Carnival PLC Privacy Notice
Who we are
Princess Cruises is a trading name of Carnival plc. In the United Kingdom, Carnival plc provides sales and marketing, guest loyalty and customer services functions on behalf of Princess Cruise Lines, Ltd., a Bermudan company domiciled in the USA, which operates the cruise ships and associated services. Both Carnival plc and Princess Cruise Lines, Ltd. collect and process data about enquirers and guests to promote, deliver and improve Princess Cruises services. This Privacy Notice describes what personal data we collect, how we use that data, and how to ensure that our processing meets your expectations.
How to update your communications preferences
To update your communications preferences, including how you receive emails, calls, mailings and brochures, you can:
- Click on the preferences link at the foot of each email
- Log into (or sign up for) My Account to make changes
- Email us at firstname.lastname@example.org
- Call us on 0344 338 8674
- Write to Customer Services, Princess Cruises, Carnival House, 100 Harbour Parade, Southampton, SO15 1ST.
Why we process personal data
We process personal data about enquirers and guests before, during and after their cruises to provide their services and support our business interests, which include:
- Making enquirers and guests aware of news and offers from Carnival plc and our partners;
- Providing services to our guests and recording what services we have provided;
- Managing the health, welfare, safety and security of our guests;
- Handling enquiries, complaints and investigations;
- Operating guest loyalty programmes;
- Monitoring and improving the quality of our services;
- Researching and understanding market needs to improve our marketing effectiveness;
- Working with our partners, such as on-board boutiques and spas, to manage billing and improve the quality of their services.
We also process personal data about job applicants, current and former employees, service providers, travel agents and other groups of individuals in the course of employment and business operations, and this data is subject to our internal privacy policies.
What personal data we collect
Personal data you provide to us
We collect personal data you provide to us when you enquire, book or sail with us, for example:
- Enquiry: Personal details (name, gender, age etc.), contact information (home address, phone number, email address etc.), details of your interests and communications preferences, details of friends (under our ‘refer a friend’ offer scheme);
- Booking: Personal details, contact information, booking preferences, financial details (credit/debit card, bank details), travel documents (passport number), care needs (medical, dietary, mobility etc.), dining preferences, other travel details (vehicle registration, excursion bookings);
- On-board Activity: Financial details, bookings and billing for on-board services and shore excursions, photographs taken during the cruise;
- Customer Services, Enquiries & Complaints: Personal details, contact information, enquiry or complaint details;
- Loyalty Programme: Personal details, contact information, communications preferences, cruise history;
- Health & Welfare: Medical, dietary and mobility details provided to us before, during or after the cruise;
- Security & Safety: Travel documents, facial photograph, incident reports or witness statements;
- Surveys & Market Research: Responses to post-cruise surveys and market research surveys.
If you purchase services or credits as a gift or surprise booking, we will record your details as needed in relationship to the individual(s) for whom the gift or surprise booking was purchased.
Personal data generated by your interactions with us
Your interactions with us will result in personal data being created and stored by us. Examples include:
- Booking: Booking party details, reference numbers, travel itineraries, flight bookings, manifests, immigration details;
- On-board Activity: On-board spending, boutique spending, casino spending, spa/gym specialist interactions, dining records;
- Enquiries & Complaints: Enquiries or complaints and associated investigation and correspondence before, during or after a cruise;
- Loyalty Programme: Nights on board, cumulative spending;
- Health & Welfare: Medical reports, billing data, welfare reports, correspondence;
- Security & Safety: Accident/incident reports, witness statements, embarkation/disembarkation logs, CCTV recordings, police reports.
Personal data we create
We analyse the personal data we hold in order to improve the effectiveness of our direct marketing communications or to deliver our loyalty programmes. This can, in turn, generate personal data; for example, helping us to decide which marketing communications are likely to be of interest to you, or to determine your loyalty status.
