Privacy Cookies

Privacy Policy

Personal data processing statutory notice

Costa Crociere S.p.A. (hereinafter also “Costa Crociere”), as data controller, in accordance with article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”), is providing the following information about the processing of the personal data which you, as the data subject, have provided us:

  • a) for buying a travel package;
  • b) within the context of cruises (e.g. purchases made);
  • c) registration on the Costa Crociere web site and/or app or the filling in of forms on the Costa Crociere web site.
Purposes and legal basis of processing

In addition, the data which you have provided may also include some personal data defined by the Code and the GDPR as “special category data”. Sensitive/special category data shall be processed according to the purposes shown further on and only with your consent.

  • a) Purpose regarding contractual performance. Your personal data shall be processed for the purpose of performing obligations arising out of the contract for the purchase of the travel package, for allowing Costa Crociere to deliver the service in an optimal manner and, specifically, for:
    • (i) the formation, management and performance of contractual relations between you and Costa Crociere;
    • (ii) responding to your requests;
    • (iii) notification of information regarding the travel package (e.g. changes to contractual terms and conditions, etc.);
    • (iv) the creation of activities which serve to make your cruise enjoyable and pleasant and to guarantee high entertainment standards on board ships (i.e. party events, photo shoots and video recordings, games, etc.). In addition, in relation to the photos taken and videos recorded by photographers and video operators on board our ship, who work with us to make the cruise experience is unforgettable, please note that whenever you do not wish to be part of photos/videos or whenever you do not want your photos to be displayed on the display board at the Photoshop, you may go to the Photoshops which will record your wishes from time to time. The removal of a photo that features you may only be made after you have reported it.
  • b) Legal, health and safety purposes. Your personal data shall also be processed for the following purposes:
    • (i) legal, regulatory, domestic and EU compliance and that arising out of orders issued by authorities within the scope of their legal authority;
    • (ii) establishing, exercising and/or defending a Costa Crociere legal claim before the courts;
    • (iii) guaranteeing the necessary medical assistance during the cruise;
    • (iv) complying with the requirements of the CLIA association and the USPHS.
  • c) Business and statistics-related purposes. Your personal data shall also be processed for purposes relating or relevant to Costa Crociere business operations and for the processing of statistics in anonymous form and market research.
  • d) Additional purposes. Furthermore, whenever you expressly give your consent, your personal data shall be processed for the following purposes:
    • (i.) Marketing purposes, including:
      • a. promotional activities of Costa Crociere, companies in the Carnival Corporation & PLC Group (hereinafter the “Group”), also abroad, and/or commercial partners, implemented using both automated methods (e.g. e-mail, sms, instant messaging apps, etc.) and non-automated methods (e.g. regular mail, telephone with operator, etc). Specifically, Costa Crociere may use your e-mail address provided at the time you purchased a travel package, for sending you information and promotional notifications linked to services and products similar to those offered by Costa Crociere and the Group and/or commercial partners, also without your consent, provided you have not opposed said use.

        The Carnival Group companies are: Carnival Corporation (CCL), Carnival PLC (P&O, Cunard, Princess Asia), Costa Croceire S.p.A. (AIDA and Costa), Holland America Line N.V., general partner of Cruiseport Curacao C.V. (Holland America Line and Seabourn) Princess Cruise Lines, Ltd (Princess, Alaska, P & O Australia and Cunard), SeaVacations Limited (CCL business in UK).

        The commercial partners belong to the following product and market categories:
        • a) tourism-related activities;
        • b) airlines/transport services;
        • c) travel agencies;
        • d) insurance companies.
      • b. profiling activities, i.e. analysis of your travel preferences and market research for the purpose of enhancing the offering of services and sales information from Costa Crociere, matching them more closely to your interests. Said activity may also be implemented by submitting customer satisfaction questionnaires and/or the use of profiling cookies used during browsing Costa web sites.
    • (ii.) Purposes for the provision of accessory services, including:
      • a. registration on sites (e.g. MyCosta) and digital platforms, for allowing you to access and use the services provided on the portal and reserved for registered users and for guaranteeing you a customised vacation (e.g. for the purchase of wellness packages, beverage packages, photos, Costa-branded gifts and party events, etc.).

Processing for Marketing Purposes (i.e. for both promotional and profiling activities) may be implemented only with your consent.

