Poseidon Expeditions is the corporate identity of Poseidon Arctic Voyages Ltd (hereinafter referred to as “our Company”, “we” or “us”), one of the leading providers of polar expeditions in the cruise industry. Our website poseidonexpeditions.com offers online travel-related services through our online platform and the online platforms of our partners.
We are committed to our customers’ privacy and take our responsibilities regarding the protection and the safeguard of customers’ personal data. In this light, our Company is constantly striving to comply with the provisions of the European Data Protection legislation and the relevant local legislation where applicable.
This privacy notice provides information on how and for what purposes we collect personal information and also information regarding the processing of your personal data and your data protection rights. This Notice further explains the functions of our website in relation to data controlling and processing.
IMPORTANT: You are responsible for the accuracy and completeness of all information you provide to us.
The key terms of the Notice:
This Privacy Notice applies to all services offered by Poseidon Arctic Voyages Ltd Group of companies, agents, representative offices, but excludes services that have separate privacy notices and does not apply to websites to which we link.
The information that follows applies to all on-line and off-line sales tools and marketing activities, which our company currently employs. For any future changes you are advised to check our Privacy Notice regularly in view of keeping yourself informed about any changes or updates.
Poseidon Arctic Voyages Ltd - operating under the registered trademark Poseidon Expeditions and registered by the address 59 Mansell St, London E1 8AN, United Kingdom.
The Data Protection Officer of our Company can be contacted at firstname.lastname@example.org
Please, note that we may need to verify your identity before we can act on your request or complaint. In case you contact us on behalf of someone else we may also ask for more information to help ensure that you are authorised to make such a request or complaint.
Our Company is a travel operator. In this capacity, we may collect/process personal information in the following occasions:
A. When you browse in our website:
By browsing in our website poseidonexpeditions.com some information may be collected. More details on how our website works and our Cookies Policy follows further below.
Such Personal Data is used for informative, marketing and advertising purposes and other purposes that are essential for our website’s smooth and effective performance.
B. When you request any information related to our products and services:
We may ask for your personal information (in paper or electronic format) such as:
Before collecting and processing the data you provide on such a request, our company will ask for your explicit consent.
C. When you enter in a contractual relationship with our company by ordering or buying our travel products:
We may ask for further information that is necessary for delivering your travel experience. Such data may include:
Such Personal Data is necessary for a contract with you or for taking any steps at your request prior to entering into a contract.
IMPORTANT: Our services are not directed to children under 18 years old. The use of any of our services for those under 18 is only allowed with the valid consent of a parent or a guardian. If we receive information from a child under 18 years old, we reserve the right to delete it immediately! Similarly our website is destined for adults above 18 years old.
D. Personal data is received by us from our partners and representative offices:
Our Company has sales and representative offices both within and outside the European Economic Area (EEA). In addition, our company collaborates with a network of travel agents and third parties worldwide. In this respect, we may receive and use personal data sent from our partners in order to execute our travel services.
In a nutshell, we process personal data on the legal basis of the consent or because these data are essential for the execution of a contract between us and our customers. In more limited cases, we process data for legitimate business purposes (e.g. border controls, functionality of website, improvement of services, marketing, advertisement etc.) or for protecting your vital interests (e.g. health security.)
IMPORTANT: In case that any customer refuses to provide necessary and required information, we will not be able to deliver any related product or service(s).
Your Personal Data is used (processed) only in relation to our services in a variety of ways as explained below:
IMPORTANT: We ensure our customers that our Company does not take or make any decisions based on automated processing.
Our Company constantly aims for the improvement of its products and services. In this respect, we may use some information provided for internal statistical or marketing purposes. Occasionally, we may ask our customers by email, phone or via a text message or through social media platforms, depending on the contact information our customers decide to share with us, to take part in market researches. This contact may only arise for marketing/informative purposes or for asking for a review concerning our delivered services. Any additional personal details that you give us as part of the market research will only be used upon your explicit consent and for the purposes of the specific market research only. Your data will be erased after completion of the research and we assure that our Company does not share or sell any personal data to third parties for marketing purposes.
