DFDS Privacy Notice

Last updated 22/11/2024

  • DFDS is committed to protecting your privacy. Our Privacy Notice describes DFDS’ corporate Notice regarding processing personal data, the security measures we employ to protect such data, your right to access, rectify, or delete such data, and the right to complain.

  • DFDS takes privacy seriously and is committed to complying with this Privacy Notice as our minimum standard. Your data will be processed and transferred for specific and legitimate purposes by applicable laws.

  • This Privacy Notice creates a framework that provides a secure level of protection for the personal information that is used, collected, and transferred within the DFDS Group and trusted external parties. DFDS uses the minimum amount of personal data required.

  • In using the DFDS website, you consent to the collection and use of this information by DFDS in the methods described above. If our Privacy Notice should change, we will make the relevant changes here so that you are always aware of the information we collect, how we use it, and under what circumstances it might be disclosed.

  • This Privacy Notice applies to all personal data that DFDS Group processes when customers use our websites or mobile apps or contact us. We process your personal data primarily to handle your bookings and answer your questions. We may also use your data to send you offers adjusted to your interests and preferences. This Privacy Notice provides more information about the personal data we collect and use and your rights.

  • This Privacy Notice is general in nature and presents the most important issues related to the processing of personal data. More specific may be the information clauses that are provided at the time of collection of personal data from the data subject, e.g. when recruiting.

DFDS A/S Address: Marmorvej 18, DK-2100 Copenhagen, Denmark CVR-no: 14 19 47 11 Tel.: +45 33 42 33 42

DFDS may collect information about the following categories of data subjects via the website:

  • Customers booking a ticket or other service with DFDS

  • Business customers of DFDS (as far as natural persons are concerned)

  • Employees of business customers

  • Drivers of freight companies

In connection with initiating a collaboration or while the collaboration is in progress, DFDS may collect information about

  • Commercial suppliers to DFDS (if private)

  • Employees of commercial suppliers

Persons from whom data is collected will henceforth be referred to as 'you'.

We collect personal data about you whenever you book with us, travel with us, when you use our websites, or when you use our call centres. We also collect personal data when you book our freight or logistics services.

4.a Bookings and other services

Customer (Passenger Ferries)

When you book a ticket or other service with DFDS, we receive various personal data, including:

  • name

  • e-mail address

  • telephone number

  • postal address

  • passport details and other identifying information

  • information about your purchase (e.g. what and how much you had purchased, when the purchase was made, etc.)

  • information about your trip

  • information about whether you need special assistance when receiving our services

  • number plate (if you book a trip with a vehicle)

This data is used solely to fulfil our agreement with you (cf. GDPR, Article 6(1)(b)). The data will be deleted when the mutual rights and obligations under this agreement and our legal obligations to retain the data have become time-barred (cf. GDPR Article 6(1)(c)).

We may also receive your data from your travel agent and other companies involved in facilitating your trip for these parties handling your reservations and bookings and arranging your trips and purchases. For example, when you book a journey through a travel agent or an online platform, we receive your identifying data, contact details, and booking details from those third parties.

Children younger than 16 years

We collect data about children if you provide us with information about your child about a trip you booked or a service or product you purchased. In the case of children travelling alone, we will record the contact details of their parent(s) or legal representative(s) and the contact details of the person(s) who will drop them off or pick them up at the terminal.

Customer (Freight Ferries and/or Logistics)

When booking ferry crossings via the website, DFDS may actively collect the following personal data:

  • e-mail address, telephone number, and name of the person making the booking

  • name and contact details of the driver of the freight company in question or subcontractor

  • registration number of the truck or trailer of the freight company in question

  • any information you have provided voluntarily to manage your user account, e.g. username and password

DFDS processes and uses the above data only to the extent necessary for the performance of the ferry crossing contract concluded with you or with the organisation you represent (Art. 6 (1) (b) GDPR) and/or to administer (including the necessary communications) and carry out the booked crossing (Art. 6(1)(f) GDPR).

4.b Contact details and your account or registration details

If you register for a service, event, contest, or campaign, or create a personal account, we may collect information such as:

  • address

  • telephone number

  • e-mail address

We may also record your login details and other information you provide during registration or when filling out the account form.