Nature of data provision and consequences arising out of any refusal

The provision of your personal data is optional; however, without the data requested for the purposes shown in a) and b), the service requested or part thereof may not be performed and you may not be able to take advantage of above-mentioned opportunities.
The provision of optional data shall allow Costa Crociere to enhance the services offered, for rendering them better tailored to the personal interests of its passengers.
The provision of sensitive/special category data is optional; however, without said consent, Costa Crociere may not be able to comply with a number of contractual obligations and guarantee you any necessary medical assistance.

Personal data recipient categories

Your data shall not be disseminated. Your data may be disclosed only for the purposes stated above to the following categories of persons and entities:

  • - Costa Crociere in-house staff, appointed as data processing agents and/or data processor;
  • - companies belonging to the Costa Crociere Corporate Group, also located abroad;
  • - to the suppliers and/or agents/operators which, on board ships and ashore, provide services required during the cruise (e.g. port agents, entertainment operators, etc.);
  • - persons, companies, associations or professional firms providing services or advisory or consulting services to Costa Crociere for protecting its claims (e.g. chartered accountants, physicians, lawyers, tax consultants, auditors and consultants within auditing or due diligence operations, etc.);
  • - persons, companies or agencies that provide marketing services and analysis or consulting activities to Costa Crociere;
  • - persons and entities that are authorised to access your data, both recognised by law and secondary legislation or by orders issued by authorities empowered by law, including port authorities at the place of landing.

The list of persons and entities to which your data have been disclosed is available at the company at the following addresses: privacy@costa.it or Costa Crociere S.p.A., Piazza Piccapietra, no. 48, 16121 Genoa, to the attention of the Data Protection Officer.

Transfer of personal data outside the European Union

Your personal data may be transferred abroad to third-party companies belonging or outside the European Union for the purposes stated above.
Whenever data is transferred to States outside the European Union, said States shall guarantee an adequate level of protection, based on a specific decision of the European Commission or, alternatively, the recipient shall have a contractual obligation to protect data adopting an adequate and comparable level of protection to that provided under the GDPR.

Retention of personal data

Personal data shall be retained for a period of time not exceeding that necessary for the purposes for which they were collected and subsequently processed. Personal data shall be retained for the full duration of the contract which you have entered into and for a subsequent period:

  • i. within the periods established under prevailing legislation;
  • ii. within the periods established under legislation, including secondary legislation, which require data to be kept (for example tax returns);
  • iii. within the period necessary for protecting the rights of the data controller in the event of any disputes arising concerning performance;

The photos/images and audio/video recordings collected during events and happenings on board shall be retained for a period limited to the duration of the cruise and subsequently they shall be deleted.
Personal data collected and processed for profiling shall be retained for a maximum period of ten (10) years, at the end of which they shall be automatically deleted and rendered permanently anonymous.

Data Controller and Data Processors

The Data Controller is: Costa Crociere S.p.A., with address in Genoa, Piazza Piccapietra, no. 48.

Data Protection Officer

The Data Protection Officer may be contacted at the following addresses: privacy@costa.it or Costa Crociere S.p.A., Piazza Piccapietra, no. 48, 16121 Genoa.

Data subject rights

At any time, in accordance with articles 15 to 22 of the GDPR, you are entitled, also in relation to profiling, to:

  • a) access your personal data;
  • b) request your personal data to be corrected;
  • c) revoke, at any time, consent to the use and disclosure of your personal data;
  • d) request your personal data to be deleted;
  • e) receive the personal data concerning you in a structured, commonly used and machine-readable format, as well as the right to send your data to another data controller;
  • f) oppose the processing of personal data concerning you for marketing or profiling purposes;
  • g) obtain restriction on the processing of personal data;
  • h) lodge a complaint with a supervisory authority;
  • i) receive a notification whenever there is a personal data breach;
  • j) request information about:
    • i. the purposes of processing;
    • ii. the categories of personal data;
    • iii. the recipients or categories of recipients to whom personal data have been or will be disclosed, specifically, whenever data have been sent to recipients in third countries or international organisations and the existence of adequate guarantees;
    • iv. the period personal data shall be retained;
    • v. whenever data have not been collected from the data subject, all information regarding their origin.