Personal data from other organisations
We receive personal data from other individuals or third party organisations. For example, when making a booking we will receive details of all members of the booking party from the guest making the booking. We may receive personal data from third party organisations including travel agents processing bookings on a guest’s behalf, from other parties under our “refer a friend” offer scheme, from competitions or promotions where personal data has been provided as part of the competition or promotion, or from social media where personal data has been posted on our social media pages. We use publicly accessible data sources such as data brokers to maintain the accuracy of our enquirer and guest records, and may from time to time use external sources to help us to resolve disputes or recover unpaid accounts.
Sensitive personal data
We do not process sensitive personal data about you except where there is a legal reason to do so. Sensitive personal data can include:
- Health: We collect personal data about guest health as part of the booking and embarkation processes, or where guests use medical services on board ship. This may be retained for subsequent care purposes and to facilitate billing for services provided.
- Biometrics: We use photographs of our guests to maintain security and safety whilst they are on board our ships. These are not retained or used for other purposes.
- Sexual orientation: Enquirers and guests may from time to time choose to provide data to us relating to their sexual orientation or gender identity so that we can maintain their health, welfare and enjoyment of the services we provide (though we will not actively seek to collect such information).
We process personal data about children to provide services when they are guests on our ships, but do not seek to collect personal data from or about children for any other purpose.
We may from time to time be asked to process personal data relating to criminal history of individuals, for example if we receive a request from law enforcement authorities, or when investigating security matters that might involve law enforcement.
How we process personal data
We use personal data with your consent, or where it is necessary in order to:
- Enter into a contract and deliver services for you;
- Comply with a legal duty;
- Protect your vital interests or the vital interests of those around you;
- For our own lawful interests or those of other organisations, provided your rights don’t override these.
We will only use personal data about you for the purpose(s) it was collected for or closely related purposes, and will inform you or seek your consent if we need to use it for other purposes.
If you enquire about our services, or engage in competitions or other promotional activities that we or our partners provide, we may ask your consent to provide you with news and offers about our services that you may find of interest. Depending upon your preferences, our communications with you may include:
- Email: We monitor our email communications, including where emails are undelivered and whether or not they appear to have been read. We may cease sending you email communications should we be unable to deliver email to you.
- Post: We may from time to time send postal communications including brochures, newsletters and offers. Where letters are returned to us, or where external data providers notify us of changes, we take steps to update our records. We may cease sending you postal communications if we believe we are no longer able to contact you at the address on file.
- Calls: Calls made to us, and calls received from us, may be recorded for the purposes of audit, training and the monitoring of services provided by us.
- Web: Visitors to our website may be tracked using analytics methods described in our Cookies Policy.
You may withdraw or amend your consent to receive news and offers at any time.
Refer a Friend
From time to time we may operate ‘refer a friend’ offers, whereby guests may receive benefits for referring new enquirers to us. We will contact the new enquirer just once by email, including details of the referring guest, after which time we will cease processing personal data about the enquirer for the purpose of the refer a friend offer. If you receive such an offer and choose to unsubscribe, we will retain a copy of your email address for the purpose of suppressing future messages if other friends enter your details into our system.
When you make a booking either directly or through a travel agent, we will collect personal data about you and other travellers in your group to effect the booking, including your names, genders, dates of birth, home addresses, phone, email, details of any medical, care or dietary requirements, specific preferences relating to the booking you have selected, and your payment details. We need this data to enter into a contract with you.
If you provide us with personal data about any other individuals included in a booking, you must have the authority of those individuals to provide their personal data to us for the purposes set out in this Privacy Notice, and will remain accountable for the information provided. It is the responsibility of the booking leader to ensure that personal data about the group members is accurate and up to date.
If you commence a booking through our website and provide your contact details as part of the booking process, but do not complete that booking, we may send you up to three reminder emails to help you to complete the booking. You may receive a single telephone call from our team to enquire whether you need assistance to complete your booking if you have already consented to receive calls from us. This will not affect any preferences you have registered with us.
Managing your booking
After you book a cruise, you will be invited by email to access our online Cruise Personalizer service where you will need to provide additional personal data about you and your travel party. This additional mandatory personal data including passport, insurance and emergency contact details for you and your booking group is necessary to complete your booking.
