What is the purpose of this notice?
In this notice we refer to the Viking River Cruises UK Limited as “Company”, “We”, “Us” and “Our”. We are committed to protecting and respecting Your privacy.
This notice is provided for our prospective, existing and former suppliers and their staff (referred to in this notice as “You” and “Your”). This notice tells You about how We process Your personal information, including Our collection, usage and sharing of Your personal information.
This notice (together with Our Cookie Notice published on our Website, and the terms of use published at www.vikingcruises.co.uk/terms-conditions/index.html) (the “Notices”) tells You about how We process your personal data, including Our collection, usage and sharing of Your personal data, and including in relation to Your use of our website at www.vikingcruises.co.uk (the “Website”).
We will only process Your personal information in accordance with the Notices (and any other information We give to You about how We process Your personal information) and in accordance with the Data Protection Legislation.
In this notice, the terms “Data Controller” and “Data Processor” each have a meaning set by law (“Data Protection Legislation”). The Data Protection Legislation is, from the date it comes into force in the United Kingdom, the EU General Data Protection Regulation (2016/679) and, until such date, the Data Protection Act 1998. Please note that “personal information” is a reference to “personal data” as defined under the Data Protection Legislation.
Your Data Controller
We are a Data Controller in relation to Your personal information. Our address is Nelsons House, 83 Wimbledon Park Side, London, SW19 5LP. We can be contacted by email at data.protection@vikingcruises.com and by telephone on 0208 780 7900.
Data Compliance Officer
Our Data Compliance Officer can be contacted at data.protection@vikingcruises.com.
YOUR PERSONAL INFORMATION
What personal information do We collect about You?
We obtain Your personal information (including that of Your staff) from the following sources:
- From Your staff : Your staff will know what personal information We obtain from them, because the member of staff (or someone they have authorised Us to deal with e.g. another member of your staff) has provided it to Us. Examples of how We obtain personal information about You includes when You market, offer and/or agree to supply Us with products and services (including as part of any bid or tender process); when You give Us information via email, during a telephone call or in face to face discussions and also from networking events, trade shows and exhibitions. We will also hold health and safety related data about You and Your performance of Your contracts with Us.
- From third parties: We may obtain personal information about You from third party sources, by way of introduction. For example, We may be passed Your details by other parties within the industry/our clients as a potential supplier.
What choices do you have as to the personal information We collect?
To complete an order with You to buy goods and services from You, as a minimum We need the following in order to place the contract:
- Your name, postal address, email address and phone numbers, as well as at least one contact person within Your business and details of their preferred method(s) of contact (“Contact Details”).
- · The description and quantities of the goods and/or services You will provide to Us.
- Your payment details.
- References or referees
If You prefer for Us to hold and/or to use less personal information about You, You can choose to make less available but please note that withdrawing or withholding personal information from Us will mean that You may not receive updates and requests for further goods and services from Us (whether by telephone, email or other means), plus it may mean that We cannot place a contract with You for the purchase of goods and/or services if You do not provide us with the minimum details (as set out above).
If You ask us to erase any of Your personal information We may be unable to comply with Your previous instructions to Us about Your personal information. For example, if We erase records of Your instruction not to email You, You may receive an email from Us if We subsequently lawfully acquire Your email address from a third party.
USING YOUR PERSONAL INFORMATION
How do We use Your personal information?
For as long as We have access to Your personal information, We will use it for the following purposes, unless otherwise required as a result of Your exercising Your data protection rights. We may use Your personal information for any of the following purposes, whether We obtained it directly from You (or someone You authorise), or another source.