You may, at any time, oppose the sending of notifications linked to marketing and profiling activities, by clicking on the “unsubscribe” link at the bottom of the e-mail received or by sending a relevant request to the addresses shown further on.
You may exercise these rights and/or obtain further information about personal data processing, by sending a notification:

  • - via e-mail to: privacy@costa.it or to Costa Crociere S.p.A. Piazza Piccapietra 48, 16121 Genoa, to the attention of the Data Protection Officer.

COSTA CLUB - COSTA CRUISETIPS

Costa Crociere S.p.A. (hereinafter also “Costa Crociere”), as data controller, in accordance with article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”), is providing the following information about the processing of the personal data which you (hereinafter also “Member”), as the data subject, provided on registering with the Programma CostaClub [CostaClub Program] (hereinafter the “Program”). This information notice refers to the data provided by a Member:

  • a) when registering for the Program through any channel;
  • b) when registering on the web site and/or Costa Crociere app;
  • c) during ordinary Club management (e.g. total expenses on board, type of cruises taken, etc.);
  • d) within the context of cruises.
Purposes and legal basis of processing

The personal data of a Member shall be processed for the following purposes:

  • a) Purposes regarding the Program, for managing a Member’s participation in the CostaClub Program and, specifically, for:
    • i. allocating points and other benefits associated with CostaClub Program membership to a Member;
    • ii. managing the aspects relating to the status as a CostaClub Card holder;
    • iii. providing the relevant correlated services, according to procedures provided under these Regulations;
    • iv. providing relevant company notifications to persons with Member status and the benefits of the Program. Specifically, Costa Crociere may use a Member’s e-mail address provided at the time of registering with CostaClub or during participation in the Program, for sending information and promotional notifications related to the Club and its initiatives.
  • b) Statistical purposes, in anonymous and aggregate form.
  • c) Marketing purposes, including:
    • i. promotional activities on products and services of Costa Crociere and related or affiliate companies of the Carnival Corporation &PLC Group (the “Carnival Group”) and/or commercial partners, also with their business address abroad. Specifically, Members’ data may be processed for sending notifications, both using automated methods (e.g. fax, sms, instant messaging apps, etc.) and not-automated ones (e.g. regular mail, telephone with operator, etc.).

      The Carnival Group companies are: Carnival Corporation (CCL), Carnival PLC (P&O, Cunard, Princess Asia), Costa Croceire S.p.A. (AIDA and Costa), Holland America Line N.V., general partner of Cruiseport Curacao C.V. (Holland America Line and Seabourn) Princess Cruise Lines, Ltd (Princess, Alaska, P & O Australia and Cunard), SeaVacations Limited (CCL business in UK). The commercial partners belong to the following product and market categories:
      • a) tourism-related activities;
      • b) airlines/transport services;
      • c) travel agencies;
      • d) insurance companies.
    • ii. profiling activities, i.e. analysis of your travel preferences and market research for enhancing the offering of services and sales information from Costa Crociere, matching it better to a Member’s interests. This processing is done using the personal data collected also during the cruise. Said activity may also be implemented by submitting customer satisfaction questionnaires and/or the use of profiling cookies used during browsing Costa web sites.

Processing for Marketing Purposes (i.e. for both promotional and profiling activities) may be implemented only with a Member’s consent.

Nature of data provision and consequences arising out of any refusal

The provision of personal data required on registering with the CostaClub Program and marked by an asterisk (*) is obligatory for full participation in the Program, for correlated initiatives and for legal compliance. Any refusal to provide the personal data requested, in whole or in part, also during implementation of the Program, may not make it possible for Costa Crociere and for third-party companies providing services within the Program to fully perform or to correctly perform the obligations arising out of the Program.
The provision of personal data not marked by an asterisk (*) is, instead, optional and failure to provide said personal data shall not have any consequences affecting a Member registering for and taking part in the Program.
A Member is entitled to freely express his/her own choices regarding personal data processing, manifesting separately his/her own will for each purpose.

