Privacy Notice of Hapag-Lloyd Cruises, a TUI Cruises GmbH company

Hapag-Lloyd Cruises is pleased about your visit to our website as well as about your interest in our company and our products. We take the protection of your personal data very seriously and would like you to know how and for what purpose your data will be saved or used.

The data controller is Hapag-Lloyd Cruises, a TUI Cruises GmbH company (referred to in this Notice as “we” or “us”).

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. Your privacy matters to us, so please do take the time to read our Privacy Notice which explains:

  • What types of personal data we collect and why we collect it.
  • When and how we may share personal data with other organisations.
  • The choices you have, including how to access and update your personal data.

We have tried to keep this Notice as simple as possible, but if you are not familiar with terms such as data controller, special categories of personal data, then read about these and some others in Key terms.

When you register for any of our services, you may provide us with:

  • Your personal details, including your address, email address, phone number and date of birth.

When you browse our websites or use our mobile apps, we may collect:

  • Travel preferences.
  • Information about your browsing behaviour on our websites.
  • Information about when you click on one of our adverts, including those shown on other organisations’ websites.
  • Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.
  • Social preferences, interests and activities.

When you buy our trips in our travel agencies or online, we may collect:

  • Passenger information, passport details, other ID document details.
  • Insurance details.
  • Relevant medical data and any special, dietary, religious or disability requests.
  • Information about your purchases, including what you bought, when and where you bought it, how you paid for it and credit or other payment information.
  • Information about your browsing behaviour on our websites.
  • Information about when you click on one of our adverts, including those shown on other organisations’ websites.
  • Information about the way you access our digital services, including operating system, IP address, online identifiers and browser details.
  • Social preferences, interests and activities.

When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our services, we may collect:

  • Personal data you provide when you connect with us, including by email, post and phone or through social media, such as your name, username and contact details.
  • Details of emails and other digital communications we send to you that you open, including any links in them that you click on.
  • Your feedback and contributions to customer surveys and questionnaires.

Other sources of personal data

  • We may use personal data from other sources, such as specialist companies that supply information, retail partners and public registers.
  • Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.
  • If you log-in using your social network credentials to connect to our platforms and online services e.g. Facebook, Google+ and Twitter, you will agree to share your user details with us. For example, your name, email address, date of birth, location and any other information you choose to share with us.

Personal data you provide about other individuals

  • We use personal data about other individuals provided by you, such as those people on your booking.
  • By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.

We use your personal data in a variety of ways, as explained below.

To provide the products and services you request

We need to process your personal data so that we can manage your account or booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for. In detail, these are the following purposes in particular:

  • Planning and organisation of the trip you have booked (cruise, shore excursion)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • Transmission to the entrance and exit ports as part of the trip you have booked
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • Transmission to hotels and restaurants (possibly to third countries outside the EU)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
    (Article 49, paragraph 1, point (b), of the GDPR)
  • Transmission to airlines (possibly to third countries outside the EU) when you book a travel package to and from departure and arrival points
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
    (Article 49, paragraph 1, point (b), of the GDPR)
  • Storage of name, telephone number and relationship for information purposes in case of emergency
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    Legitimate interest in the storage of this data consists in informing your relatives of unforeseen emergencies and, if necessary, in asking questions and initiating and/or coordinating measures in your interest.
  • Use of telephone numbers, e-mail address and address for the purpose of customer support, i.e. to advise you and answer your questions in connection with your booked cruise
    Consent (Article 6, paragraph 1, point (a), of the GDPR)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • Use of address and e-mail address for commercial communication (post and e-mail)
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    The legitimate interest consists in direct advertising for future cruises by sending catalogues and flyers with special cruise offers and/or in the context of an e-mail newsletter.
  • Processing of relevant data in response to and management of security incidents, disturbances or other similar unforeseen occurrences on board. Among others, these can be of a medical or insurance-related nature.
    Processing in order to protect the vital interests of the data subject (Article 6, paragraph 1, point (d), of the GDPR)
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    The legitimate interest consists in being able to react to unforeseen events during the itinerary.
  • Planning, organisation and support of the legally valid marriage, registered civil union or symbolic promise of marriage you have booked
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)

To manage and improve our products, services and day-to-day operations

In detail, these are the following purposes in particular:

  • We use personal data to manage and improve our products, websites, customer loyalty or recognition programme(s) and other services.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in providing you with an optimal user experience when using our tele-media services.
  • We monitor how our services are used to help protect your personal data, detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our services.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in protecting you and your personal data from criminal offences when using our services and recognising and preventing the misuse of services.
  • We may use personal data to carry out market research and internal research and development, and to develop and improve our product range, services, shops, IT systems, security, know-how and the way we communicate with you.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in developing and improving our product range, services, shops and IT systems, security, expertise and the methods of our communication with you.
  • We use CCTV images to help maintain the safety of anyone working in or visiting our shops, premises and other buildings, and for the prevention, detection and prosecution of criminal offences. We may also rely on the images to establish, exercise or defend our legal rights.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in identifying and preventing criminal offences and the misuse of services and being able to exercise and assert claims.

To personalise your experience

We want to ensure that marketing communications relating to our products and services, and those of our suppliers and retail partners, including online advertising, are relevant to your interests. In detail, these are the following purposes in particular:

  • To do this, we may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to tailor our communications to make them more relevant and interesting to you.
  • Looking at your browsing behaviour and purchases helps us to better understand you as a customer.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to offer you personalised offers and services.
  • We may also measure your responses to marketing communications relating to products and services we offer.
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to offer you products and services that better meet your needs as a customer.
  • If you do not want to receive a personalised service from us, you can change your preference online (kundendaten@hl-cruises.com), over the phone or by writing to us at any time. We will update our records as soon as we can.

