PRIVACY POLICY

UNITY LINE LIMITED SP. Z O.O.

BRANCH IN POLAND

Introduction

Providing personal data is not a statutory requirement but is necessary to reserve a ticket for a cruise or a tour by ships managed by UNITY LINE LIMITED - viathe website unityline.pl. Regardless of your reservation, you can choose to receive special offers and information that we send in the form of newsletters.

Information related to the form of payment – the credit card number or bank account number – is not stored or used for any purpose other than to complete the payment for the services ordered. You do not need to register to make your reservation, however, if you set up an account on our website, you will gain access to your booking history.

Your data is safe - to secure it, we use the secure communication protocol, SSL (Secure Socket Layer). In addition, our databases are protected from unauthorized access.

Below you will find all the necessary information about how we process your personal data.

Personal Data Controller

The Personal Data Controller is UNITY LINE LIMITED Sp. z o.o. Branch in Poland
, based in Szczecin, Pl. Rodła 8, postal code: 70-419, NIP: 3020001748, REGON: 321457024, registered in the Register of Entrepreneurs of the National Court Register (KRS) under the number KRS 0000487684, registration court: District Court Szczecin-Centrum in Szczecin, 13th Commercial Department of KRS, phone 91 3595695, e-mail: unity@unityline.pl [“Controller” or “Unity Line”].

You can contact our Data Protection Officer regarding your personal data by e-mail : iod@unityline.pl.

The purposes of the data processing and the legal basis for the data processing

Your personal data is processed for the following purposes:

1. in order to register a user account on the website unityline.pl, pursuant to Article 6(1)(a)(b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJEU L 2016, No. 119, p. 1) [“GDPR”];
2. in order to implement the contracts concluded or to take measures before such contracts are concluded, and to fulfill the legal requirements in this respect, including the handling of complaints and purchase of insurance policies, pursuant to Article 6(1)(b)(c) of the GDPR;
3. in order to implement contracts with the entity of which you are
   (i) an employee,
   (ii) a representative
   (iii) a proxy in communication with the Controller, or to take measures before such contracts are concluded, pursuant to Article 6(1)(f) of the GDPR, whereas the legitimate interest of the Controller to process your personal data should be understood as the ability of

the Controller to communicate with the contractor/prospective contractor of the Controller and to implement the contract concluded with it;

4. in order to secure any claims arising out of contracts concluded pursuant to Article 6(1)(f) of the GDPR, whereas the legitimate interest of the Controller to process your personal data should be understood as the ability to pursue claims arising out of non-compliance with the terms of the contracts;
5. in order to ensure safety on board the ship, all public spaces shall be subject to video surveillance pursuant to Article 6(1)(f) of the GDPR, whereas the legitimate interest of the Controller to process your personal data should be understood as the need to ensure the safety of passengers and crew and their luggage and personal belongings on board the ship;
6. in order for the Controller to carry out marketing and advertising activities by electronic means, consisting in sending commercial information by electronic means to the e-mail address you have provided, informing you about the business activities of the Controller and answering questions asked pursuant to Article 6(1)(a) of the GDPR;
7. in order for the Controller to carry out marketing and advertising activities by means other than electronic, consisting, in particular, in providing information about the Controller and its business activities, answering the questions asked, pursuant to Article 6(1)(f) of the GDPR, whereas the legitimate interest of the Controller to process your personal data should be understood as the marketing and promotion activities of the Controller;
8. in order to conduct statistical measurements regarding the website available at unityline.pl to improve the quality of the services provided as part of the Website and the safety of the website and services provided as part of it, pursuant to Article 6(1)(f) of the GDPR, whereas the legitimate interest of the Controller to process your personal data should be understood as the need to improve the quality of the services provided as part of the Website and the safety of the Website and services provided as part of the Website.

Personal data recipients

The Controller shares your personal data with entities in the same group of companies as Unity Line, as well as entities processing personal data on behalf of Unity Line in connection with its advertising and marketing services, the provision of newsletter distribution services, the execution of payment transactions on an online payment service, the provision of services related to cruises and tours under the commissioned processing agreements concluded. In addition, Unity Line is required by law to transfer passenger data to the relevant authorities on the basis of and to the extent required by law.

Transfer of personal data to a third country/international organization

The Controller does not intend to transfer your personal data to a third country or international organization.

Period of data processing

Your personal data processed based on a consent will be stored until it is revoked and thereafter for the time necessary for the Controller to comply with the obligations imposed on the Controller by the generally applicable legal provisions.

Your personal data processed on a basis other than consent will be stored, depending on the type of data and how it has been obtained, for the period indicated below:

1. data obtained for the purpose of entering into a contract - for the duration of cooperation with you or the entity of which you are
   (i) an employee,
   (ii) a representative,
   (iii) a proxy in communication with the Controller, and, after it has been terminated/expired, for the period of limitation of the claims relating to that contract/cooperation or for a period necessary for the Controller to fulfill the obligations imposed on the Controller under the generally applicable legal provisions;
2. data obtained during the registration of the user’s account on the website unityline.pl - until the user deletes the account.
3. data obtained from video surveillance - for a period of 30 days from the date of the cruise and, where such data constitutes evidence in legal proceedings - until the proceedings have been terminated with a final decision;
4. data obtained as a result of complaints received - for a period of 120 days from the date of the submission of the complaint, and in the event that the complaint has not been accepted, where such data constitutes evidence in legal proceedings, until the proceedings have been terminated with a final decision.

