Privacy

In this Privacy Notice, also known as privacy policy, we explain how Explora Journeys collects and uses your personal data when you travel with us, visit our website, use our mobile app, or otherwise interact with us. Make sure to read the privacy notice carefully, which explains in detail the types of personal information we collect, how we collect it, what we may use it for and who we may share it with.

Without prejudice to your rights under applicable laws, this Privacy Notice is not contractual and does not form part of your contract with us.

1.     Who we are: Explora SA

Explora S.A., headquartered in Avenue Eugène-Pittard 16, 1206 Geneva, Switzerland, registered for tax purposes under number CHE-315.766.578, acting as data controller (hereinafter, the “Data Controller”, “Explora”, “we” or “us”), is committed to the fair processing of your personal data (“your data”). In order to provide you with a great experience, we collect personal data about you on different occasions, such as when you browse our company website, when you book a cruise, or when you make onboard purchases.

Given that we are based in Switzerland but provide our services globally to individuals also located within the EU/EEA, we have appointed MSC Procurement & Logistics SPA (Via Balleydier 7N 16149, Genova, Italy) as representative in the European Union.

Explora Journeys is committed to protecting and legally and ethically using personally identifiable information collected from former, current, and prospective guests, staff, business partners and their representatives, as well as all individuals who have provided information to us.

Accordingly, and as we are part of the MSC Cruises Group of companies, we appointed a Group Data Protection Officer (“DPO”). The DPO is available for any information regarding the processing of personal data carried out by Explora via dpo@explorajourneys.com. You can also send requests in writing; in that case, please specify “For the Attention of the Data Protection Officer” on the envelope.

Please note that when booking through a travel agency, they will complete your booking by entering the required data into our booking systems, acting as an autonomous data controller. This essentially means that the travel agency independently decides how to process your personal data for activities under its competence and is responsible for the processing and appropriate data protection measures. For details on the processing activities involving your personal data, please contact your local travel agency.

2.     What is personal data and what categories of personal data do we collect

Personal data means any information which identifies you or could be used to indirectly identify you, such as your name and contact details, your travel arrangements, purchase history and preferences.

When you use our services, you will need to provide us with your personal details and/or the details of those individual(s) who will be travelling.

In connection with the relevant processing activities described below, we process the following categories of personal data:

  • Identity and contact data (e.g., name, ID number, e-mail address, date of birth, age, gender, etc.);
  • Booking and travel information (e.g., booking number, specific packages associated with the booking, complaints, etc.);
  • Pictures (e.g., Security Picture taken prior embarkation, photos taken by our photographers onboard, etc.);
  • Recordings (e.g. Video and Audio recordings, such as phone calls to customer service, CCTV);
  • Preferences (e.g., information and inferences about purchases onboard, behavioral patterns, interests, etc.);
  • Financial and payment data (e.g., invoices, payment information, tax information for casino winnings, etc.);
  • Technical data related to online activity (e.g., IP address, connection logs to Wi-Fi, activity on our website, etc.);
  • Health data (e.g., special needs form, medical records/invoices, etc.);
  • Geolocation data (e.g., approximate location based on IP address);
  • Data about religious or philosophical beliefs (e.g., special needs form, and specific dietary needs that may indicate such beliefs, etc.).

3.     Why, when and how do we collect data about you or others

We collect personal data about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website or mobile application, or interact with us via email or by calling our contact center.

In addition, we may receive personal information about you from third parties, such as:

  • Companies contracted by us to provide services to you;
  • Companies involved in your travel plans, including airlines, and customs and immigration authorities;
  • Companies that participate in our loyalty schemes and other customer programs;
  • Companies that act as our third-party business partners with whom you have interacted and with whom you have consented to provide us with your data to receive marketing communications.

Please note that when you provide us with data about others (e.g., details of passengers travelling with you, emergency contact data, credit card information belonging to another person), such as a co-traveller or minor, we kindly inform you that it is your responsibility to ensure that such individuals have authorized you to do so and that they are aware and have understood and accepted how our company uses their information (as described in this Privacy Notice).

Below you will find the main purposes as to why your data is processed.

a.     Responding to your requests (via website, call center or e-mail)

You can submit your request regarding our activities and services through different channels (phone, e-mail, SMS, messaging systems, etc.). In order for us to respond to your request, we need to process your Identity and Contact data as well as the content of your query. Without this data, we cannot provide you with the requested information. This processing is carried out to take steps at your request prior to entering into a contract or to answer your request in the context of our cruises and services you purchased.

Additionally, using the different forms on the website, you can request to be contacted through different channels (phone, e-mail, SMS, messaging systems, etc.). In case you fill out our online request form for telephone contact:

  • We will contact you as per your preference on the date and time you have specified in the request form;
  • We will contact you on the following days as per the initial time slot indicated, if the call is not answered or the connection fails;
  • We will make a maximum of 3 attempts to contact you by phone if the call is not answered or the connection fails and, if none are successful, we will contact you by e-mail to inform you of our attempts, and invite you to make a new request if you still wish to be recontacted.

