Customer Privacy Notice
1. WHO WE ARE
Hibernia Line Unlimited Company (“Hibernia Line”, “we”, “us”, “our”) provides ferry transport services for individuals, families, businesses, and tour operators (the “Ferry Services”). This Privacy Notice explains how we process your personal data in connection with the provision of our Ferry Services and when you visit our website (the “Website”).
We are committed to protecting your personal data. It is important that you read this Privacy Notice so that you are aware of how and why we are using your personal data.
For the purposes of the General Data Protection Regulation (“GDPR”) and the Irish Data Protection Act 2018 (collectively referred to as “Data Protection Laws”), the data controller of your personal data is Hibernia Line. Hibernia Line is incorporated in Ireland having its registered address at Harbour View House, 8 Harbour Point Business Park, Little Island, Cork, Ireland. You can contact us by using the details in the Contact Us section at the end of this Privacy Notice.
2. TO WHO DOES THIS PRIVACY NOTICE APPLY?
This Privacy Notice applies to customers who use our Ferry Services, including customers who book travel with us; family members and/or other passengers included in bookings; business customers booking travel on behalf of employees; travel agencies and tour operators. This Privacy Notice also applies to Website visitors and individuals who contact us via our Website.
3. WHAT IS PERSONAL DATA?
Personal data is any information relating to a living individual that allows for the identification of that individual and may include a name, address, contact details, an identification number, IP address, details about an individual’s location or any other detail(s) specific to that individual.
In circumstances where Hibernia Line controls personal data by deciding why and how that personal data is processed, we will be a “data controller”. Any entity that processes personal data controlled by Hibernia Line and does so on behalf of Hibernia Line, is a “data processor”. Data processors may include third party service providers engaged by us. As required by the Data Protection Laws, when Hibernia Line appoints a data processor, we will ensure that appropriate contractual protections are in place.
4. PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
- Information you provide to us
We collect the following personal data provided by you:- Identity Data: Full name, date of birth, passport information, nationality, gender, drivers licence (if applicable).
- Account Login Details: [username, password].
- Contact Data: Email address, phone number, postal address.
- Booking and Travel Data: Travel itineraries and ticket details, vehicle information (if applicable).
- Visa Data: Information about visas you hold which grant you permission to enter your country of destination.
- CCTV Footage: Images collected from CCTV system on vessel or at port, date and time at which the footage was captured.
- Payment Data: Billing information, invoices, refunds, credits and transaction details.
- Customer Support Data: Support interactions, call recordings, customer emails, passenger contact history, booking edits.
- Special Assistance Data: Details of special assistance required or medical assistance requirements.
- Health Data: Details of medical incidents for which you seek assistance while travelling on one of our vessels.
- Technical Data: IP address, browser type and device information, website usage data.
- Pre-Booking Activity and Website Interaction Data: Search queries, pages viewed and booking selections, contact details entered during booking process, partially completed bookings, information entered into forms, contact details entered during booking process.
- Automatically Collected Data
Certain personal data is automatically collected from you for statistical and data analytics purposes when you use the Website, such as IP address, browser type and device information, Website usage data, URLs visited, cookie data, (as explained in our Cookie Notice [LINK]), Website pages accessed, previous website address from which you reached our Website, including any search terms used, browser sessions, access logs, process authentication events. - Personal Data Collected from Third Party Sources
Certain third parties may provide us with your personal data (including Identity Data, Contact Data and Booking and Travel Data) such as employers, customer support centre, travel agents and family members who make bookings on your behalf.
5. THE PURPOSES AND LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
The tables below set out how and why we process your personal data, the legal basis that supports this processing and the categories of personal data processed.
Managing your booking and our relationship with you
During your trip
| Purposes of Processing | Legal Basis | Personal Data |
| Embarkation check, establishing passenger count, identity recording, provision of passenger lists to port and national authorities | Legal obligation under Articles 5(1) and (2) of the Passenger Counting and Registration Directive 98/41/EC and Regulations 6(1) and (2) of Irish S.I. No. 677/2019 (European Union (registration of persons sailing on board passenger ships) regulations 2019) | Identity Data. |
| Protection of property and people – CCTV on board vessels in public spaces | Legitimate interest in protecting the vessel and physical property, fellow passengers and crew members. | CCTV Footage. |
| Management of events requiring medical treatment on board | Depending on the circumstances in which the incident comes to our attention on board, we process the personal data based either on your explicit consent or on the legal basis of safeguarding a person’s vital interests | Identity Data, Contact Data, Health Data, details and circumstances of incident. |
| To provide special assistance to passengers who require it when on board. | We only process this information when you explicitly consent to provide it to us.We are also under a legal obligation to provide special assistance to passengers who request it pursuant to Article 10 of the Regulation (EU) 1177/2010 concerning the rights of passengers when travelling by sea and inland waterway) | Special Assistance Data. |
Marketing Activities
| Purposes of processing | Legal Basis | Personal Data |
| Marketing Communications – to communicate with you in relation our offers. | Legitimate interests in marketing our goods and services to existing customers. | Identity Data, Contact Data |
| Newsletter and/or offer subscription | Consent | Identity Data, Contact Data |
| Management of customer satisfaction surveys | Legitimate interest in contacting our customers about their customer experience in relation to our services | Identity Data, Contact Data, opinions, data related to the booking or services received |
Website Use
| Purposes of processing | Legal Basis | Personal Data |
| To monitor traffic on the Website, ensure the Website is operating effectively and efficiently; and improve the Website. | We have a legitimate interest in analysing technical information to monitor traffic on our Website so that we can manage the Website’s capacity and efficiency. | Technical data. |
| Assess which parts of this site are most popular and to assess Website user behaviour and characteristics to measure interest in and use of the various areas of the Website. | [Consent] | Technical Data, Pre-Booking Activity and Website Interaction Data. |
| Cart abandonment and booking reminders – when you begin a booking but do not complete it, we may send a reminder email (where permitted by law to do so). | [Consent] Legitimate interests in conducting marketing activities, save in circumstances where consent is required. | Technical Data, Pre-Booking Activity and Website Interaction Data. |
| Website experience personalisation | [Consent] | Technical Data, Pre-Booking Activity and Website Interaction Data. |
6. WITH WHO DO WE SHARE YOUR PERSONAL DATA?
- Ferry and Travel Partners such as vessel operators, port authorities and customs and border agencies.