Rights of the data subject

You are entitled to exercise the following rights, as provided for by applicable legal regulations:

1. request access to your personal data;
2. request the rectification of your personal data;
3. request the deletion of your personal data, except where the processing is necessary:
   (i) to fulfill a legal obligation requiring the processing under law of the European Union or a Member State to which the Controller is subject, or to perform a task carried out in the public interest or exercise official authority vested in the Controller,
   (ii) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, insofar as it is likely that your right referred to in this point will prevent or seriously impede the achievement of the purposes of such processing,
   (iii) to establish, pursue or defend claims;
4. request the restriction of your personal data processing;
5. object to the processing of your personal data, insofar as the processing is carried out pursuant to Article 6(1)(f) of the GDPR;
6. request the transfer of your personal data, processed pursuant to Article 6(1)(a) or Article 6(1)(b), provided that the processing is carried out by automated means;
7. lodge a complaint before the President of the Personal Data Protection Office;
8. to the extent that the processing is done based on your consent, you are entitled to revoke your consent to the processing at any time without affecting the lawfulness of the processing that was done based on your consent prior to its revocation.

Information on the requirement/conditions for the provision of personal data and the source of the data

The provision of personal data is not a statutory requirement. However, failure to provide the data will make it difficult or even impossible for us to contact you and to conclude or execute a contract. The Controller shall process personal data in the scope of the following contact details: first name, last name, phone number, e-mail address, date of birth, nationality and gender, registration

number of a vehicle if the Passengers travel with a vehicle (so-called referential personal data categories).

If you did not provide the data directly, its source is the Entity of which you are (i) an employee, (ii) a representative, (iii) a proxy in communication with the Controller or the Controller obtained it from publicly available sources. In such cases, the Controller shall process personal data in the scope of the following contact details: first name, last name, phone number, e-mail address, organization of which you are (i) an employee, (ii) a representative, (iii) a proxy in communication with the Controller, and your function, date of birth, nationality and gender (so-called referential personal data categories).

We are present on social media to stay in touch with our customers or prospects and to conduct promotional and marketing activities. If you choose to follow us on Facebook, Instagram or YouTube, we will also receive your data from these sources. However, please note that in order to be able to follow us, you have previously accepted Privacy Policies of these portals, hence if you want to know more about the processing of your personal data by these portals, you should look for the relevant Privacy Policy on these portals.

Profiling

If you register your user account on the website unityline.pl. and give us your consent for profiling, then, based on historical information, i.e., the services and events you have chosen, for which you have reserved or purchased tickets, the content you have viewed on the website unityline.pl and information which you have posted in your profile, we will automatically provide you with a personalized offer, such as information about cruises or tours that might interest you in the future, personalized content of the website, etc.

If you have subscribed to our Newsletter, we will send you from time to time gender-specific information. You can express your objection to such profiling of your Newsletter at any time to iod@unityline.pl.

Cookies

Unity Line informs that, when sharing content of the website, it uses the so called cookie technique that consists of storing information or accessing information already stored on the end device of the Website user.

Cookies are used to improve the quality of the Website’s performance, in particular to:

1. create viewing statistics for individual contents;
2. personalize the services provided through the Website;
3. maintain user sessions;
4. authenticate people using the Website,
5. provide personalized advertising content to users.

​The user can determine the conditions of use of cookies by using the settings of the software installed in their telecommunications end device or service configuration.

Google Analytics

Our Website uses Google Analytics, a tool to analyze traffic statistics on our site, which is owned by Google Inc. Google Analytics uses cookies, which are text files that are stored on your computer

and allow us to analyze how our website is used. The information obtained from cookies (including your IP address) is stored on the Google server in the USA. Google analyzes these data to explore how our site is used, and to generate statistical reports for Unity Line, and to develop additional services related to the site and the Internet use. Under no circumstances will Google link your IP with other data. You can disable cookies by configuring your web browser settings. However, we would like to point out that in this case you will not be able to take full advantage of all the functionalities of our website. By using the Unity Line website, you agree that Google will analyze your data in the manner and for the purposes described here.

Facebook Pixel

Our website uses the marketing tool of Facebook Pixel, as part of the Facebook social network operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA or, for the users who are EU residents – Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This tool allows us to measure the performance of our ads based on the analysis of actions taken by users on the website, so we can send you personalized ads on Facebook. This involves the use of Facebook cookies. The data collected in this way is anonymous to us, i.e., we do not see personal data of individual users of the website. As part of your cookie settings, you can decide whether or not you consent to our use of Facebook Pixel towards you. However, we would like to point out that in this case you will not be able to take full advantage of all the functionalities of our website. By using the Unity Line website, you agree that Facebook will analyze your data in the manner and for the purposes described here.

Hotjar

Our website uses the marketing tool of Hotjar operated by Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. This tool monitors and stores your behavior on the Website by recording data such as cursor movement, navigation or page scrolling that can be played as a video recording, so we can analyze your activity on our website to improve the usability of the site. Hotjar does not register the form fill-in process. This tool provides us information about your browser, operating system, device, location, and Cookies. The data collected in this way is anonymous to us, i.e., it is not possible for us to link it to individual users of the website. If you would like to turn off the tracking of your activity by Hotjar, you can do so by clicking on the link: https://www.hotjar.com/opt-out.

Policy changes

Please note that this Privacy Policy may be revised or updated.