To make contact and interact with you

We want to provide you, as our customer, with even better support. In detail, these are the following purposes in particular:

  • When you contact us, for instance via e-mail, post, telephone or social media, we are permitted to use personal data in order to handle your matter in the best and fastest possible way.
    Consent (Article 6, paragraph 1, point (a), of the GDPR)
    Processing for the performance of a contract (Article 6, paragraph 1, point (b), of the GDPR)
  • We need to process your personal data so that we can manage any promotions and competitions you choose to enter, including those we run with our suppliers and retail partners. For example, if you win a prize.
    Processing for the performance of a contract (Article 6, paragraph 1, point (f), of the GDPR)
    Legitimate interest (Article 6, paragraph 1, point (f), of the GDPR) The legitimate interest consists in enabling us to conduct the promotion and competition as well as notifying you of any winnings.
  • If we have to process special categories of personal data, for example health-related data for medical reasons, we only do this if one or more additional prerequisites apply: we have your express consent; it is necessary to protect your vital interests or those of another person and you are physically or legally not in a condition to give consent; it is necessary for the justification, assertion or defence of legal claims; it is necessary for reasons of an overriding public interest.
    Article 9, paragraph 1, points (a), (c), (f) and (g), of the GDPR
  • We are permitted to combine the data which we collect when you make a purchase in an online shop with personal data that was collected via our websites and other sources.
    Legitimate interests (Article 6, paragraph 1, point (f), of the GDPR)
    The legitimate interest consists in helping us better understand you as a customer and being able to provide you with services and marketing communications (including online advertising tailored to your interests).

We do not sell your personal data to third parties.

From time to time we may send you relevant offers and news about our products and services in a number of ways, including by email. We may also send you information about other companies’ products and services that we believe may be of interest to you. We will only do this if you previously agreed to receive these marketing communications.

When you book or register with us we will ask if you would like to receive marketing communications. You can change your marketing preferences online, over the phone, using the ‘unsubscribe’ link in our marketing emails or by writing to us (e.g. email) at any time.

You may still receive service-related communications from us. For example, confirming bookings you make with us and providing important information about the use of our products or services.

Within the scope of our offer, we offer you the possibility at various points to be informed by us about interesting offers and news in various ways. Provided that you have given your express consent or that the requirements according to § 7 para. 3 UWG (Act against Unfair Competition, Germany) are fulfilled, we will use your email address and any additional voluntary personal details to send you our newsletter on a regular basis. When registering for a newsletter, you may be given the opportunity to provide additional information about yourself, for example if you would like to receive a birthday surprise. We will then process and use the data you provide for these purposes.

If you are no longer interested in receiving certain information or offers in the future or if you no longer wish to receive the information/offers via a certain channel, please inform us by email to datenschutz(at)hl-cruises.com. The unsubscribe function for the newsletter (opt-out link) is also integrated at the end of each email. We will then comply with your request immediately.

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online services or from websites.

Collection of Access Data and Log Files: We, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers.

Processed data types:
Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects:
Users (e.g. website visitors, users of online services).

Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).

We like to hear your views to help us to improve our products and services, so we may contact you for market research purposes. You always have the choice about whether to take part or continue in our market research.

We collect your passport or ID card on our cruises so that we can fulfil all visa as well as entry and exit requirements for the countries visited. We would like to inform you about the data protection aspects relating to this.

What are the legal grounds and purpose of processing?

The legal grounds for the collection of your passport/ID card are the fulfilment of the contractual obligations from the cruise contract concluded with you in accordance with point (b) of Article 6(1) of the GDPR. The identity documents will be collected by our trained staff on board, stored securely and returned to you at the end of the cruise. The purpose of this is to fulfil the visa as well as entry and exit requirements of destination ports and thereby facilitate your entry and exit.

How long is my data stored?

We will keep your identity document safe until the end of your cruise. If it is no longer necessary for us to keep your document during a cruise, it will be returned to you sooner. We do not keep any copies of your passport/ID card.

Who will receive my data?

We show your identity document to the port authorities responsible for entry and exit procedures during your cruise. Trained personnel are always present.

Will my data be shared with third countries (outside of the European Economic Area)?

Identity documents are presented to the port authorities for processing at each port we visit on our cruises.

Is the provision of my data mandatory?

In some countries (e.g. Singapore), the authorities require the collection of identity documents. In other countries, this is a service we provide to make the process as pleasant for you as possible. You do not usually need to be present in person when we present your passport/ID card to the authorities early in the morning or late at night. However, as official regulations change and we are therefore unable to guarantee the actual organisation of your booked cruise, we collect the identity documents of our guests as a matter of course. We therefore ask that you discuss with our service team prior to the start of the cruise the possibility of keeping your identity document with you.

Will automated decision-making, including profiling, take place?

Automated decision-making, including profiling, will not take place.

 

In order to provide products or services requested by you we may share personal data with suppliers of your travel arrangements, including airlines, hotels and transport companies.

We also work with carefully selected suppliers that carry out certain functions on our behalf. For example, companies that help us with IT services, storing and combining data, marketing, market research, processing payments and delivering products and services. We may need to share personal data to establish, exercise or defend our legal rights; this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk.

