Data Protection Statement Customer

• 1 - INTRODUCTION

Scandlines Danmark ApS, Scandlines Gedser - Rostock ApS, Scandlines Catering ApS, Scandlines Deutschland GmbH, Scandlines Bordershop Rostock GmbH and Scandlines Bordershop Puttgarden GmbH (hereinafter "Scandlines") have a strong focus on ensuring the protection of your personal data. Scandlines has taken special measures to protect your personal data and comply with applicable data protection legislation, including the EU General Data Protection Regulation ("GDPR"). Any reference to the EU GDPR shall also be construed as a reference to applicable national data protection legislation.

Scandlines is the data controller for processing your personal data, i.e. your respective contractual partners when you enter into a contract and the listed operator of our digital platforms (Website, social media and apps) when you use one of our digital platforms. You will find contact details for Scandlines at the bottom of this page. In addition, for Scandlines Deutschland GmbH, Scandlines Bordershop Puttgarden GmbH, and Scandlines Bordershop Rostock GmbH, an external data protection officer has been appointed. You will also find their contact details at the bottom of this page.

In this data protection statement, you will find information about what personal data we collect when you book tickets or other services, use Scandlines' digital platforms, participate in Scandlines competitions and when we market our services and products.

As of 15 December 2024, we have the following websites: scandlines.dk, scandlines.de, scandlines.com, scandlines.se, scandlines.pl, scandlines-freight.com, bordershop.com, booking.scandlines.com, scandlines.com, scandlines.dk/bus/, scandlines.de/bus, scandlines.se/bus, scandlines.pl/bus, scandlines.com/bus (hereinafter collectively referred to as the "Website") and the Scandlines App, which you can download from Google Play or the App Store.

In this data protection statement, you will also find information about why we process your personal data and what rights you have. Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number and email address, IP address and any other information that can be traced back to you.

 

 

• 2 - WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU AND WHY?

 

When you book tickets or purchase other services from us
 
When you book a ticket or other service with Scandlines, we receive various personal data, including:

• E-mail address,
• Telephone number,
• Address,
• Details about your purchase (such as the quality and quantity of what you bought, when you bought it, etc.),
• Information on whether you require special assistance when receiving our services,
• License plate.

This data is used to enable us to fulfil our contract with you (cf. GDPR Article 6(1)(b)). The data will be erased once the mutual rights and obligations under this agreement and our legal obligations to retain the data have become time-barred (cf. GDPR Article 6(1)(c)).

The following categories of personal data are also stored and processed by Scandlines for analytical purposes or to ascertain the number of passengers aboard the vessel (cf. GDPR, Article(6)(1)(f)):

• E-mail address,
• Telephone number,
• Address,
• Details about your purchase (such as the quality and quantity of what you bought, when you bought it, etc.)
• License plate,
• Photo/video recording of your vehicle including the driver and passengers (to ascertain the number of passengers aboard the vessel),
• Measurements of your vehicle to ensure it matches your ticket type.

The data will be erased in accordance with Scandlines’ retention periods as set out in § 5 below.

When you use our digital platforms (Website, social media and apps)

When you visit our digital platforms (such as our Website, social media and apps), for technical reasons, you will transmit the following information to us:

• The page from which the file was requested,
• The name and directory in which the file can be found,
• The date and time of the request,
• The amount of data transferred,
• The access status (file transfer, file not found, etc.),
• A description of the type of web browser used,
• Your IP address. 

This information is used solely to ensure the technical operation of our platforms and for statistical optimisation purposes. The legal basis for this use is our legitimate interest in providing, operating and improving our digital platforms (cf. GDPR, Article 6(1)(f)).

 

If you participate in satisfaction surveys

As part of Scandlines' customer satisfaction programme, we periodically conduct satisfaction surveys or request customer feedback in order to improve and develop our products, services and marketing - in both cases based on general customer data we process the following personal data:

• Contact details (including name, e-mail, address)
• User behaviour from cookies (provided we have received prior consent from you)
• Information from your social media profiles
• Purchase history and travelling frequency (price, location and number of products)
• History of your communication with Scandlines
• Other information you enter in the survey

 

The legal basis for our processing of your personal data for these purposes is our legitimate interest in conducting the survey (cf. GDPR, Article 6(1)(f)).

