Privacy Policy and Notice at Collection

1. INTRODUCTION

2. WHAT PERSONAL INFORMATION WE COLLECT

3. HOW WE USE PERSONAL INFORMATION

4. HOW AND WHEN WE COLLECT PERSONAL INFORMATION

5. SHARING INFORMATION WITH THIRD PARTIES

6. YOUR CHOICES ABOUT YOUR INFORMATION

7. YOUR PRIVACY RIGHTS

8. ADDITIONAL CALIFORNIA PRIVACY DISCLOSURES

8. ADDITIONAL CALIFORNIA PRIVACY DISCLOSURES

9. RETENTION, STORAGE, AND PROTECTION

10. CHILDREN’S PRIVACY

11. TRANSPORTATION SECURITY ADMINISTRATION SECURE FLIGHT NOTICE

12. LINKS TO OTHER WEB SITES AND SERVICES

13. CHANGES TO OUR PRIVACY POLICY

14. UNITED STATES AND CANADA ONLY

15. YOUR COMMENTS AND QUESTIONS

Our Privacy Policy has changed, effective as of June 27, 2023.

1. INTRODUCTION

This Privacy Policy and Notice at Collection (“Privacy Policy”) of Viking River Cruises Inc. (“Viking” “we,” “our,” or “us”) explains the collection, use, and sharing of information from or about you in connection with your use of the Services. The term " Services" refers to our ocean, river and expedition cruises, including the selection of products, content, events, activities, excursions and services offered onboard and off-shore either directly by us, or through our affiliates or third-party business associates, as well as any other products, features, tools, materials, or other services offered from time to time through a variety of Access Points. The term "Access Points" refers to, collectively, our various websites ("our websites"), mobile applications, onboard media, blogs, social media and other places, and other online or wireless offerings, whether accessed via computer, mobile device or other technology, any of which is owned or operated by us or on behalf. If you are an employee, contractor, or job applicant, your personal information collected in those contexts will be subject to a separate privacy notice that we provide to you where and when appropriate.

2. WHAT PERSONAL INFORMATION WE COLLECT

We may collect, receive, and develop several categories of personal information about you depending on the nature of your interactions with us:

  • Identifiers and contact information: This may include such information as your name, mailing address, billing address including ZIP code, telephone number, email address, date of birth, and Viking account username and password.
  • Government Identifiers: We collect your passport information.
  • Purchase and preference information: This may include information about your vacation and dietary preference, information about your interests, itineraries you book and other products or services you purchase. We collect information about your dietary restrictions and assistance requirements while onboard (such as needing a wheelchair). We also collect your payment card information when you make a booking or purchase.
  • Demographic information: We may collect your gender, age, and zip code.
  • Internet Browser, Usage, and Log Data: We collect information when you view the websites, use the Services, or view or interact with Viking advertising or content through any of the Access Points. This may include your IP address; device, browser, and software characteristics (such as type and operating system); location; activity on the Services, including activities and content viewed, used, or accessed, which links you click, which pages you view and how long you spend on those pages, the timestamp of your visits or interactions, what search terms you use, ad interaction data, referral URLs, network state, device identifiers, or other unique identifiers; what links you click; and identifiers associated with browser cookies. We also collect information about your interactions with our emails, such as whether you open a message and click any links within the message. If you use our mobile app, we collect information about where you downloaded it and how often you use the app.
  • Location Information: We collect your general location based on your IP address.
  • Professional Information: If you interact with Viking on behalf of business customers, vendors, or other companies, in addition to other information described in this notice, we may also collect items like your job title, office location, compensation or payments, and engagement history with us.
  • Emergency Contacts: We may collect the name, address, and telephone number of someone who is not traveling with you who we can contact in case of an emergency.
  • Sensitive Personal Information: Some of the above information is considered sensitive personal information under privacy laws and is subject to additional rights and protections as described in this Privacy Policy. Specifically, we may collect some or all of the following sensitive personal information about you: Viking account username and password, passport information, and/or payment card details.