- Service Providers such as payment processors, IT and hosting providers, marketing databases and customer support service providers who perform tasks on our behalf.
- Professional advisors such as lawyers, accountants, auditors and other professionals whose services we engage in conducting our business.
- Potential Partners: In connection with mergers, acquisitions, restructuring or other similar corporate activity.
- Legal or Regulatory Authorities: We share your personal data with third parties in some scenarios such as if you violate applicable policies or laws. We may disclose such personal data, at our sole discretion, if we believe it is necessary or appropriate in connection with investigation, prevention or detection of a crime or fraud, IP infringement, piracy, other unlawful activity and / or to protect our rights or the rights of third parties and / or prevent physical and / or other harm and / or financial loss. We will also disclose personal data where we receive a legally binding request to disclose personal data from law enforcement or other bodies or where we have a legitimate interest in assisting law enforcement or other agencies in respect of an investigation.
7. TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
We may transfer your personal data to countries outside the European Economic Area (the “EEA”).
Where personal data is transferred outside of the EEA, Hibernia Line will ensure that appropriate safeguards are applied to the transfers in compliance with Data Protection Laws, such as the use of European Commission-approved standard contractual clauses, EU-U.S Data Privacy Framework or European Commission adequacy decisions.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will keep personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data is collected unless a longer retention period is required by law (e.g. for the purposes of satisfying any legal, accounting or reporting requirements) or for legal proceedings or investigations.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
9. HOW DO WE PROTECT YOUR PERSONAL DATA?
We implement appropriate technical and organisational measures in accordance with Data Protection Laws to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
10. YOUR PERSONAL DATA RIGHTS
Pursuant to Data Protection Laws, you have the right to exercise the following data subject rights, subject to limitations:
- Right of access
You have the right to obtain confirmation as to whether we process your personal data and, if so, to request access to that data. You also have the right to receive certain information about our processing activities (much of which is set out in this Privacy Notice). - Right to rectification
You have the right to request that we correct any inaccurate personal data concerning you and to have incomplete personal data completed. - Right to erasure
You have the right to request that we delete your personal data in certain circumstances, including where:- the personal data are no longer necessary for the purposes for which they were collected;
- you withdraw your consent (where processing is based on consent) and there is no other legal ground for processing;
- you object to processing which is based on our on legitimate interests and there are no overriding legitimate grounds for processing;
- the personal data have been unlawfully processed; or
- erasure is required to comply with a legal obligation.
This right is not absolute and only applies in certain circumstances. We may be required or permitted to retain your personal data notwithstanding a request for erasure.
- Right to restriction of processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, including where:- you contest the accuracy of the personal data (for the period necessary to verify accuracy);
- the processing is unlawful but you oppose erasure and request restriction instead;
- we no longer need the personal data but you require it for the establishment, exercise, or defence of legal claims; or
- you have objected to processing based on legitimate interests (pending verification of whether our legitimate grounds override yours).
- Right to data portability
Where we process your personal data by automated means on the basis of your consent or for the performance of a contract with you, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from us. Where technically feasible, you may request that we transmit your personal data directly to another controller. - Right to object
- You have the right to object at any time to our processing of your personal data where we process your personal data on the basis of our legitimate interests. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.
- You have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to such marketing.
- Automated decision-making
Hibernia Line does not engage in automated decision-making. - Right to Withdraw Consent
Where we process your personal data based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of your rights, please contact us using the details in the “Contact Us” section below. We may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it.
11. RIGHT TO LODGE A COMPLAINT
| By post, at: | Data Protection Commission 6 Pembroke Row Dublin 2 D02 X963 Ireland |
| By telephone by calling: | (01) 765 01 00 or 1800 437 437 |
| Via webform: | https://forms.dataprotection.ie/contact/ |
12. COOKIES AND TRACKING TECHNOLOGIES
Cookies are small text files that provide information regarding the device used by you when you visit a website. Cookies help our Website function properly and provide information about how you interact with the website. For more information on how we use cookies, please see our Cookie Policy here: [LINK].
13. THIRD PARTY LINKS
We may, from time-to-time, provide links to third party websites. In addition, third party websites may also provide links our Website. If you visit these third party websites, you should review their privacy and cookies policies to ensure you understand, and are comfortable with, their practices concerning your personal data. We are not responsible for the privacy policies and information protection practices of any third party website (whether or not such site is linked on or to the Website). Links to third party websites are provided only for your convenience, and you access them at your own risk. Please review the third party policies and notices before you browse their websites or submit any personal data to these websites.
14. UPDATES TO THIS PRIVACY NOTICE
Our personal data processing practices may evolve over time. We may update this Privacy Notice periodically and any updates will be made available, and where appropriate notified, to you.
15. CONTACT US
By email: customersupport@hibernia-line.com
By post: Hibernia Line Unlimited, Harbour View House, 8 Harbour Point Business Park, Little Island, Cork, Ireland