 

If you agree to receive newsletters etc. from Scandlines

If you consent to receive newsletters etc. from Scandlines, we process personal data about you in order to carry out marketing in newsletters via, for example, e-mail, SMS and push messages, where we process your personal data:

• Contact details (e.g. name, e-mail, address, phone number)
• Your preferences, if any
• Answers submitted in relation to competitions, if any
• License plate

 

The legal basis for our processing of this personal data is your consent (cf. GDPR Article 6(1)(a)). If you withdraw your consent, we will retain documentation of your consent for a period of time. The legal basis for storing the documentation is our legitimate interest in being able to prove the existence of valid consent until the time of withdrawal of consent (cf. GDPR, Art. 6(1)(f)).

 

When we provide you with personalised marketing

We will, in various contexts (e.g. on the digital platforms, in magazines and in applications etc., when you book tickets or while you are using the Scandlines app), ask for your consent to send you messages in the form of newsletters or other marketing material, e.g. by email. The content may be based on information collected from any customer account.

When you sign up and give your consent to marketing, we process the following data:

• Contact details (including name, email, address)
• Browsing behavior (provided we have received prior consent from you)
• Purchase history and travelling frequency (price, location and number of products)
• History of your communication with Scandlines
• Answers submitted in relation to competitions, if any
• License plate

The legal basis for processing your personal data to send newsletters and other marketing material is your explicit consent, cf. GDPR, Article 6(1)(a).

In addition, we record and use your answers to Scandlines' questions about purchases and other information you may provide to Scandlines in connection with your purchases. The purpose of this is to update Scandlines' knowledge of customer preferences so that Scandlines can pursue its legitimate interests and provide better service to you, including targeted marketing.

The legal basis for this processing is the balancing of interests rule in the GDPR, Article 6(1)(f).

In addition, we may periodically send marketing material based on general customer data (address data) that we may have received from a third party. In such cases, the legal basis for processing your personal data is based on our legitimate interests in marketing products and services, cf. GDPR, Article 6(1)(f). You are entitled at any time to object to our marketing or to request us to delete your personal data from our marketing database and to exercise any other rights set out in this statement.

When Scandlines uses your personal data for the purpose of marketing its products and services, as well as in connection with conducting surveys, we may share your personal data with digital platforms (e.g. Facebook). However, this will be done for the sole purpose of marketing Scandlines' products and services on the relevant social media. The legal basis for this processing likewise is your explicit consent, cf. GDPR, Article 6(1)(a).

When you enter a competition

When you participate in one of our competitions and we may need to contact you as a winner, we process the following personal data:

When you enter one of our competitions, we process the following data:

• Contact details (e.g. name, email, address, telephone number), and
• Correspondence with Scandlines
• Answers submitted in the competition

 

This data processing takes place so that we can select a competition winner and contact the winner (cf. GDPR, Article 6(1)(b)).

In connection with your participation in competitions, we will also collect your personal data for marketing purposes. This collection takes place as described above. Scandlines records and processes the above personal data based on your and Scandlines' legitimate interests (cf. GDPR, Article 6(1)(f)).

Depending on the terms and conditions of the competition, we will publish your name if you have won the competition.

 

Other processing

In addition to the various processing activities described above, we may process your personal data listed above if it is necessary for the establishment, exercise or defence of legal claims (cf. GDPR, Article 6(1)(f)) or if it is necessary for the implementation or preparation of any transaction involving all or part of our business (cf. GDPR, Article 6(1)(f)).

 

 

• 3 - RECIPIENTS OF YOUR PERSONAL DATA AND JOINT DATA CONTROLLERSHIP

Scandlines share your personal data with companies in the Scandlines Group (i.e. the companies listed in Section 1) for the above purposes.

Scandlines may also share your personal data with other business partners to fulfil an agreement you have entered into. In particular, we share license plate information with business partners (such as the Oresund Bridge) if you have purchased a product in relation to which you have chosen to use your license plate as (booking or payment) identification.

