that the data will be hosted in the EU or that data will not be transferred to the USA).

In addition, we contact each recipient of data and attempt to negotiate amendments to the SCC, if needed.

Where possible we will also implement technical measures such as the use of pseudonymization, encryption which is also effective against the recipient or the selection of a recipient who is protected under the law of the country to which the personal data is exported.

Finally, we will re-evaluate the measures taken at appropriate intervals and, where necessary, adapt them.

If by using the above measures an adequate level of protection comparable to that pursuant to the GDPR cannot be achieved, we will refrain from transferring personal data to recipients in third countries.

Please contact our data protection officer if you wish to receive further information on this matter.

Depending on the country in which your booking is made or intermediated and in order to offer you the requested services, we pass on, with your consent or on the basis of an adequacy decision pursuant to Article 45 of the GDPR, information about you to companies in our group which further process your personal data in accordance with the GDPR. Your personal data may be transferred to and from the following companies within the Swan Group or associated with it:

  • Swan Hellenic Travel Ltd Cyprus, (on the basis of Article 49 GDPR)
  • Swan Hellenic Cruises FZCO Dubai (on the basis of Article 49 GDPR)
  • Swan Hellenic UK Limited , London (on the basis of Article 49 GDPR)
  • Swan Hellenic Cruises Ltd. Cyprus (on the basis of Article 49 GDPR)
  • Swan Hellenic Cruises US Inc Florida (on the basis of Article 49 GDPR)
  • V-Ships Leisure S.A.M. , Monaco (on the basis of Article 49 GDPR)
  • Oceanic Catering, Cyprus (on the basis of Article 49 GDPR)

Within our corporate structure protection of the personal data transferred is ensured also by inter-company agreements, SCC, necessary additional safeguards and binding corporate rules.

Changes of this Notice and Privacy Policy

This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Privacy Notice changes.

Last update: December 2023

Definitions and Key terms

Data controller: The data controller determines the purpose and manner in which personal data is used.

European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.

Online advertising: Marketing messages that you may see on the internet.

Special categories of personal data: This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.

Caricom API Data: Some or all of the Caricom states have entered into an agreement with the USA whereby advance passenger data, required by and provided to Caricom states for border security purposes, will be passed to the USA Department for Homeland Security for processing on behalf of those Caricom states. Please see the Caricom website Caricom website for more details.

US Secure flight Data: The Transportation Security Administration (TSA) requires you to provide your full name, date of birth and gender for the purpose of watch list screening. You may also provide your Redress Number, if available. Failure to provide details may result in denial of transport or denial of authority to enter the boarding area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. Please see the TSA website for more details.

©ESLegalServices Dec 23