§ 1 - INTRODUCTION

Scandlines Danmark ApS, Scandlines Gedser - Rostock ApS, Scandlines Catering ApS, Scandlines Deutschland GmbH, Scandlines Bordershop Rostock GmbH and Scandlines Bordershop Puttgarden GmbH (hereinafter "Scandlines") have a strong focus on ensuring the protection of your personal data. Scandlines has taken special measures to protect your personal data and comply with applicable data protection legislation, including the EU General Data Protection Regulation ("GDPR"). Any reference to the EU GDPR shall also be construed as a reference to applicable national data protection legislation.

Scandlines is the data controller for processing your personal data, i.e. your respective contractual partners when you enter into a contract, the listed operator of our websites when you visit one of our websites, and Scandlines Danmark ApS when it comes to the SMILE program. You will find contact details for Scandlines at the bottom of this page. In addition, for Scandlines Deutschland GmbH, Scandlines Bordershop Puttgarden GmbH, and Scandlines Bordershop Rostock GmbH, an external data protection officer has been appointed. You will also find their contact details at the bottom of this page.

In this privacy policy, you will find information about what personal data we collect when you book tickets or other services, use Scandlines' websites, register for the Scandlines loyalty program (SMILE), participate in Scandlines competitions and when we market our services and products.

As of March 1, 2023, we have the following websites: scandlines.dk, scandlines.de, scandlines.com, scandlines.se, scandlines.pl, scandlines-freight.com, bordershop.com, booking.scandlines.com, scandlines.com, scandlines.dk/bus/, scandlines.de/bus, scandlines.se/bus, scandlines.pl/bus, scandlines.com/bus (hereinafter collectively referred to as the "Website") and the Scandlines App, which you can download from Google Play or the App Store.

In this Privacy Policy, you will also find information about why we process your personal data and what rights you have. Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number and email address, IP address and any other information that can be traced back to you.

§ 2 - COLLECTION AND USE OF DATA

Booking tickets and other services

When you book a ticket or other service with Scandlines, we receive various personal data, including:

  • E-mail address,
  • Telephone number,
  • Postal address,
  • Details about your purchase (such as the quality and quantity of what you bought, when you bought it, etc.)
  • Information on whether you require special assistance when receiving our services
  • License plate number (if you choose to use the number plate as (payment-) identifier.

This data is used solely to enable us to fulfil our contract with you (cf. GDPR, Article 6(1)(b)). The data will be erased once the mutual rights and obligations under this agreement and our legal obligations to retain the data have become time-barred (cf. GDPR Article 6(1)(c)).

Use of the Website

When you visit the Website, for technical reasons, your browser will transmit the following information to us:

  • The page from which the file was requested,
  • The name and directory in which the file can be found,
  • The date and time of the request,
  • The amount of data transferred,
  • The access status (file transfer, file not found, etc.),
  • A description of the type of web browser used,
  • Your IP address. 

Browsing behaviour
Data regarding browsing behaviour on the Website is tracked via cookies and pixels. Scandlines will obtain your consent before using cookies to trace your behaviour on the Website (cf. GDPR, Article 6(1)(a)). 

To get further information about using cookies and pixels, please see our cookie policy.

§ 3 - SMILE PROGRAM

In this Section, you will find information on how we process personal data as a member of the SMILE program.

The SMILE program is offered by Scandlines Danmark ApS, Havneholmen 25, 8. sal, 1561 Copenhagen V, Denmark.

Scandlines Danmark ApS is responsible for handling your personal data in connection with the SMILE program and ensuring that the personal data is processed according to applicable mandatory data protection legislation. In addition, Scandlines Danmark ApS is the data controller by the applicable data protection rules, including GDPR.

Once you become a member of the SMILE program, we will process the following data: 

  • Contact details (such as name, email, residential address)
  • Travel frequency data
  • Browsing behaviour (provided that we have obtained your prior consent)
  • Purchase history made via your SMILE card (price, location and number of products)
  • Your communication history with Scandlines. 