Use | Basis of Use |
To contact You about a potential supply arrangement with You | [Our legitimate interest in approaching You about possible business opportunities.] |
To make a decision to buy goods and/or services from You, including making enquiries of You, undertaking supplier approval checks and negotiating the terms of any contract To perform Our obligations to You under the contract with You for the supply of goods and services, including the processing of payments to You | [If You are a sole trader or a partner in a partnership: Processing will be necessary for taking steps to enter into the contract or to perform it.] [In any other case, including where You are a member of staff working for a sole trader or partnership: Our legitimate interest in working with You to make Our decision or for Us and You to perform the contract.] |
[Processing will be necessary to ensure the performance of the contract we have with you.] | |
To take legal or administrative action in relation to Our supply arrangement with You, including to enforce the terms of the contract and resolve any disputes | [Our legitimate interest in enforcing the contract and in resolving disputes with You, and as necessary to establish, exercise or defend legal claims.] |
To undertake financial management, planning and reporting within Our business | [Processing will be in Our legitimate interest in respect of corporate governance and management.] |
To undertake health and safety management activities and checks | [Processing will be in Our legitimate interests to ensure the health and safety of Our staff and visitors to Our premises, and (depending on the circumstances) may be necessary to protect the vital interests of You or another person if You are physically or legally incapable of giving consent (or, if You are capable of giving consent, We will seek Your explicit consent).] |
To keep in touch with You regarding future business opportunities | [Our legitimate interest in staying in touch with You to discuss potential repeat business.] |
KEEPING YOUR PERSONAL INFORMATION
How long will We retain Your personal information?
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. Details of our retention policy applicable to You are available from our Data Compliance Manager and can be requested via data.protection@vikingcruises.com.
In determining the appropriate period for the retention of Your personal information, We consider the amount, nature and sensitivity of that personal information, the purposes for which We process your personal information and whether We can achieve these purposes by other means, as well as the applicable legal requirements.
SHARING YOUR PERSONAL INFORMATION
Who do we share Your personal information with?
For as long as We have access to Your personal information, We may share any of it with any of the following to the extent that they need to have access to Your personal information in order to perform their role:
- Any employee within Our organisation and our group of companies including Viking River Cruises Inc. When we store and use Your personal data in electronic format, we use IT systems that are operated by Viking River Cruises Inc., and located in the United States.
- Where applicable, [such as ships, airlines, national border control agencies, event organisers].
- Our banks and other payment processing service providers who process Our payments to You.
- Our IT service providers who provide, maintain, improve, manage, optimise or fix the IT facilities that We use or rely on in our business, including computing devices, computer networks, connectivity, telecommunications, software, our Website.
- Our professional service providers, such as accountants, auditors, legal advisers and insurance brokers.
- Our archive storage providers.
- Any third party company or companies in the event that We go through a business transition, such as a merger, being acquired by another person or company, or selling a portion of Our assets.
We reserve the right to disclose Your personal information to other third parties if We have lawful grounds to do so, or are under a legal obligation to disclose or share it with them, or in order to establish, exercise or defend Our legal rights or to protect the rights or safety of the Company or Our staff.
We do not share Your personal information with third parties for their own marketing purposes.
Do we transfer Your personal information abroad?
In some cases We will transfer Your personal information to a location that is outside the United Kingdom, and even outside the European Economic Area (or after 25 May 2018, the European Union).
The European Commission decides, for the purposes of Data Protection Legislation, whether or not states outside the European Economic Area have “adequate” safeguards for personal information.
As stated above, We use IT systems that are operated by Our group company and located in the United States. The United States is not currently considered to provide adequate safeguards, although its Government operates Privacy Shield and members of that scheme are considered to have “adequate” safeguards. We have entered into a contract with our group company in the US using an agreement approved by the European Commission for the purpose, to provide safeguards. You can ask for a copy of the contract via data.protection@vikingcruises.com.
[If You are located outside the UK, EEA or (after 25 May 2018) the EU, or if You work for Us in relation to Our business or customers outside those jurisdictions, We may need to transfer Your personal information to the relevant location. If the location is one that the European Commission does not consider to have “adequate” safeguards for personal information, We will ask for Your consent before We transfer Your personal information to that place
We can lawfully make necessary transfers of your personal information to these overseas locations if we have your explicit consent. If we ask you for your explicit consent and do not obtain your consent, this may impact on Our ability to process Your personal data using Our electronic systems, and/or it may result in being unable to enter into a contract with You/fulfil our obligations under Our contract with You.
