Privacy Policy

Privacy Statement & Cookie Policy

Introduction

The Sovereign Cruise Club Limited is a limited company incorporated in England & Wales with registration number 3600781 and whose registered office address is at 14 Diddenham Court, Grazeley, Reading, RG7 1JQ.

Sovereign Cruise Club take data protection very seriously, we are aware of our obligations under the General Data Protection Regulation and will look at minimisation opportunities and ways to limit the processing of your data where feasible. Confidentiality is very important and at the very core of our business.

What information do we obtain from you?

Essentially, we will require such information as is necessary to enable us to provide you with the booking service you require. The information we process will include personal data and although unlikely to include special category personal data (also known as sensitive personal data), such data may be necessary given the nature of the booking service you seek for your party and yourself and it may be held by us in a paper and/or electronic format.

The information we process that is provided by you direct may include the following as well as any other information type that we expressly ask you to enter and submit to us:

• Contact information, such as your name, email address, mailing address and telephone number (including mobile telephone numbers and emergency contact information and passport/visas/immigration details);
• Payment information, such as a credit or debit card number;
• Comments and feedback;
• Communication preferences.
• The information collected automatically from you when you visit our website include:
• Internet Protocol (“IP”) address used to connect your computer to the Internet;
• Computer, device and connection information, such as browser type and version, operating system, mobile platform and unique device identifier (“UDID”) and other technical identifiers;
• Uniform Resource Locator (“URL”) click stream data, including date and time, and content you viewed or searched for on a Service;
• Location information for location-aware Services to provide you with more relevant content for where you are in the world.
• We may use and disclose automatically collected information for any purpose, except where we are restricted by applicable law. If we combine any automatically collected information with personal information, the combined information will be treated by us as personal data.
• We may also use aggregated information for any purpose, however, this information does not identify specific individuals and so is not personal data.

Processing (handling/holding) your personal data

The legal basis for processing your personal data depends on the circumstances. The basis may be:

• you have given your consent to the processing of your personal data; or
• the processing is necessary to perform a contract you have entered into. For instance, where you have entered into a contract for a holiday service or wish us as your agent to do so on your behalf, we and/or the service provider will invariably require your and your party's personal data;
• the processing may be necessary for the purposes of the legitimate interests pursued by us. In these circumstances the legitimate interests could be the interest a travel company has in providing travel and related services to consumers.

What do we do with your information?

Our use of your personal data is subject to your instructions, the General Data Protection Regulation (GDPR) , the Data Protection Act, 2018 and any replacement data protection legislation in force in the United Kingdom and our duty of confidentiality owed to you as our customer.
We use the information you provide primarily to provide travel and related services to you including:

• to complete and fulfil a booking;
• to modify and improve our services; and
• to facilitate your travel abroad;
• However, we may also use it for other purposes including:
• for data analysis, audits, developing new products and services, identify usage trends and assess the effectiveness of our promotional campaigns;
• to prevent and detect security threats, criminal activity or other malicious activity;
• obtaining satisfaction of our invoices using a third party service provider;
• updating and enhancing client records;
• analysis to help us manage our company;
• the development and/or maintenance of a database to be used as a service to those customers who have indicated that they want us to include them on our database for newsletters and e-mail communications relating to our services. No sensitive personal data will be used or retained during this exercise.
• call recording - your information will be kept confidential, at all times, but may be used in the monitoring of telephone conversations to ensure service level standards are maintained and to aid dispute resolution in the event of a complaint. Your information may also be used for training purposes. We will ensure that you cannot be identified from the training material which is used;
• external auditing, the management of complaints and training; these aspects may be undertaken by a third party, but it will be on a strictly confidential basis and we will ensure that access to your data is controlled;
• to comply with our legal and regulatory obligations;
• contacting you for the purpose of investigating opportunities for further processing or consent.

If you no longer want to receive information from us

If you no longer wish us to communicate with you please write to The Sovereign Cruise Club with the subject heading “No more contact” at The Sovereign Cruise Club, 14 Diddenham Court, Grazeley, Reading, RG7 1JQ or by emailing us at info@sovereigncruise.co.uk.

Transfer and sharing of your information

Under no circumstances will we sell your personal data to a third party. We will, however, share certain personal data with other service providers as part of the booking service being provided to you, e.g. cruise operators, associated providers and agents.

However, in the event of our insolvency we, or any appointed insolvency practitioner, may disclose your personal information to the Civil Aviation Authority (CAA), and/or the Association of British Travel Agents (ABTA) so that they can assess the status of your booking and advise you on the appropriate course of action under any scheme of financial protection. The CAA‘s General Privacy Notice is at https://www.caa.co.uk/Our-work/About-us/General-privacy-notice/ ABTA’s Privacy Notice is at https://www.abta.com/privacy-notice.

We will not transfer your personal data abroad without your explicit prior consent unless the booking you make, or require us to make for you, is based outside the UK. However, please be aware that countries outside the EEA will have different laws relating to the protection of personal data to that provided in the UK under the GDPR.

We will always ensure that we have appropriate contractual terms in place with all our Suppliers that comply with the General Data Protection Regulation.

Security

We have robust information security management systems in place to ensure the safety, security, integrity and confidentiality of your personal data; we use a variety of data security measures intended to ensure the safety, security, integrity and confidentiality of your personal data. We are familiar with and shall at all times comply with the GDPR and other applicable data protection legislation.

Our IT systems, containing customer data, have rigorously audited technical controls to ensure the confidentiality and integrity of all information is maintained at all times. As a requisite of our Plastic Card Industry (PCI) Compliance, Vulnerability Testing and Penetration Testing is performed regularly by independent Third Parties.

A multiple firewall configuration is maintained in order to protect the network. The outer firewall protects the network from internet attack and the inner firewall segments the network for all devices within PCI scope.

Our website is hosted off site and therefore is not connected to our Network.

Direct client access to our database is not permitted. Client booking information and customer data recall is via an external web server using strict security control.

We maintain full security against virus and Malware attack using the latest Norton 360 Anti-Virus software deployed across our network.

Cookies

Cookies are text files placed on your computer to collect standard internet and visitor behaviour information. The information is used to track visitor use of our website and for statistics compiled on website activity. For more information visit: www.allaboutcookies.org .

Data Protection Regulator, Complaints Handling and Modern Slavery Statement

You may complain about our conduct in relation to data protection matters to the regulator of data protection in the UK, The Information Commissioner, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephoning them on 0303 123 1113.

External Links

www.sovereigncruise.co.uk features links to other websites - including the links on our ‘Cruise Lines’ page. This privacy policy applies only to our website. When clicking through to another website we strongly recommend reading its Privacy Policy especially as the way in which information may be collected from you may vary. www.sovereigncruise.co.uk does not pass on any information provided by you over to an external website.

Telephone calls

We do record our telephone calls to ensure service levels, for training and to aid resolving complaints/disputes. Credit card details are not recorded for PCI compliancy.

Contacts, Subject Access Requests, Correction or Deletion of Data

If you wish to see our records of any correspondence, you have sent to us please contact www.sovereigncruise.co.uk directly on the phone number above. A small charge may be required for this.

Revisions to this Statement

We may change this Statement from time-to-time.

Issued: August 2020