Please also note that if you contact us via our Explora Experience Centre (EEC), phone calls may be recorded for legal purposes where required by local regulations. In other cases, if the recording of the call is not mandatory under local laws, with your consent, the calls may be recorded for the protection and reproducibility of verbal commitments and may be cross-checked with other reservation data. The call recordings may also be processed based on our legitimate interest to meet quality assurance and training purposes. If the call is being recorded, you will be notified at the beginning of the call.

b.     Completing and handling the booking of a cruise (through our website, EEC, or travel agency)

To travel or stay onboard our ships, we need to process your Identity and contact data as well as Financial and payment information at the booking stage. We also register your Booking and travel information, such as date and port of embarkation and disembarkation, cabin type, cruise experience, as well as information regarding packages or other products and services purchased prior to the cruise.

We process this information in order to finalize your booking and issue the relevant ticket and travel instructions. In that regard, kindly note that we may also send you communications to provide you with the relevant documents and information, as well as to inform you about the necessary steps you need to take to prior to your trip.

Additionally, if you encounter any issues during the payment stage of your booking (i.e., technical problem or error with payment), we may contact you directly by phone within 24-48 hours of your attempt to finalize the booking to offer our support.

We process all the above data on the basis of our contract with you and to perform the activities prior to the purchase of our cruises and services.

You also need to provide information about valid travel documents and visas, where applicable. Additionally, some ports of call require the use of facial recognition technology to facilitate the validation of travel documents and you may be required to provide biometric data to embark or disembark at such ports. We process this information to comply with regulatory requirements in the ports of call, therefore on the basis of an existing legal obligation. Without such information, we will not be able to complete your travel arrangements.

c.     Accommodating your special needs

During the booking process, in some cases, you may provide information and documents containing Health data or Data about religious or philosophical beliefs (for example, food preferences that indicate the observance of a specific religion – such as kosher or halal food – or medical conditions requiring special attention onboard – such as disabilities, or celiac disease). We process this data on the basis of your informed and specific consent. It is not mandatory to provide this data, but please be informed that if you do not provide it, we will be unable to accommodate your needs onboard.

d.     Sending you marketing communications

With your consent, we may process your Identity and contact data, Booking and travel information, Preferences and Technical data related to online activity for marketing purposes, including to send you questionnaires/surveys, carry out market research as well as direct marketing via e-mail, SMS, ordinary mail, over the phone, through push notifications/pop-up banners, instant messaging, through an operator, through Explora’s official social media pages, as well as for marketing activities in the broad sense, including prize events, games and competitions, products and/or services related to our subsidiaries/ other companies of our group and our business partners (for example, tourist activities, airlines/transportation services, luxury brands, travel agency, insurance companies, etc.) and/or to other third-party products and/or services.

Additionally, as part of our efforts to provide you with relevant information and offers, we may also acquire the above personal data from our third-party business partners. This process involves receiving or accessing databases from our trusted partners to identify individuals who may be interested in our services and products and who have consented to have their data shared from these business partners to Explora.

Please, note that it is not mandatory to provide your consent to receive promotional messages and offers from us, or from third parties, but without it we will not be able to send you such communications that may be of interest to you.

Since the processing of your data for the purposes indicated above is based on your consent, you can withdraw this consent at any time by clicking on the “unsubscribe” link at the bottom of a marketing email received from us, by emailing us at the email address provided for in section 1 of this notice, replying STOP to any marketing SMS received from us, or through the private area on the website. Any consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

e.     Sending your personalized communications

With your consent, we may process your personal data by way of tracking your onboard purchases, your browsing activity on our application, or based on data collected from special programs carried out from time to time. We may use such data for analysis of your preferences, habits, behavior and/or interests in order to send you personalized commercial communications and carry out targeted promotional actions.

Since the processing of your data for the purposes indicated above is based on your specific consent, you can withdraw it at any time by emailing us at the email address provided for in section 1 of this notice or as per the dedicated consent management depending on the channel used (i.e. on our website or via app).

Additionally, only if you are based outside of the EU/EEA, specifically in the United States, and with your consent, we may also process your Identity and Contact data, Booking and Travel information, Preferences and Technical data related to online activity for marketing purposes which include promoting our products and services to third parties (for example, by improving the performance of our personalized advertising campaigns by targeting like-minded customers).  

We process your data for purposes indicated above by using both automated means, such as emails, text messages, advertising messages through social networks, etc. as well as non-automated means, such as ordinary mail, call from our operators, flyers in your cabin, etc. We personalise our communication by analysing your travel preferences, experiences, consumption habits and analysing market surveys in order to improve the range of services offered and send you communications that may be of interest for you.

Please also note that with your consent, we may carry out social media marketing activities. To target audiences that we believe may be interested in our offers and communications, we perform profiling activities that take into account the analysis of their interactions, preferences, and behaviour.

In addition, when you browse our Website, we use profiling cookies that can track some information about you, provided that you consent to our use of such cookies. We use this information to make the Website more intuitive and to suggest products or services that may be of interest to you. You can find more information about our use of cookie and other tracking technologies used on the Website below.

Before you board the cruise ship, we will also register your interest in receiving special personalised offers in your cabin. For example, if you are travelling with children, we will send you specific information about the events we organise for children on board.

