Privacy Policy (GDPR)
Last updated: 18 August 2025
Website: riverseinecruise.com (the “Website”)
Owner / Data Controller: Discovery Travel Kft, 2336 Dunavarsány, Viola utca 11, Hungary
Contact: info@riverseinecruise.com
This Privacy Policy explains how we collect, use, share and protect personal data when you visit or make a purchase on the Website, contact us, or interact with our services (together, the “Services”).
If you have any questions about this Policy or your rights, contact us at info@riverseinecruise.com.
1) What data we process
We process the following categories of personal data:
Identification & Contact Data: name, email address, phone number, billing address, country.
Order & Customer Service Data: purchased products/services (e.g. cruise tickets), booking date/time, order ID, notes, support messages, refund/complaint history.
Payment & Billing Data: payment method, partial card identifiers (last 4 digits), transaction ID, payment status, anti-fraud signals. We do not store full card numbers; payments are processed by our payment providers.
Communications Data: emails, live chat messages, contact form submissions, and related metadata.
Technical & Usage Data: IP address, device identifiers, browser type/version, operating system, referral URLs, pages viewed, session duration, approximate geolocation (city/country level), event logs, and cookie IDs.
Marketing & Analytics Data (if consented): cookie/advertising identifiers, campaign and attribution data, on-site behaviour for analytics, remarketing segments.
We do not intentionally collect children’s data; our Services are not directed to children under 16.
2) Sources of data
Directly from you: when you browse the Website, place an order, contact support, subscribe to marketing, or manage cookie preferences.
Automatically: via cookies, pixels and similar technologies (see Section 10).
From service providers: payment processors (transaction confirmations, fraud checks), email and hosting providers (delivery status), analytics tools (aggregated usage metrics).
3) Purposes and legal bases
We process personal data only when a legal basis applies (GDPR Art. 6). For each purpose we indicate the legal basis:
Order processing & ticket delivery (incl. sending order confirmations, tickets in PDF, updates)
Legal basis: performance of a contract (Art. 6(1)(b)); legal obligation for invoicing (Art. 6(1)(c)).
Customer support & dispute handling
Legal basis: performance of a contract (Art. 6(1)(b)); legitimate interest to provide quality support and prevent abuse (Art. 6(1)(f)).
Payments & fraud prevention
Legal basis: performance of a contract (Art. 6(1)(b)); legitimate interest to secure transactions (Art. 6(1)(f)); legal obligation under tax/accounting/anti-fraud laws (Art. 6(1)(c)).
Service operation, security & logs (hosting, uptime, debugging, preventing misuse)
Legal basis: legitimate interest to ensure availability, integrity and security (Art. 6(1)(f)).
Analytics (e.g., GA4) to understand performance and improve UX (only with consent where required)
Legal basis: consent (Art. 6(1)(a)); in strictly necessary aggregated form, legitimate interest (Art. 6(1)(f)).
Marketing communications (news, offers)
Legal basis: consent (Art. 6(1)(a)); for existing customers, legitimate interest/soft opt-in where permitted, with opt-out at any time (Art. 6(1)(f)).
Compliance & record-keeping (tax, accounting, regulatory requests)
Legal basis: legal obligation (Art. 6(1)(c)).
We will clearly ask for consent before setting non-essential cookies or sending marketing where consent is required. You can withdraw consent at any time (see Section 11).
4) Who receives your data (recipients)
We share data with carefully selected data processors and partners necessary to provide the Services:
Hosting & Infrastructure: secure EU/EEA hosting provider(s), CDN, DDoS protection.
Payment Processing: Stripe Payments Europe, Ltd. (and/or other listed providers in your checkout). We do not store full card data.
Email & Communications: professional email service (e.g., Google Workspace) and/or transactional email provider (e.g., Mailgun) to deliver tickets and notifications.
Customer Support / Chat: if live chat is enabled, the chat provider processes messages and metadata.
