Carnival Corporation and Carnival plc (collectively referred to as "Carnival") operate under a
dual listed company structure with primary stock exchange listings in the United States and the
United Kingdom. Carnival is a global cruise business with a portfolio of leading cruise brands,
including P&O Cruises Australia, Princess Cruises, Carnival Cruise Line, Holland America Line,
Seabourn, Cunard Line, P&O World Cruises, AIDA, Costa and Fathom ("Carnival brands").
This privacy notice applies to all employees, crew, contractors, temporary staff, external
agents, partners, consultants and vendors (including concessions staff on board ships) working
on behalf of Carnival brands (referred to in this privacy notice as"employees"). It provides
information regarding the processing of the personal data that you, in your capacity as the Data
Subject (hereinafter the "Data Subject"), provided to us in order to initiate and execute your
Contract of Employment (hereinafter the "Contract of Employment") for the global operations
and/or shipboard and shoreside activities of the following Carnival brands and/or their legal
agents: Princess Cruise Lines, Ltd., Holland America Line N.V., in its capacity as general
partner of Cruiseport Curacao C.V., Seabourn Cruise Line Limited, Carnival plc trading as P&O
Cruises Australia, Carnival plc trading as Cunard Line, HAL Maritime Limited, HAL Beheer B.V.,
Navitrans B.V., Marine Manpower Services (Guernsey) LTD, Carnival Japan Inc., Cunard Celtic
Ltd., Fleet Maritime Services (Bermuda), Ltd., HAL Properties Limited, Holland America Line
Inc., Princess Cays Limited, Royal Hyway Tours, Inc., Tour Alaska LLC, Westmark Hotels of Canada
Ltd., Westmark Hotels, Inc., Carnival Corporation Hong Kong Limited, Carnival Corporation Korea
Ltd., Global Shipping Service (Shanghai) Co., Ltd., Carnival plc (Singapore Branch), Carnival
plc Taiwan Branch, UK Carnival plc Cruises Beijing Representative Office, UK Carnival plc
Cruises Chengdu Representative Office, UK Carnival plc Guangzhou Representative Office, and UK
Carnival plc Shanghai Representative Office , (hereinafter the "Company").
Your privacy is important to us. We respect the privacy rights of all individuals and we are
committed to handling personal data responsibly and in accordance with applicable law. This
privacy notice explains what personal data Holland America Line collects, uses, and maintains
(collectively "processes") about you in the operation of its business, how it uses that data,
and your rights to that data.
Please note that this notice applies to the handling of your personal data as an employee.
Additional details concerning the Company's governance and privacy requirements for employee
data can be found in internal resources including the Employee Handbook, Information Security
articles in seafarer's agreements.
This notice does not cover your use of the Company's consumer products and services as a
consumer, outside of your regular employment or assignment with any of the affiliate brands of
the Company. To learn more about the Company's data collection practices that cover your use of
our products as a consumer, please read our Privacy Policies located on the applicable brand
This notice is not intended and shall not be read to create any express or implied promise or
contract for employment, for any benefit, or for specific treatment in specific situations.
Nothing in this notice should be construed to interfere with the Company's ability to process
employee data for purposes of complying with its legal obligations, or for investigating alleged
misconduct or violations of Company policy or law, subject to compliance with internal policy
and local legal requirements.
The Company's processing of personal data is in all cases subject to the requirements of local
law, internal policy, and any consultation requirements with worker representatives (where
appropriate). To the extent this notice conflicts with local law in your jurisdictions, local
What Personal Data We Collect
The data we collect can include the following, but is not limited to:
Name and contact data. Your first and last name, employee identification
address, postal address, phone number, photo, beneficiary and emergency contact details, and
other similar contact data. Additionally, you may opt to provide additional contact
information such as personal email address (es) and/or cell phone number(s).
- Demographic data. Your date of birth and gender. We may also collect and
Personal Information" about you in accordance with local requirements and applicable law.
National identifiers. Your national ID/passport, residency, visa and work
social security number, or other taxpayer/government identification number.
Employment details. Your job title/position, office location, employment
contract, offer letter, hire date, termination date, performance history and disciplinary
records, leave of absence, sick time, and vacation/holiday records.
Spouse/partner and dependents' information. Your spouse/partner and
dependents' first and last names, dates of birth, and contact details.
Background information. Academic and professional qualifications,
credit history and criminal records data (utilized for background check and vetting purposes
where permissible and in accordance with applicable law and consultation requirements).
Financial information. Bank account details, tax information, salary,
retirement account information, company allowances and other information necessary to
administer payroll, taxes and benefits.
Workplace, Device, Usage, and Content data. Emails sent and received,
building and information system access, device, system and application usage when accessing
and using corporate buildings, ships, services and assets.