When we share personal data with other organisations we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

We only share the minimum personal data that enable our suppliers and retail partners to provide their services to you and us.

For the purposes of performing the travel contract concluded with you, we transmit your personal data to, among others, the above-mentioned recipients in countries outside of the jurisdiction of European data protection laws for which the European Commission has determined that there is not an appropriate level of data protection. In particular, this transmission is carried out for the preparation of the cruise and is required due to local legal requirements to register passengers upon docking in ports. Some separate data protection agreements contracts exist with service providers who support us in carrying out the cruise. You can request copies of any existing data protection contracts from our data protection officer.

So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.

Some countries will only permit travel if you provide your advance passenger data (for example Caricom API Data and US Secure Flight Data). These requirements may differ depending on your destination and you are advised to check. Even if not mandatory, we may assist where appropriate.

We may share the minimum personal data necessary with other public authorities if the law says we must, or we are legally allowed to do so.

For the purposes of performing the travel contract concluded with you, we transmit your personal data to, among others, the above-mentioned recipients in countries outside of the jurisdiction of European data protection laws for which the European Commission has determined that there is not an appropriate level of data protection. In particular, this transmission is carried out for the preparation of the cruise and is required due to local legal requirements to register passengers upon docking in ports.

Since 01 November 2021, tour operators are obliged to be partners of the Deutscher Reisesicherungsfonds GmbH for insolvency insurance. In the event of a clain the Deutscher Reisesicherungsfond requires all essential information about your trip in order to perform its duties. Therefore, we would like to inform you in the course of this data privacy notice what personal data we transmit to the Deutscher Reisesicherungsfond in the event of a claim:

  • Your master data
  • Your booking-related data
  • Your flight data and transfer data
  • Data in the event of repatriation

Your data will be sent to:

Deutscher Reisesicherungsfonds GmbH
Sächsische Straße 1
10707 Berlin
E-Mail: kontakt(at)drsf.reise
www.drsf.reise

Deutscher Reisesicherungsfonds GmbH is an independent data controller according to the General Data Protection Regulation of the European Union (GDPR). Please acknowledge the Information on the collection and processing of personal data in accordance with Art. 14 of the General Data Protection Regulation (GDPR) of Deutscher Reisesicherungsfonds GmbH (available in German language only).

You have the right to information, correction, erasure or restriction of processing, data portability and objection to the processing of personal data concerning you. You also have the right to complain to a data protection authority. However, if you have questions or complaints, we ask that you first contact our corporate data protection officer at datenschutz(at)hl-cruises.com.

In the event that you have consented to us processing your personal data, you can withdraw this consent at any time. The processing of your data prior to the time you withdraw consent will remain lawful even if you do withdraw consent. If you would like to withdraw your consent, please write to kundendaten(at)hl-cruises.com and provide your customer number. Please note that, in the event of a withdrawal of your consent, processing may still be possible under certain circumstances on a legal basis, for example if this is necessary to fulfil a legal obligation or if there is a legitimate interest in further processing.

We know how important it is to protect and manage your personal data. We take appropriate security measures to help protect your personal data from accidental loss and from unauthorised access, use, alteration and disclosure.

The security of your data also depends on you. For example, where we have given you or where you have chosen a password for access to certain services, you are responsible for keeping this password confidential.

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. We put in place appropriate protections to make sure your personal data remains adequately protected and that it is treated in line with this Notice. These protections include, but are not limited to, appropriate contract clauses, such as standard contract clauses approved by the European Commission, and appropriate security measures.

We will retain your personal data for only as long as it is necessary for the uses set out in this Privacy Notice and/or to meet legal and regulatory requirements. After this period, we will securely erase personal data. If data is needed after this period for analytical, historical or other legitimate business purposes, we will take appropriate measures to anonymise this data.

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. Please see our separate Cookie Notice.

Our may contain links to websites operated by other organisations that have their own privacy notices. Please make sure you read the terms and conditions and privacy notice carefully before providing any personal data on another organisation’s website as we do not accept any responsibility or liability for websites of other organisations.

Thank you for your interest in the social media profiles of Hapag-Lloyd Cruises, provided by Hapag-Lloyd Kreuzfahrten GmbH.

We have the following social network channels:

Please note that by registering for the social networks, you also agree to the privacy policies of the networks in question that also apply to services such as our profiles.

Data processing and intended purpose
We take the protection of your personal data on the social networks very seriously and want you to be aware of how and why your data are stored or used.

Personal data include your name, date of birth, e-mail address and phone number. We and the companies operating on our behalf only collect and process the personal data concerning you that we obtain from you through our social media channels for the purposes of communication and only insofar as necessary for the purposes of our profiles. Specifically, we process data in the following instances:

  • If you contact us by sending us a direct message; in this case, we will store and process your data – primarily your name – in order to respond to your enquiry.

We will erase these data after the end of the communication. The storage periods of the networks might deviate from this. The personal data you transmit to us through direct messages and contact forms will not be disclosed to third parties by us.

Please note that other users can see what you post on our profiles and how you interact with our pages, i.e. what posts you share or “Like” and so on.
If we post links to third-party websites, this privacy policy does not apply to those links.

Addendum: data processing on Facebook
Your personal data will be collected if you visit our Facebook page. If you are logged in, the data will be your Facebook profile data. In any case, the data will include your IP address and browser information.

