Royal Caribbean Privacy Notice

1. Highlights

1.1 Your privacy matters. We want you to understand how We use the personal data you provide to Us.

1.2 We collect and process data about you. We collect and process your personal data, including certain sensitive personal data, to provide you goods and/or services offered by Us or through Our third party suppliers.

1.3 We need to use your data. We need to use your personal data in furtherance of the provision of goods and/or services and the operation of Our business.

1.4 We need to share your data. As a global business, We share certain personal data with other companies within the Royal Caribbean Group (Royal Caribbean, Celebrity Cruises, and Azamara Club Cruises), with our post cruise photography merchandise supplier and with other business partners. We choose Our suppliers and business partners carefully and put in place safeguards to ensure that they protect your personal data.

2. Who is responsible for your personal data referenced in this Privacy Notice?

2.1 References to “We”, “Us” or “Our” in this privacy notice mean the data controller who is responsible for the processing of personal data referenced in this Privacy Notice. The data controller can be determined as follows:

  1. Royal Caribbean Cruises Ltd. of 1050 Caribbean Way, Miami, Florida 33132, USA, (“Royal”) if (i) you are sailing on Our Royal or Azamara Club Cruises vessels, (ii) if you use Our websites, mobile application(s), or shipboard kiosks outside of the European Economic Area (EEA) or United Kingdom (UK), or (iii) if you booked your cruise through an entity based outside of the EEA or UK;
  2. Celebrity Cruises Inc. of 1050 Caribbean Way, Miami, FL 33132, USA, (“Celebrity”) if (i) you are sailing on Our Celebrity vessels, (ii) if you use Our Websites, mobile application(s), or shipboard kiosks outside of the EEA or UK, or (iii) if you booked your cruise through an entity based outside of the EEA or UK; or
  3. RCL Cruises Ltd., Building 3, The Heights, Brooklands, Weybridge, Surrey KT13 0NY, UK, (“RCL”) if (i) you use Our websites inside the UK, the EEA, Australia, and New Zealand, (ii) if you use Our mobile application(s) or shipboard kiosks inside of the EEA or UK, or (iii) you book a cruise through RCL Cruises Ltd or any entity based inside of the EEA or UK.

3. What personal data we collect and how we use it

Booking data

3.1 Before your cruise, We collect certain identifying information (your name, address, booking number, identification and travel documents (passport, visa, etc.). In addition, We collect your photograph; you may provide Us a photograph (e.g. through Our mobile app (and please note that Royal Caribbean, Celebrity Cruises, and Azamara Club Cruises each have their own mobile app) (App) or via your Check-in on www.royalcaribbean.com) and/or We may take your photograph (Photograph). The Photograph is used to further identify you before and during your cruise.

3.2 Royal, acting as a controller in its own name or acting as a processor for Celebrity and RCL may process this Photograph and extract certain data from the Photograph (e.g. biometric data) so as to better identify you. The manner in which We will use this data is described in more detail below.

3.3 This processing is used to create efficiencies in Our offering of goods and/or services with resultant convenience to you. We use your biometric data (where you have consented for Us to do so) for Frictionless Arrival and for use of the onboard Photo Services (defined below), as described in more detail below.

3.4 We will only process your personal data in accordance with applicable data protection law and in the following instances:

  1. Where you have provided your explicit consent (in the case of biometric data); and/or
  2. Where it is necessary for the performance of a contract between Us; and/or
  3. Where it is necessary for compliance with a legal obligation which We are subject; and/or
  4. Where it is necessary for the purpose of legitimate interests pursued by Us.

Biometric data

3.5 Use of this facial recognition services involves the processing of biometric data for the purpose of identifying you. Your explicit consent is needed in order to avail of this service. Your biometric data will only be processed if you have provided your explicit consent, and if each of the guests in your statement also provide their explicit consent. Your explicit consent may be (i) given to Us before you sail or during Our check-in process; or (ii) obtained by Us using the photo kiosks in the photo gallery onboard Our ship (in the case of Photo Services).

3.6 Your biometric data is: (i) kept in a dedicated and secure location onboard Our ship; (ii) held in a system that is not connected to the Internet or any outside system; and (iii) never shared with third parties.

3.7 Your consent may be withdrawn at any time. If you withdraw your consent, you will no longer be able to avail of facial recognition services.

Frictionless Arrival

3.8 At most ports of entry (e.g. airports, seaports, etc.), check-in and embarkation are time-consuming processes requiring manual review of identifying information and documents (e.g. photo identification, etc.).

3.9 Frictionless Arrival reduces this time so Our customers can start enjoying their cruise earlier. By processing biometric data from your Photograph, cameras in Our Frictionless Arrival lane will be able to identify you, using biometric data and facial recognition, without the need for further identification.

Onboard Photo Services

3.10 We provide you with individual and group photography opportunities ("Photo Services") at the following locations onboard the cruise:

  • Embarkation - at designated points when you are boarding a ship.
  • Gangway - when you are using gangway platforms at ports of call to embark and disembark a ship.
  • Restaurants - when you are present in dining rooms, bars, lounges and similar on a ship.
  • Portraits - at portrait sessions at various locations on a ship
  • Private Portraiture - exclusive private studio photo session at various locations on a ship.
  • Rides - at automated cameras on certain amusement rides on ships.