Scandlines processes the above-mentioned personal data to fulfil our obligations to you, including creating an account and calculating SMILE points. The data processing is carried out in accordance with GDPR, Article 6(1)(b).

In addition, we record and use your answers to Scandlines' questions about purchases and other information you may provide to Scandlines in connection with your purchases. The purpose of this is to update Scandlines' knowledge of customer preferences so that Scandlines can pursue its legitimate interests and provide better service to you, including targeted marketing.

The legal basis for this processing is the balancing of interests rule in the GDPR, Article 6(1)(f).

§ 4 – MARKETING IN GENERAL AND CUSTOMER SATISFACTION / CUSTOMER FEEDBACK

We will, in various contexts (e.g. in connection with our SMILE programme, on the Website, in magazines and in applications etc., when you book tickets or while you are using the Scandlines app), ask for your consent to send you messages in the form of newsletters or other marketing material, e.g. by email. The content may be based on information collected from any customer account.

When you sign up and give your consent to marketing, we process the following data:

  • Contact details (including name, email, residential address),
  • Browsing behaviour (provided we have received prior consent from you)
  • Purchase history and travelling frequency (price, location and number of products),
  • History of your communication with Scandlines

The legal basis for processing your personal data to send newsletters and other marketing material is your explicit consent, cf. GDPR, Article 6(1)(a).

In addition, we record and use your answers to Scandlines' questions about purchases and other information you may provide to Scandlines in connection with your purchases. The purpose of this is to update Scandlines' knowledge of customer preferences so that Scandlines can pursue its legitimate interests and provide better service to you, including targeted marketing.

The legal basis for this processing is the balancing of interests rule in the GDPR, Article 6(1)(f).

In addition, we may periodically send marketing material based on general customer data (address data) that we may have received from a third party. In such cases, the legal basis for processing your personal data is based on our legitimate interests in marketing products and services, cf. GDPR, Article 6(1)(f). You are entitled at any time to object to our marketing or to request us to delete your personal data from our marketing database and to exercise any other rights set out in this Privacy Policy.

When Scandlines uses your personal data for the purpose of marketing its products and services, as well as in connection with conducting surveys, we may share your personal data with digital platforms (e.g. Facebook). However, this will be done for the sole purpose of marketing Scandlines' products and services on the relevant social media. The legal basis for this processing likewise is your explicit consent, cf. GDPR, Article 6(1)(a).

As part of Scandlines' customer satisfaction programme, we periodically, to the extent permitted by law, conduct customer satisfaction surveys or request customer feedback, in both cases based on general customer data. The purpose of this is not marketing, and the legal basis for processing your personal data is our legitimate interest in improving our products and services, cf. GDPR Article 6(1)(f).

§ 5 – COMPETITIONS

This Section deals with processing your personal data when you participate in one of our competitions.

  • When you enter one of our competitions, we process the following data: contact details (e.g. name, email, address, telephone number), and
  • Correspondence with Scandlines.

This data processing takes place so that we can select a competition winner and contact the winner.

In connection with your participation in competitions, we will also collect your personal data for marketing purposes. This collection takes place as described in Section 4 above.

Scandlines records and processes the above personal data based on your and Scandlines' legitimate interests, cf. GDPR, Article 6(1)(f), in particular, so that we can contact you or, depending on the terms of the competition, publish your name if you have won the competition.

§ 6 - RECIPIENTS OF YOUR PERSONAL DATA, JOINT DATA CONTROLLING

Scandlines share your personal data with companies in the Scandlines Group (i.e. the companies listed in Section 1) for the above purposes, including awarding SMILE points based on your purchases with a Scandlines company.

Scandlines may also share your personal data with other business partners to fulfil an agreement you have entered into. (For example, we share licence plate information with The Øresund Bridge if you have chosen to use your licence plate as (payment) identification).