You may optionally book or purchase on-board products and services, excursions and other activities, which may require you to provide further personal data. We may have to share your personal data with other companies such as spa operators or travel operators in order to provide these to you.
Within Cruise Personalizer, data about a group of individuals in a booking, including personal data, bookings and purchases, loyalty number and status will be visible to all members of that booking group.
Before your cruise, you will receive information about your booking by post or email, including details of events, excursions and offers that are directly related to the booking. This is a limited package of communications that is separate from your marketing communications and is necessary to ensure that you are aware of the services associated with your booking. You may ask us to cease sending these communications, but doing so may affect your enjoyment of your cruise: for example, excursions and events may be fully booked before you embark, or you may not be able to benefit from pre-booked discounts.
On board our ships
Your security and safety
We will use personal data about you for the purposes of carrying out security checks. Personal data about you may be shared with recognised law enforcement agencies prior to boarding, during your cruise, or after disembarkation, for security and immigration purposes. Personal data may also be shared with these agencies in order to prevent and detect crime as well as to safeguard children and vulnerable adults. These checks may involve sending personal data between different countries, including countries outside the European Union where controls on data protection may not be as strong as the legal requirements within the European Union.
For the safety and security of each ship and its passengers, and to maintain health and safety, we operate closed circuit television (CCTV) cameras on board our ships, including at all access points and throughout the public areas. These are recording continually with footage being retained and stored for a set period. Images taken from these cameras may be used internally for identification purposes and to assist with investigation of safety or security related matters. Images may also be shared with law enforcement agencies (in any jurisdiction) in order to detect or prevent criminal activity or to assist in the apprehension and prosecution of offenders.
Enjoyment of your cruise
Please be aware that there are photographers and camera crew on board the ship taking photographs and making films for passengers to purchase at the end of your cruise or for our own promotional use. They are happy to take reasonable steps to avoid filming or photographing you where you indicate that this is your preference, but you may be included unless you tell us otherwise and we are unable to guarantee that you will not be included on an incidental basis.
Some on-board products and services, excursions and other activities, are provided by other companies. We may share sufficient personal data with these partners before, during and after your cruise to provide a seamless service to our passengers, such as the ability to charge purchases to passengers’ onboard accounts.
Casinos on our ships are operated by Carnival Cruise Lines. If you use the casino then your personal data may be transferred to the USA for the purposes of monitoring and improving quality of services, and preventing and detecting fraud. Our legal and technical controls are described in ‘Transferring personal data to third countries .’
Your health and welfare
In the unlikely event that you are involved in an accident or require medical treatment on our ships, we may use personal data already provided to us, or obtained from you, to deliver your treatment. We may share that personal data with third party healthcare providers with your consent or where it is in your vital interests or the public interest to do so, and retain a record of treatment provided for billing and obligatory record-keeping purposes.
On certain ships Princess Cruise Lines, Ltd. operates Ocean Medallion, a suite of services intended to enhance guest experiences through the use of interactive technologies. Further information about Ocean Medallion can be found at Princess Cruises' dedicated webpage for Ocean Medallion.
After your cruise
Upon completion of your cruise, we will contact you to seek feedback on your experience to understand your satisfaction level so that we can improve the quality of services we offer, and to assess the performance of our on-board staff and their associated rewards. For UK guests, we may provide your email address to third party review services such as Feefo for the purpose of managing your feedback.
We operate a loyalty programme that allows you to benefit from your time spent on our ships, through future offers that may include discounts, upgrades, early booking, competitions, gifts and other rewards. For this reason, we retain a basic record of cruises you have taken including your name, contact details, cruise numbers and dates, and any loyalty offers that you have redeemed with us. If you believe we hold incorrect historical cruise details, you can contact us with evidence of those cruises to correct your record.
We will contact you with details of our loyalty programme when you book your first cruise, and if you join you will receive further communications thereafter including details of your loyalty status and subsequent benefits. In order to calculate these benefits we need to profile the time and money you spend with us. You may opt out of the loyalty programme and programme-related communications at any time. We use data from third party providers to help us to maintain the accuracy of your loyalty programme contact data.