3. HOW WE USE PERSONAL INFORMATION

We use the personal information we collect and receive from or about you (including sensitive personal information) primarily to provide better customer service to you, to improve and customize the content you see, to help recognize you when you use other devices, to provide the Services you request, to contact you about special promotions and new Services, and for other purposes, including the following:

  • customizing or personalizing the Services and evaluating how well the Services perform;
  • customizing, targeting, or personalizing our marketing and advertising that you view and monitoring the effectiveness of our email communications and other advertising efforts;
  • to provide you with the Services you request, to provide you with your travel reservation booking confirmation and updates, and to manage your account, including processing payments and providing travel notifications;
  • remembering information so that you will not have to re-enter it during your visits to, or the next time you visit, the Access Points;
  • to solicit information from you, including through surveys;
  • to resolve disputes, collect fees, troubleshoot problems, or otherwise provide customer service to you;
  • monitoring the effectiveness of the Access Points;
  • contacting you for a sweepstakes or other promotion about a product or service we believe may be of interest to you, travel-related or otherwise, either from us alone or together with another sponsor or a third party;
  • conducting research;
  • compiling aggregate data for internal and external business purposes;
  • monitoring the aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on the Access Points;
  • completing your reservations, processing your transactions, and providing the Services to you;
  • diagnosing or fixing technology problems;
  • preventing, detecting, and investigating potentially illegal or harmful activities, including fraud;
  • protecting our rights and your rights;
  • planning for, improving, and enhancing our Services;
  • in the case of business contacts, to administer and manage our relationship with you and your employer (such as record keeping, payments, communicating with you, tracking outcomes, and verifying your eligibility and suitability);
  • verifying your identity in relation to requests you make; and
  • any other purpose that is required or permitted by law or that is disclosed to you at the time we collect the information or that is related to a request made by you.

In addition to the above uses of personal information described in this Privacy Policy, we may aggregate information about you and other individuals together, or otherwise "de-identify" the information about you (which means that the information does not identify you personally). We may use information in these forms for any legitimate business purpose, including without limitation, for research and analysis, administration of the Services, advertising (e.g., improving our targeting efforts or our Services), and promotional purposes.

4. HOW AND WHEN WE COLLECT PERSONAL INFORMATION

We collect personal information from various sources:

Directly from you: We collect personal information directly from you when you create a profile to register for a Viking account, contact our customer service or other means to request information from us, participate in sweepstakes or other promotions, use the Services (such as when you book travel with us, participate in onboard activities, take offshore excursions while traveling with us), or provide us with feedback, testimonials, photos, or other personal information. If you are a business contact, we also collect personal information directly from you when we communicate with you, onboard you, or provide/receive products or services to/from you.

Automatically from your devices: Like many companies, we use various technologies to automatically collect usage and interaction data when you interact with our websites, read our emails, engage with our digital advertisements and content, or otherwise interact with the Access Points. These tools include cookies, pixels, and SDKs. These technologies may be used by us directly or by third parties and service providers.

From our service providers: We get personal information from the vendors and service providers that we hire to help us run our business, including those companies that store information; host, protect, or operate our Access Points; process payments; conduct data analytics; provide customer service; send emails and other marketing correspondence for us; conduct surveys; or provide marketing, analytics, and advertising services.

From our parent company and affiliates: We may get personal information from our parent company and corporate affiliates, as travel may be provided on a vessel owned or operated by a corporate affiliate.

From our data partners: We get personal information from data aggregators, data licensors, and public databases.

From social media and other third-party services: We get personal information from Access Points owned or operated by third parties. For example, we may get information about you when you interact or connect with us or our Services, for example, by liking us on Facebook® or following us on Twitter® or on Instagram® or watching us on YouTube®. The collected information may be information associated with that third-party service, or that you elect to make public using that service or have authorized the third-party service to share with us (such as your user ID, billing information, public profile information, email address, birthday, friends list, pages you have "liked" or commented on, and other account and profile data). The information we receive is dependent upon your privacy settings with the third party.

From other passengers: Occasionally we get personal information from passengers, such as when you are listed as an emergency contact or if you are onboard and someone in your party provides Viking with your information.

We combine the information we collect from or about you with information provided by other sources. We also combine information that we collect offline with information we collect online. We may also aggregate your information with other consumers’ information to understand preferences and trends within your peer group over time.

5. SHARING INFORMATION WITH THIRD PARTIES

We may share your personal information (including sensitive personal information) only in the instances described below. We may also share your information in other circumstances with your consent.

With our parent company and affiliates: We may share personal information with our parent company and corporate affiliates. This sharing enables us to fulfill the Services, as travel may be provided on a vessel owned or operated by a corporate affiliate, as well as to provide you with information about other products and services, which we believe might interest you. With our service providers: We share personal information with the vendors and service providers who provide functions on our behalf, including credit card processing, business analytics, customer service, marketing, distribution of surveys or sweepstakes programs, and fraud prevention. We may also authorize vendors to collect information on our behalf, including as necessary to operate features of our websites and other Access Points.

