§ 1 - INTRODUCTION
The protection of your personal data is very important to us, Scandlines Danmark ApS, Scandlines Gedser – Rostock ApS, Scandlines Catering ApS, Scandlines Deutschland GmbH, Scandlines Bordershop Rostock GmbH and Scandlines Bordershop Puttgarden GmbH (hereinafter “Scandlines”). Scandlines has therefore taken steps to ensure the protection of your personal data and to comply with applicable data protection laws, including the EU Data Protection Regulation (“GDPR”). Each reference to the EU Data Protection Regulation shall also be understood as reference to the national data protection laws, as applicable.
Scandlines is the data controller with respect to processing your personal data. You can find contact details for Scandlines at the bottom of this page. For Scandlines Deutschland GmbH, Scandlines Bordershop Puttgarden GmbH and Scandlines Bordershop Rostock GmbH, an external data protection officer is appointed. Also these contact details can be found at the bottom of this page.
This data protection statement specifies which personal data will be collected when you order tickets or other services, sign up for Scandlines’ loyalty program, SMILE, and when you use the websites we operate within Scandlines. As of May 2018 we operate the following websites: smile.scandlines.com, scandlines.dk, scandlines.de, scandlines.com, scandlines.se, scandlines.pl, scandlines.nl, scandlines-freight.com, puttgarden.border-shop.dk, puttgarden.bordershoppa.se, rostock.border-shop.dk and rostock.bordershoppa.se (hereinafter referred to jointly as the “website”).
This data protection statement also specifies the purposes for which your personal data will be processed and explains the rights to which you are entitled in this respect. Personal data are any individual details about the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, name, address, telephone number and e-mail address, IP address and any other data, which can be traced back to you.
§ 2 - COLLECTION AND USE OF DATA
Every time the website is accessed, your browser will transfer the following information to us for technical reasons:
- the page from which the file was requested,
- the name and the directory in which the file can be found,
- the date and time of the request,
- the amount of data transferred,
- the access status (transfer file, file not found, etc.),
- a description of the type of web browser used,
- the client IP address.
This data will only be used to enable the technical operation of the website and evaluated by us exclusively for statistical purposes. This use is justified under art. 6(1)f of the GDPR as it is necessary for fulfilling our legitimate interest in providing, operating and improving the website. This information will not be stored in a manner that relates to a particular person and it will not be combined with other data sources. Your IP address will be promptly deleted following your visit to our website.
If there is the possibility of entering personal data on our website (as specified in § 4) in particular for ordering tickets, other services or general inquiries, you can do this on a voluntary basis. Scandlines will only use your personal data to fulfil the respective purpose, i.e. the fulfilment of the contractual relationship (cf. art. 6(1)b of the GDPR) or to provide requested information (cf. art. 6(1)b or f of the GDPR), unless you have granted us your separate explicit consent for more far-reaching use of the data.
Data regarding your browsing behavior on websites within Scandlines is tracked via cookies and pixels. Scandlines will obtain your consent before using cookies to trace your behavior on its websites.
§ 3 - SMILE PROGRAM
This section gives you information about your personal data as a member of the SMILE program.
The SMILE program is provided by Scandlines Danmark ApS, Havneholmen 25, 8th floor, DK-1561 Copenhagen V, Denmark.
Scandlines Danmark ApS is responsible for the handling of your personal data within the SMILE program and that the handling is being done in accordance with the relevant and applicable mandatory rules regarding protection of personal data. Scandlines Danmark ApS is the data controller according to the applicable rules on protection of personal data, including the GDPR.
By becoming a member of the SMILE program, we may ask you for your explicit consent to the following during the registration process:
The categories of personal data we process
Scandlines processes the following categories of non-sensitive personal data about you:
- Contact detail (such as name, email, home address, phone number)
- Travel frequencies
- Browsing behavior (provided that we have obtain your prior consent)
- Purchase history made via your SMILE card (price, location and number of products)
- Your communication history with Scandlines.
The Purposes and legal basis for processing your personal data
Application and Purchases
Scandlines will register and use the data that is required in the SMILE application form. In the SMILE application form you will be asked to provide your name, your e-mail address, your home address, your telephone number and your travel frequencies.