Scandlines may also share your personal data with social media and platforms, e.g. Facebook, for the purpose of marketing on these media. Furthermore, we may occasionally act as joint data controllers with social media providers, e.g. when conducting competitions (cf. Section 5) or displaying personalised marketing (cf. Section 3). In such cases, Scandlines enters a joint data responsibility agreement with the relevant social media providers. For example, the agreement with Facebook can be found here: https://www.facebook.com/legal/controller_addendum. If Scandlines acts as a joint data controller, all rights described in this privacy policy apply to this type of data processing.

Scandlines also uses third parties to store and process personal data on our behalf, e.g. hosting providers and third-party providers of statistical and analytical tools in conducting surveys (see Section 10 below). These third-party recipients act as data processors under applicable data protection law. Therefore, they may only process your personal data by our documented instructions. In addition, Scandlines ensures that the third parties have implemented all necessary security measures to protect your personal data.

If we receive a request from an authority or a court, we may disclose your personal data to them if it is required for us to comply with our legal obligations, cf. GDPR, Article 6(1)(c).

§ 7 - TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

Scandlines uses third-party data hosting companies outside the EU and EEA, e.g. in the USA, to store and process personal data collected by us.

All data transfers to such third parties are subject to a written agreement between us and the relevant third-party to ensure full compliance with the EU General Data Protection Regulation (GDPR). Such contracts are generally concluded on the basis of the European Commission's Standard Contractual Clauses. Alternatively, we may place additional supplementary safeguards to protect personal data.

Third parties are obliged to process personal data according to our instructions.

You are entitled at any time to request from Scandlines a copy of the data protection rules to which a given third party is subject. Likewise, you are entitled to request a copy of the data in question, which will be sent to the e-mail address you have provided.

§ 8 - RETENTION PERIODS

Information you provide to us on the Website will generally only be retained for as long as necessary to fulfil our agreement with you or to respond to your enquiries. However, in cases where legislation requires information to be kept for a longer period, we will keep your data for a longer period to fulfil our obligations. This also applies in cases where we have an individual legitimate interest (e.g. in a legal dispute).

Information about your SMILE points earned through purchases will be recorded in anonymised version for three years after the points have expired, cf. Section 7 of the Terms and Conditions for SMILE. You can find the terms and conditions of our SMILE programme here: www.scandlines.com/terms.

Data such as name, email address, home address, telephone number and travel frequency is stored for three years after the expiry of the last points in your account or after your membership has ended unless you have specifically asked us to delete the information at an earlier point in time.

Data relating to the booking of tickets and other services (cf. § 2) will be kept for up to 5 years after the financial year in which you purchased the ticket or service.

Data acquired for direct marketing (cf. Section 4), we store your personal data for as long as you wish to receive material from us and for up to two years after you have declared that you no longer wish to receive the material.

Data received in connection with competitions and used to select a winner of the competition and to contact the winner (cf. Section 5) will be deleted 3 months after the winner has received his/her competition prize unless there are legal requirements for such data to be stored for a longer period. If the data is used for direct marketing purposes, it will be processed and stored by us in accordance with Section 4.

As regards your right to access, rectify, erase or block personal data, the provisions of Section 12 below apply. If you request Scandlines to delete all your data, the membership cannot continue without this data. In that case, the rules on termination in Section 10 of the SMILE programme terms and conditions apply accordingly.

§ 9 - RIGHT TO WITHDRAW CONSENT

You are entitled to withdraw your consent at any time if Scandlines processes your personal data on the basis of consent, cf. above.

When you withdraw your consent, Scandlines will generally cease processing your personal data unless this is possible on another legal basis and without affecting the lawfulness of the processing based on your consent prior to its withdrawal.

§ 10 STATISTICS AND TRACKING

We use third-party providers on the Website and in our newsletters for analytics purposes to help us understand how the Website/newsletters are used. These third-party providers or we may place "cookies", i.e. text files on your computer or tracking pixels that analyse how you use the Website or interact with our newsletters. Information collected through cookies or tracking pixels that analyse how you use the Website or interact with our newsletters is generally transferred to servers of third-party analytics providers in the United States and stored there.