If you have created a profile with DFDS and given your consent, we will register your purchase and use this information to target information, offers, and products to you as well as to help us administer the profile. The data is also used to recognise you when you book travels with DFDS (if you are logged in to your DFDS account) and to follow up on reservations. The information is also used for contests and statistics.

If you are a business customer, we also collect information about your organisation.

4.c Our communication with you

When you send us an e-mail, chat with us via our website, or contact us through one of our social media channels, we register your message(s). If you call us, our customer service will register your questions or complaints in our database. We may also record telephone calls for training purposes or to prevent and combat fraud. We register your communication preferences once you contact DFDS, for example, when you subscribe to one of our newsletters or when you choose to receive information or alerts regarding your booking.

4.d Use of our websites

When you visit one of our websites, your browser will, for technical reasons, transmit the following information to us:

  • the page from which the file is accessed

  • the name and file directory in which the file is located

  • the date and time of the request

  • the amount of data transferred

  • access status (file transfer, file not found, etc.)

  • description of the type of web browser used

  • IP address of the client

This information is used exclusively to ensure the website's technical operation and is used solely by us for statistical purposes. The legal basis for this use is our legitimate interest in providing, operating, and improving the website, article 6(1)(f). Your IP address will be deleted immediately after you visit the website.

In cases where it is possible or required to register personal data on the website, including when booking, other services, general enquiries, DFDS will only use your data for the respective purposes. The personal data collected will thus be processed solely so that we can fulfil the agreement we have entered into with you (cf. GDPR, Article 6(1)(b)) and so that we can take steps at your request before agreeing (cf. GDPR, Article 6(1)(b)) unless you have separately and explicitly consented to more extensive use of the data.

When you use our website or mobile apps, we collect information using cookies and similar technologies. DFDS uses its own cookies and third-party cookies. For more information, please see 6. Our use of cookies.

4.e Marketing

In various contexts, we will ask for your consent to send you communications in the form of newsletters or other marketing material, e.g. by email. The content may be based on information collected from any customer account.

When you sign up and give your consent to marketing, we process the following data:

  • contact information (including email, phone number, name and location)

  • browsing behaviour (provided we have received prior consent from you, it includes your browser & device information, IP address, pages visited, clicks, and product interactions)

  • history of purchases and frequency of travel (price, location, and number of products)

  • history of your communication with DFDS

The legal basis for processing your data to send newsletters and other marketing material is your explicit consent, cf. Article 6(1)(a) of the GDPR.

In addition, we register and use your answers to DFDS questions about purchases and other information you may provide to DFDS regarding your purchases. This aims to update DFDS' knowledge of customer preferences so that DFDS can pursue its legitimate interests and provide better service to you, including targeted marketing.

The legal basis for this processing is the rule on balancing interests in Article 6(1)(f) GDPR.

Furthermore, we may periodically send marketing material based on general customer data that we may have received from a third party. In such cases, the legal basis for processing your personal data is based on our legitimate interests in marketing products and services, cf. Article 6(1)(f) GDPR. You are entitled at any time to object to our marketing or to request us to delete your data from our marketing database and to exercise any other rights set out in this Privacy Notice.

When DFDS uses your data for the purpose of marketing its products and services, as well as in connection with conducting surveys, we may share your data with digital platforms (e.g. Meta Platforms). However, this is done solely for the purpose of marketing DFDS' products and services on the relevant social media.

The legal basis for this processing is also your explicit consent, cf. Article 6(1)(a) GDPR.

As part of DFDS' customer satisfaction programme, we conduct customer satisfaction surveys or request customer feedback, in both cases based on general customer data, to the extent permitted by law. The purpose of this is not marketing, and the legal basis for processing your data is our legitimate interest in improving our products and services, cf. article 6(1)(f) of the GDPR.

When you participate in one of our competitions, we process the following data: contact information (e.g. name, e-mail, address, telephone number) and correspondence with DFDS.

This data processing takes place so that we can select a competition winner and contact the winner.

In connection with your participation in competitions, we will also collect your data for marketing purposes. This collection takes place as described above.

DFDS registers and processes the above personal data based on your and DFDS' legitimate interests, cf. Article 6(1)(f) GDPR, and in particular so that we can contact you or, depending on the competition conditions, publish your name if you have won the competition.