Special Categories Of Personal Data
We do not process special categories of personal data (also referred to as "sensitive" personal
data) about you except where there is a legal reason to do so, either as part of your contract
of employment, where we are under an obligation to process that data, or where you have asked us
to do so. Special categories of personal data pursuant to Articles 9 & 10 of Regulation (EU)
2016/679 may include data such as:
racial or ethnic origin, which may be revealed by personal details or by photographs
processed for organizational or operational reasons (e.g. Company security pass), religious
beliefs, if you have requested to observe religious holidays other than Catholic holidays,
in accordance with the law;
trade union membership, if you have requested the Company to withhold trade union membership
fees from your wages or you hold, or are a candidate for, a position as a trade union
membership of a political party, if you hold a publicly elected office or work at a polling
station as a party- appointed scrutineer;
philosophical beliefs, with specific regard to conscientious objection to military service;
providing and/or referring care by Company medical services as necessary or the Data
Subject's state of health, e.g. medical certificates, medical histories, other certificates
justifying absences for medical examinations, certificates of fitness to work, certificates
pursuant to Legislative Decree no. 81/2008 (occupational health and safety), maternity
certificates and maternity leave, documents regarding injuries and industrial accident
the Data Subject's health status as determined by the contracted physician and by the
Company's health facilities, in any event managed by doctors bound by professional secrecy,
and generally used for example to ensure compatibility between personal health - including
that of your family members - and assigned duties;
criminal convictions, offenses and pending criminal charges, where required by the law for
the purposes of employment and for management of the Contract of Employment or for
assessment of the Data Subject's professional aptitude.
Purposes Of Personal Data Processing
The processing of your personal data and those of your family members (hereinafter the "Data"),
including special categories of such data, is carried out for the following purposes and in
accordance with the following legal basis:
- Administer and Manage the Contract of Employment. The Data provided for
the Contract of Employment will be processed in order to:
- fulfill obligations arising from the Contract of Employment and associated legal
obligations (e.g. payment of wages, payment of social security contributions,
preparation of paychecks, management of annual leave, documents justifying absences,
carry out the organizational management of your work, as well as for the Company's
operational/management demands, such as creation of job descriptions for the
corporate Intranet, collection and retention of information that is useful for your
career advancement (e.g. your educational record, training courses attended,
knowledge of foreign languages, previous work experience), internal auditing and
risk management activities etc.
Workplace Security and Monitoring. The Data will also be processed for
protection of Company property (including intellectual property) and crime prevention,
partly by means of inspections (e.g. internal audits), electronic surveillance, closed
circuit cameras (CCTV) as well as tools for reporting misconduct by employees to the
competent corporate bodies (e.g. compliance website and hotline). The primary purpose of
this monitoring is to protect the Company, its employees, passengers and partners, for
You are informed that the security checks and other means of monitoring entrances to the
Company's head office, ships and other premises, as well as associated inspections,
internal auditing and reporting of misconduct, will be carried out in full compliance
with the principle of necessity and, where applicable, with the prohibition on the use
of such cameras to monitor the work of employees and that the image data will only be
processed by persons expressly authorized to this end and only be stored for the time
strictly necessary for the aforementioned security purposes, or for any longer periods
laid down in specific trade union agreements or stipulated by judicial authorities.
- For network and device management and support;
For proof of business transactions and recordkeeping;
- For the protection of confidential information and Company assets;
- For investigating wrongful acts or potential violations of Company policy; and
- For other legitimate business purposes as permitted under applicable law.
Other overriding and legitimate business purposes. We also may process your
when it is necessary for other legitimate purposes, such as general HR administration,
general business management and operations, disclosures for auditing and reporting purposes,
management of network and information
Published September 1, 2018
systems security and business operations, provision and improvement of employee services,
physical security and to protect the life and safety of employees and others. We may also
use special applications and systems that record employee performance metrics, such as
sales-related or code databases for business operations purposes, as well as for the
purposes of reviewing, rewarding and coaching employees on their performance. We may also
process your personal data to investigate potential violations of law or breaches of our
Legally required purposes. We also may process your personal data when we
necessary for complying with laws and regulations, including collecting and disclosing
personal data as required by law (e.g., for minimum wage, working time, tax, health and
safety, anti-discrimination laws, global migration), under judicial authorization, or to
exercise or defend the legal rights of the Company.
Purposes related to the use of your facial image. The Controller may use
your facial image (e.g. in photographs), for the following purposes:
- Security purposes: your photograph will appear on your Company
security pass. These
passes are used to monitor access so as to enable the ready identification of all
persons on the premises and ships;
Organizational and operational purposes: your photograph may be
posted on the corporate Intranet, for the ready identification of job descriptions
applying for a Seaman's book
Advertising: your photograph may be published in Company magazines
material in connection with and/or during Company events in which you may take part.
Prior to any event that may be photographed or filmed, you will be informed and a
release will be obtained prior to use.
Collection and Use of Data from Third Parties and Social Media
We may also collect personal data about you from third parties or public sources as needed to
support the employment relationship. We may conduct lawful background screenings, to the extent
permitted by law, through a third-party vendor for information about your past education,
employment, credit and/or criminal history. In the event of a natural disaster or other
life/safety emergency, we may rely on public social media posts or other public sources to
account for employees if otherwise unable to contact them. Additionally, if there is an
investigation of an employee matter, we may obtain information relevant to the incident from
external sources including private parties, law enforcement or public sources like news sources
and public social media posts.
