Carnival Corporation and Carnival plc (collectively referred to as "Carnival") operate under a dual listed company structure with primary stock exchange listings in the United States and the United Kingdom. Carnival is a global cruise business with a portfolio of leading cruise brands, including P&O Cruises Australia, Princess Cruises, Carnival Cruise Line, Holland America Line, Seabourn, Cunard Line, P&O World Cruises, AIDA, Costa and Fathom (‘Carnival brands’).
Carnival plc, has registered branches in Australia (ABN 23 107 998 443) and New Zealand (Company number 1471215). These branches trade under various brand names, including Carnival Cruise Line and are subject to the Australian Privacy Principles introduced under Australian privacy legislation and the Information Privacy Principles introduced under New Zealand privacy legislation. In this policy “we”, “us”, “our” means Carnival plc trading as Carnival Cruise Line.
In this policy, we set out a summary of how we manage your personal information. You should also refer to Carnival Cruise Line Cruise Ticket Contract for further details on some of the personal information we may need to collect, use or disclose as part of your cruise holiday.
The core functions of our business (i.e. the primary purposes for which we collect and manage personal information) are to facilitate the booking, carriage, marketing and administration of our various cruise products and those of other Carnival brands.
So that we can carry out these functions, and provide you with our products and services, we may ask you to provide us with and may manage personal information, including (but not limited to) your personal contact details, your passport and driver’s licence details, next of kin and emergency contact information, payment information (e.g. your credit card details), information relating to your health and dietary requirements (if any), and your proposed travel and tour arrangements.
Some examples of where we may need this information are to:
- process your booking and carriage aboard our cruise ships;
- create and process insurance policies;
- assess your health and provide medical assistance (if needed);
- handle and respond to complaints; and
- provide your details to immigration officials.
We may collect personal information about you in a variety of ways including when you deal with us in person or over the phone, send us correspondence (by letter, email or fax) or visit one of our web sites or when we receive personal information about you from other Carnival brands (in accordance with their applicable privacy policies).
We will not collect personal information or sensitive information unless it is reasonably necessary for one or more of our core business functions or a related activity or it is permitted under Australian law.
As far as it is reasonable or practicable, we will collect your personal information directly from you. If it is not reasonable or practicable and personal information is collected from someone else (e.g. a travel agent or another person booking on your behalf), we will take reasonable steps to ensure that you are made aware of the collection of your personal information, unless specific exemptions apply. Sensitive information will only be collected with your consent, unless specific legislative exemptions apply.
Closed Circuit Television (CCTV)
To ensure the security and safety of our passengers, CCTV cameras have been installed and operate aboard our cruise ships. CCTV operates through the use of dedicated cameras to transmit a video image to a specific set of monitors. Access to the images shown on these monitors is available to authorised persons only. CCTV recordings are generally retained for a period of 21 days, and then deleted permanently unless retained as records of an incident.
The operation of CCTV cameras is limited to public access areas only, such as around pools and areas where children are located. Cameras have not been installed in private areas, such as toilets and change rooms.
For more information about the operation of CCTV aboard our cruise ships, please contact us on the contact details below.
Please note that passengers may have their photos taken in public areas by cruise ship staff. Once developed, the photos are publicly displayed in photo galleries for purchase by passengers. At the end of the cruise, all unsold photos are bagged and incinerated. As with all other personal information, photos identifying individuals will be handled in accordance with our obligations under privacy legislation.
You have no obligation to provide any information requested by us. However, if you choose to withhold requested information, or you do not consent to the transfer or disclosure of your information to the countries listed in this policy, we may not be able to provide you with the products, services and assistance that depend on the collection of that information
Destruction and de-identification of personal information
If we receive personal information which we did not solicit and we determine within a reasonable period of time that we could not have otherwise collected the personal information, where lawful or reasonable to do so, we will destroy the information or ensure that the information is de-identified as soon as practicable.
Use and Disclosure
Our general rule is that we will not use or disclose your personal information other than for the primary purpose for which it is collected, which may be as stated above or at the time of collection. If we propose to use your personal information for another use, we will seek your further consent unless that other purpose is related to the original purpose of collection (the "secondary purpose"). For example, you could reasonably expect us to use or disclose your personal information collected from your booking form for the secondary purpose of us and other Carnival brands sending you information about special offers and potential discounts.