For specific services, mobile apps, events, contests, or campaigns, we may collect data other than those described in this privacy notice. We will inform you about this when you register for the service, event, contest, or campaign, or download the app.

4.f Browsing behaviour

Data regarding browsing behaviour on the website is tracked via cookies and pixels. DFDS obtains your consent before using cookies to track your behaviour on the website (cf. GDPR, Article 6(1)(a)).

When you visit our websites or use our mobile apps or any other digital service, we may register your IP address, browser type, operating system, referring website, web-browsing behaviour, and app use. We collect this information via cookies and similar technologies. For more information, please read the section about Cookies.

When you visit our websites via a link in an e-mail or log in to your DFDS account, we may add the information we collect via cookies and similar technologies to other information we already have about you. We also receive an automatic notification when you open our e-mails or click on a link in such e-mails, and may combine this information with other data we already have about you, as well.

With your consent, we may receive your location data.

You can give us your consent to access specific data stored on your mobile phone, such as photographs and contacts.

We collect and use information you choose to share with us, for example, when you share your interests and preferences on our website, leave a comment on our Meta page, fill out a lead form or a customer survey, or submit an entry for a contest.

Social media

We may receive information from your social network provider, depending on your social network settings. For example, if you log in to our services using a social network account, we may collect your social network profile, including your contact details, interests, and contacts. We also receive visitor statistics from Meta in connection with our Meta fan page. Although DFDS and Meta are jointly responsible for those visitor statistics, Meta Platforms Ireland Limited is your primary point of contact. It handles requests to exercise your rights and any complaints you may have. Where necessary, we will assist Meta in responding to your requests or complaints. For more information on the personal data we receive from social network providers and how to change your settings, please check the websites and privacy policies of the social network providers.

We collect and use information you choose to share with us, for example, when you share your interests and preferences on our website, leave a comment on our Meta page, fill out a customer survey, or submit an entry for a contest.

4.g Unruly behaviour and misuse of our services / Security and safety onboard

Following a thorough investigation, the names of undesirable passengers can be placed on an internal list to prevent these passengers from booking and travelling with us if the vessel master has reason to believe that the passengers will pose a security risk following the terms and conditions applicable for the travel. Passengers are deemed to pose a security risk if they have endangered the safety of themselves, a vessel, the crew or other passengers, if their behaviour has been inappropriate during a previous trip, or if they have failed to follow safety regulations or requirements. DFDS will inform the passenger of the registration and register the necessary personal information of banned passengers to prevent passengers deemed a security risk from booking trips on our passenger ships for a defined period. The data will not be held for longer than necessary.

4.h Children younger than 16 years

We collect data about children if you provide information about your child concerning a trip you book or a service or product you purchase. In the case of children travelling alone, we will record the contact details of their parent(s) or legal representative(s) and the contact details of the persons who will drop them off or pick them up at the terminal.

Registration of the information is necessary to enter into an agreement (booking) with us and to give you service messages about the booking. In addition, DFDS is required by law to register our passengers' identities and provide that information to the relevant authorities.

Due to this, we will ask for name, gender, date of birth or age, address, e-mail address, and vehicle registration number (if any). Passport numbers may be registered upon reservation of your booking or when you check in at the terminal to prove your identity. We ask for your telephone number so we can contact you quickly if there is any problem with your booking.

If someone volunteers the information, we will also collect any information concerning the need for special care or assistance in emergencies.

In addition, we use the information we obtain in connection with bookings and purchases on board our ships to gather statistics to improve our services. We may ask you to show your boarding card when you make purchases onboard. This information is used for statistical purposes only. You can decline to offer your boarding card when shopping onboard. If you prefer that we do not use your reservation data in our statistics, please contact us.

In the event that you booked by telephone, we have a call record in some countries that we are holding for up to one year due to the need for documentation.

Cookies are small pieces of information stored by your browser on your computer's hard drive.

DFDS uses cookies on its websites and booking systems to ensure consistency throughout the reservation process and for analysis purposes to gain insight into how the websites and newsletters are used. We, or the third-party providers concerned, may place "cookies", i.e. text files on your computer or tracking pixels that analyse how you use the website or interact with our newsletters. Information collected using cookies or tracking pixels, showing how you use the website, our mobile apps, or interact with our newsletters, is generally transmitted to servers of third-party analytics tools in the USA and stored there.

