Effective: 24 May 2018

1. Introduction

We at The Image Group know that your privacy is important. Please note that we collect and process your personal data for and on behalf of the cruise line with whom you will travel, whose identity should be set out in your travel documents. This Privacy Notice explains how we collect and use the personal data you provide to us, on behalf of your cruise line. We do not use your personal data for any purpose other than those which are set out in this Privacy Notice.

For further information on the manner in which your cruise line may collect and use your personal data, please contact your cruise line directly.

If you are in the European Union you have data protection rights under the EU Data Protection Directive 95/46/EC and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") as each of the foregoing is implemented into national law and as any of the foregoing may be amended, extended or re-enacted from time to time (collectively "Data Protection Legislation"). Where the GDPR applies to the personal data provided by you to us, you shall enjoy full rights under the GDPR as data subject; where GDPR does not so apply, you shall not enjoy any such rights under the GDPR.

By using the website or any webpage containing this domain name, including where such webpage is redirected from another domain name (the "Website") and/or the Services (as defined below), you acknowledge the collection and use of your personal data in accordance with this Privacy Notice.

2. About Our Privacy Notice

The Website and the services provided on the Website, which services include but are not limited to professional photography services onboard cruise ships, whether ordered via the Website or at a kiosk or Point of Sale located on your cruise ship and support services relating to such services (the "Services") are operated by The Image Group, PO BOX 10310, Grand Cayman, Cayman Islands, KY1-1003. (" The Image Group", "we", "us" and "our").

This Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. In this Privacy Notice, the terms "controller"; "data subject"; "personal data"; "processor" and "processing" (and any derivatives of this term) each have the meaning given under Data Protection Legislation. Please note that "personal data" does not include data where the identity has been removed (i.e. anonymous data).

3. Personal Data We Collect

Types of Personal Data We Collect about You

As part of registering for a user account on the Website and/or purchasing or accessing any Service, we will collect and gather the following types of personal data:

  1. Identity Data such as first name, last name.
  2. Cruise Line Provided Data such as first name, last name, cabin number, security photo, data of birth, language, gender, folio number, booking ID and dining room seating.
  3. Contact Data such as mailing address (should you choose to have products mailed to you), e-mail address, telephone number, billing address.
  4. Profile Data such as sailing dates and cruise booking detail such as cabin number and photographs (once taken);
  5. Financial Data such as payment card information including payment card number. Your payment card details will be processed and stored only by our third party Payment Card Industry (PCI) and Data Security Standards (DDS) compliant payment card provider based in Bermuda. We do not retain your payment card information.
  6. Transaction Data such as details about purchases, if you use a Service.
  7. Technical Data such as internet protocol (IP) address, Website user login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
  8. Usage Data such as information about how you use the Website and the Services.
  9. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

4. How We Collect Your Data

You may provide us with your personal data when you:

  1. make a purchase from us via the Website or at a kiosk or Point of Sale onboard a cruise ship – including your Identity, Contact, Profile, Transaction and Financial Data;
  2. submit a complaint or dispute to us at – including your Identity, Contact, Profile, Transaction and Financial Data;
  3. submit a contact form on the Website - including your Identity, Contact and Profile Data;
  4. subscribe to our email notifications - including your Identity, Contact and Marketing and Communications Data;
  5. register a user profile on the Website – including your Identity, Contact, Profile and Technical Data;
  6. contact us by any other means, such as by phone or email – including Identity, Contact, Profile, Transaction and Financial Data;
  7. interact with the Website – as you interact with the Website, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

We may receive personal data about you from various third parties as set out below:

Technical Data from the following party:

  1. analytics providers, such as Google based outside the EU.

The type of personal data collected and processed varies depending upon whether you are a registered user of the Website of just browsing the Website, or if you order any Service via the Website or at a kiosk or Point of Sale onboard a cruise ship. In some instances, some of the above types of personal data will be provided to us by your cruise line.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services). In this case, we may not be able to provide all or part of the relevant service.