YOUR RIGHTS
What if your personal information changes?
It is important that the information We hold about You is correct and accurate. Please tell us if Your personal information changes during Your relationship with Us.
What rights do you have?
In certain circumstances and by law, You have the right to:
- Request access: to Your personal information that We hold about You. This is commonly referred to as a “subject access request”. This enables You to receive a copy of the personal information We hold about You and to check We are lawfully processing it.
- Request Correction: of Your personal information that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
- Request Erasure: of Your personal information. This enables You to ask Us to delete or remove personal information where: (i) there is no good reason for Us continuing to process it; (ii) You have withdrawn Your consent to Our processing, if We rely on consent; (iii) You have exercised Your right to object to processing (see below) and no exception permits Us to keep using it; (iv) it is established that We did not have the lawful right to process Your personal information; or (v) the law requires Us to erase Your personal information.
- Object to processing: of Your personal information where We are relying on a legitimate interest (or those of a third party) and where there is something about your particular situation which makes You want to object to the processing on this ground and there is no exception which applies to permit Us to keep using it or We use it for scientific or historic research purposes or statistical purposes.
- Request the restriction of processing of your personal information: This enables You to ask Us to suspend the processing of personal information about You, for example if You want Us to establish its accuracy or the reason for Our processing it or You consider We no longer need to use Your personal information for the purposes for which it was collected or used (but You need it to be preserved for the purposes of legal claims). You may also ask Us to restrict processing if You have exercise Your right to object to Our use of Your personal information and no exception applies to permit Us to keep using it.
- Request the transfer: of Your personal information (where we hold it in electronic format), to You or a third party, in a commonly used electronic format. we support .csv format.
- Right to complain: You have the right to complain to the Information Commissioner (http://www.ico.gov.uk/) if You have any concerns in respect of the handling of Your personal data by the Company.
If You want to review, verify, correct, or request erasure of Your personal information, withdraw consent, object to the processing of Your personal information, or request that We transfer a copy of Your personal information to another party, please contact data.protection@vikingcruises.com.
No Fee is usually required
You will not pay a fee to access Your personal information (or to exercise any of the other rights). However, We may charge a reasonable fee, or refuse to deal with Your request, if Your request (other than a request for corrections, erasure or restriction), is clearly unfounded or excessive. Alternatively, We may refuse to comply with Your request in such cases.
What we may need from you
We may need specific information from You to help us to confirm Your identity and ensure Your right to access the information (or to exercise any other right). This is another appropriate security measure to ensure that the personal information is not disclosed to someone who is not entitled to receive it.
Withdrawing consent
If You have provided Your consent to Our use of Your personal information for a specific purpose, You have the right to withdraw Your consent for that specific processing at any time. To withdraw Your consent, please contact data.protection@vikingcruises.com. Once We have received notification of Your withdrawal of consent, We will no longer process Your information for that purpose, unless We have another legitimate basis to do so by law.
Our protection of Your personal information
We have taken reasonable steps to put in place appropriate security measures to protect Your personal information when it is processed by Us or on Our behalf.
We do not accept any responsibility for the policies of third party Data Controllers, such as providers of search engines and social media services. Your use of such third parties, their websites and services is at Your own risk. Please check the third parties’ Privacy Notices before You submit any personal data to them.
Changes to this Notice
We reserve the right to make changes to this Privacy Notice from time to time. If this Privacy Notice changes in any way, We will place an updated version on our Website. Regularly reviewing our Website ensures that You are always aware of what information We collect, how We use it and under what circumstances, if any, We will share it with other parties.
If You do not agree to the changes that we make from time to time, please tell us via data.protection@vikingcruises.com. If material changes are made to this Privacy Notice, We will notify You by placing a prominent notice on the Website.
Your Comments Are Appreciated
If You have any questions or comments regarding the Privacy Notice, You can send Us an email at data.protection@vikingcruises.com.
Notice date: May 2018