The third-party providers use the information on our behalf to analyse how you use the Website or interact with our newsletters, to compile reports on the activity on the Website and to provide us with other services related to the use of the Website and the Internet.

You can opt out of cookies by changing your browser settings. However, you should be aware that if you opt out of cookies, some of the Website's features will not be fully utilised. It is also possible to opt-out of the recording of cookie data about how you use the Website (including information about your IP address) for specific providers of analytics tools, such as Google, and the processing of this data by the provider, by downloading and installing the browser plug-in available at this link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

If you have agreed to receive newsletters and other marketing material via e-mail, you should be aware that tracking pixels are used in connection with the sending of such marketing. This enables Scandlines to gain insight into your interaction with the marketing material sent so that Scandlines can make the content as relevant to you as possible.

Where we use this information in connection with marketing, the legal basis for this use is set out in Section 4 above.

In our cookie policy, you will find more information about how we use cookies: https://www.scandlines.dk/cookies/

§ 11 - VIDEO SURVEILLANCE 

Scandlines has installed video surveillance systems in certain areas. If video surveillance is installed, this will be clearly indicated by signage.

Data from video surveillance is processed for the following purposes and on the following legal basis:

  • The International Ship and Port Facility Security (ISPS) Code (see GDPR, Article 6(1)(c)).
  • Our legitimate interest to protect Scandlines' property against damage and theft, GDPR, Article 6(1)(f).

Monitoring data is only used in cases where a specific incident occurs and is automatically deleted after 72 hours.

§ 12 - YOUR RIGHTS

Under applicable data protection law, you have a number of rights, which you can exercise by contacting Scandlines as indicated below.

You provide your data to us voluntarily. Please note, however, that we need certain key information from you to provide the requested services. If you request full or partial deletion of your data, you may no longer be able to use certain features of the Website or only to a limited extent.

If you have any questions or comments about the rights set out below, please contact compliance@scandlines.com.

Right of access

You have the right to request access to your personal data processed by Scandlines, including information about the retention period, with whom we share your personal data, etc.
 
Right to rectification and erasure

If Scandlines processes personal data about you that is inaccurate, incomplete or misleading, you have the right to have such data corrected, rectified or blocked.

In some cases, you are also entitled to have your personal data erased.

Right to limit the processing of your personal data
 
In some cases, you have the right to request Scandlines to restrict the processing of your personal data.

If you have this right and you choose to exercise it, Scandlines is only entitled to store or process your personal data for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, unless you have given your consent otherwise.

Right to object

In some cases, you have the right to object to our processing of your personal data (GDPR, Article 21). This applies in specific situations where we process your personal data on the basis of our legitimate interests (see above). You also have the right to object to the use of your personal data for direct marketing purposes.

Right to data portability

In some cases, you have the right to receive your personal data or to transmit your personal data to another controller.

Right to complain

You are welcome to contact Scandlines at any time if you believe that Scandlines is processing your personal data in violation of applicable data protection legislation.

If you do not find a solution with Scandlines or do not wish to contact Scandlines, you can file a complaint on Danish data protection questions with the Danish Data Protection Agency, as well as on German data protection questions with the data protection agency of Hamburg (https://datenschutz-hamburg.de/beschwerde/). Further, you can find contact details of local supervisory authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

§ 13 - CONTACT

You are welcome to send us any questions and suggestions regarding personal data protection by contacting us in writing by email: compliance@scandlines.com.

01 August 2023

Responsible entities: 

Scandlines Danmark ApS *
Scandlines Gedser-Rostock ApS*
Scandlines Catering ApS*


*Havneholmen 25, 8.
DK – 1561 Copenhagen V

Scandlines Deutschland GmbH**
Scandferries Holding GmbH**
Scandlines Bordershop Puttgarden GmbH**
Scandlines Bordershop Rostock GmbH**


**Drehbahn 7
D – 20354 Hamburg

** External Data Protection Officer: Frank Jander, Kedua GmbH, Eichhorster Weg 80, 13435 Berlin.