5. How We Use Your Personal Data

How and Why We Use Your Personal Data

We will only use your personal data when the law allows us to. We have set out below a description of the ways we plan to use your personal data, and which of the legal bases under Data Protection Legislation we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

We may process the types of personal data described above for the following purposes:

  1. where it is necessary for the performance of a contract with you or to take steps to enter into a contract, which may include:
    • to enable the purchase of our cruise line photography products and services;
    • to facilitate your verification and login to our Website and applications;
    • to contact you regarding your purchase of a Service;
    • to enable you to view, purchase and receive your purchased photos and photo products;
    • to send you invoices and to collect payments from you;
    • to deliver services (including the Services) purchased through the Website or over the phone;
    • to record your purchase in our systems; and
    • to create and send shore side products, including but not limited to photobooks and photo products, digital photos delivery via cloud download.
  2. where it is necessary for compliance with a legal obligation which we are subject which may include:
    • notifying you about changes to our terms or Privacy Notice;
    • to enforce our copyrights, trademarks or other important legal rights;
    • to investigate and mediate disputes and complaints that you make relating to your data protection rights;
    • to identify and report fraud or other unlawful behavior.
  3. where it is necessary for our legitimate interests pursued, which may include:
    • to administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), which is necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and
    • to send you email notifications which you have specifically requested.

6. Data Security

The Image Group has implemented and maintains commercially reasonable measures to protect against unauthorized access to and unlawful interception or processing of any personal data which we process. Unfortunately, data transmission over the Internet is never 100% secure so we cannot guarantee the security of any data you transmit to us or from the Website therefore you use the Website and you communicate with us at your own risk.

If you register on the Website, you are responsible for protecting the security of your user name and password. You are responsible for any transaction made using your user name and password.

All credit card data, passwords, and contact forms you submit via the Website are encrypted prior to transit over the Internet using Transport Layer Security (formerly known as "SSL").

7.Disclosure Of Your Data

We disclose your personal data to third parties in the following circumstances:

  • We share your personal data with Image Group companies (i.e. a parent company, a subsidiary company and/or a parent of another subsidiary company) for the provision of and administration of the Website and the Service;
  • We share your personal data with entities that regulate or have jurisdiction over us such as regulatory authorities, law enforcement, public bodies and judicial bodies to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders; or
  • If we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
  • We share your Identity, Transaction and Profile Data with your cruise line in order to match this personal data with the cruise line manifest and so your pre-purchased items will be applied to your photo account;
  • We share your personal data with our third party vendors (such as professional advisors, IT/software systems suppliers and support, data storage, IT developers, credit card companies, payment processors, photograph processors, courier/delivery service providers, analytics companies, website hosting providers and other service providers) if necessary in order to provide you with access to the Website and any Services. We may share your personal data with these third party vendors solely to enable them to perform the services for us. We require that those third party vendors maintain at least the same level of data protection that we maintain for such data.

We do not provide your personal data to parties unconnected with the services we provide. Except as disclosed in this Privacy Notice, we will not provide your data to third parties.

We are not responsible for the processing of your personal data by any third party, other than those third parties acting as our subcontractors to process data on our behalf. The Image Group remains liable and responsible for the data processing operations undertaken by our subcontractors on our behalf.

Third Party Websites

The Website contains links to third party content and cruise line websites that we do not control. Note: if you click on these links and enter third party websites those third parties may use their own cookies to collect your data. You should read the third parties’ Privacy Notices to learn how they will collect and use your data as their policies may differ from ours and will apply to your use of their websites.

8. Privacy Of Children

The Website is not directed at, or intended for use by, children under the age of 13. While we don’t typically know the age of our data subjects, we do not knowingly allow anyone under 18 to provide any personal data to us.

