AmaWaterways Privacy Notice
- Who is AmaWaterways?
- Explaining the legal bases we rely on
- When do we collect your personal data?
- What sort of personal data do we collect?
- Why we need your personal details
- How we protect your personal data
- Bookings Through Travel Agents
- How long will we keep your personal data?
- How and why do we share your personal data
- What are your rights over your personal data?
- How you can stop the use of your personal data for direct marketing?
- Contacting the Regulator
We take the security of your personal data when you access or use the various websites, mobile application(s),
and other digital platforms (together the "Digital Platforms") owned, operated, licensed or controlled by
AmaWaterways, its subsidiaries, affiliates, or joint ventures ("AMA", "we," "us," "our," or the "Company")
you trust us with your information. Protecting your Personal Identifiable Information “PII” - the information
that identifies you as an individual - is important to you, so it is important to us. We are committed to your
contains information on how to prevent your personal information from being collected or shared by us when you
use our Digital Platforms. The Policy applies to all users of the Digital Platforms anywhere in the world. We
hope you read what follows carefully. If you have any questions regarding your privacy while using the Digital
Platforms, or have questions about our practices, please contact us via email at firstname.lastname@example.org.
2. Who is AmaWaterways?
AmaWaterways is the trading name of AmaWaterways Ltd, a company registered in England (company number 10184331).
AmaWaterways is a wholly owned subsidiary of AmaWaterways LLC.
3. Explaining the legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters for our marketing purposes
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you make a booking with us, we’ll collect your address details to deliver your documentation, and pass them to our courier
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your purchase history to ensure you have your past guest AmaWaterways Privilege Rewards applied to your future bookings. We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
4. When do we collect your personal data?
- When you order a brochure by phone or via our website
- When you request a quote by phone or via our website
- When you request information via our website
- When you enter prize draws or competitions
- When you contact us by any means with queries, complaints etc.
- When you book a holiday
- When you use our online check-in
- When you download or install one of our apps
5. What sort of personal data do we collect?
In order to fulfil our legal contract with you we collect your name, gender, date of birth, billing/delivery address, emergency contacts, dietary preference and medical requirements, email address and telephone number.
6. Why we need your personal details
When you book a holiday with us, request a brochure or sign up for email updates, we will use your personal details to ensure everything runs smoothly and we can be as helpful as possible. It means you won’t have to provide your details all over again if you have a question or need to contact us, saving you time and making it easier to follow up with us.
Additionally, when you book a holiday with us, we will need to ask for additional personal data which might include passport information, your date of birth, health details, personal data of the people you are travelling with and personal data of people who you nominate us to contact in case of emergency. We need this information to comply with our obligations in providing the holiday you’ve booked.
7. How we protect your personal data
We take the security of your personal data seriously, and use security policies, standards, technologies and ongoing training to safeguard the personal data we process from improper access, use, alteration, destruction and loss. Where we share your personal data with other companies, we require those companies to process your personal data to an equivalent level of security. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. All information you provide to us is stored on our secure servers. Security for all personal information is extremely important to us. We limit access to personal information to authorised employees and contractors who need to know that information in order to operate, develop, provide services within any of our Digital Platforms. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. Unfortunately, we cannot guarantee that data transmitted over the internet will always be secure. As a result, while we strive to protect your personal identifiable information, we cannot ensure or warrant the security of any information you transmit to us using the Digital Platforms and you do so at your own risk. Upon receipt of your transmission, we strive to ensure the security of that information in our systems.
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenized to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
8. Bookings Through Travel Agents
If you have booked with us through a travel agent, they may have separately asked for your permission for them to contact you. If you believe a travel agent is using your data in a way you have not consented to, you should contact the agent directly.
9. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
We retain PII for the period required for processing, and where we are under an obligation to do so, for example billing data is retained in accordance with financial records keeping requirements. We hold a basic record of guests’ cruise history (name and contact details, passport information, booking/cruise number, nights on board, class of travel) indefinitely for the purpose of maintaining our loyalty scheme. We will delete personal data we hold about you if you ask us to do so, except where certain exemptions apply
We may contact you for marketing purposes, including to tell you more about our services, share news or tell you about promotions from time to time. We’ll only send you marketing messages if you’ve opted in to receive them and you can update your preferences or opt out at any time via the preferences center, following the links in our emails or by sending us an e-mail at email@example.com. Even if you’ve opted out of marketing messages, we’ll still need to contact you in relation to your bookings with us.
10. How and why do we share your personal data
We will never sell your information to anyone
So that we can meet our obligations to you, such as send you a brochure you’ve requested, send your documentation or provide the holiday you’ve booked, we will pass your personal details onto our suppliers as we need to. This allows them to meet your requests, ensure you have a hassle-free holiday, and that they can get in touch if you need assistance.
We share personal data with other companies but we require those companies to process your personal data to an equivalent level of security as we do.
When we share your data with our business partners, we adopt the following policy in order to keep it safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- hey may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems
- Operational companies such as delivery couriers
- Direct marketing companies who help us manage our electronic communications with you
- Google Analytics who monitor our website traffic
11. What are your rights over your personal data?
Here is an overview of your different rights. You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- Deletion, for example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a Partner of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You have the right to request a copy of any information about you that AmaWaterways holds at any time, and also to
have that information corrected if it is inaccurate. To ask for your information,
please email firstname.lastname@example.org. To ask for your
information to be amended, please email email@example.com, or
contact our Customer Services team.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
You have the right to tell us you don’t want us to share your personal information with anyone - the Right to Restrict Processing under the GDPR. You should be aware that if you ask us to do this, we will not able to continue with any booking you hold with us, and our standard cancellation terms will apply.
12. How you can stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
- Write to Data Protection Officer, AmaWaterways Ltd, Abbots Place Suite B, Walnut Tree Close, Guildford, GU1 4RW.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated
13. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns
Version - PPV0518