Privacy Policy
General provisions
This Privacy Policy sets out the rules for processing and protecting personal data of users of the Cruise Tall Ships website, available at www.cruisetallships.com (hereinafter: the "Website").
- This Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and other applicable provisions of Polish and EU law on personal data protection.
- By using the Website, the User accepts the rules described in this Privacy Policy.
- The Controller makes every effort to protect Users' privacy and to process personal data in a secure, lawful and transparent manner.
Data controller
The controller of personal data is Cruise Tall Ships Sp. z o.o. with its registered office in Gdynia, ul. Morska 12, 81-225 Gdynia, entered in the National Court Register under number 0000XXXXXX, NIP: XXXXXXXXXX, REGON: XXXXXXXXX.
- The Controller can be contacted via email: privacy@cruisetallships.com
- The Controller has appointed a Data Protection Officer who can be contacted on all matters related to personal data processing: iod@cruisetallships.com
Scope and sources of personal data
The Controller collects and processes Users' personal data to the extent necessary to achieve the purposes set out in this Policy. Data may be collected directly from the User or automatically during use of the Website.
- First and last name, email address, phone number – provided during cruise booking or newsletter sign-up
- Correspondence address – for contract fulfillment or document dispatch
- Technical data – IP address, browser type, operating system, visit time, pages visited
- Data from cookies and similar tracking technologies
Purposes of personal data processing
Users' personal data is processed for the following purposes:
- Performance of the contract for the provision of electronic services, including booking and handling of cruises
- Sending commercial and marketing information (newsletter) – only with the User's consent
- Handling enquiries and complaints submitted via the contact form
- Conducting statistical analyses and improving the Website's functionality
- Fulfilling legal obligations incumbent on the Controller
Legal bases for data processing
Personal data processing is based on:
- Art. 6(1)(a) GDPR – User's consent (e.g. newsletter, marketing)
- Art. 6(1)(b) GDPR – necessity for the performance of a contract or pre-contractual measures
- Art. 6(1)(c) GDPR – fulfillment of a legal obligation incumbent on the Controller
- Art. 6(1)(f) GDPR – legitimate interest of the Controller (e.g. direct marketing, analytics)
Nature of Cruise Tall Ships' activities
Cruise Tall Ships is a platform enabling the booking of cruises on historic tall ships. Our activities include organizing training, tourist and event cruises across Europe and beyond.
- Brokering reservations on partner tall ships
- Organizing dedicated cruises for companies, groups and individual clients
- Conducting informational and educational activities related to sailing
- Cooperating with shipowners and sailing organizations
Newsletter and marketing communications
The User may voluntarily consent to receiving the newsletter and marketing information electronically. Consent may be withdrawn at any time.
- Newsletter subscription is done via a form available on the Website
- Each message contains a link to unsubscribe
- Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal
- Data processed for marketing purposes is not shared with third parties without the User's consent
Recipients of personal data
Personal data may be transferred to the following categories of recipients:
- Entities providing hosting and IT services to the Controller
- Payment service providers and online payment operators
- Sailing partners and shipowners – to the extent necessary for booking fulfillment
- Public authorities – in cases provided for by law
Data retention period
Personal data is retained for the period necessary to achieve the purposes for which it was collected:
- Contract-related data – for the duration of the contract and the period required by law (e.g. 5 years for tax purposes)
- Data processed on the basis of consent – until its withdrawal
- Technical and analytical data – for a period of up to 26 months
- Complaint-related data – for the limitation period of claims
User rights
Every User whose personal data is processed has the right to:
- Access their personal data and obtain a copy thereof
- Rectification (correction) of inaccurate or incomplete data
- Erasure of data (right to be forgotten) – in cases specified in the GDPR
- Restriction of data processing
- Data portability to another controller
- Object to data processing
- Withdraw consent at any time – without affecting the lawfulness of prior processing
- Lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw)
Cookies and similar technologies
The Website uses cookies and similar technologies to ensure proper functioning, content personalization and traffic analysis.
- Essential cookies – required for the proper operation of the Website (e.g. user session, language preferences)
- Analytical cookies – allow analysis of how the Website is used (e.g. Google Analytics)
- Marketing cookies – used to display personalized advertising content
- The User can manage cookie settings via browser settings or the cookie panel available on the Website
- Disabling essential cookies may affect the functionality of the Website