IMPORTANT: Such participation in market research inquiries will take place only after your consent and you are always able to ask for an opt-out from any future inquiries and/or ask for your contact details to be directly deleted or restricted for such use in the future.
We aim to protect children's privacy and safety online including restrictions on the marketing of those under 18.
In the normal course of our services, we have to share some of the information provided with third parties, namely collaborators and suppliers in order to effectively deliver travel products.
More specifically we may share some information with sales and representative offices, agents, hotels, transportation companies, medical/insurance services providers, payments processing services providers and wherever else it is necessary in view to providing our services.
It is important to note that following the nature of our specific travel products, data sharing includes transfer to third countries outside the EEA that may not benefit from an adequacy decision issued by the European Commission.
In these occasions, our Company verifies that the recipients of the data are subject to appropriate restrictions and obligations regarding data protection by implementing binding corporate rules and standard protection model clauses.
In addition, we only share the minimum personal data that enable our suppliers and partners to provide their services to you and us.
In the event that any customer wishes to obtain a report of which data were retained and to which parties were made available he/she may contact our Data Protection Officer (DPO) by email referred above.
During or prior to your travelling, it may be also mandatory (as required by government authorities at the point(s) of departure or destination) to disclose and process your Personal Data for immigration, border control, security and customs, or any other purposes which the authorities determine appropriate.
In exceptional circumstances we may disclose necessary Personal Data to the appropriate authorities, in situations limited to circumstances that may constitute a threat to life, to public health or to public safety, without the prior warning or consent of data subjects.
Our Company constantly endeavours to keep the Personal Data shared with us safe and protected from any accidental loss and from any unauthorized access, use, alteration and disclosure. In this respect we try to take all appropriate technical and organizational measures. For transfers and processing within our business and main collaborators we employ suitable technological products which are in-line with European Union General Data Protection Regulations (GDPR) and specifications.
We also use standard communication methods such as emails, fax and phone. In these occasions we verify (through legally binding instructions) that:
After delivery of our services or if you stop interacting with us as a customer, we will retain your Personal Data for only as long as it is necessary for the purposes set out in this Privacy Notice and/or to meet legal and regulatory requirements.
We actively review the information we hold and erase it securely after expiry period (usually 7 years). If after expiry the data is further needed for analytical, historical or other legitimate business purposes like audit, legal actions etc., we will take appropriate measures to anonymise this data or to restrict/minimize access to this data.
We may also employ cloud computing services for storage purposes. To this end, we collaborate with cloud providers, which are compliant with EU protection rules. Our cloud services providers are part of the EU-US Privacy Shield. According to the relevant decision of the EU Commission, companies that are on the "Privacy Shield List" can be generally viewed as having an "adequate level of data protection" and are compliant with EU data protection rules.
After delivering our travel experience, we will retain your contact details for e-mailing on our Company behalf only upon your explicit consent.
Our Company operates it’s website for informative, marketing and advertising purposes. Browsing in our internet pages is basically possible without any impact on personal data. However, if you wish to make use of some features of our website or to make use of any services of our company via our internet pages, the processing of personal data may become necessary.
1. Usage data
It is important to note that each time our customers visit our website, some general data and information may be collected. This information is stored in the log files of the web server and it concerns your IP address, the time of access, the accessed pages or files, the previously visited page function, as well as the amount of data transmitted, the device used and the type of browser used.
The data is collected without your intervention and it is stored until automated deletion.
This information is required to (1) properly deliver the contents of our website to the user's computer, (2) to ensure the functioning and security of our website and (3) for other administrative purposes in the frame of our website management.
This information is not used for any profiling of the users or for any marketing purposes and it is only required from a smooth and effective performance of our website.
2. Website hosting
According to the relevant decision of the EU Commission, companies that are on the "Privacy Shield List" can be generally viewed as having an "adequate level of data protection" and are compliant with EU Data Protection Rules. Our website is a certified participant in the EU-US Privacy Shield Agreement.