Since the processing of your data for the purposes indicated above is based on your specific consent, please be informed that you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of our communications, if available, or by using the contact details provided in section 1 of this notice.

f.      Sending you information about similar products and services to the ones you already booked

When you give us your email address in the context of buying any of our products or services, we may use it to send you information about products or services that are similar or related to the ones you bought (including all the services and experiences you can buy and enjoy on board our ships during your cruise), unless you exercise your right to opt-out of receiving marketing communications from us at the time of booking, or later via the “unsubscribe” link within the footer of our email.

This data processing is carried out on the basis of our legitimate interest of informing you of similar or related products and services that we offer and that may enhance your cruise experience. You can obtain information about the balancing test upon request by using the contact email address provided in section 1 of this notice.

g.     Compliance with the applicable laws

When you provide personal data to Explora, we are obliged to process it in accordance with the applicable laws, which may include storing and reporting personal data to official authorities. Those activities include, for example the processing of personal data for compliance with tax and fiscal laws, or the tracking of boarding and disembarking from the ship by our guests and possible communication of such information to the authorities.

h.     Setting up and managing your Explora account on our website or mobile application

When you create an account on our website or mobile application, you can manage your booking by accessing your personal area when you log in. This will allow you, for instance, to do the check-in online or book or view reservations already made. For these purposes, we process your Identity and contact data, Booking and travel information, Preferences, as well as Technical data related to online activity.

Kindly note that the creation of an account for these purposes is entirely optional. We process your data for this purpose in the context of the performance of a contract to which you are a party or to perform activities prior to entering a contract with us.

i.      Performing the online check-in via your Explora account  

To enhance your check-in process, and to avoid queuing at the terminal, our website and application allow you to check in online. To do this, you will need to provide some information about yourself (and any travel companions) and your booking. For this purpose, we will require you to upload certain information to proceed, such as your Identity and contact data, Travel and booking information (i.e. passport, ID, relevant visas necessary to travel) and your Security picture.

We process this information on the basis of our contract with you as well as our legal obligation to collect the necessary travel information at the terminal and ports of call. Additionally, we also process your photo in this case to ensure onboard security of our passengers and crew members pursuant to our legitimate interest.

Once you successfully perform the online check-in, you will receive your travel information, such as your ticket as well as a QR code to be used when embarking on your booked cruise. This QR code will be scanned by our personnel in order to validate your ticket when boarding.

In any case, please be informed that it is not mandatory to perform the check-in online, and you can skip this step and proceed directly to the terminal and perform the check-in with our employees instead. 

j.      Onboard medical assistance

In case you visit our medical centre onboard, or have a doctor come to your cabin, we need to collect your Identity and contact data, Booking and travel information and Health data (symptoms, diagnosis, treatment, etc). We process your Health data in order to attend to your medical and safety needs on the basis of your consent.

Depending on the severity of the case, your data may also be collected for security and public health purposes. In case of a medical emergency, or the need to provide ashore medical assistance, we may have to disembark you to ensure that you are properly cared for at an appropriate facility.

Following the visit, we will keep a copy of your medical report for a period of 10 years for insurance and legal compliance purposes. 

Kindly note that you are not obligated to share all your personal data with us, however, without it, we will not be able to attend to your medical needs.

k.     Handling requests, complaints and comments

We keep track of the comments and complaints that you make on board and/or after disembarkation in order to adequately respond to your requests. We process this data in connection with our provision of services to you or based on our legitimate interest to protect the interests and rights of our company in case of litigation. You have the option of making an anonymous complaint or comment, but please be aware that in some cases, it will be impossible for us to follow up on the complaint or to provide assistance and support.

In addition, we can use the content of the request, complaint or comment to improve our services onboard. We limit as much as possible the use of data that may identify you personally in this case. This processing is carried out on the basis of our legitimate interests in developing our services in a way that ensures our guests have a pleasant experience onboard.

In the event of a refund request via our website, we will also process your Identity and contact data, Booking and travel information as well as Financial and payment data to approve and issue the refund once processed. We process this data on the basis of our contract with you, which will also be retained for the in order to comply with our legal obligations, such as for taxing and accounting purposes.

l.      Ensuring onboard security

We keep track of the people who are on board at all times in order to be able to ensure everyone’s security throughout the cruise and to handle crisis situations. We therefore record your Identity and contact data as well as your Booking and travel information, Security picture and Health data (information about special needs where provided, which may require specific assistance in case of emergencies).

We process these data on the basis of our legitimate interest to ensure public security and to manage potential crisis situations. Please note that the provision of data for this purpose is not mandatory, but if you refuse to provide this information, we may not be able to accommodate you onboard our cruises. 

Additionally, when you arrive at the check-in counter at the terminal prior to boarding your ship, you will be asked by our agent whether you have had a series of symptoms in the last 48 hours prior to embarkation in order to ensure everyone’s public health onboard. In the case where you have not had any of the listed symptoms, the agent will proceed with the check-in process. On the contrary, if you or a member on the same booking has had any of the listed symptoms, you will be directed to a designed private area to be assessed by our medical staff. After a secondary screening, the medical staff will approve or deny your boarding. In the instance of the latter, you will be denied boarding due to medical reasons.

We will process your Health data for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health. Kindly note that the provision of data for this purpose is not mandatory, but if you refuse to provide this information, we may not be able to accommodate you on board our cruises due to security reasons. 