Scandlines may also share your personal data with social media and platforms, e.g. Facebook, for the purpose of marketing on these media. Furthermore, we may occasionally act as joint data controllers with social media providers, e.g. when conducting competitions (cf. Section 2 (When you enter a competition)) or displaying personalized marketing (cf. Section 2 (When we provide you with personalized marketing)). In such cases, Scandlines enters a joint data responsibility agreement with the relevant social media providers. For example, the agreement with Facebook can be found here: https://www.facebook.com/legal/controller_addendum. If Scandlines acts as a joint data controller, all rights described in this data protection statement apply to this type of data processing.

Scandlines also uses third parties to store and process personal data on our behalf, e.g. hosting providers and third-party providers of statistical and analytical tools in conducting surveys (see Section 6 below). These third-party recipients act as data processors under applicable data protection law. Therefore, they may only process your personal data by our documented instructions. In addition, Scandlines ensures that the third parties have implemented all necessary security measures to protect your personal data.

If we receive a request from an authority or a court, we may disclose your personal data to them if it is required for us to comply with our legal obligations, cf. GDPR, Article 6(1)(c).

 

• 4 - TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EU/EEA

Scandlines uses third-party data hosting companies outside the EU and EEA, e.g. in the USA, to store and process personal data collected by us.

All data transfers to such third parties are subject to a written agreement between us and the relevant third-party to ensure full compliance with the EU General Data Protection Regulation (GDPR). Such contracts are generally concluded on the basis of the European Commission's Standard Contractual Clauses. Alternatively, we may place additional supplementary safeguards to protect personal data.

Third parties are obliged to process personal data according to our instructions.

You are entitled at any time to request from Scandlines a copy of the data protection rules to which a given third party is subject. Likewise, you are entitled to request a copy of the data in question, which will be sent to the e-mail address you have provided.

• 5 - RETENTION PERIODS

Information you provide to us on the Website or other digital platforms will generally only be retained for as long as necessary to fulfil our agreement with you or to respond to your enquiries. However, in cases where legislation requires information to be kept for a longer period, we will keep your data for a longer period to fulfil our obligations. This also applies in cases where we have an individual legitimate interest (e.g. in a legal dispute).

Data relating to the booking of tickets and other services (cf. Section 2 (When you book tickets or purchase other services from us)) will be kept for up to 5 years after the financial year in which you purchased the ticket or service.

Data acquired for direct marketing (cf. Section 2 (If you agree to receive newsletters etc. from Scandlines)), we store your personal data for as long as you wish to receive material from us and for up to two years after you have declared that you no longer wish to receive the material, unless you have specifically asked us to delete the information at an earlier point in time.

Data received in connection with competitions and used to select a winner of the competition and to contact the winner (cf. Section 2 (When you enter a competition)) will be deleted 3 months after the winner has received his/her competition prize unless there are legal requirements for such data to be stored for a longer period. If the data is used for direct marketing purposes, it will be processed and stored by us in accordance with Section 2.

Data related to video recordings will be deleted in accordance with applicable data protection legislation.

As regards your right to access, rectify, erase or block personal data, the provisions of Section 8 below apply. If you request Scandlines to delete all your data, related services provided by Scandlines cannot continue without this data.

• 6 - STATISTICS AND TRACKING

We use third-party providers on the Website, other digital platforms and in our newsletters for analytics purposes to help us understand how the Website, digital platforms and newsletters are used. These third-party providers or we may place "cookies", i.e. text files on your computer or tracking pixels that analyze how you use the Website and digital platforms or interact with our newsletters. Information collected through cookies or tracking pixels that analyze how you use the Website and digital platforms or interact with our newsletters is generally transferred to servers of third-party analytics providers in the United States and stored there.

The third-party providers use the information on our behalf to analyze how you use the Website and digital platforms or interact with our newsletters, to compile reports on the activity on the Website and digital platforms and to provide us with other services related to the use of the Website, digital platforms and the Internet.