The data will be processed by Facebook and by us as joint controllers. The data are processed on the basis of point (f), Article 6, paragraph 1, of the European General Data Protection Regulation (GDPR; our legitimate business and communicative interests in the provision of an information and communication channel on social media, in this case Facebook).

You have a right to ask for a copy of the personal data we hold about you. You can write to us asking for a copy of other personal data we hold about you.

Please include any details to help us identify and locate your personal data. Where we can provide data access, we will do so free of charge except where further copies are requested in which case we may charge a reasonable fee based on administrative costs.

We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details we hold are incorrect, please let us know.

You can also ask for your personal data to be rectified or erased, to object to the processing of your personal data and, where technically feasible, to ask for personal data you provided to be transmitted to another organisation.

We will update or erase your data, unless we have to keep it for legitimate business or legal purposes.

You can also contact us if you have a complaint about how we collect, store or use your personal data. We aim to resolve complaints but if you are dissatisfied with our response, you may complain to the local data protection authority https://www.datenschutz-hamburg.de/.

Please submit your request or complaint in writing to the Legal Department/Data Protection Officer:

Hapag-Lloyd Cruises, a TUI Cruises GmbH company, Datenschutz, Heidenkampsweg 58, 20097 Hamburg

E-Mail: datenschutz(at)hl-cruises.com

Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to help ensure that you are authorised to make such a request or complaint when you contact us on behalf of someone else.

We will only collect and use your personal data if at least one of the following conditions applies:

  • We have your consent;

    Example: Booking
    You give us permission to process your personal data when you book a trip.

  • It is necessary for a contract with you or to take steps at your request prior to entering into a contract;

    Example: To provide the products and services you request
    We need to process your personal data so that we can manage your booking, provide you with the products and services you want to buy and help you with any orders and refunds you may ask for.

  • It is necessary for us to comply with a legal obligation;

    Example: Sharing personal data with regulatory authorities
    So that you can travel, it may be mandatory (as required by government authorities at the point(s) of departure and/or destination) to disclose and process your personal data for immigration, border control, security and anti-terrorism purposes, or any other purposes which they determine appropriate.

  • It is necessary to protect your vital interests or those of another individual;

    Example: In an emergency
    Your insurance company, their agents and medical staff may exchange relevant personal data and special categories of personal data with us in circumstances where we/they need to act on your behalf or in the interest of other customers or in an emergency.

  • It is in the public interest or we have official authority; or

    Example: Security operations
    We may use personal data to respond to and to manage security operations, accidents or other similar incidents, including medical and insurance purposes.

  • It is in our or a third party’s legitimate interests and these are not overridden by your interests or rights.

    Example: To personalise your experience
    We may use your personal data to better understand your interests so that we can try to predict what other products, services and information you might be most interested in. This enables us to tailor our communications to make them more relevant and interesting for you.

Where we need to process special categories of personal data, for example health data for medical reasons, we will only do so if one or more additional conditions apply. For example, we have your explicit consent; it is necessary to protect the vital interests of you or another individual and you are physically or legally incapable of giving consent; it is necessary to establish, exercise or defend legal claims; it is necessary for reasons of substantial public interest.

This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Privacy Notice changes.

Last update: November 2021

Data controller: The data controller determines the purpose and manner in which personal data is used.

European Economic Area (EEA): EU Member States plus Norway, Iceland and Lichtenstein.

Online advertising: Marketing messages that you may see on the internet.

Special categories of personal data: This are categories of personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; health data; and data concerning a natural person’s sex life or sexual orientation.

Caricom API Data: Some or all of the Caricom states have entered into an agreement with the USA whereby advance passenger data, required by and provided to Caricom states for border security purposes, will be passed to the USA Department for Homeland Security for processing on behalf of those Caricom states. Please see the Caricom website Caricom webseitef or more details.

US Secure flight Data:The Transportation Security Administration (TSA) requires you to provide your full name, date of birth and gender for the purpose of watch list screening. You may also provide your Redress Number, if available. Failure to provide details may result in denial of transport or denial of authority to enter the boarding area. TSA may share information you provide with law enforcement or intelligence agencies or others under its published system of records notice. Please see the TSA webseite for more details.

Cookies are small data files that allow a website or a mobile app to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on our websites and mobile apps, and we use them to improve your customer experience. With our permission, cookies may be placed on our websites and mobile apps by other organisations. For example, we use cookies to do the following:

To improve the way our websites and mobile apps work

Cookies allow us to assess and improve the way our websites and mobile apps work so that we can personalise your experience and allow you to use many of their useful features. For example, cookies help us to keep track of what you are booking as you move through each stage of the booking process; they help us to remember your preferences such as recent searches or shortlisted holidays, and the contents of your online shopping basket.

To improve the performance of our websites and mobile apps

Cookies can help us to understand how our websites and mobile apps are being used, for example, by telling us if you get an error messages as you browse, to test different designs of our website and mobile app pages. Website analytics, including Google Analytics, provides information about the number of visitors to our website and mobile apps, which parts of our website and mobile apps are most popular and if there are any trends such as one specific page being viewed mostly by people in a particular country. These cookies help us to improve your experience.

To deliver relevant online advertising

We use cookies to help us deliver online advertising that we believe is most relevant to you on our websites, mobile apps and other organisations’ websites. For example, these cookies help us to suggest flights from your nearest airport, holidays in destinations you have shown interest in or products you might like.
These cookies may collect data about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket.
This means that you may see our adverts on our websites, mobile apps and on other organisations’ websites. You may also see adverts for other organisations on our websites and mobile apps.
To help us to deliver online advertising that is relevant to you, we may also combine data we collect through cookies in the browser of your devices with other data that we have collected.