If you believe your child may have provided us with personal data, you can contact our Privacy Officer using the information in the Contact Us section of this Privacy Notice and we will undertake all reasonable efforts to delete the data.

9. Retention Of Personal Data

We shall not retain your personal data for any longer than is allowed under applicable Data Protection Legislation and, in any case, for no longer than the purpose(s) for which the personal data was collected or processed exist(s) which is typically (but not always) no longer than one year after you purchase any Service, unless a longer retention period is required by applicable law (such as retention obligations arising under commercial and tax law) or is justified under applicable statutory limitation periods.

10. Your Data Protection Rights

Under certain circumstances data subjects have rights under data protection law in relation to personal data, namely:

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal data to perform a contract with you.
  • Withdraw consent at any time if and to the extent we are relying on consent as the legal basis to process your personal data. This will not affect the lawfulness of any processing of your personal data carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will let you know if this is the case at the time you withdraw your consent. To exercise one or more of your rights in respect of your personal data, please contact us using the Contact Us details below. We will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time.
  • Contacting the data protection supervisory authority: Data subjects have the right to make a complaint at any time to the applicable data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the applicable data protection supervisory authority so please contact us in the first instance using the information listed in Contact Us below.

You can exercise one or more of your data protection rights by starting a support ticket with The Image Group. To do this, please send your request via email to You may also contact The Image Group by logging a ticket at to exercise your rights described in this section. We will implement any requested changes as soon as we reasonably can, subject to reasonable limitations, such as the need to verify your identity.

When you edit your personal data or change your preferences, data that you remove may remain in our databases or backup media because it is not always possible to completely remove or delete data from those locations.

11. Changes To This Privacy Notice

We may update this Privacy Notice from time to time by posting a new version on the Website. You should visit this page occasionally to ensure you agree with any changes. We will post our revised Privacy Notice on the Website and update the "Effective" date above to reflect the date of the changes.

By continuing to use the Website after we post any such changes, you accept the Privacy Notice as modified.

12. Contact Us

If you have a complaint, dispute, or question regarding this Privacy Notice or our processing of your personal data, please write to our Privacy Officer by email at or by mail at:

The Image Group, PO BOX 10310, Grand Cayman, Cayman Islands, KY1-1003.

You may contact us by mail at the above address or by our support email at or by telephone on +1 850 250 3423.

You may also contact VeraSafe; VeraSafe has been appointed as The Image Group’s representative in the European Union for data protection matters, pursuant to Article 27 of the GDPR. VeraSafe can be contacted in addition to only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P


You may also contact your cruise line in accordance with the cruise line’s Privacy Notice.

13. Cookies

Data We Automatically Collect

When you access the Website, whether by computer, mobile phone, or other device, we automatically collect certain data about your use of the Website. To do this we use technologies such as cookies. The data we collect using cookies may include without limitation:

  1. geographical location and IDs of your computer, mobile or other device;
  2. bandwidth used;
  3. system and connection performance;
  4. browser type and version;
  5. operating system;
  6. length of visit;
  7. page views;
  8. referral source;
  9. IP address or other unique identifier for your computer, mobile phone, or other device; and
  10. your mobile carrier.

This data is not linked to your personal data, unless you consider an IP address to be personal data, as most or all of this data is typically associated with the IP address you were assigned at the time when we collected such data.

How and why we use Cookies

We use session cookies, which are cookies that are deleted when you leave the Website and persistent cookies, which are cookies that remain after you leave the Website so that you are recognized when you return.

We may use your IP address to:

  1. help diagnose problems with our web servers;
  2. administer the Website;
  3. analyze trends;
  4. investigate security incidents;
  5. gather broad demographic information for aggregate use in order for us to improve the website; and

deliver customized content.

We use data we automatically collect to:

  1. improve your experience on the Website;
  2. count users who visit the Website;
  3. help us better manage content and measure traffic on the Website.

The use of cookies is industry standard so your web browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you might have trouble using some of the features on the Website.