Finally, we process some of your personal data with regard to fraud prevention/detection and security purposes. In this case, we rely on our legitimate interest in preventing and detecting fraud to our own detriment.

As the security onboard our cruises is entrusted to our group company located in the UK, as shipowner, we hereby inform you that the data controller for the above-mentioned activities is MSC Cruise Management (UK) Ltd, 5 Roundwood Avenue, London, and the data processor is Explora. This practically means that decisions on how your personal data is processed to ensure security onboard are taken by the shipowner, MSC Cruise Management (UK).

m.    Loyalty Program

If you have previously travelled with another company within our group, such as MSC Cruises, we may, in accordance with our legitimate business interest, cross-check our company’s bookings with MSC Cruises' records. This allows us to enrich Explora's database with information about MSC loyalty members and top-tier guests. Our aim is to improve our understanding of our clients and ensure that they are guaranteed a more luxurious experience.

Please note that MSC Cruises will not keep a record of your personal data for other purposes other than as laid down herein. In any case, to learn more about the processing activities of MSC Cruises, you can access their Privacy Notice here.

n.     Casino

When you play in the onboard casino, we process you Identity and contact details as well as information of your play and spending in onboard casinos (including amount spent, loyalty reward details, points acquired and gaming patterns) if you decide to register. Otherwise, you can proceed to playing with cash without registration, and thus we will not process your Identity and contact data.

Please also note that in addition to the installation of CCTV cameras on the ship for the purposes outlined under letter ‘o’ below, these cameras are also set up in the casino to ensure the integrity of the game and prevent against fraud.

Moreover, kindly be informed that in case you wish to be distanced from the casino (for instance due to gambling addictions), you can sign a self-declaration form to enable our crew to identify you and do their best to prevent you from accessing the casino. The provision of this data is based on your consent and is entirely optional.

o.     CCTV related data processing activities

We use closed circuit television (“CCTV”) onboard our ships, including at all access points and in all public areas. These CCTV cameras are continuously on and thus, images of you may appear in these recordings. CCTV footage may include sound recordings as well. We perform this activity based on our legitimate interest and use this information for security purposes to recognize, identify and maintain records of incidents, facilitate investigations and remedies, to protect our rights and the rights of our guests, to enable public health measures, to prevent and detect fraud or to comply with other legal or regulatory requirements. As all our ships are equipped with CCTV cameras, the processing of your data for the above purposes is not optional.

Additionally, in the event of a security incident, the security officers shall gather all evidence from the guests and crew involved to draft a report. If you are a witness, suspect or a victim during an incident, please note that the provision of your statement is not mandatory.

In the event of such incident, where CCTV footage is available, the footage may be extracted and can be stored for up to 5 years, and longer if necessary, depending on the circumstances of the specific case (for instance, due to investigation by authorities).

Where CCTV footage/ recordings are not extracted or used, they are only stored for up to 30 days of the date of recording.

p.     Disciplinary and precautionary measures

Please note that we have the authority to deny embarkation or order disembarkation of a passenger whose presence onboard may be considered as a potential danger to themselves and/or other passengers and/or the ship, or when their behaviour may affect or compromise the comfort and enjoyment of other passengers onboard. To handle such cases, we may process data necessary for this purpose, including Identity and contact information, Booking and travel information, Security pictures, as well as information about the cause of the measure on the basis of contract with the relevant passenger and our legitimate interest.

As the security onboard our cruises is entrusted to our group company located in the UK, as shipowner, we hereby inform you that the data controller for the above-mentioned activities is MSC Cruise Management (UK) Ltd, 5 Roundwood Avenue, London, and the data processor is Explora. This practically means that decisions on how your personal data is processed to ensure security onboard are taken by the shipowner, MSC Cruise Management (UK).

q.     Additional data processing activities onboard

Some additional information about you may be collected during the cruise on paperback forms in order to enable you to participate in specific activities (for example, the gym or the spa) or to handle the request of specific packages. The data processed varies depending to the specific activity onboard, however, we make sure to only collect the data strictly necessary to achieve the specific purposes. Please refer to the onboard forms given to you prior to your participation in such activities for further details.

4.     How long we store the data

In accordance with the principle of storage limitation, the personal data that we collect is kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which personal data are collected and processed in each specific case, and in any case no longer than as specified by the relevant applicable laws.

Generally, information relating to the booked services and the contractual relationship that we have with you will be kept for a period no longer than 10 years.

Personal data collected based on your consent, specifically for the purposes of sending marketing and profiling communications will be retained until you withdraw your consent and, in any case, not longer than 7 years from the withdrawal of this consent.

In cases where the retention period is not specifically stated above, we have defined a Corporate Data Retention Policy which outlines the timeframe for data processing, at the conclusion of which all copies of personal data are either destroyed or anonymized using appropriate techniques that prevent the re-identification of the individual in question.

For more information on Explora’s personal data retention periods and the criteria adopted in determining these periods, please contact our DPO at the email address set out in Section 1.