3.11 Having your photograph taken by one of Our photographers is entirely your choice. Photographs do not contain any personal information that will identify you to us unless you provide your SeaPass card to the photographer for swiping at Photo Services (pursuant to clause 3.12 below). If you choose to have your photograph taken with one or more guests other than those in your stateroom, those guests will be entitled to access and purchase the photograph even if you choose not to purchase it. If you do not wish other guests to purchase photographs which include you or others in your stateroom, we ask that you do not participate in group photographs.

3.12 If you consent, and if each of the guests in your stateroom consent, We will use facial recognition services to identify you in the photographs so that we can automatically allocate your photographs to your stateroom photo kiosk account when your SeaPass is swiped at Photo Services. In order to use this service, we process your facial features, facial characteristics and facial geometry as contained in your security photo (as provided by Us) and as contained in photographs taken at Photo Services. Photographs will only be approved for allocation to your stateroom photo kiosk account once they have been manually verified by us against your security photo. We process this personal data together with your booking data in order to automatically allocate photographs to your stateroom photo kiosk account.

4. Legal basis for the processing of your personal data

4.11 Notwithstanding any other legal basis for the collection and processing of your identifying information, including your Photograph, the processing of your biometric data as described in paragraph 3 is based on your consent.

4.12 Your consent to one or more of the processing activities in paragraph 3 is voluntary and can be withdrawn at any time up until 3 (three) days prior to your sail date through Check-in on Our website or App. Additionally, withdrawal of consent for processing of your data for the purposes of Frictionless Arrival can be managed at the port on the day of sailing, where you will use the manual check-in process rather than Frictionless Arrival. You may also withdraw consent for processing of your data for the purposes of onboard Photo Services by opting out at the onboard photography kiosk. For the avoidance of doubt, there will be no processing of the biometric data obtained from your Photograph between the time of the closure of Check-in through Our website or through Our App and the time of your arrival at the port for the departure of your cruise. Your choice not to give consent will not result in any significant negative consequences; however, you will not be able to avail yourself of one or more of the services described in paragraph 3.

4.13 Please note that the revocation of any previously given consent will not affect the lawfulness of processing based on the consent before its revocation and We explicitly reserve the right to process and/or continue to process- notwithstanding consent or the lack thereof- insofar as there is another legal basis for such processing.

5. Who we share your personal data with

5.11 We may share your personal data with:

  1. other companies within the Royal Caribbean Group (Royal Caribbean, Celebrity Cruises, and Azamara Club Cruises);
  2. Our post cruise photography merchandise supplier; and
  3. Our other business partners and third party vendors who assist us in the provision and administration of the cruise and associated onboard services.

6.International transfer of data

6.1 In the event We transfer your data from inside the European Economic Area (“EEA”) to countries outside the EEA (e.g. to Royal or to our post cruise photography merchandise supplier) We will use the European Commission’s Standard Contractual Clauses (also known as Model Clauses) to provide safeguards for your personal data that is transferred outside the EEA so you can rest assured that We seek to adhere to the strict European standards of data security and usage. The same protections apply to ransfers of data from within the UK to countries outside the UK.

7. Data Security

7.11 We have implemented and maintain appropriate technical and organizational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way. Appropriate measures have been taken to ensure that your personal data is kept safe and secure.

8. How long we keep your personal data for

8.11 Your personal data is retained for no longer than is allowed under applicable data protection law and in any case, for no longer than the purpose(s) which the personal data was collected or processed exist(s) which is typically (but not always) no longer than 1 (one) year after you purchase any service, unless a longer retention period is required by applicable law or is justified under applicable statutory limitation periods.

8.12 Printed hard copy photographs taken onboard the ship and displayed in the photo gallery which have not been purchased by the end of the cruise are destroyed at the end of each cruise. This does not apply on ships where printed hard copy photographs are only available on demand via the photo kiosk, as only purchased photographs are printed.

8.13 Digital photographs taken onboard the ship are automatically deleted no later than 6 weeks after the cruise ends. Special occasion and private portraiture photographs are retained for up to 1 (one) year.

8.14 Biometric data generated by the facial recognition service is automatically deleted within 5 weeks after the end of your cruise.

9. Your rights

9.1 Certain additional rights apply to you if:

  1. you use Our digital platforms while in the EEA or UK to provide your Photograph and to consent to one or more of the activities described in paragraph 3 above; or
  2. your data controller is RCL (to determine your data controller, see paragraph 2 above).
If you meet either of the criteria listed above, you may have, subject to the requirements set forth under applicable data protection law, the right to ask Us to:
  1. provide you with access to the personal data that We hold about you;
  2. correct your personal data;
  3. erase your personal data;
  4. restrict our processing of your personal data; or
  5. object to our processing of your personal data.

9.2 To exercise any of these options, please submit your request through the Guest Data Subject Request Form which is available through the privacy policy referred to at paragraph 10.2 below.

9.3 You also have the right to request that We move your personal data to another organisation or to object to Us using your personal data for profiling or direct marketing purposes. You can exercise these rights by using the Submit an Inquiry button in the Guest Data Subject Request Form.

9.4 You also have the right to make a complaint about how We process your personal data to your data protection supervisory authority.

10. Further information

10.1 If you have questions regarding the use of personal data referenced in this Privacy Notice, you may contact Our data protection officer at privacy@rccl.com.

10.2 For further information regarding the use of personal data, please see Our Privacy Policy available on our corporate website and can be found here https://www.royalcaribbean.co.uk/privacy/.