With travel and activity providers: We share personal information with airline, lodging, offshore excursion and other activity providers who work with us to provide the Services to you or when you have made reservations with them through us as part of the Services. By requesting the excursion or activity or making a reservation as part of the Services, you are authorizing and directing us to disclose to the provider the information (including personal information) required to complete the reservation and provide the travel, lodging, excursion or activity. Please note that these providers also may contact you as necessary to obtain additional information about you, facilitate your reservation with them, or respond to a review you may submit. Please note that travel and activity providers are not controlled by us, and personal information disclosed to them is subject to the applicable provider's privacy policy and security practices. Therefore, we encourage you to review the privacy policies of any provider.

With business partners and advertising companies: We may share personal information with our third party business partners: (i) with whom we jointly offer products or services or sweepstakes or other promotions, travel-related and otherwise, or (ii) whose products or services may be offered through or on the Access Points or on our cruises . We may also share personal information with advertising networks, ad servers, social media platforms, and analytics companies in connection with our and their marketing.

With referring websites: If you were referred to the Access Points from a third-party website (for example, through a link you clicked on another site that directed you to the Access Point), we may share some information about you with that referring website. We encourage you to review the privacy policies of any website that referred you to our Access Points.

With social media providers: When you connect your Viking account to a third party platform or social media account, or access certain social media features through the Access Points, you share information with the social media provider, and the information you share will be governed by their privacy policies. You may be able to modify your privacy settings for these social media providers. Please consult the privacy policy of the relevant social media provider for further information. You may choose to disable such sharing of information by editing your privacy settings on that social media provider. When we serve tailored advertisements on social media platforms, we share information with the platform (either directly ourselves or through our service provider intermediaries) to help identify you as the targeted recipient of our ad.

For legal compliance: We may share personal information for legal compliance and law enforcement purposes such as: in response to subpoenas, court orders, or other legal process; with law enforcement agencies as required; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law, including as described in Section 11 (Transportation Security Administration Secure Flight Notice); to enforce our Booking Terms & Conditions or any other agreement we or another party may have with you; and/or when we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities or exercise, defend or protect the rights, property or safety of our company, our customers, our websites or other Access Points or others.

Mergers or corporate reorganization: If another entity acquires Viking or all or substantially all of our assets, your information may be disclosed to such entity as part of the due diligence process and may be transferred to such entity as one of the transferred assets. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.

We may also aggregate and/or deidentify information and then share that aggregated or anonymized data with third parties for market and research purposes or for other purposes.

6. YOUR CHOICES ABOUT YOUR INFORMATION

You have the following choices regarding how we and third parties use certain information collected from or about you:

  • How to Opt-Out of Marketing Emails
    You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. We make every effort to promptly process all unsubscribe requests. You may not opt out of Services-related communications (e.g., account verification, information about your orders, bookings, cruises, changes/updates to our websites, products or features of our Services, technical and security notices). Please allow up to 10 days to be unsubscribed from our promotional emails.
  • How to Opt-Out of Print Mailings
    You can stop receiving promotional mailings from us by using the contact information provided in Section 15 (Your Comments and Questions).
  • Cookies and Pixels
    You may reject or delete cookies, pixels, or other tracking technology by managing them on your browser or mobile device. Please refer to your browser’s or mobile device’s technical information for instructions on how to delete and disable cookies, pixels, and other tracking tools. Depending on your mobile device, you may not be able to control tracking technologies through settings. If you have any questions about deleting or rejecting cookies and other tracking tools, you can contact us as provided in Section 15 (Your Comments and Questions). However, if you decide not to accept such tracking technology from us or from our third-party vendor’s or partner’s cookies, your ability to use some features on our websites and other Access Points may be impaired.
  • About Our Ads; Interest-Based Advertising
    Viking and our advertising partners place cookies, pixels, and other tracking technologies on your computer or device in order to collect information about you and your online web-browsing activities over time and across different websites and online services or mobile applications, in order to serve you ads or other content personalized to your interests. This form of advertising is referred to as “interest based advertising”. You can opt out of being tracked for interest based advertising purposes by using the NAI opt-out tool at https://optout.networkadvertising.org  and the DAA opt-out tools at https://youradchoices.com/control , or by disabling advertising cookies by clicking the Do Not Sell or Share my Personal Information link in the footer of this webpage. Choices you make are device-specific and browser-specific. If you use different browsers on your computer, or multiple computers and devices, you will need to opt out of interest-based advertising from each browser on each of the computers and devices that you use. Even if you opt out of interest based advertising, you will still receive advertisements from us, but they won't be customized based on your likely interests.
  • LiveRamp Opt-Out
    When you use our Access Points, we share information that we collect from you, such as your email (in hashed form), IP address, or information about your browser or operating system, with our identity resolution partners, including LiveRamp Inc. LiveRamp returns an online identification code that advertisers can store in their first-party cookie for the advertiser’s use and sharing with advertising companies to enable interest-based and targeted advertising. To opt-out of LiveRamp’s tracking tools (for all advertisers, not just Viking), please visit https://liveramp.com/opt_out/.
  • Push Notifications
    If you use our mobile apps, we may send you push notifications from time to time. If you no longer wish to receive push notifications, you can turn them off at the device level in your app settings.
  • Do Not Track
    Our website responds to opt-out preference signals as described further in Section 7 below.