To measure the effectiveness of our marketing communications, including online advertising

Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert so it does not become too repetitive. We also use cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you.

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times. If users have consented to the collection of their sideline data, these can also be processed.

The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

Information on legal basis:
If we ask users for their consent (e.g. in the context of a so-called "cookie banner consent"), the legal basis for processing data for online marketing purposes is this consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Google Analytics Audiences
We use Google Analytics to display ads placed by Google and its partners only to users who have shown an interest in our online services or who have specific characteristics (e.g. interests in specific topics or products determined on the basis of the websites visited) that we transmit to Google (so-called "Remarketing Audiences" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads match the potential interest of users.

Processed data types:
Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses) and Location data (Data that indicates the location of the end device of an end user).

Data subjects:
Users (e.g. website visitors, users of online services), Prospective customers, Customers, Employees (e.g. Employees, job applicants), Communication partner (Recipients of e-mails, letters, etc.).

Purposes of Processing:
Targeting (e.g. profiling based on interests and behaviour, use of cookies), Remarketing, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors), Cross-Device Tracking (Device-independent processing of user data for marketing purposes), Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content).

Security measures:
IP Masking (Pseudonymization of the IP address).

Legal Basis:
Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR). Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area:
a) Europe: www.youronlinechoices.eu.
b) Canada: www.youradchoices.ca/choices.
c) USA: www.aboutads.info/choices.
d) Cross-regional: https://optout.aboutads.info

 

Services and service providers being used

Google Tag Manager
Google Tag Manager is a web tag management solution that allows us to manage website tags through a single interface (including Google Analytics and other Google marketing services in our online services). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, reference is made to the information below regarding Google services.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: marketingplatform.google.com; Privacy Policy: policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant

Google Analytics
Website analytics, such as Google Analytics, help us to understand how visitors use our website. We can view a number of reports about how visitors interact with our website. This helps us to constantly improve our website visit in the interest of our visitors.

Website analytics use so-called first-party cookies to track visitor interactions. In our case they are used to collect information about how visitors use our website. We then use the information to create reports that help us to improve our website.

For example, Google Analytics collects information anonymously. It reports on website trends without identifying individual visitors. You can turn off Google Analytics without affecting how you visit our website. For more information about disabling tracking by Google Analytics on all the websites you use, visit Google. (Link: tools.google.com/dlpage/gaoptout)

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant; Opt-Out: Opt-Out-Plugin: tools.google.com/dlpage/gaoptout, Settings for the Display of Advertisements: adssettings.google.com/authenticated

Google Signals
Additional marketing options that apply only to users who have enabled personalized ads on Google (https://support.google.com/ads/answer/2662856) and include device-based and cross-device data processing.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: support.google.com/analytics/answer/7532985; Privacy Policy: policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant; Opt-Out: Opt-Out-Plugin: tools.google.com/dlpage/gaoptout, Settings for the Display of Advertisements: adssettings.google.com/authenticated

Google Ads and Conversion Tracking
We use the “Google Ads" online marketing method to place ads on the Google advertising network (e.g., in search results, videos, websites, etc.) so that they are displayed to users who have an alleged interest in the ads. We also measure the conversion of the ads. However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we ourselves do not receive any information that can be used to identify users.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: marketingplatform.google.com; Privacy Policy: policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant.

Microsoft Advertising (formerly Bing Ads)
We use Microsoft Advertising to serve ads to Bing and other Microsoft advertising partners so that they are displayed to users who have a presumed interest in the ads. We also measure the conversion of the ads. However, we only learn the total number of anonymous users who clicked on our ads and were redirected to a page with a conversion tracking tag. We do not receive any information that can be used to identify users.
Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Website: about.ads.microsoft.com/de-de; Privacy Policy: privacy.microsoft.com/de-de/privacystatement; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant; Opt-Out: choice.microsoft.com/de-DE/opt-out

Google Ad Manager
We use the "Google Marketing Platform" (and services like "Google Ad Manager") to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform" is characterised by the fact that ads are displayed in real time according to the presumed interests of the users. This allows us to display ads for and within our online services in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which he is interested on other online offers, this is referred to as "remarketing".
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: marketingplatform.google.com; Privacy Policy: policies.google.com/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant.

Google DoubleClick
We also use Google products to analyze data from Google's DoubleClick services for statistical purposes. Thus, in order to improve our offers, we can analyze what happens after a user clicks on our ad, e.g. whether the user bought our product or accessed the ad from a cell phone. Furthermore, you will receive interest-based advertising by means of these services. If you do not wish to receive this, you can disable it via Google's Ads Preferences Manager: www.google.com/settings/ads/onweb/.

DoubleClick sets a cookie on your computer to record your surfing behavior on various websites (tracking) and to play out interest-based advertising. If you wish to permanently disable this, you can download a plug-in at the following link to disable the DoubleClick cookie: https://www.google.com/settings/u/0/ads/plugin?hl=de

Adition
We use the ADITION service of ADITION technologies AG, Oststraße 55, 40211 Düsseldorf, Germany, on our website to collect statistical data and to deliver interest-related advertisements based on this data.

Further information on the use and processing of the data can be found in the data protection regulations of ADITION technologies AG at www.adition.com/datenschutz. There you also have the possibility to object to the collection and storage of your data (opt-out).

emetriq / xplosion
emetriq is a provider of targeting services in connection with online advertising. Targeting is defined as focusing online marketing on one target group specifically. For this purpose, emetriq operates a database designed to improve the quality of targeting significantly so that advertisers can show you adverts tailored to your interests.