5.     Categories of data recipients and personal data transfer

We store your personal data on servers located in Frankfurt. We may transfer personal data to MSC Cruises Group’s companies, or other reputable third-party organizations situated inside or outside Switzerland. Your personal data may also be shared with recipients who are located outside the European Union or the European Economic Area. For all these cases, Explora S.A. ensures that your personal data are transferred to these recipients in accordance with the applicable data protection law. Indeed, transfers can be based on an adequacy decision, the Standard Contractual Clauses approved by the European Commission or another legal transfer mechanism depending on the applicable law.

To ensure greater transparency, we have provided a list below of the main categories of recipients with whom your personal data may be shared:

a.     Companies of our group

 

Depending on the country where the booking is made from, and to provide you with specific services, we share information about you with the companies of our group. All companies are processing the personal data in compliance with the applicable data protection laws.

 

Depending on the country where the booking is made from, your personal data could be processed by one of the companies of our group, acting as data processors upon instructions from the data controller. The companies of the MSC Cruises group that process personal data of European passengers are: MSC Cruises S.A., MSC Crociere S.p.A., MSC Cruise Management UK Ltd, MSC Cruises UK Ltd, MSC Procurement & Logistics Division Spa, MSC Kreuzfahrten AG, MSC Cruises Belgium NV, MSC Cruises Scandinavia AB, MSC Kreuzfahrten (Austria) GmbH, MSC Netherlands B.V., MSC Cruises Ltd – Cyprus, Mediterranean Shipping Cruises Cruceros Sau and MSC Kreuzfahrten GmbH.

 

In limited cases, the above-mentioned companies could act as data controllers in relation to a specific data processing activity (for example, in the case of security onboard our ships as described in this notice). In such cases, we will provide you with a separate privacy information notice in relation to that specific activity.

 

b.     Commercial partners

 

Some services that you book with us are provided by our commercial partners. For example, shore excursions or experiences may be provided by local tour guides that have been carefully selected by Explora for their knowledge and experience. In some cases, we need to communicate your data to such partners. However, rest assured that we only share the data that is strictly necessary, and we have established agreements with our commercial partners to ensure that the shared data is used exclusively for fulfilling your request. In cases where these commercial partners act as autonomous data controllers, we recommend consulting their specific privacy policies for comprehensive information on how they process your personal data.

Our commercial partners operate in the following industries:

  • Tourism (e.g. tour operators, local tour guides);
  • Transportation services (e.g. bus, train, airplane or other means of transportation depending on type of service required on a case-by-case basis);
  • Insurance companies (e.g. when there is a need to activate your insurance package during a cruise);
  • Restaurants and shops (e.g. where you sign up for a lunch, dinner or for special offers); in some cases, where lunch/dinner is included in a package offered by us and provided by one of our commercial partners, we communicate data about allergies or food preferences that may reveal health information about you. We take utmost care to only reveal your identity when this is strictly necessary and, where possible, we work with anonymous data.
  • Service providers (such as IT service providers, consultants, etc.), including persons authorized to process the personal data needed to carry out activities strictly related to the provision of the services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
  • Only if you are based in the United States, we may also share your personal data with marketing partners (e.g., advertising platforms such as Google, Facebook, and Instagram, and third-party marketing agencies).

 

c.     Data sharing with port agents and authorities

As a travel operator, we need to share some information about our passengers with local port agents and authorities for immigration purposes. The sharing of data with these agents and authorities can trigger the transfer of data outside the EU/EEA if these entities are based abroad, outside the EU/EEA. These data are shared and transferred based on the legal obligation that MSC Cruises has in relation to the provision of information to the relevant authorities, and only the strictly necessary data is communicated.

6.     Your data subject rights

The applicable data protection law provides for enhanced rights and Explora is committed to giving you the appropriate control of your own personal data.

Please be aware that you can only exercise this right in relation to your own data or to the data of a minor or another vulnerable person, where you evidence of parental authority or legal responsibility. Explora reserves the right to ask for proof of identity, as well as refuse to provide the personal data if the identity or relevant connection to the data subject cannot be proven.

In particular, you have the following rights in connection to your personal data:

a.     The right to access your personal data and obtain specific information about how we process it.

b.     The right to rectify your personal data, including by means of providing a supplementary statement.

c.     The right to obtain the erasure of personal data concerning you, unless the data are necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which Explora is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; for reasons of public interest in the area of public health, or for the establishment, exercise or defense of legal claims.

d.     The right to obtain the restriction of the processing of your personal data. This right may be exercised in the following cases:

o   Temporary restriction, where you are contesting the accuracy of the personal data; in this case, we will restrict the processing of your data for a period enabling us to verify the accuracy of your data and we will provide feedback to you as to the lifting of the restriction;

o   The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;

o   Explora no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims;

o   Where you have objected to processing, it will be restricted pending the verification of whether our legitimate grounds override your rights as data subject.

e.     The right to data portability. You may exercise this right in those cases where the processing is based on your consent or on your contractual relationship with Explora, and the processing is carried out by automated means.

f.      The right to object, at any time, to the processing of the personal data concerning you. You may exercise this right where the processing is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or where the processing is based on our legitimate interests.

g.     The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which similarly significantly affects you. You may exercise this right unless the processing is necessary for entering into, or performance of, a contract between you and Explora, or one of the companies of our group; or if authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or if the processing is based on the your explicit consent.

h.     The right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Please find the list of all European Data Protection Supervisory Authorities at the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

To exercise your data subject rights, you can send your request to the Data Controller at the e-mail address dpo@explorajourneys.com.