Through our website we give the opportunity to request an online quote by using our Contact Form. You can get detailed information related to our services and products.
For processing your request our website will ask for your basic personal and contact information mainly, your name, title (optional), telephone number (optional), a valid email address, date of birth and gender. Therefore you will be asked to provide your consent to this processing.
Your details from the contact form or the personal data transmitted by e-mail will be automatically saved.
In addition, we provide our customers with the option to subscribe to our free newsletter sent by email in order to receive our news and special offers. For this purpose, our website will request a valid email address. At the same time your IP address and the time with the date and time of your registration will be saved. The collection of this data is necessary in order to be able to trace any possible misuse of the e-mail address at a later date and therefore serves as a legal safeguard for us.
The personal data collected in the context of registering for the newsletter will be used exclusively to administer and send our newsletter.
A customer can opt-out or unsubscribe from our newsletter at any time by using the «unsubscribe» link in each newsletter. This will also result to the erasure of the provided data from our systems.
If you register for the first time for the newsletter, for legal reasons, a confirmation email will be sent to the registered e-mail address using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address is the actual person interested to receive our newsletter.
The Personal Data collected in the context of registering for the newsletter will be used exclusively to administer and send our newsletter. For administration of the newsletter, including shipping, we use a platform service provider who certified its compliance with the EU-US Privacy Shield Framework.
The newsletters we send also contain “counting pixels”. A counting pixel is a miniature graphic embedded in emails and enable log file recording and log file analysis. This information enables us to proceed to a statistical evaluation of the success or failure of our online marketing campaigns. More specifically, the embedded pixel allows us to know if and when an e-mail was opened by you, and which links contained in the e-mail were accessed by you. This helps us to evaluate and effectively optimize our newsletters and also to further adapt the contents of future newsletters to your interests. These data are not disclosed to any third parties.
5. Social media
Our Company uses social media to promote, improve and facilitate our services. On our website we link through integrated social media links to social media services such as Facebook, Twitter, Instagram and YouTube. These links work as pure hyperlinks to those platforms. Therefore, by clicking on the respective buttons you will be asked to login to your social media account. In this respect, any personal data transmission takes place only when you login your social media account and the respective social media service may thereby learn what content you have viewed on our website.
The responsibility for the linked social media services lies exclusively with the respective social media provider.
Among other things, these links also contain information about options for setting up your privacy and about your further rights regarding the collection, processing and use of your data by the respective service.
You are responsible for the transfer of data to the aforementioned social network services, as you become active by logging in the respective service yourself, thus initiating the subsequent processing of data by the respective social media service.
We may also enable you to sign in to poseidonexpeditions.com services with your social media accounts. Furthermore, after the completion of your voyage/travel experience or other related product of our Company, we may invite you to submit a review about your experience through certain social media or other similar Internet based platforms. By completing a review, you will be asked if it can be displayed, for example, on the relevant destination page on our website or in our social media accounts, to inform other travellers about the quality and services of our Company. Your consent to such a display can be revoked and the display may be removed at any time upon your written request to us.
In the above cases, your social media provider will be also able to tell you more about how they use and process your data in such cases.
In addition, our Company maintains accounts on social media platforms and offers applications on several social media sites. These social media services may allow you to share information with our website.
6. Web tools
a) Google Web Fonts
Our website uses Google web fonts for a consistent and attractive presentation of our website.
When you visit our website, your browser loads the required web fonts to display texts and fonts correctly. To do this, your browser connects to Google servers. Through this process Google becomes aware that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font will be used by your computer.
Google is certified from the EU-US and SWISS-US Privacy Shield.
b) Google reCaptcha
Google reCaptcha is a system enhancing the security of our website by identifying that any entries are made by a human person and not abusively by a mechanical, automated input. In this way, the generation of spam and bots is prevented.
This service is provided by Google. Hence, through this service, Google can determine from which web page a request is sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, some additional information may be collected by Google that may be required to provide this service.