Purpose of data use:
For the performance of the services of emetriq. emetriq can use the data to recognise you with a cookie and show you adverts and content based on your probable characteristics and interests. By means of statistical extrapolation, emetriq uses the data to form target group segments with which the partners of emetriq are able to personalise and improve their websites, applications and promotional messages.

The following data are used:
Cookie ID; Technical parameters of your browser such as your browser identifier, operating system, screen resolution, device classes and device manufacturer; Surfing habits on partner websites in the form of URLs and referrer URLs – for example, what categories of news and what news articles you have viewed; Potentially customer data (clicks on adverts, customer status, the channel through which you accessed the shop, etc.). Beyond this, emetriq does not collect any personal data such as your name, address or date of birth.

emetriq deletes the data after a maximum of 13 months.

How does emetriq collect data?
emetriq collects raw data from various partners and their websites. The raw data are collected by an emetriq script which is integrated into all of the data sources of the partners in line with the specifications of emetriq. Alternatively, a tracking pixel might be used. Most tracking pixels are images that are 1×1 pixel in size and are transparent or match the colour of the background to make them invisible. When a website containing a tracking pixel is opened, the small image is loaded from the server of the provider and the download is registered by the provider. This enables the provider of the pixel to see when and how many users retrieved that tracking pixel and visited a website.
The provider can also determine whether or not JavaScript is active in your browser. If JavaScript is active, other information such as your browser information, operating system and screen solution can be collected. The raw data are pseudonymised in the user’s browser and then transmitted to the database. In this process, the IP address which is technically necessary for the split-second collection of data is then deleted immediately and not stored by emetriq in connection with the usage data it collected. All of the information collected about a user is stored exclusively with an automatically generated, random cookie ID. A cookie is a text file on your end device (e.g. computer) and is always associated with one browser. If you use two or more browsers on your end device, lots of cookies will be installed on your device. The cookie ID is an automatically generated, random ID which is created only once and therefore makes a browser unique. The ID consists of a sequence of numbers and does not contain any personal data. All of the information collected about a user is stored exclusively with this pseudonymised cookie ID. Due to the procedure described here, it is not technically possible to de-pseudonymise the collected raw data.

What can I do if I do not want my actions to be analysed by emetriq GmbH?
Opt-out: You can opt out of the collection and processing of data by emetriq here at any time: www.emetriq.com/opt-out/. This will cause your emetriq cookie to be replaced by a neutral opt-out cookie. This ensures that emetriq does not use your data. The websites www.meine-cookies.org and www.youronlinechoices.com provide more information about cookies and the individual providers. On these websites, you can even opt out of tailored online advertising by one or all companies at www.youronlinechoices.com/uk/your-ad-choices.

Settings in your browser: You can also configure your browser to block all cookies or delete the cookies at the end of your session. However, please note that in this case you might not be able to use all of the features of our website. You can find information on your browser settings at www.telekom.com/en/corporate-responsibility/data-protection-data-security/digitally-secure

Exactag GmbH
We use the services of Exactag (Exactag GmbH, Wanheimer, Straße 68, D-40468 Düsseldorf) on our website. Exactag GmbH ("Exactag") collects, processes and stores data on this website and its subpages for reach measurement, statistical analysis and business cost optimisation.

The data is collected with the consent of the user on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 sentence 1 TTDSG. Exactag uses cookies as a technology to collect the data.

Would you like to object to data processing?

In order to ensure exclusion from data processing, a cookie can be set in your browser as an alternative to the lack of consent in the data protection settings. This cookie is called "optout" and is set by "exactag.com". It may not be deleted as long as you object to the data processing. If you wish to object to this data processing for the future, please click on this link https://exactag.com/optout-confirmation/

Facebook-Pixel
On the one hand, the Facebook pixel enables Facebook to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel in order to display the Facebook Ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of the users and are not annoying. The Facebook Pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").

Service provider: www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: www.facebook.com; Privacy Policy: www.facebook.com/about/privacy; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): www.privacyshield.gov/participant; Opt-Out: www.facebook.com/settings

Processed data types:
Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses), Location data (Data that indicates the location of the end device of an end user).

Data subjects:
Users (e.g. website visitors, users of online services), Prospective customers, Customers, Employees (e.g. Employees, job applicants), Communication partner (Recipients of e-mails, letters, etc.).

Purposes of Processing:
Targeting (e.g. profiling based on interests and behaviour, use of cookies), Remarketing, Conversion Tracking, Interest-based and behavioral marketing, Profiling (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Web Analytics (e.g. access statistics, recognition of returning visitors), Cross-Device Tracking (Device-independent processing of user data for marketing purposes), Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content).

Security measures:
IP Masking (Pseudonymization of the IP address).

Legal Basis:
Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR). Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area:
a) Europe: www.youronlinechoices.eu.
b) Canada: www.youradchoices.ca/choices.
c) USA: www.aboutads.info/choices.
d) Cross-regional: https://optout.aboutads.info

Userlike Live-Chat
We use a live chat of the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Köln, Germany on our website. At the beginning of the chat personal data is collected.

  • Date and time of the call,
  • Browser type/version,
  • IP address,
  • the operating system used,
  • URL of the previously visited website,
  • Amount of data sent,
  • First name, surname,
  • email address.