Scandlines will register and use data regarding your purchases (price, location and number of products) made via your SMILE card.
Scandlines processes the abovementioned personal data in order to fulfil its obligation towards you, namely creating a profile for you and calculating your SMILE points. The legal basis for this processing follows from article 6(1)b of the GDPR.
Furthermore, answers to questions from Scandlines related to your purchases and other information you may provide to Scandlines in relation to purchases will be registered and used to update Scandlines’ knowledge on customer preferences enabling Scandlines to follow its legitimate purposes in providing better service to you including targeted marketing towards you.
The legal basis for this processing is the balancing of interest rule, cf. article 6(1)f of the GDPR. Please note that you have the right to object to Scandlines’ processing of your personal data based on the balancing of interest rule and for the purposes of direct marketing. See “YOUR RIGHTS” below.
During the SMILE registration process, you have to give a separate explicit consent that allows us to use your personal data to send you newsletters via e-mail. These newsletters will contain, inter alia, tips on travel, information regarding new products and new advantages and invitations to participate in competitions. The content of the newsletter is based on the information we have collected in your customer profile. If you hereafter decide to opt out of receiving electronic communication, you will only receive 2 annual service emails from SMILE stating your point balance and information on the expiry date of your points.
The legal basis for processing your personal to send newsletters is therefore your consent cf. article 6(1)a of the GDPR.
Scandlines will use your personal data for marketing of our products and services and for conducting questionnaire surveys.
In this regard, your personal data may be shared with social media operators (such as Facebook) for the sole purpose of marketing of products and services from Scandlines via these social media.
The legal basis for this processing is your explicitly given consent cf. article 6(1)a of the GDPR.
§ 4 - RECIPIENTS OF YOUR PERSONAL DATA
Scandlines may share your personal data with companies within the Scandlines group (i.e. the companies mentioned in section 1 above) for the abovementioned purposes, including allocating SMILE points based on your purchases made in one of the Scandlines companies.
Scandlines may also share your personal data with social media such as Facebook for the purposes of marketing via these media.
Scandlines may also engage third parties to store and process your personal data on our behalf, e.g. hosting providers and Google Analytics (see also § 8 below). Such recipients are data processors pursuant to applicable data protection laws and may only process your personal data in accordance with documented instructions from us. Scandlines has ensured that such third parties have implemented the necessary safety measures in order to protect your personal data.
Your personal data may also be shared from time to time with partners conducting questionnaire surveys for the sole purpose of conducting questionnaire surveys on behalf of Scandlines.
§ 5 - TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA
Scandlines makes use of third party data hosting companies located outside of EU and the EEA, e.g. in the USA, to store and process your personal data collected by us.
All data transfers to such third parties will be subject to a written contract between us and the third party in question to ensure full compliance with the EU regulation on data protection. The contract will in general be concluded on the basis on the EU Commission´s Model Clauses. Alternatively or additionally, we may implement further or supplementary guarantees for the protection of personal data.
The third party is only authorized to process personal data according to our instructions.
You are at any time entitled to request a copy from Scandlines of the guarantees regarding data protection guaranteed by the third party in question.
§ 6 - RETENTION PERIOD
Information you provided to us via the website will in general only be stored for the time period it is required to fulfil the contract with you or to respond to your inquiry. Where statutory longer retention periods apply, the data may be stored for a longer period in compliance with these obligations, also in case of an individual legitimate interest (e.g. in case of a legal dispute).
Information regarding your SMILE point related purchases will be deleted one year after the said points are statute-barred, cf. Section 8 of the SMILE terms. Our SMILE terms can be accessed on https://smile.scandlines.com/en/Terms
Information regarding name, e-mail address, home address, telephone number and travel frequencies will be kept for one year after the last points on your account have been statue-barred or your membership has been terminated, unless you specifically asked us to delete your data previously.
In regard to your right of information, correction, deletion or blocking § 10 below applies. If you request that Scandlines delete all your data and if consequently a further membership is not possible anymore without such data, the termination rules in Section 10 of the SMILE terms will apply accordingly.