Requests may also be sent in writing to Explora S.A., Avenue Eugène-Pittard 16, Geneva, Switzerland; in that case, please specify “For the Attention of the Data Protection Officer” on the envelope.

7.     Website Cookies and other Tracking Technologies

Cookies are small text files that the websites visited send to you and store on your computer or mobile device, and which will be returned to these same websites on each new visit. Thanks to these cookies, the website remembers your actions and preferences (for example connection data, preferred language, font dimensions, other display settings, etc.) so that you do not have to need to specify them again when you return to the website.

Cookies are used for electronic authentication, session tracking and the storage of information on the activities of users visiting the website. They may also contain a unique identifier allowing a system to monitor your browsing activities on the website, for statistical or advertising purposes. When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).

There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.

According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical cookies” – i.e., cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).

On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.

The website uses the following types of cookies:

·       Technical cookies, which are strictly necessary for the website’s operation, and/or to allow you to use the website’s content and Services;

·       Analytics cookies, which allow for the understanding of how users make use of the website, and to track traffic to and from the website.

·       Marketing/ profiling cookies, which are used to send advertisement content or to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites.

To view the full list of cookies placed on our website, pleaser refer to the table under Annex I.

Pixels” are small pieces of code embedded on a website that allows website owners and third parties to track user behavior and gather information about how users interact with the website. Pixels can track actions such as page views, clicks, and other related activities and are often used for personalized ads and website analytics.

We may use pixels on the Website to associate personal data with your device or IP address and to track and measure your engagement with the Website, our mobile apps, and/or personalized ads.

For example, the Website and mobile app utilize Meta Pixel, which allows us to track and analyze the effectiveness of our advertising campaigns on Facebook and Instagram. This pixel enables us to measure the success of our advertisements by understanding the actions users take on our Website or app after viewing our Facebook and Instagram ads. The data collected through the Meta Pixel may be used for marketing and analytical purposes to enhance our understanding of user preferences and to improve our advertising strategies. You can manage Meta Pixel data sharing settings within the Settings section of Facebook and Instagram.

8.     Policy Regarding Children’s Information

Our privacy practices and this Privacy Notice are designed to comply with the laws governing the collection, use, disclosure, and retention of the personal data of children, such as the Children's Online Privacy Protection Act (COPPA) applicable to residents within the United States. We do not knowingly collect personal information from children without verifiable parental consent.

Parental Consent and Control

As detailed in this Privacy Notice, we collect certain information about minor passengers (“Children’s Information”) in order to provide our cruises and related services.  However, with the exception of video and audio recordings and biometric data that are collected from all passengers on the ship (e.g., CCTV footage, use of facial recognition technology at embarkation and debarkation in certain ports), we do not collect personal data directly from children.  Instead, we collect Children’s Information when the parent or legal guardian (in each case, the “parent”) provides it directly to us. For example, our Website and mobile app (“App”) is not directed to children and only users who are the age of majority may use the Website or App or create Bookings.

We never collect Children’s Information before obtaining verifiable parental consent. We obtain parental consent when a parent acknowledges the terms of this Privacy Notice, completes a form or waiver for the child, and/or when a parent voluntarily communicates information about the child to us, such as when speaking with our customer service agents. To the extent we process Children’s Information, we do so for the purposes described in the consent request and to provide the requested services.

Data Collected

As detailed above in this Privacy Notice, we collect certain data about minor passengers in order to provide our cruises and related services to them and their parents and to maintain security on our ships. The categories of personal data collected include:

•                Identity and contact data—specifically, contact information (name and age of child and parent’s contact and account information) and government-issued identification;

•                Booking and travel Information—specifically, transaction information (parent’s cabin assignment, and information related to kids club, teen club, onboard activities, and offshore excursions for which the parent registers the child);

•                Data about religious or philosophical beliefs—specifically, protected class information communicated to us by the parent regarding the child, such as dietary accommodations the child may require;

•                Pictures and video and audio recordings—specifically, CCTV footage and photographs captured featuring the child, or photographs taken or provided by the parent during check-in;

•                Health data—specifically, health data expressly communicated by the parent to us, such as the child’s food allergies;

•                Geolocation—specifically, precise geolocation data collected and shared with the parent when the parent enrolls the child in our Kids Club.

Purpose of Data Collection

Children’s Information is collected and used for business purposes—specifically, the business purposes identified in this Privacy Notice. Our use of Children’s Information is limited to what is necessary to supply the specific good or service for which the data was collected.  We do not use Children’s Information for commercial purposes or in conjunction with personalized ads.

Data Security Measures

We have implemented industry-standard security measures to protect the confidentiality, security, and integrity of the Children’s Information collected, stored, and processed.

Third-Party Disclosure

Children’s Information is disclosed to Third Parties as identified in this Privacy Notice. Our disclosure of Children’s Information to Third Parties is limited to what is necessary to fulfill the business purpose for which the data was collected.

Parent Rights

Parents can exercise the same rights applicable in section 6 with regards to their children. If you are based in the United States, please refer to section 12 for sectoral specific laws and which rights are applicable to you as a parent or legal guardian of the child.