How and Why We Share Personal Data
The provision of the Data is necessary to finalize and execute the Contract of Employment and to
comply with the associated contractual and legal requirements. Failure to provide the Data may
make it impossible to execute the Contract of Employment or to fulfill some or all of the
associated contractual and legal requirements. The Company will only share your personal data
with those who have a legitimate need for it. Wherever we permit a third party to access
personal data, we will make sure the data is used in a manner consistent with this notice (and
any internal data handling guidelines consistent with the sensitivity and classification of the
data.) your personal data may be share with our subsidiaries and affiliates and other third
parties, including service providers, for legitimate purpose including but not limited to as
follows: The Data will be disclosed to the following categories of recipients, for the purposes
- In order to carry out the uses of personal data described above
- To enable third parties to provide services to us. Categories of recipients of data would
providers, payroll support services, relocation, tax and travel management services, health
and safety experts, and manning agents;
- To comply with our legal obligations, regulations or contracts, or to respond to a court
order, administrative or judicial process, such as a subpoena, government audit or search
warrant. Categories of recipients would include counter-parties to contracts, judicial and
- In response to lawful requests by public authorities (such as national security or law
- To seek legal advice from external lawyers and advice from other professional advisers such
accountants, management consultants, etc.;
- As necessary to establish, exercise or defend against potential, threatened or actual
litigation (such as
adverse parties in litigation);
- Where necessary to protect the Company, your vital interests, or those of another person;
In connection with the sale, assignment or other transfer of all or part of our business
(such as a potential
purchaser and its legal / professional advisers); or
- Otherwise in accordance with your consent.
Where We Store and Process Personal Data
The Company operates at the global level and therefore personal data may need to be transferred
to countries outside of where it was originally collected. For example, because we are
headquartered in the United States, information collected in other countries is routinely
transferred to the United States for processing. When we transfer your personal data to another
country, we will ensure that this transfer complies with applicable laws and legislation. The
Company has Model Clauses in place for the collection, use, and retention of personal data
transferred from the European Union to other countries. This data is only transferred to other
Carnival Group companies and/or to third party service providers, and only for the
Security of your Personal Data
The Company is committed to protecting the security of your personal data. We will use a variety
of security technologies and procedures to help protect your personal data from unauthorized
access, use, or disclosure. For example, we store the personal data you provide on computer
servers with limited access that are located in controlled facilities, and when we transfer
certain highly confidential or sensitive personal information, we protect it through the use of
Personal data will be stored according to applicable laws or regulatory requirements and kept as
long as is necessary to fulfill the purposes for which the personal data was collected.
Generally, this means that your personal data will be retained as documented in our corporate
retention schedule and applicable riders and supplements.
Change of Purpose
We will only use your personal data for the purposes outlined in this notice or such purposes as
may be reasonably compatible with the original purpose for which it was collected or there is an
alternative legal basis for the further processing.
Changes to this Privacy Notice
We may occasionally update this privacy notice. When we do, we will revise the last updated date at the top of the privacy notice. If there are material changes to this notice or in how
the Company will use your personal data, we will use reasonable efforts to notify you wither by
prominently posting a notice of such changes before they take effect or by directly sending you
a notification. We encourage you to periodically review this privacy statement to learn how the
Company is protecting your personal data
The Data Controller is Holland America Line N.V., headquartered in Seattle, Washington, USA.
How to Contact Us
Holland America Group Privacy, attn: Data Protection Officer, 450 3rd Ave West, Seattle, WA
98119 USA Email to email@example.com
EU Employees: Your EU Data Subject Rights
In addition to the information shared above, EU employees may have certain rights under
applicable data protection laws (including the EU General Data Protection Regulation and local
legal implementation of that Regulation, which include the rights to:
- Request access to and obtain a copy of your personal data,
- Request rectification (or correction) or erasure of your personal data you have provided
that is inaccurate;
- Request erasure (or deletion) of personal data that is no longer necessary to fulfil the
purposes or which it was
collected, or does not need to be retained by the Company or other legitimate purposes;
- Restrict or object to the processing of your personal data; and
- If applicable, request your personal data be ported (transferred) to another company.
Application of the above rights may vary depending on the type of data involved, and the
Company's particular basis for processing the personal data.
To make a request to exercise one of the above rights, please contact
firstname.lastname@example.org. We will consider and act upon any requests in accordance with
applicable data protection laws. Please note that we may request specific information from you
to enable us to confirm your identity and right to access, as well as to search for and provide
you with the personal data that we hold about you. We may, in limited circumstances, charge you
a reasonable fee to access your personal data; however, we will advise you of any fee in
If we are relying on your consent to process your personal data, you have the right to withdraw
your consent at any time. Please note, however, that this will not affect the lawfulness of the
processing before its withdrawal.
EU employees may also direct questions about how we handle personal information to the Data
Protection Officer at email@example.com. While the Company hopes it can answer any
questions that you may have, if you have unresolved concerns you also have the right to complain
to a relevant data protection supervisory authority in the EU.