Personal data recipient categories

Data will not be disclosed except in those cases where disclosure is required by law or expressly authorised by a Member. A Member’s data may be disclosed for the purposes stated above to the following categories of persons and entities:

  • i. Costa Crociere in-house staff, appointed as data processing agents and/or data processor;
  • ii. companies belonging to the Group also located abroad;
  • iii. persons, companies, associations or professional firms providing services or advisory or consulting services to Costa Crociere (e.g. chartered accountants, lawyers, tax consultants, auditors and consultants within auditing operations or due diligence, etc.);
  • iv. persons, companies or agencies providing marketing services and analysis or consulting activities to Costa Crociere;
  • v. persons and entities whose right to access data is recognised under provisions of law and secondary legislation or orders delivered by authorities for purposes permitted by law.

The list of the persons and entities to which data has been disclosed is available at the company at the following addresses: privacy@costa.it or Costa Crociere S.p.A., Piazza Piccapietra, no. 48, 16121 Genoa, to the attention of the Data Protection Officer.

Transfer of personal data outside the European Union

A Member’s personal data may be transferred to third-party companies in States outside the European Union, for the purposes stated above.
Whenever data is transferred to States outside the European Union, said States shall guarantee an adequate level of protection, based on a specific decision of the European Commission or, alternatively, the recipient shall have a contractual obligation to protect data adopting an adequate and comparable level of protection to that provided under the GDPR.

Retention of personal data

Personal data shall be retained for a period not exceeding that necessary for the purposes for which they were collected and subsequently processed. Specifically, personal data shall be retained for the full duration of the Program and its subsequent editions and for a subsequent period:

  • i. within the periods established under prevailing legislation;
  • ii. within the periods established under secondary legislation which require data to be kept (for example tax returns);
  • iii. necessary for protecting the rights of the data controller in the event of any disputes arising concerning performance;
  • iv. after expiry or on termination based on the limitation period of Members’ rights.

Personal data collected and processed for profiling shall be retained for a maximum period of ten (10) years, at the end of which they shall be automatically deleted and rendered permanently anonymous.

Data Controller and Data Processors

The Data Controller is Costa Crociere S.p.A., with address in Genoa, Piazza Piccapietra, 48.

Data Protection Officer

The Data Protection Officer may be contacted at the following addresses: privacy@costa.it and/or at Costa Crociere S.p.A., Piazza Piccapietra 48, Genoa.

Member rights

At any time, in accordance with articles 15 and 22 of the GDPR, a Member shall be entitled to:

  • a) access his/her personal data;
  • b) request his/her personal data to be corrected;
  • c) revoke, at any time, consent to the use and dissemination of his/her personal data;
  • d) request his/her personal data to be deleted;
  • e) the right to receive the personal data concerning him or her, in a structured, commonly used and machine-readable format, as well as the right to send said data to another data controller;
  • f) oppose the processing of personal data for marketing or profiling purposes;
  • g) obtain restriction on the processing of personal data;
  • h) lodge a complaint with a supervisory authority;
  • i) receive a notification whenever there is a personal data breach;
  • j) request information about:
    • i. the purposes of processing;
    • ii. the categories of personal data;
    • iii. the recipients or categories of recipients to whom personal data have been or will be disclosed, specifically, whenever data have been sent to recipients in third countries or to international organisations and the existence of adequate guarantees;
    • iv. the period personal data will be retained;
    • v. whenever data have not been collected from the data subject, all information regarding their origin.

A Member may, at any time, oppose the sending of notifications linked with taking part in the Program, marketing activities and/or profiling, by clicking on the “unsubscribe” link at the bottom of the e-mail received or by sending a relevant request to the addresses shown above.
You may exercise these rights and/or obtain further details about personal data processing, by sending a request:

  • - via e-mail to: privacy@costa.it or Costa Crociere S.p.A. Piazza Piccapietra 48, 16121 Genoa, to the attention of the Data Protection Officer.

Cookies Policy

Please note that we use “cookies” technology to obtain information about your experience on our website and to allow certain services to operate that require the user's path through the various pages of the website to be identified.

What are cookies?

A “cookie” is information sent by a server to a browser, which allows the server to collect information from the browser, and vice versa. The cookie will help the website to recognise your device the next time you visit. There are many functions cookies serve. For example, they can help us to remember your username and preferences, analyse how well our website is performing, or even allow us to recommend content we believe will be most relevant to you.

Our cookies are normally anonymous and are not traceable to the user's personal data. First-party cookies are associated to the domain name of the page you are looking at and allow the person to be identified by cross-reference with our database, may only be assigned at the explicit request of users and in order to allow their immediate identification for access to restricted areas of the website without requiring them to enter the login and password manually. The user's identity is never in any case included directly in the cookie and cannot be intercepted.