Depending on the course of the conversation with our employees, further personal data may be entered by you in the chat. The nature of this data depends strongly on your request or the problem you describe to us. All our employees have been and are being trained on the subject of data protection and are instructed in the secure and confidential handling of customer data. All our employees are obliged to maintain confidentiality and have signed an addendum to their employment contracts as an appendix to the commitment to maintain confidentiality and to observe data protection. By accessing the live chats, the chat widget is loaded from AWS Cloudfront in the form of a JavaScript file. Userlike also saves the history of the live chats. This is done to save you from having to go through the history of your request and for the constant quality control of our live chat service. If you do not wish to have this, you are welcome to inform us using the contact details listed below. Saved live chats will then be deleted by us immediately.

Newsletter
see https://www.hl-cruises.com/legal/privacy-notice (Marketing communications)

Shariff
We use the privacy-secure "Shariff" buttons. "Shariff" was developed to provide more privacy on the net and to replace the usual "share" buttons of social networks. It is not the browser of the user, but the server on which this online offer is located, which establishes a connection with the server of the respective social media platforms and queries, for example, the number of Likes, etc.. The user remains anonymous. More information about the Shariff project can be found at the developers of the magazine c't: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html. Service provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Website: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; Privacy Policy: www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html

Change your cookie settings at Hapag-Lloyd Cruises

You can use your browser settings to accept or reject new cookies and to delete existing cookies. You can also set your browser to notify you each time new cookies are placed on your computer or other device. You can find more detailed information about how you can manage cookies at the All About Cookies and Your Online Choices websites.

If you choose to disable some or all cookies, you may not be able to make full use of our websites or mobile apps. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.

Where we display personalised adverts on other organisations’ websites, the AdChoices icon will usually be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.

This Notice replaces all previous versions. We may change the Notice at any time so please check it regularly on our website(s) for any updates. If the changes are significant, we will provide a prominent notice on our website(s) including, if we believe it is appropriate, electronic notification of Cookie Notice changes..

Last update: May 2022

Your cookie settings

Technically necessary cookies

These cookies are necessary for the functioning of the website and therefore cannot be deactivated. They are used, for example, to save your data protection settings. You can set your browser to block these cookies. However, this will result in some areas of our website no longer functioning.

fe_typo_user
Is set by our website editing system TYPO3. Used to identify a TYPO3 user. Duration: session.

FedAuth
Used by Hapag-Lloyd Cruises to give private and business visitors access to certain content. Duration: Session.

hlkf_agency
Used by Hapag-Lloyd Cruises. Is necessary to deliver tailor-made offers to partner travel agencies. Duration: a few hours.

hlkf_is_agency
Used by Hapag-Lloyd Cruises. Is necessary to deliver tailor-made offers to partner travel agencies. Duration: a few hours.

hlkf_code
Used by Hapag-Lloyd Cruises. Is necessary for catalogue orders to be processed correctly. Duration: a few hours.

hlkf_country
Used by Hapag-Lloyd Cruises to store the country or language version of the website. Is necessary to book a cruise online. Duration: a few hours.

hlkf_currency
Used by Hapag-Lloyd Cruises to store the desired currency. Is necessary to book a trip online. Duration: a few hours.

hlkf_rds_current_tab
Is used by Hapag-Lloyd Cruises to load the desired tab when the page is called up again. If no cookie is set, the standard tab (= overview) is displayed. If the tab was changed, e.g. to "The Ship", "The Ship" will be selected again when the page is reloaded. However, as soon as you close the window completely, the cookies will be deleted again, so that when you visit the page again, you will land on "Overview" again. Duration: a few hours.

hlkf_rds_last_tab
Is used by Hapag-Lloyd Cruises to load the desired tab when the page is called up again. If no cookie is set, the standard tab (= overview) is displayed. If the tab was changed, e.g. to "The Ship", "The Ship" will be selected again when the page is reloaded. However, as soon as you close the window completely, the cookies will be deleted again, so that when you visit the page again, you will land on "Overview" again. Duration: a few hours.

Netmatch_Navigation_Session
Used by Hapag-Lloyd Cruises to facilitate the various steps of the booking process. Duration: 1 day.

OptanonConsent
Is used by OneTrust. Saves which cookies you have agreed to on our website. The cookie contains no personal information. Duration: 1 year.

OptanonAlertBoxClosed
Is used by OneTrust. Contains a timestamp of when the approval was given. Duration: 1 year.


Statistics cookies

These cookies help us to understand the behaviour of our website visitors and make our website even better for you.

_dc_gtm_UA-xxxxxxxx
Is used by Google Analytics, which is delivered via the Google Tag Manager. This cookie does not store any user data. It is used to minimize queries to Google. Duration: 1 minute.

_dvp
Is set by our Clickstream Data Collector Devolte and used for internal statistics Used to understand visitor behaviour in our booking route to make it even easier to use. Duration: 2 years.

_dvs
This session cookie is set by our Clickstream Data Collector Devolte and used for internal statistics. It is used to understand the behaviour of visitors in our booking route to make it even easier to use. Duration: Session.

_ga
Is used by Google Analytics. Creates a unique, randomly generated user ID that is used to identify the visitor and expires after 2 years. This makes it possible, for example, to recognize returning visitors.

_gat
Is used by Google Analytics. This cookie does not store any user data. It serves to minimize the queries to Google. Duration: 1 minute

_gid
Is used by Google Analytics. Similar to the _ga cookie. Contains a unique, randomly generated user ID that is used to identify user behavior. Duration: 1 day.