Future cruise credits
When you are on board our ships, you may have the opportunity to purchase future cruise credits. If you hold any future cruise credits, we will contact you with offers related to the use of those credits up to their expiry date. If you booked your cruise through a travel agency partner, then we will inform the travel agency of your future cruise credits and they may contact you with offers to ensure the timely use of those credits.
Should you have queries before, during or after your cruise, then we will use information related to your cruise such as travel details, billing, on-board communications and other information we may have on record or which you or third parties may provide to us, to resolve your query.
We may also contact you with information regarding your query following the cruise you have taken, or if there are queries relating to your payment or the services you have received.
Understanding your needs
The personal data you provide to us or which we obtain through your dealings with us may be analysed for the following purposes:
- To personalise our news, offers and services to your interests;
- To track the response to our marketing communication;
- To review, develop and improve the services we offer (including market research);
- For statistical analysis.
We also conduct identifiable and anonymous market research to provide longer-term insight into the effectiveness of our services and marketing, and to support our service planning and delivery.
Sharing personal data
We process personal data about enquirers and guests in the European Union (EU) and USA and on board our ships worldwide. Enquiries and bookings are processed in the EU, where our systems may be accessed by Carnival group staff and suppliers from outside of the EU subject to strict security controls.
We contract other companies and individuals to perform certain activities on our behalf. Examples include:
- Fulfilling requests for brochures and promotional materials: printers, fulfilment service providers;
- Processing payments: banks, payment service providers;
- Sending postal mail and e-mail communications: postal services, couriers, e-mail service providers;
- Maintaining guest records and analysing data: customer insight agencies, credit agencies;
- Providing port services and excursions:
- Providing travel services: airlines, coach operators, travel agents.
These contractors have access to personal information needed to perform their functions, but are not permitted to use it for other purposes.
If you make a booking we may pass your personal information on to other relevant suppliers of your travel arrangements such as airlines, hotels and transport companies. Your personal information may also be passed to travel agents, security and credit checking companies, credit and charge card companies. We are required to co-operate with government and law enforcement agencies and the public authorities of any country in your itinerary, including customs and immigration authorities.
Transferring personal data to third countries
We collect and process personal data in the EU and USA. We may need to process your personal data worldwide, including on board our ships, depending upon the destinations you travel to with us, for example if we have to provide personal data to immigration authorities, port agents or excursion operators in destination countries. This may involve sending your personal information between different countries, including countries outside the EU where controls on data protection may not be as strong as the legal requirements in the EU.
Princess Cruise’s ships are operated by Princess Cruise Lines, Ltd., a Bermuda Company domiciled in the USA, save for Sun Princess and Dawn Princess, which are operated by Carnival plc Australian branch.
From time to time personal data may need to be shared with other Carnival companies outside of the EU, or accessed by Carnival companies from outside of the EU, in order to provide the services you request from us. We use legal mechanisms (‘standard contractual clauses’) and technical and procedural controls to safeguard personal data.
Your rights concerning your personal data
You have rights over how we use personal data about you, and can exercise those rights by contacting our Data Protection Officer, Privacy & Data Protection Team, Carnival House, 100 Harbour Parade, Southampton, SO15 1ST, or call 0344 338 8650, or email email@example.com. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Withdrawing consent to processing
Where we have obtained your consent for processing of personal data about you, you have the right to withdraw your consent at any time. Where we process personal data about you in ways for which your consent is not required, for example to record your cruise history, you may ask us to cease processing, or restrict the nature of the processing, if you wish.
Accessing the personal data we hold about you
You may request a copy of the personal data we hold about you. This includes obtaining personal data about you in electronic form to provide to a third party should you wish to do so.
Ensuring the accuracy of personal data we hold about you
We will update or amend personal data we hold about you if you inform us of inaccuracies. We use publicly accessible data sources such as data brokers to maintain the accuracy of our enquirer and guest records.
Deleting personal data we hold about you
We retain personal data for the period required for processing, and where we are under an obligation to do so, for example billing data is retained in accordance with anti-money laundering and financial records keeping requirements.