Analytics & Tag Management: Google Analytics 4, Google Tag Manager (configured with consent controls).
Anti-fraud & Security: tools to detect abuse and secure transactions.
Professional advisors & authorities: accountants, auditors, legal counsel; competent authorities where legally required.
We sign Data Processing Agreements (DPAs) and require security and confidentiality. A current list of processors is available upon request at info@riverseinecruise.com.
5) International data transfers
We primarily process data in the EU/EEA. Where data is transferred outside the EEA (e.g., to the USA) we rely on appropriate safeguards, such as adequacy decisions or Standard Contractual Clauses (SCCs), and implement supplementary measures where necessary. You can obtain a copy of the relevant safeguards by contacting us.
6) Retention periods
We keep personal data only as long as necessary for the purposes above, or as required by law:
Orders, invoices & accounting records: for the period required by applicable tax/accounting laws (typically up to 10 years) after the end of the fiscal year.
Customer support correspondence: up to 24 months after case closure (unless needed longer for legal claims).
Marketing data: until consent is withdrawn or you opt out; we periodically refresh consent where appropriate.
Analytics data: typically 26 months (or shorter based on tool settings).
Server & security logs: typically 180 days unless needed longer to investigate incidents.
When retention ends, data is securely deleted or anonymized.
7) Your GDPR rights
You have the following rights (subject to conditions and limitations in the GDPR):
Access to your personal data and copy of it.
Rectification of inaccurate or incomplete data.
Erasure (“right to be forgotten”).
Restriction of processing.
Data portability (machine-readable copy).
Object to processing based on legitimate interests, including direct marketing (you can opt out any time).
Withdraw consent at any time, without affecting prior processing based on consent.
Lodge a complaint with a supervisory authority.
Supervisory Authority: You can complain to the Slovak Data Protection Authority (Úrad na ochranu osobných údajov SR) or your local authority in the EEA.
8) How to exercise your rights
Send your request to info@riverseinecruise.com. We will verify your identity as needed and respond within one month (extendable by two months for complex requests, in which case we will inform you). Requests are generally free of charge unless manifestly unfounded or excessive.
9) Security
We implement appropriate technical and organizational measures to protect personal data, including encrypted transport (HTTPS), access controls, least-privilege principles, logging/monitoring, data minimization, staff confidentiality, regular backups and vulnerability management. No system is 100% secure; we continuously work to improve our safeguards.
10) Cookies, tracking & consent
We use cookies and similar technologies:
Strictly necessary cookies – essential for the Website (security, checkout, session).
Analytics cookies – help us measure and improve performance. Set only with consent where required.
Marketing/advertising cookies – for remarketing and ad performance. Set only with consent.
You can manage or withdraw your consent anytime via the Cookie banner / “Cookie Settings” link in the footer. You can also control cookies in your browser settings (blocking may affect functionality).
Do Not Track: The Website does not respond to DNT signals. We rely on your cookie consent preferences instead.
A detailed, always-up-to-date Cookie Policy (including cookie list and lifetimes) is available via the cookie banner link.
11) Marketing communications
We send transactional emails (order confirmations, tickets, service messages) necessary to fulfil your purchase.
We send marketing emails only with your consent or where permitted for existing customers. You can opt out anytime via the unsubscribe link or by emailing info@riverseinecruise.com.
12) Automated decision-making / profiling
We do not perform automated decision-making producing legal or similarly significant effects. Limited profiling may occur for analytics or marketing segmentation (e.g., audiences) only with consent where required, and you can withdraw consent at any time.
13) Third-party links
Our Website may contain links to third-party sites. Their privacy practices are governed by their own policies; please review them separately.
14) Changes to this Policy
We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated version here and indicate the “Last updated” date. Where changes materially affect you, we will provide additional notice and, where required, request renewed consent.
15) Contact
Discovery Travel Kft.
2336 Dunavarsány, Viola utca 11. Hungary
Email: info@riverseinecruise.com