The third-party providers use the information on our behalf to analyse how you use the website or interact with our newsletters, compile reports on website activity, and provide us with other services related to the use of the website and the internet.

You can opt out of cookies at any time by changing your browser settings. However, you should be aware that if you opt out of cookies, some of the website will not be wholly and entirely usable. It is also possible to opt out of the collection of cookie data concerning how you use the website (including information about your IP address) by special providers of analysis tools (e.g. Meta Platforms or Google), as well as the processing of this data by the provider, by downloading and installing the browser plug-in found in this link.

If you have agreed to receive newsletters and other marketing material by e-mail, please note that tracking pixels are used in connection with sending such marketing materials. This enables DFDS to gain insight into your interaction with the marketing material so that DFDS can make the content as relevant to you as possible.

The legal basis for the use of marketing information generated in such a fashion is set out above in section 4.e.

DFDS use Meta Business Tools, provided by Meta Platforms, Inc, for user matching, ad measurement and analytics, and campaign targeting and personalisation. For this use, we may share your contact and browsing information collected during use of our services. Contact information is email, phone number, name, and location and is only shared in a hashed state. Browsing information is your browser & device information, IP address, pages visited, clicks and product interactions. Meta also sets the _fbc cookie, with a 90-day lifespan, and the _fbc cookie, with a 2-year lifespan, to identify your browser and last visit.

The legal basis for this processing is also your explicit consent, cf. Article 6(1)(a) GDPR.

To enable Meta to determine whether you have an account on one of Meta’s platforms, we share a pseudonymised (hashed) identifier with Meta. Meta, in turn, only provides us with aggregated data about the effectiveness of an advertising campaign.

To determine our audience for a specific ad campaign, we may use your booking details or the data we collect when you use our websites, mobile apps, or other digital media. In addition, Meta may use the personal data it collects about you to compile a similar audience. This allows us to reach new audiences through Meta. Learn more about how Meta uses your data for its custom audience programme and ways you can control how information about you is used by Meta to personalise the ads you see. You can also check Meta`s privacy policy.

In DFDS we conduct the following Audience targeting through Google platforms

• Remarketing with Google Analytics • Google Display Network Impression Reporting • Google Analytics Demographics and Interest Reporting • Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers

1. Data Collection with Google Analytics At DFDS, we use Google Analytics in conjunction with integrated services to enhance advertising targeting through the collection of data via advertising cookies and identifiers. This enables us to deliver personalised advertising content.

2. Personalised Advertising We utilise Google Analytics Audiences to display advertisements tailored to your interests, based on your interactions with our website. This remarketing approach allows us to re-engage users who have previously visited our site by showing relevant ads across the Google Display Network and other third-party platforms.

3. Monitoring Ad Performance Google Display Network Impression Reporting is used to monitor the effectiveness of our ads, providing insights that help us improve the relevance of our adverts online.

4. Demographic and Interest Data We collect demographic and interest data through Google Analytics to better understand and serve our customers by offering the most relevant advertisements to them online. This data may also include information from social networks and search engines, depending on your privacy settings.

To honour your privacy, we provide clear choices for managing your data: • Opt out of Google's personalised ads via Google's Ads Settings. • Reject third-party cookies using the Network Advertising Initiative opt-out page. • Adjust device identifiers in your device’s settings for further privacy control.

Personal data will be shared internally between divisions within DFDS’ organisation, as our business units share booking systems. We have internal policies and agreements in place to ensure an adequate level of protection irrespective of where in DFDS your data is located.

DFDS may also share your personal data with social media and platforms, e.g. Meta Platforms. DFDS and social media providers may periodically act as joint data controllers for the purpose of marketing on said media, e.g. when conducting competitions or to display individualized marketing. In such cases, DFDS enters into an agreement on joint data responsibility with the respective social media providers. You can see the agreement with Meta here.

When DFDS acts in a role as joint data controller, all rights described in this privacy policy apply in full to this form of data processing, as well.