You can opt out of cookies by changing your browser settings. However, you should be aware that if you opt out of cookies, some of the features of our Website and digital platforms will not be fully utilised. It is also possible to opt-out of the recording of cookie data about how you use the Website or digital platforms (including information about your IP address) for specific providers of analytics tools, such as Google, and the processing of this data by the provider, by downloading and installing the browser plug-in available at this link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

If you have agreed to receive newsletters and other marketing material via e-mail, you should be aware that tracking pixels are used in connection with the sending of such marketing. This enables Scandlines to gain insight into your interaction with the marketing material sent so that Scandlines can make the content as relevant to you as possible.

Where we use this information in connection with marketing, the legal basis for this use is set out in Section 2 above.

In our cookie policy, you will find more information about how we use cookies: https://www.scandlines.dk/cookies/

• 7 - VIDEO SURVEILLANCE 

Scandlines has installed video surveillance systems in certain areas. If video surveillance is installed, this will be clearly indicated by signage.

Data from video surveillance is processed for the following purposes and on the following legal basis:

• The International Ship and Port Facility Security (ISPS) Code (see GDPR, Article 6(1)(c)).
• Our legitimate interest to protect Scandlines' property against damage and theft, GDPR, Article 6(1)(f).

Monitoring data is only used in cases where a specific incident occurs and is automatically deleted in accordance with applicable data protection legislation.

• 8 - YOUR RIGHTS

Under applicable data protection law, you have a number of rights, which you can exercise by contacting Scandlines as indicated below.

You provide your data to us voluntarily. Please note, however, that we need certain key information from you to provide the requested services. If you request full or partial deletion of your data, you may no longer be able to use certain features of the Website or only to a limited extent.

If you have any questions or comments about the rights set out below, please contact compliance@scandlines.com.

Right of access

You have the right to request access to your personal data processed by Scandlines, including information about the retention period, with whom we share your personal data, etc.
 
Right to rectification and erasure

If Scandlines processes personal data about you that is inaccurate, incomplete or misleading, you have the right to have such data corrected, rectified or blocked.

In some cases, you are also entitled to have your personal data erased.

Right to limit the processing of your personal data
 
In some cases, you have the right to request Scandlines to restrict the processing of your personal data.

If you have this right and you choose to exercise it, Scandlines is only entitled to store or process your personal data for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, unless you have given your consent otherwise.

Right to object

In some cases, you have the right to object to our processing of your personal data (GDPR, Article 21). This applies in specific situations where we process your personal data on the basis of our legitimate interests (see above). You also have the right to object to the use of your personal data for direct marketing purposes.

Right to data portability

In some cases, you have the right to receive your personal data or to transmit your personal data to another controller.

Right to withdraw your consent

You are entitled to withdraw your consent at any time if Scandlines processes your personal data on the basis of consent, cf. above.

When you withdraw your consent, Scandlines will generally cease processing your personal data unless this is possible on another legal basis and without affecting the lawfulness of the processing based on your consent prior to its withdrawal.

Right to complain

You are welcome to contact Scandlines at any time if you believe that Scandlines is processing your personal data in violation of applicable data protection legislation.

If you do not find a solution with Scandlines or do not wish to contact Scandlines, you can file a complaint on Danish data protection questions with the Danish Data Protection Agency (https://www.datatilsynet.dk/english/file-a-complaint), as well as on German data protection questions with the data protection agency of Hamburg (https://datenschutz-hamburg.de/beschwerde/). Further, you can find contact details of local supervisory authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

• 9 - CONTACT

You are welcome to send us any questions and suggestions regarding personal data protection by contacting us in writing by email: compliance@scandlines.com.

15 December 2024

Responsible entities: 

Scandlines Danmark ApS *
Scandlines Gedser-Rostock ApS*
Scandlines Catering ApS*

*Havneholmen 25, 8.
DK – 1561 Copenhagen V

Scandlines Deutschland GmbH**
Scandferries Holding GmbH**
Scandlines Bordershop Puttgarden GmbH**
Scandlines Bordershop Rostock GmbH**

**Drehbahn 7
D – 20354 Hamburg

** External Data Protection Officer: Frank Jander, Kedua GmbH, Eichhorster Weg 80, 13435 Berlin.