If we propose to use your sensitive information for a purpose other than for one of our functions or activities, we will seek your further consent unless it could reasonably be expected that we would use or disclose the information for the other purpose and the other purpose is directly related to the primary purpose (the “secondary purpose”). For example, if we provide medical services to you in one of our on board medical centres, you could reasonably expect us to disclose information about your health in a letter of referral to another doctor.
Where you consent to receiving promotional material from us, you consent to receiving promotional material from all of the Carnival brands and agree that we may share your personal information with other Carnival brands for that purpose. To opt out of receiving promotional material from other Carnival brands, you can email us directly at email@example.com, please type ‘Opt out of Affiliate Marketing’ into the subject line, and include your full name and VIFP number, if relevant. Please let us know whether you would like to opt out of one or more of our Carnival brands or whether you would prefer not to receive any promotional material from us at all. Any promotional material that we, or another Carnival brand, sends to you (by post or by email) will contain instructions for how you can opt out of receiving further offers from that brand.
Whilst we may retain various third parties to assist us in our booking, marketing and promotional activities (eg. to administer our direct marketing activities and to maintain an off-site database for information concerning our past passengers), we do not disclose your personal information to anyone outside Carnival for their promotional use. However, we may disclose your personal information to third parties (including our agents and contractors) to perform certain activities on our behalf. Examples include:
- fulfilling requests for brochures and sending promotional materials and communications: printing companies, mail houses, couriers, e-mail service providers;
- processing payments: banks, payment service providers;
- maintaining guest records and analysing data: customer insight and research agencies, data processors, data analysts and data washing companies, credit agencies;
- providing port services and excursions: port agents;
- providing travel services: airlines, coach operators, travel agents.
These third parties have access to personal information needed to perform their functions, but are not permitted to use it for other purposes. We seek written assurances from any third parties to whom we may disclose personal information to ensure that they will treat that information in accordance with applicable privacy laws.
If we have reasonable grounds to believe that disclosure of your personal information or sensitive information is necessary to prevent a serious threat to life, health or safety, or we are required to provide information in response to subpoenas, warrants or other legal processes including police enquiries, or enquiries from another government department (including, without limitation, Customs and Immigration) we will disclose your information for those purposes without seeking your consent.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up to date and relevant, having regard to the purpose for which the information is proposed to be used. We encourage you to contact us if you believe personal information we hold about you is incorrect or incomplete in some way.
Access and Correction
If you request access to the personal information we have collected about you, we will give you access to the information where reasonable and practicable to do so, within a reasonable amount of time, unless an exception exists under applicable law.
If you request that we correct your personal information or we are satisfied that the information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take such steps as are reasonable in the circumstances to correct the information, having regard to the purpose for which the information is held.
If we correct your personal information which we have previously disclosed to another entity and you request that we notify that entity of the correction, except to the extent that it is impracticable or unlawful to do so, we will take such steps as are reasonable in the circumstances to notify that other entity.
If we do not grant your request for access to the personal information we have collected about you, or for access to the information in the form requested, we will provide you with a written explanation within a reasonable period of time, including the reasons for our decision and any complaint mechanism available to you.
If we do not grant your request to correct the personal information we have collected about you, to the extent that it is reasonable to do so, we will, if requested by you, take such steps as are reasonable in the circumstances, within a reasonable amount of time, to attach to our record of your personal information any statement provided by you of the correction, deletion or addition sought.
We take such steps as are reasonable in the circumstances to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes stringent security measures on board our vessels, physical security for our offices in Australia and New Zealand and electronic security (such as password access, encryption and firewalls) for our office network servers and electronic data transfers.
If we disclose your information to a third party in connection with the provision of a service, we will take reasonable steps to prevent the unauthorised use or disclosure of information contained in the record.
Where we no longer need personal information that we hold about you for a primary purpose or secondary purpose and where lawful to do so, we will take such steps as are reasonable in the circumstances to destroy the information or to ensure the information is de-identified.
We hold a basic record of guests’ cruise history (name and contact details, booking/cruise number, nights on board) indefinitely for the purpose of maintaining our loyalty scheme.
We will not use any government related identifier (such as your Medicare or tax file number) as our own identifier to link you with your personal information. We will not use or disclose any government related identifier of yours unless required or authorised by law.