§ 7 - RIGHT TO WITHDRAW CONSENT
To the extent that Scandlines processes your personal data on your consent, cf. above, you may at any given time withdraw such consent by Scandlines.
Your withdrawal of your consent usually means that Scandlines will no longer process your personal data, unless Scandlines has another legal basis.
§ 8 - GOOGLE ANALYTICS
The website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, i.e. text files which are saved on your computer and make it possible to analyze your use of the website. The information generated by the cookie on your use of the website will generally be transmitted to a Google server in the USA and stored there. IP anonymization is activated on the website. Therefore, within Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area, Google will first shorten your IP address. In case that nevertheless personal data are transferred to Google, we will via appropriate guarantees assure that these data are subjected to an adequate data protection level also in the US (for example by entering into European Standard Model Clauses). .
On our behalf, Google will use that information to evaluate your use of the website, to compile reports about website activities and to provide other services associated with the use of the website and the Internet to us.
The IP address transmitted by your browser within Google Analytics will not be merged with other data of Google. You can prevent the installation of cookies by setting your browser software accordingly. However, please note that you may not be able to use all functions of the website to their full extent if you do so. You can also prevent the collection of the data generated by the cookie relating to your use of the website (including your IP address) for Google, as well as the processing of that data by Google, by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
§ 9 - CAMERA SURVEILLANCE
Video surveillance systems are installed in certain areas. Where this is the case, signs expressly indicate so.
Camera surveillance data are processed based on the following legal grounds:
- Safety and security of port infrastructure and vessels based on mandatory law (ISPS Code, Art. 6(1) c GDPR;
- Protection of property of Scandlines against damage and theft, article 6(1) f GDPR.
Any surveillance data will only be accessed in case of a related incident and else, will be automatically overwritten within intervals pre-defined by applicable national laws.
§ 10 - YOUR RIGHTS
In accordance with the applicable data protection laws you have a number of rights, which you can exercise by contacting Scandlines using the contact information below.
Please note that we require certain key information from you in order to be able to provide you with the services you need. If you would like such information to be partially or completely deleted it is therefore possible that you will no longer be able to use certain services on our website, or you will only be able to use them in part.
With regards to the following rights, you are most welcome to raise them in an email to firstname.lastname@example.org.
Right of access
You have the right to request access to the personal data, which Scandlines processes about you, including retention period, with whom we have shared your personal data etc.
Right to rectification and erasure
If the personal data Scandlines processes about you is incorrect, incomplete or misleading, you have the right to have such data corrected, rectified or blocked.
You may also in some cases have the right to have your personal data erased.
Right to limiting the processing of your personal data
You may in some case have the right to request Scandlines to limit the processing of your personal data.
If you have such a right and you chose to exercise this right, Scandlines may only store your personal data or process your personal data for the purposes of establishing, exercising or defending a legal claim or protecting a third party or vital or protection vital public interests, unless we obtained your consent.
Right to object
In some cases, you may object to our processing of your personal data based on our processing of your personal data. You can also object to our processing of your data for the purposes of direct marketing.
Right to data portability
You may in certain cases have the right to data portability, and either receive your personal data or to transfer your personal data to another data controller.
Right to complain
You can contact Scandlines at any time if you believe that Scandlines is processing your personal data in violation of applicable data protection laws.
However, if you cannot find a solution with Scandlines or do not wish to contact Scandlines, you can submit a complaint to the competent data protection authority.
§ 11 - CONTACT
Your questions and suggestions on the topic of data protection are very welcome and important to us. You can contact us by writing an email to: email@example.com.
03 December 2020
Scandlines Danmark ApS *
Scandlines Gedser-Rostock ApS*
Scandlines Catering ApS*
*Havneholmen 25, 8.
DK – 1561 Copenhagen V
Scandlines Deutschland GmbH**
Scandferries Holding GmbH**
Scandlines Bordershop Puttgarden GmbH**
Scandlines Bordershop Rostock GmbH**
D – 20354 Hamburg
** External Data protection officer: Frank Jander, Kedua GmbH, Eichhorster Weg 80, 13435 Berlin.