We hold a basic record of guests’ cruise history (name and contact details, booking/cruise number, nights on board, class of travel) indefinitely for the purpose of maintaining our loyalty scheme.
We will delete personal data we hold about you if you ask us to do so, except where certain exemptions apply.
How to complain about our processing of personal data
If you have a concern or complaint about our processing of personal data, please contact our Data Protection Officer in our Privacy & Data Protection Team at Carnival House, 100 Harbour Parade, Southampton, SO15 1ST, or call 0344 338 8650, or email firstname.lastname@example.org.
If you are not satisfied with our processing of personal data, how we have responded to your complaint about the processing of personal data, or you believe our processing of personal data is not in accordance with the law, you have the right to complain to the Information Commissioner’s Office (ICO) by calling +44 (0)303 123 1113, or visiting the ICO's website.
Securing your personal data
We take the security of your personal data seriously, and use security policies, standards, technologies and ongoing training to safeguard the personal data we process from improper access, use, alteration, destruction and loss.
Where we share your personal data with other companies as described above, we require those companies to process your personal data to an equivalent level of security.
Promotions, Contests and Sweepstakes
Websites and Cookies
This website and any mobile applications linked to it are owned, managed and operated by Carnival plc. Princess Cruises is a trading name of Carnival plc. When you use our websites, we may collect, use and store personal data about you.
Information We Collect or Store Automatically as You Access and Use Our Sites
What are cookies?
Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit. There are other ways to do the same thing. We use the term “cookies” in this policy to refer to all files that collect information in this way.
There are many functions cookies serve. For example, they can help us to remember your username and preferences, analyse how well our website is performing, or even allow us to recommend content we believe will be most relevant to you.
Certain cookies contain personal data – for example, if you click to “remember me” when logging in, a cookie may store your username. Most cookies won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use our website, or a user’s general location.
You can find out more about cookies at All About Cookies.org.
What sort of cookies does Princess Cruises use?
Generally, our cookies perform up to four different functions:
- Essential cookies: Some cookies are essential for the operation of our website. These cookies enable services you have specifically asked for.
- Performance Cookies: These cookies collect anonymous information on the pages visited. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.
- Functionality Cookies: These cookies remember choices you make to improve your experience. For example, cookies are used to enable you to save a cruise into a wish list.
- Behaviourally Targeted Advertising Cookies: These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. Visit the Your Online Choices web site for more information on this type of cookie.
We also use or allow third parties to serve cookies that fall into the four categories above. For example, like many companies, we use Google Analytics to help us monitor our website traffic. We may also use third party cookies to help us with market research, revenue tracking, improving site functionality and monitoring compliance with our terms and conditions and copyright policy.
Can a website user block cookies?
To find out how to manage what cookies you allow, see your browser's help section or your mobile phone manual. Or you can visit one of the sites below, which have detailed information on how to manage, control or delete cookies at All About Cookies.org.
Please remember that if you do choose to disable cookies, you may find that certain sections of our website do not work properly.
Cookies from social networking sites
We have links so you can access social networking websites (e.g. Facebook or Twitter) from Princess Cruises, for example to follow our posts. These websites may place cookies on your computer. We do not control how they use their cookies. We suggest you check their website to see how they are using cookies.
Other Tracking Methods
We use a variety of means to track and customise the web experience for users.
Some pages of our website have been coded with 'web tags' to help us to monitor use of our website, by providing us with the following types of anonymous information:
- the number of unique users of, and visits to, our site
- the URL address you have left to come to our site
- which search engine and search words you have used
- whether you are a return visitor
- which browser you are using and the country in which your computer is located
- the pages on which you enter and leave our site
- which other pages of our site you visit and for how long
- the paths you use to navigate through our site
Over time, the information from these web tags, which is aggregated for all our site visitors, enables us to build up a picture of what types of visitors our website is attracting, how visitors use our site, and which of our products and offers most interest our visitors. This, in turn, helps us to improve our website and provide content which is of more interest and relevance.
Log file information
Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, referring/exit pages and URL’s, number of clicks and how you interact with links on the Sites, domain names, landing pages, pages viewed, and other such information.