Anonymity and pseudonymity
Where lawful and practicable, we will give you the option of not identifying yourself when dealing with us. For example, at the completion of your cruise we will request that you provide us with specific feedback on our cruise facilities on an anonymous basis.
Transborder Data Flows
Carnival Corporation and Plc is headquartered in the United States and the United Kingdom and has registered branch offices in Australia, New Zealand and various Asian countries. We may transfer your personal information between the various offices of Carnival Corporation and Plc. Where personal information is required to be shared with or accessed by other Carnival companies, we use ‘standard contractual clauses’ to ensure the adequacy of the transfer.
Some of our third party service providers are based overseas. For example, our customer database is jointly managed in the United States and India.
It may also be necessary to disclose your personal information to regulatory or other authorities in the ports of call in your cruise itinerary.
Our websites https://www.carnival.com.au/ is maintained by Carnival Cruise Line Australia and is subject to our Website Terms & Conditions.
In an online environment there are several means by which information may be collected. The type of information collected depends on how you have interacted with our website.
When you visit our website (or any Internet site) the server records details of your visit, including:
- the type of browser and operating system (eg. Mac, PC) you are using
- the address of the referring site (ie. the previous site that you visited)
- your IP address (a number unique to the computer through which you are connected to the Internet)
- the country or region you come from
- the date and time of your visit
- the address of the pages accessed and documents you downloaded.
In addition to this we also use software to detect what screen size your computer uses and what plug-ins you have. Plug-ins are used to run features such as our Flash movies and the Quicktime VR ship and cabin virtual tours. The sole purpose of this is to make sure we can present the best viewing experience for each visitor. If you send us an error report, we use software to detect whether you are browsing from behind a firewall and what type of error you have encountered.
If you send us an email via our website or you complete a form on our website the personal information submitted may be retained for the purposes of answering your query or complying with your request. Every email we receive is automatically stored on our server and backed up in accordance with our usual data management procedures. If you have completed a web form to request one of our brochures or made a booking, you will be added to our mailing list to ensure that you receive notifications of any special promotions that are on offer. You can opt out of this mailing list at any time.
Some of our functions are provided by third parties. In those instances, it is necessary for us to supply your information to a third party as part of fulfilling the purpose for which you have provided the information (for example, the agency which administers and maintains our e-newsletter on our behalf). Whilst we do not seek your consent again we do seek an assurance from that third party that the information will only be used for the purpose for which it is supplied and that your information is kept safe and secure in line with our own policies in that regard.
We will seek your consent before sending you marketing communication. Every email you receive from us will have details of how to remove yourself from our email lists. Remember to change your preference for each email address and other contact details you have given us. If you have any difficulty with this process you can email firstname.lastname@example.org and specify your request.
Our website may allow you to ‘like’ particular categories using Facebook functionality. If you ‘like’ a particular category you will receive regular notifications on your Facebook page relating to that category. If you no longer wish to receive these notifications you are required to ‘unlike’ the relevant category.
For Customers in the EU
If you are located in the EU, in addition to your rights to access and correction set out above, you are also entitled to the following rights in respect of personal information that we hold:
- Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
- Right to object. The right to object to us processing personal information relating to you.
- Right to port. The right to obtain certain personal information from us in a format that can be transferred electronically to a third party.
- Right to be informed. The right to be informed about the personal information being processed.
In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. You may contact our Data Protection Officer to discuss how to exercise those rights by sending an email to email@example.com.
The procedure for exercising your data subject rights is available at www.carnival.com/request-forms/eu-customer-data-subject-rights.aspx.
You also have the right to lodge a complaint with the relevant data protection authority.
- Send an email to firstname.lastname@example.org
- Write to Carnival Cruise Line, Attention: Customer Service, PO Box 1429 Chatswood NSW 2057 AUSTRALIA; or
If you are in New Zealand, you can:
Write to Carnival Cruise Line, Attention: Customer Service, PO Box 105874, Auckland 1143, NEW ZEALAND.
Further Information about Privacy
If you are in Australia and you would like further information about privacy generally, please contact the Office of the Australian Information Commissioner by calling 1300 363 992 or visit the Commissioner’s web site at www.privacy.gov.au
If you are in New Zealand and you would like further information about privacy generally, please contact the Office of the Privacy Commissioner by calling 0800 803 909 or 09 302 8600 (Auckland) or 04 474 7590 (Wellington) or visit the Commissioner’s web site at www.privacy.org.nz