Every time you access the website, regardless of whether a cookie is present or not, we record the type of browser, the operating system and host and the visitor's source URL, as well as information on the requested page. This data may then be used in aggregate and anonymous form for statistical analysis of how the website is being used.

What types of Cookies does Costa use?

Four types of cookies are used on our website: Strictly necessary, performance, functionality and identification cookies. Our website does not collect personal details and information relating to the individual, unless he/she voluntarily decides to enter them. You can, therefore, browse our website without disclosing any personal identifiable data, including your email address. Remember that if you choose to disable cookies, some sections of the website may not work properly.

Third-party cookies

Costa also uses third-party cookies, installed by Google Analytics for example, to process statistical analyses of the user's browsing habits, on the number of pages visited or the number of clicks the user makes on a page when browsing. Costa processes the results of these analyses for statistical purposes on website user behaviour, in order to improve and fine-tune website content. If you would like further information about third-party cookies, and for information about how to manage or refuse them, click on the links in the table:


Furthermore, Pixel cookies of the sources indicated in the table above are set up. These allow Costa Crociere to monitor the conversions that occur on its websites as a result of the advertisements made on the various sources. For example, in the event that Costa wishes to monitor the visits to a particular campaign advertised on Facebook, the cookie communicates to Facebook whenever a user joined a particular campaign on the Costa website. Facebook compares the conversion event with the group of people who were shown the advertisement or who clicked on it, in order to provide Costa with useful information to understand the return on investment for its advertising costs. Costa also uses this cookie for the purposes of profiling the data subject but only for statistical purposes.

What happens to cookies that have been downloaded in the past?

We will only read or write cookies for the preference level set in the Cookies Settings tool. Cookies set prior to you changing your settings will still be on your computer and you can remove them using your browser settings.

Cookies on Costa Cruises from Social Networking sites

We have links so you can use social networking websites (e.g. Facebook and Twitter or You Tube) from Costa Cruises. These websites may place cookies on your computer and this tool will not block cookies from these websites. We suggest you check the networking website to see how they are using cookies.

Some additional information about the cookies settings tool

We use a cookie to remember your cookie preferences in the Cookies Settings tool this has a couple of consequences:

  • If you delete all your cookies you will have to update your preferences with us again; and
  • If you use a different device, computer or browser you will have to tell us your preferences again

Cookie preference settings are set for this website only (i.e. www.costacrociere.it). If you move to another Costa website (e.g. www.costacruises.co.uk), you'll need to set your cookie preferences for that website too.

Do we track whether users open our emails?

Our emails may contain a single, campaign-​unique “web beacon pixel” to tell us whether our emails are opened and verify any clicks through from links within the email. We may use this information for purposes including determining which of our emails are more interesting to users, and query whether users who do not open our emails wish to continue receiving them. The pixel will be deleted when you delete the email. From that moment on we will not be able to get any data, but will keep previous one.

More information about cookies is available at http://www.youronlinechoices.com/

Managing cookies in the browser

Each type of browser handles cookies in a different way. To disable sumbit your browser:

Accept Refuse

Strictly Necessary Cookies

Some cookies are essential for our website to work properly. These cookies allow us to provide the services requested by users and allow you to browse the website to the best of its capabilities. This type of cookie cannot be disabled because it is needed for the website to work properly.

 


 

#Privacy.NecessaryCookies_Legend

Performance and functionality cookies

Performance cookies gather anonymous information about the pages visited by users. They are used to track the pages most frequently sought and are useful for improving links between pages and determining the reason for possible error messages. Functionality cookies also save the choices made by users in order to improve navigation and your online experience. These cookies are used, for example, to allow you to save a cruise in your list of "favourites". If you remove these cookies, which do not gather any sensitive user data, you will lose some of the functionalities of the website, which will therefore perform less well.


 

#Privacy.PerformanceCookies_Legend

Identification or advertising cookies

These cookies gather information about your browsing habits in order to bring you advertising that is important and relevant to your interests. Sensitive user data will not be tracked, but we advise you to visit the http://www.youronlinechoices.com/uk/ website for more information. If you remove these cookies, you won't lose any functionality.


 

#Privacy.TargetingAllow_Legend