7. YOUR PRIVACY RIGHTS

Where provided for by applicable privacy laws, you may be entitled to exercise some or all of the rights described below with respect to your personal information:

  • Access / Right to Know: You have the right to confirm whether we process personal information about you and to request that we disclose to you the following: (i) the categories of personal information that we have collected about you (including sensitive personal information); (ii) the categories of sources from which we have collected personal information about you; (iii) the business or commercial purpose for collecting or selling your personal information; (iv) the categories of personal information that we have sold about you and the categories of outside parties to whom the personal information was sold; (v) the categories of personal information that we have disclosed about you for our business purposes and the categories of suppliers to whom the personal information was disclosed; (vi) a portable copy of the specific pieces of personal information that we have collected about you; and (vii) information about the logic involved in any automated decision-making processes used by us (if applicable), as well as a description of the likely outcome of the process with respect to you.
  • Modifying or Correcting Your Personal Information: You have the right to modify or request the correction or update of your personal information.
  • Deleting Your Information: You may request the deletion of your personal information, subject to certain exceptions.
  • Do Not Sell My Personal Information or Share my Personal Information for Behavioral Advertising: We use certain third-party cookies that can be considered “sales” or “sharing” of personal information under applicable laws. If you would like to opt out of such cookie-based sales and sharing, you will need to update your cookie preferences by clicking the “Do Not Sell or Share My Personal Information” link at the bottom of this page. Alternatively, you can use an opt-out preference signal or universal opt-out mechanism on a supported web browser. Only certain web browsers currently support such a signal. To find and download a browser that supports the GPC browser signal, visit https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to enable it for each browser and on each device you use to visit Viking websites. Your cookie selections are specific to the device, website, and browser you are using. Your selections are deleted whenever you clear your cookies or browser’s cache.
  • Opt-out of Automated Decision-Making: You have the right to request to opt-out of any profiling or automated decision-making, to the extent we engage in those processing activities.
  • Limit the Use of my Sensitive Personal Information: If you are a California resident, in relation to any sensitive personal information identified in Section 2 above, you can request that we limit our use and sharing of such information only to those uses which are necessary to carry out our relationship with you (such as providing our goods and services that you’ve requested, maintaining the quality of our services, or protecting our services against illegal activity), or as otherwise allowed by relevant privacy laws.

Eligible individuals can submit a privacy rights request through the Data Subject Request Form or by calling us at (844) 916-1333.

Please note that we may deny your request, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate passenger requests. If you are not satisfied with the outcome of your request and would like to request further review, you may send an email to privacy.request@viking.com with “Personal Information Requests Appeal” in the subject line.

You may designate an authorized agent to make a request on your behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent.

We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps may vary depending on the sensitivity of the personal information and whether you have an account with us.

We will not discriminate against you because you made any of these requests.

8. ADDITIONAL CALIFORNIA PRIVACY DISCLOSURES

For purposes of California law, please note the following:

