As Disney Cruise Line (we, us) returns to sailing following the public health threat of COVID-19, we are changing some of our usual practices. Our Health Screening Measures (listed in section 2 below) promote health and safety onboard and help minimise the likelihood of spreading COVID-19. More information about our Health Screening Measures can be found at Know Before You Go.
This Privacy Notice describes how your personal data will be collected, used and handled as a result of the Health Screening Measures being implemented throughout your journey, from prior to travel to the end of your time on board our ship.
For the purposes of the data protection legislation including the Data Protection Act 2018 (UK), Magical Cruise Company Ltd (trading as Disney Cruise Line) is the data controller of the Personal Data to be processed in accordance with this Notice.
1 THE SCOPE OF THIS NOTICE
1.1 This Privacy Notice applies to all Disney Cruise Line guests, crew members, ship visitors, and any other person embarking the ships or attending the port.
1.2 This Privacy Notice supplements and does not replace any other privacy notice which applies to you.
2 WHAT TYPES OF PERSONAL DATA DO WE COLLECT?
2.1 Your Personal Data is information which can be identified (either directly or indirectly) as relating to you. The Personal Data we will collect from you or about you from a third party (such as a testing provider), as part of our Health Screening Measures may include special categories of personal data which may be more sensitive, such as health information, and to which extra obligations apply.
2.2 Our Health Screening Measures include:
3 WHY ARE WE COLLECTING YOUR PERSONAL DATA?
3.1 We process your Personal Data in accordance with this Privacy Notice for our legitimate purposes and/or to comply with our legal obligations to:
3.2 We process Special Categories of Personal Data for more restricted purposes and only as permitted by law. We process Special Categories of Personal Data where:
3.3 Without your Personal Data we may not be able to allow you on-board the ship(s).
4 SHARING YOUR PERSONAL DATA
4.1 Where we are required to do so, we may share your Personal Data with third parties who provide professional services such as medical service providers or COVID-19 testing providers; and to government institutions such as public health authorities and port authorities. This may include authorities from the country you boarded the ship, destinations visited and your final port.
4.2 We may also share your Personal Data within The Walt Disney group of companies, if necessary (such as to help reschedule a cruise if you test positive for COVID-19 prior to embarkation) and/or to the third parties who provide products and services to us (e.g. cloud services) in order to carry out activities on our behalf. Where we share your Personal Data, we put in place appropriate contractual protections.
5 SECURITY OF YOUR PERSONAL DATA
The information that you provide will be stored securely on our electronic systems. Only relevant members of staff will have access to the information you provide to us.
6 RETAINING YOUR PERSONAL DATA
We will hold the Personal Data which you provide to us as part of the Health Screening Measures for the purposes listed in this Privacy Notice for no longer than is necessary. We will continue to review the guidance issued by respective governments to determine how long that may be.
Personal Data collected for other purposes, and covered by other privacy notices will be retained for the duration set out in those notices.
7 YOUR RIGHTS
7.1 You can request access to or deletion of your Personal Data, or correct or update inaccurate Personal Data. These rights are not always absolute and there may be reasons we need to retain your Personal Data. We will always tell you if we need to do so. If you wish to exercise any of these rights, you can do so by e-mailing your request to firstname.lastname@example.org
7.2 If you are not satisfied with the response you receive, you have a right to lodge a complaint with your local Supervisory Authority which in the UK, is the Information Commissioner’s Office (“ICO”). The ICO can be contacted via www.ico.org.uk or telephone +44 0303 123 1113.
This Notice may be updated from time to time, and we may issue further guidance or amendments to this Notice.