DFDS also uses third parties to store and process personal data on our behalf, e.g. hosting providers and third-party providers of statistical and analytical tools in connection with conducting surveys. These third-party recipients act as data processors under applicable data protection legislation and may only process your personal data in accordance with our documented instructions. DFDS ensures that the third parties in question have put in place all necessary security measures to protect your personal data.

If we receive a request from an authority or a court, we may disclose your personal data to them if required for us to comply with our legal obligations, cf. Article 6(1)(c) of the GDPR.

DFDS may share your personal data with companies in the DFDS Group if this is necessary for the fulfilment of the following purposes, in particular to carry out your ferry crossing:

  • To process payments for your trips and purchases, we may work with third parties that offer payment services. In many cases, those payment service providers also conduct fraud checks; when doing so, they operate their own privacy policies in regards to the ways in which they use your personal data.

  • DFDS may provide aggregate statistics about our customers, sales, traffic patterns, loyalty card memberships, and related site information to third-party partners.

  • In the event we sell property, or to ensure the safety of DFDS, its employees and others, or in the event we sell or liquidate any part of the business or its assets.

In addition, DFDS may provide information about our customers to third parties who provide services or functions on our behalf, including payment card processing, business analytics, customer service, marketing, or distribution of surveys.

We may also authorise third parties to collect information on our behalf, including as necessary to operate features of our website or to facilitate the delivery of online advertising tailored to your interests.

Specifically for Custom audience targeting through Meta platforms

You may choose to receive personalised advertisements and offers on the social media platforms of Meta. In order to display relevant information and personalised advertisements we may share certain identifiers (such as your e-mail address, phone number, IP address, or your passenger name record in a pseudonymised (hashed) format with third parties. For example, we use the Meta Custom Audience programme of Meta, for, among other things, displaying personalised advertisements and offers on Meta platforms, including Meta Messenger, and Instagram. We can also use this programme to exclude you from advertising campaigns on Meta platforms, such as irrelevant communication or offers.

To enable Meta to determine whether you have a account on one of Meta’s platforms, we share a pseudonymised (hashed) identifier with Meta. Meta, in turn, only provides us with aggregated data about the effectiveness of an advertising campaign. This is data that cannot be traced directly back to you. This way, we try to make every effort to keep your personal data secure and confidential.

To determine our audience for a specific ad campaign, we may use your booking details or the data we collect when you use our websites, mobile apps, or other digital media. In addition, Meta may use the personal data it collects about you to compile a similar audience, allowing us to reach new audiences through Meta. Learn more about how Meta uses your data for its custom audience programme and ways you can control how information about you is used by Meta to personalise the ads you see. You can also check Meta`s privacy policy.

If you no longer want us to include you in the programmes we use to display relevant information and personalised advertisements via Meta platforms, please send an e-mail to privacy@dfds.com to withdraw your consent. When sending this e-mail, please use the e-mail address for which you would like to withdraw your consent.

For specific services, apps, events, contests, or campaigns, we may share your data with third parties other than those described in this Privacy Notice, for example, when we organise a campaign or an event in collaboration with a partner or when we integrate their services into our apps. We will inform you about this when you register for the service, event, contest, or campaign, or when you download the app. Any such sharing will be in compliance with data protection law, and only to trustworthy third parties.

We always strive to clearly inform you regarding the uses and possible disclosure of your information when such information is obtained. If it is not practical to do so at the point of collection, we will inform you as soon as possible, unless there is a legitimate basis for not doing so, such as when it is necessary for the prevention or detection of a crime, or where otherwise required by law.

DFDS may transfer your personal data to countries other than your country of residence. This is done to process your booking or arrange your trip, or because our group companies, partners, or service providers provide their services from other countries. The laws of the countries to which we transfer your personal data may not always offer the same level of personal data protection.

DFDS uses external data hosting companies with data centres in EU/EEA to store and process personal data collected by us. These hosting companies provide technical support outside the EU and EEA, e.g. in the USA.

All data transfers to such third parties are subject to written agreement between DFDS and the third party in question to ensure full compliance with the EU General Data Protection Regulation (GDPR).

Such agreements are generally concluded on the basis of the European Commission's Standard Contractual Clauses. As an alternative or in addition, we may put in place additional safeguards to ensure the protection of personal data. Third parties are obliged to process personal data in accordance with DFDS’ instructions.