However, Google is certified from the EU-US and SWISS-US Privacy Shield.
Our website may employ the video platform Wistia. Wistia is a powerful, high-performance platform designed for business applications in view to giving an easy-to-use video viewing.
To access the videos, it is necessary for that your browser connects to Wistia servers. This will inform Wistia that our website has been accessed via your IP address.
Our Company is aware of the rights of individuals concerning their personal data and we endeavour to make sure that our customers are able to effectively exercise their rights.
Data Subjects rights are:
Right to be informed and right to access
You have the right to be informed about your personal data retained by us, in particular their origin and any eventual recipients, as well as the purpose of any data processing and the planned storage period. In addition, you have the right to request and obtain a copy of any information kept related to your person by submitting a written request for that purpose. We will provide you with an answer within 4 weeks upon reception of your request.
Please note that for any further copies requested, we may charge a reasonable fee based on administrative costs.
Right to rectification
You have the right to request an immediate correction of any incorrect or inaccurate data concerning you and a right to have any incomplete personal data concerning you completed.
Right to erasure (right to be forgotten)
You have the right to demand the immediate erasure of your personal data if 1) these data are not necessary for the purposes for which they were initially provided or 2) any given consent by you is explicitly revoked or, 3) there is a rightful objection to a certain processing or 4) the erasure arises from a legal obligation or 5) the processing is illegal.
Please note however, that this right cannot be exercised, if the processing is necessary to fulfil a legal obligation of our company such as the execution of a contract between our company and you as a client.
Right to data portability
Whereas you have provided data by electronic means and the processing of your data is based upon your consent or based on the execution of a contract, you have the right to receive the personal data concerning your person in a structured, commonly used and machine-readable format or to ask the transmission of this data directly to another data controller except in cases where such a transmission doesn’t interfere with rights and freedoms of other persons.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data, provided that 1) the accuracy of your retained data are contested by you or 2) the processing is illegal or 3) the controller no longer needs the personal data for the purposes of the processing or 3) pending an objection to a processing as to the lawfulness of the data retention.
If you have any complaint or further queries on how we collect, store or use your personal data you can contact our Data Protection Officer referred above. We aim to resolve any complaints but if you are dissatisfied with our response, you have the right to complain to the Data Protection Commissioner.
After the global pandemic of Covid-19, Poseidon Expeditions have been performing exceptional measurements in order to safeguard our staff members and more importantly our customers against the health threat that we are currently facing. Our company will continue to maintain business by allowing our customers to reschedule their following trip into upcoming year 2021.
Following the threat of Covid-19, we are required to collect and process new types of information about our customers such as:
All the collected information is considered personal data, especially the individual's health data. Under the GDPR, anything involves with health data is considered extremely sensitive and it requires Consent in order to process any data.
Although, under the threat of a global pandemic such as COVID-19, GDPR has exceptional legal grounds for processing personal data without any consent if it requires for the reasons of public interest in the field of public health for example the protection from serious cross-border threats to health threats.
Why collecting Personal Data is necessary
Poseidon Expeditions may process personal data only if it is required necessary for the protection of the vital interests of our staff members and more importantly our customers. The vital interest is considered necessary for the life of the data subject or to another natural person. According to article 46 of the GDPR, monitoring of epidemics such as COVID-19, processing data can serve the public interest and vital interests of the data subject.
Since the threat of COVID-19 epidemic, our aim is to protect our cruise staff members and our customers, by legally collecting and process personal data as describe above, in order to keep healthy and safe our staff members and customers by preventing or limiting the exposure to COVID-19.
Measurements under GDPR regarding COVID-19
Sensitive data such as health data requires higher protection especially with the COVID-19 outbreak. The measurements to be apply under GDPR are as follow:
Retention Information about Covid-19
During the crisis of COVID-19 any additional or sensitive personal data collect and process as a legal basis under GDPR. Poseidon Expeditions will not keep any data longer than it is necessary.
Last update: August 26, 2020
To make this site work properly, we sometimes place small data files called cookies on your device.