Marketing Cookies

These cookies can be set via our website by our advertising partners. Some help us measure the success of our marketing campaigns. Others are used to create a profile of your interests and show you relevant advertising on other websites.

ads/ga audiences
Used by Google Ads. Service used to identify visitors to this website and its statistical twins and to reach external websites with tailored ads.

ep
Is used by Xplosion / emetriq. Used to analyze the behavior of visitors to the website and derive preferences. These allow for interest-based advertising on third party websites. Duration: 1 year.

session_session
Used by Exactag. Contains a self-generated session ID. Duration: session.

exactag_new_uk
Used by Exactag. Contains the Exactag user key in the form of a 32 bit hash value. Duration: 6 months.

exactag_new_user
Used by Exactag. Contains information about user categories such as customer type, whether an order process was started, or the last timestamp. Duration: 6 months.

et_uk
Used by Exactag. Writes a 1st party cookie with the UserID as value. Used when 3rd party cookies are not supported by the browser. Duration: 6 months.

et_gk
Used by Exactag. The GroupKey contains a 32-bit hash value for a group of many users, valid for all campaigns per tracking domain. The cookie serves as a statistical tracking pixel. It contains only anonymized data, which is not considered personal data. Duration: 3 months.

exactag_new_gk
Used by Exactag. Contains a UserID in the form of a 32bit hash value that is used across all campaigns. Duration: 3 months. 

gcl_au / gclxxx
Used by Google Ads. Contains a unique, randomly generated user ID that is used to identify user behavior and measure sales. Duration: 90 days.

IDE
Is set by Google Ads in the course of remarketing and sales tracking. Contains a randomly generated user ID. Allows Google to recognize visitors to this website on other websites and to display personalized ads to them. Duration: 1 year.

MUID
Used by Microsoft Ads (formerly Bing Ads). Stores a unique user ID and is used to identify user behavior and measure revenue. Duration: 1 year.

_clck
Used by Microsoft Clarity and triggered by Microsoft Ads (formerly Bing Ads). Stores the Clarity User ID and settings unique to that website in the browser. This allows the behavior to be associated with the same User ID on revisits. Duration: 1 day.

_clsk
Used by Microsoft Clarity and triggered by Microsoft Ads (formerly Bing Ads). Combines multiple page views from a user into a single Clarity session record. Duration: 1 day.

MUID
Used by Microsoft Clarity and triggered by Microsoft Ads (formerly Bing Ads). Stores a unique user ID and is used to recognize user behavior. Duration: 13 months.

SM
Used by Microsoft Clarity and triggered by Microsoft Ads (formerly Bing Ads). Used to synchronize the MUID between Microsoft domains. Duration: Session.

SRM_B
Used by Microsoft Clarity and triggered by Microsoft Ads (formerly Bing Ads). Duration: 13 months.

ANONCHK
Used by Microsoft Clarity and triggered by Microsoft Ads (formerly Bing Ads). Contains the information whether the MUID (Microsoft User ID) was passed to the ANID cookie. Microsoft Clarity does not use ANID, so this value is always set to 0. Duration: 1 day.

pid
Is used by Xplosion / emetriq. Used to analyze the behavior of visitors to the website and derive preferences. These allow for interest-based advertising on third party websites. Further information: www.emetriq.com/datenschutz/ Duration: 1 year.

pid_short
Is used by Xplosion / emetriq. Used to analyze the behavior of visitors to the website and derive preferences. These allow for interest-based advertising on third party websites. Duration: 1 year.

pid_signature
Is used by Xplosion / emetriq. Used to analyze the behavior of visitors to the website and derive preferences. These allow for interest-based advertising on third party websites. Duration: 1 year.

_pm3pc
Used by PIA Media. Checks if 3rd party cookies are supported by the browser. Duration: 1 day.

_pmclid
Used by PIA Media. Saves a campaign ID. Duration: 30 days

pm_counter_{campaign_id}
Used by PIA Media. Is an auxiliary cookie for measuring the retention time. Duration: till the end of the month.

pm_spots_{campaign_id}
Used by PIA Media. Is an auxiliary cookie for measuring the dwell time and documents the measuring point. Duration: till the end of the month.

test_cookie
Is set by Google Ads in the course of remarketing and sales tracking. Checks if the browser allows the setting of cookies. Duration: Session.

uetsid
Used by Microsoft Ads (formerly Bing Ads). Service to recognize the user and measure the sales of ads at Bing. Duration: Session.

UserID1
Is used by Adition. Contains a unique user ID. Is used, among other things, to deliver interest-based advertisements. Duration: 180 days.

tui_dv_global-retargeting
Set by Google / DoubleClick. Allows visitors to this website to be recognized on other websites and to be served personalized advertising. Duration: 540 days

tui_dv_lead_world-catalog-order
Set by Google / DoubleClick. Used to measure the success of an advertising campaign. Runtime: 540 days

tui_dv_site_engagement
Set by Google / DoubleClick. Allows visitors to this website to be recognized on other websites and to be served personalized advertising. Runtime: 540 days

 

Dispute resolution in consumer matters

The European Commission provides a platform for the online resolution of consumer disputes under http://ec.europa.eu/consumers/odr/. Hapag-Lloyd Cruises, a TUI cruises GmbH company is currently not participating in this voluntary procedure for alternative dispute resolution, which is why the European online dispute resolution platform cannot be used by our customers.