Clear gifs (also known as web beacons) are small graphic images or other web programming code that may be invisible to you, but any electronic image or other web programming code inserted into a page or e-mail can act as a web beacon. Web beacons are used to anonymously track the online usage patterns of our customers, and can also be included in Princess Cruises e-mails, so that we can determine which e-mails from Princess Cruises are opened and which links or advertisements in those e-mails are clicked by recipients, and to help identify our users agrees devices.
Embedded scripts are a type of programming code that is designed to collect information about your interactions with the Sites such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to the Sites, and is deactivated or deleted thereafter.
Browser fingerprinting includes collection and analysis of information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes of identifying your browser and device.
Entity tags (“ETags”) are a feature of the cache of information from device browsers. ETags are an opaque identifier assigned by a web server to a specific version of a resources found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner, ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and/or HTML5 cookies.
Recognition technologies apply statistical probability tools to data sets in an attempt to recognize or make assumptions about users and devices. This information helps us to identify you across multiple devices that you may use, analyze and improve the Sites and present you with information based on these assumptions.
We may collect precise location information from your device. This may include information about your exact location when you use our Platform. We may also collect this information in the background when our mobile applications are not in use.
Information We Receive from Social Networking Sites or Other Third Parties
When you interact with our site through various social media, such as when you login to our Sites through Facebook or other third party sites, or share our content on Facebook, Twitter, Pinterest, Instagram, or other sites, we may receive information from the site including your profile information, profile picture, profile name, user ID associated with your account, country and any other information you permit the site to share with third parties. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.
We may also collect information about you from other third parties, for example, your family, friends and other travel companions, tour operators, data aggregators, and our partners. We may also collect information about you that is publicly available. This information may be combined with information we collect from you directly as discussed below. We use this information to better understand the demographics of our customers, to connect with you on social networks, and improve our Sites and your customer experience.
We may use online chat services to assist your use of our websites. These services may be provided by third party organisations acting as data processors on behalf of Carnival plc. Where we receive personal data from you during the course of chats, we do not append it to records about you, and will process that personal data in accordance with our privacy notice.
We use a third party website analytics provider to track and analyse the information recorded by the web tags on our behalf. Our web servers may collect the domain names of visitors to our site. This information may be combined with information related to other users to measure the number of visits, average time spent on the site pages viewed, and so forth. This information may identify you. Carnival plc may use this information for a variety of purposes, including to measure the use of our site, to improve our marketing and to improve the content we offer.
You may subscribe to our email promotions program by registering on our website or within your account page. By using a password when registering, you are securing your subscription to receive email promotions. Emails from Princess Cruises may contain clear gifs, unique hyperlinks and other methods to track your engagement with the email promotions we send you. You may unsubscribe or change your email address for email promotions at any time by following the instructions mentioned within each email promotion.
We will try to provide you with links to high quality, reputable sites which we believe will be of interest and relevant to you, but please note that such third-party sites are not under our control and we do not contribute to the content of such sites. When you click through to these sites you leave the area controlled by us. We cannot accept responsibility for any issues arising in connection with either the third party's use of your data, the site content or the services offered to you by these sites.
If you make payment on-line all of your personal data is encrypted using SSL ("Secure Sockets Layer"). SSL is an industry-standard protocol for encryption over the internet. This helps to protect your personal data from being read by anyone else.
As with any standard email, emails containing your personal data sent to or from us will not be encrypted.
How to contact us
Carnival plc is registered in England & Wales number 04039524, and is registered as a data controller with the Information Commissioner’s Office number Z8383204.
All enquiries relating to data protection, including communications with our Data Protection Officer, should be sent to: Data Protection Officer, Privacy & Data Protection Team, Carnival House, 100 Harbour Parade, Southampton, SO15 1ST, or call 0344 338 8650, or email email@example.com.
Changes to this policy
This policy was last updated on 16th April 2018. When changes are made to this policy, we will publish the changed policy on our websites with details of the changes.
16th April 2018: Updates to clarify relationships between Carnival plc and Princess Cruise Lines, Ltd. Additional information about Ocean Medallion. Additional detail about pre-cruise communications.