Contact Information

If you have reason to believe that we have collected personal data from a child in connection with our cruises and services without adequate involvement from the child’s parent or guardian, please let us know by contacting us via the methods described in this Privacy Notice.

9.     Additional Disclosure Requirements Applicable to United States Residents

A.      Financial Incentives

We may offer incentives related to the collection, retention, or sharing of personal data that may be deemed a “financial incentive” or “price or service difference.” For example, we may offer you a coupon or promo code in exchange for signing up to receive marketing emails or text messages from us.  The perks of membership in our Pioneers by Explora Journeys loyalty program may also be considered a financial incentive under some privacy laws. If you opt in to such an offering pursuant to the terms described at the time of signup, we may collect information such as contact information, transactional information and inferences, internet or other network activity, and device information.

Participating in any of our financial incentive programs is always optional and you can opt-out (e.g., by unsubscribing to email or closing your Pioneers by Explora Journeys account). When you do so, you will forego any additional financial incentives through these programs.

Any difference in price or rate, such as a discount, will be directly related to the value of the data. We estimate the value of the data by considering the time and cost associated with procuring such data versus the expenses related to the provision of the financial incentive. From time to time, we may provide additional terms that apply to a particular financial incentive, which will be presented to you at the time you sign up for the financial incentive.

B.      Sale of Personal data

Explora Journeys does not sell personal data.

As discussed above, Explora Journeys participates in targeted advertising or personalized ads, which is also called interest-based or online behavioral advertising and may include cross-contextual advertising.  Under some privacy legislation, personalized ads may constitute the “sale” or “sharing” of personal data, such as for business purposes (e.g., providing our cruises and related services) and commercial purposes (e.g., marketing). To opt out of these practices, please see the section above about revoking consent or visit our Do Not Sell or Share My Personal Information page.

C.      Tracking and Privacy Controls

Our Website does not currently respond to Do Not Track, or “DNT” requests. DNT is a feature that, when enabled, sends a signal to websites to request that your browsing not be tracked.

"GPC” is short for Global Privacy Control settings in your browser or extension. Our Website recognizes GPC signals. This means that if your browser has GPC enabled, our Website will automatically recognize your GPC signal and opt you out of the sale of your personal information, if any. For more information about GPC, please click here: https://globalprivacycontrol.org/.

D.      Jurisdiction-Specific Rights

In addition to the privacy rights set forth in Section 6 of this Privacy Notice, if you are a resident of any of the following jurisdictions within the United States, the corresponding privacy rights apply to you:

For California Residents

The “right to access” includes the right to request the following:

•                what personal data we have collected, used, disclosed and “sold” about you, including the categories of personal data;

•                the categories of sources from which the personal data is collected;

•                the business or commercial purpose(s) for collecting, selling, or sharing personal data;

•                the categories of Third Parties to which personal data has been disclosed;

•                the specific pieces of personal data we have collected about you.

Please note that we are only required to honor “right to access” requests twice in a 12-month period.

The “right to rectify” includes the right to correct inaccuracies, considering the nature of the personal data and the purposes of the processing.

The “right to obtain erasure” is not absolute and we will, in some cases, retain personal data as allowed by applicable laws and to support essential functionality, such as maintaining your subscription.

You may also designate an authorized agent to make a privacy rights request on your behalf.

In addition, California law requires us to identify, for the 12-month period prior to the date of this Privacy Notice, what information we may have “sold” or “shared” about you. For the 12-month period prior to the date of this Privacy Notice, we have only sold or shared personal data about customers as expressly described in this Privacy Notice.

The Shine the Light law permits you to request and obtain from us, once per calendar year, information about any of your personal data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us as described in Section 1.

For Virginia, Colorado, Connecticut, and Utah Residents

The “right to access” means you have the right to confirm whether we process your personal data and access your personal data. 

Please note that we are only required to honor “right to access” requests twice in a 12-month period.

The “right to rectify” includes the right to correct inaccuracies, considering the nature of the personal data and the purposes of the processing.

The “right to obtain erasure” is not absolute and we will, in some cases, retain personal data as allowed by applicable laws and to support essential functionality, such as maintaining your subscription.

You have the right to opt out of the processing of your personal data for purposes of personalized advertising, the sale of personal data, and/or profiling in furtherance of decisions that produce legal or similarly significant effects. Please see our Do Not Sell or Share My Personal Information page for information on exercising this right.

Please note that we do not process your personal data using machine learning and/or profiling methods in ways that would impact you in a legal or similarly significant manner.

If we deny your privacy request, you have the right to appeal our decision. To appeal a decision, we have made regarding your request, you may contact us as instructed below. We will respond to appeals within 45 days.

You may also designate an authorized agent to make a privacy rights request on your behalf.

10.  Changes to this Information Notice

We reserve the right to update, modify, add or remove portions of this information notice at any time. In such case, we will post the reviewed Information Notice on this page; the date of the “Last update” will also be changed below and a banner will be displayed on the website to draw your attention to the fact that changes have been made.

Each version of the information notice takes effect from the moment it is published on the website. Significant changes to the processing of your personal data will require your acknowledgment, in accordance with the applicable legislation.