  • We collect and use the following categories of personal information for the business and commercial purposes described in this Privacy Policy: identifiers; customer records under Cal. Civ. Code § 1798.80(e); characteristics of protected classifications under California or federal law; commercial information; internet or other electronic network activity information; general location data; professional information; inferences; and sensitive personal information. See Section 2 above for more details.
  • We use the above-described categories of personal information for our business and commercial purposes described in Section 3 above.
  • We collect these categories of personal information from the following categories of sources, as more fully described in Section 4 above: directly from you; automatically from your devices; from our service providers; from social media; from our data partners (e.g., data aggregators, data licensors, and public databases); from our corporate parent and affiliates; and from other passengers.
  • We disclose the above categories of personal information to our parent and affiliates, service providers, travel and activity partners, advertising networks, business partners (e.g., businesses with whom we conduct joint promotions), data analytics providers, social media networks, referring websites, other passengers, with entities for legal compliance purposes, and with potential acquirers of parts of our business. See Section 5 above for more details.
  • We may “sell” or “share” the following categories of personal information: identifiers; customer records under Cal. Civ. Code § 1798.80(e); commercial information; Internet or other electronic network activity; and general location data. We sell and share this personal information with advertising networks and social media networks who perform services for us, such as marketing, advertising, and audience measurement. We do not knowingly sell or share the personal information of consumers under 16 years of age.
  • We do not use or disclose sensitive personal information for purposes other than those specified under applicable California privacy regulations.

9. RETENTION, STORAGE, AND PROTECTION

We will retain your personal information (including your sensitive personal information) for as long as necessary to fulfill the purposes described in this Privacy Policy, and for a commercially reasonable time thereafter for purposes of backup, archiving, fraud prevention, audits, or as required by law. We rely on the following criteria to determine the appropriate retention periods: (i) the necessity of the information to provide our services to our customers; (ii) the types and sensitivity of personal information being processed; (iii) regulatory requirements that we are subject to, including laws and regulations related to tax, employment, accounting, and securities; and (iv) whether a legal claim might be brought against us, for which the information would be relevant.

We may store and process your personal information in the United States, or in the cloud, or any other country in which Viking or its subsidiaries, affiliates, or service providers or their subcontractors maintain facilities. If you are located in Canada, the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. or any other country in which Viking or its parent, subsidiaries, affiliates or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions.

Viking cares about the security of your information, and uses commercially reasonable physical, administrative, and technological safeguards designed to help preserve the integrity and security of all information collected through our website. We regularly review our security procedures to consider appropriate new technology and safeguards. However, please be aware that despite our efforts, no security measures are perfect or impenetrable.

10. CHILDREN’S PRIVACY

Viking does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register on any Access Points. In the event that we learn that we have collected personal information from a child under age 13 without appropriate permission from their parent/legal guardian, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us as provided in Section 15 (Your Comments and Questions).

11. TRANSPORTATION SECURITY ADMINISTRATION SECURE FLIGHT NOTICE

Under the authority of 49 U.S.C. section 114, the Intelligence Reform and Terrorism Prevention Act of 2004 and 49 C.F.R. parts 1540 and 1560 for all commercial air travel within, into or out of the United States which is booked on or after August 15, 2009, the Transportation Security Administration (TSA) requires you to provide your full name, date of birth, and gender for the purpose of watch list screening.

You may also provide your Redress Number, if available. As required by law, we will request information from you about your commercial air travel within, into or out of the United States in conjunction with your voyage and forward it to the TSA. Failure to provide your full name, date of birth, and gender may result in denial of transport or denial of authority to enter the boarding area.

Information we or you provide to the TSA may be shared by the agency with law enforcement, intelligence agencies, or others under its published system of records notice. Please see the TSA website at www.tsa.gov for more information on the TSA’s privacy policies.

12. LINKS TO OTHER WEB SITES AND SERVICES

The Access Points may integrate with or contain links to other third-party websites and services. We are not responsible for the practices employed by third party websites or services embedded in, linked to, or linked from the Access Points and your interactions with any third-party website or service are subject to that third party’s own rules and policies.

13. CHANGES TO OUR PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy from time to time. If this Privacy Policy changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties. Your continued access to the Access Points and/or use of any of our websites or purchase or use of the Services after any such changes constitutes your acknowledgement of this Privacy Policy, as revised.

14. UNITED STATES AND CANADA ONLY

Viking River Cruises, Inc. is headquartered in the U.S. and the Services are intended for individuals in the U.S and Canada only. By using the Services or accessing the Access Points, you consent to the collection, storage, and processing of information under U.S. laws and as provide by this Privacy Policy.

15. YOUR COMMENTS AND QUESTIONS

If you have any questions or comments regarding our privacy policy or our websites or the Access Points, you can send us an email at privacy.request@viking.com or contact us at (844) 916-1333 or contact us by mail addressed to:

Attention: Privacy
Viking Cruises
5700 Canoga Avenue, Suite 200
Woodland Hills, CA 91367

 

Version June 27, 2023