Information that you have provided to us through the website is generally only stored for as long as necessary for us to fulfil our agreement with you or answer your inquiries. In cases where information is required by law to be retained for a longer period, we will retain your information for a longer period in order to comply with our obligations. This also applies in cases where we have an individual legitimate interest (e.g. in the event of a legal dispute).

The personal data registered in the booking system will be retained for a period corresponding to the time needed for DFDS to fulfil our agreed- upon obligations regarding said booking.

If you register a personal profile or subscribe to a DFDS e-mail service, we will store your personal data until you delete the profile or unsubscribe from our newsletter.

To ensure we have updated information about our customers, we will periodically encourage you to make necessary changes in your profile. If your profile has not been used or activated for 3 years, we will delete it.

When you book with us, we use secure server software, which encrypts all of the information you enter before it is sent to us. This encryption ensures that the information is appropriately protected against unauthorised interception.

When you pay online, you will be transferred to a secure webpage where you will add your payment card details.

All payments are processed by our trusted partner’s platform and validated against the highest standards of securing and safeguarding payment card data. We do not process or store any payment card information in DFDS. However, in case you have questions about the processing of your payment card details, please contact DFDS, and we will consult our payment partner.

You may contact DFDS (see below) to exercise any of the rights you are granted under applicable data protection laws, including:

  • (A) the right to access your data and rectification

  • (B) the right to erase your data

  • (C) the right to restrict the processing of your data

  • (D) the right to data portability

  • (E) the right to object to processing

(A) Right to access and rectification

You have the right to request copies of your personal data or ask us to rectify information you think is inaccurate. There are some exceptions, which means you may not always receive all the information we process, but as a general rule, you can always contact us and ask for your information.

(B) Right to erasure

You have the right to request that we erase of your personal information in certain circumstances.

(C) Right to restriction of processing

You have the right to ask us to restrict the processing of your information, and a similar right to object to processing.

(D) Right to data portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format (data portability).

(E) Right to object

You have the right to object to the processing of your personal data. This means that you may ask us to no longer process your personal data, however, the right only applies if the 'legitimate interests' ground (including profiling) constitutes the legal basis for said processing. You may object to direct marketing at any time and at no cost to you if your personal data is processed for this purpose, which includes profiling to the extent that it is related to direct marketing. If you exercise this right, we will no longer process your personal data for such purposes.

Withdrawal of consent

You may withdraw your consent at any time by following the specific instructions concerning the processing for which you provided your consent. For example, you can withdraw consent by clicking the unsubscribe link in the e-mail, adjusting your communication preferences in your account (if available), or changing your smartphone settings (for mobile push notifications and location data). You may also contact DFDS directly to withdraw your consent, by writing to privacy@dfds.com. You may also check section 6: Our use of cookies, for further information on how you can withdraw your consent for cookies and similar technologies we use when you visit our websites or use our mobile apps.

Denial or restriction of rights

There may be conditions or limitations on these rights. It is therefore not certain you have a certain right in a specific case, as it depends on the circumstances of the processing activity. You are, however, always welcome to contact us at privacy@dfds.com and enquire.

You are always welcome to contact us regarding the data we have registered, and request a description of the personal information we have collected and processed and the types of recipients to whom DFDS has, or could, disclose that information.

You are also welcome to contact us if you would like us to correct, erase, or block inaccurate information. DFDS always attempts to respond valid requests as quickly as possible.

If you would like us to erase your information, please fill out this form.

We kindly ask you to send any requests or questions to privacy@dfds.com or by using our customer request form.

If you have signed up to receive our e-mail newsletter you can always unsubscribe via the link in the newsletter, or by contacting DFDS at the above email address.

If you have any questions about this Privacy Notice, or you wish to obtain insight into your personal data, you may contact us privacy@dfds.com

If you prefer to contact your local call centre, you are more than welcome to do so – they will be happy to assist you with your questions.

If your concerns have not been satisfactorily addressed, you have the right to file a complaint with the relevant supervisory authority. If you wish to register a complaint, we refer you to:

Datatilsynet (The Danish Data Protection Agency) Carl Jacobsens Vej 35 2500 Valby Denmark

On occasion, we may need to make changes to this Privacy Notice to reflect our current practises. We will take reasonable steps to keep you informed about changes via our website.

If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.