You are responsible for reviewing this document from time to time in order to make sure that you are aware of the current version. If you would like to obtain a prior version of the information notice, please contact us using our contact details provided in Section 1 of this Notice.

11.  Contact Us

Explora is fully committed to ensuring that your privacy is respected at all times and that the personal data processing put in place is compliant with the applicable data protection legislation. If you have any doubts or questions about the data processing carried out by us, please contact us using our contact details provided in section 1 of this notice. 

Annex I - Types of Cookies Used by our Website

Name

Provider

Purpose and *legal basis

Expiry

Type

Technical, analytical, marketing/profiling

AWSALB

Amazon Web Service

Load Balancing Stickiness

1 week

cookie

technical cookie for AWS balancer stickiness

AWSALBCORS

Amazon Web Service

Load Balancing Stickiness

1 week

cookie

technical cookie for AWS balancer stickiness

JSESSIONID

Seaware

Java Session Manager (Okta Session)

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

JSESSIONID

Seaware

Java Session Manager (Seaware CMS)

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

JSESSIONID

Seaware

Java Session Manager (Seaware Touch)

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

Max-Age

Seaware

Seaware Session Settings

Session

cookie

Technical Cookie

SW_SESSION_EXP

Seaware

Seaware Session Settings

1 week

cookie

Technical Cookie

SW_SESSION_ID

Seaware

Seaware Session Settings

1 week

cookie

Technical Cookie

locale

Seaware

Seaware Session Settings

Session

cookie

Technical Cookie

AWSALB

Amazon Web Service

Load Balancing Stickiness

1 week

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

AWSALBCORS

Amazon Web Service

Load Balancing Stickiness

1 week

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

JSESSIONID

Seaware

Java Session Manager

Session

cookie

Technical Cookie

login-token

Adobe Experience Manager

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

okta-login

Adobe Experience Manager

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

okta-oauth-nonce

Adobe Experience Manager

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

okta-oauth-redirect-params

Adobe Experience Manager

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

okta-oauth-state

Adobe Experience Manager

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

okta-access-token

Seaware

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

okta-session-id

Seaware

Okta Session Settings

Session

cookie

Technical Cookie to track login/logout status with Okta Identity Provider

AMCV_#

Adobe TagManager

The following attributes of the cookie set by the ID service.

1 year

cookie

Analytical

ar_debug

Teads France SAS

Checks whether a technical debugger-cookie is present.

Session

cookie

Marketing/profiling

b2b-active-country

Adobe Experience Manager

The cookie stores a country code (e.g. "FR" for France, "DE" for Germany) which is used to determine what content to display.

10 months

cookie

Technical Cookie

_cs_c

ContentSquare

Stores Session Replay data

30 minutes

cookie

Analytical

_cs_cvars

ContentSquare

Stores custom session variables encoded in URL format.

Deleted immediately

cookie

Marketing/profiling

_cs_id

ContentSquare

Stores technical user data

13 months

cookie

Marketing/profiling

_cs_root-domain

ContentSquare

Stores the main domain of the site encoded in URI format.

Deleted immediately

cookie

Marketing/profiling

_cs_s

ContentSquare

Data Storage for Session Replay

30 minutes

cookie

Marketing/profiling

_cs_same_site

ContentSquare

Checks if the browser supports the SameSite flag

Deleted immediately

cookie

Marketing/profiling

demdex

Adobe Experience Manager

Audience Manager sets this cookie to assign a unique ID to a site visitor. The demdex cookie helps Audience Manger perform basic functions, such as visitor identification, ID synchronization, segmentation, modeling, reporting, and so on.

180 days

cookie

Marketing/profiling

didomi_token

Didomi

Track cookie consent and preferences

1 year

cookie

Technical Cookie

euconsent

Didomi

Technical Cookie for remembering the cookie policy banner options selection

1 year

cookie

Technical Cookie

_fbp

Facebook

This cookie is set by META for the purpose of advertisement and analytics.

90 days

cookie

Marketing/profiling

_ga

Google Analytics

Google analytics - used to distinguish users.

13 months

cookie

Analytical

_gcl_au

Google Tag Manager

Analytics - Cookies used for analytics help collect data that allows services to understand how users interact with a particular service. These insights allow services both to improve content and to build better features that improve the userÕs experience. 

90 days

cookie

Analytical

__gtm_referrer

Google Tag Manager

Stores URL attributes

13 months

cookie

Analytical

IDE

Google Advertising Products

Advertising - Campaign Manager, Display & Video 360, Google Ad Manager, Google Analytics, Search Ads 360

13 months

cookie

Marketing/profiling

kndctr_xx_Adobe

Adobe TagManager

The identity cookie stores the ECID, as well as other information related to the ECID.

395 days

cookie

Analytical

tfpsi

Teads France SAS

It allows correlating all events of a user to form a session

30 minutes

cookie

Marketing/profiling

viewer-country

Adobe Experience Manager

Country selection storage

Session

cookie

Technical Cookie

XSRF-TOKEN

Approach Guides

XSRF-TOKEN, security cookie to prevent the theft of data on forms - XSRF) lifespan of the cookie: limited to 60 minutes. This is a purely technical cookie which does not require obtaining consent from the Site User.

1 hour

cookie

Technical Cookie

 

Last updated on 15 November 2024.