Privacy Policy

UPDATED: January 23, 2026

At Norwegian Cruise Line Holdings Ltd., our mission is to provide superior cruise vacations for our guests. This mission applies to all our activities including the products and experiences we offer on board our ships, at our destinations and ports of call, and online through websites and interactive features, including applications, widgets, blogs, social networks, social network "tabs," and other online or mobile offerings (which we collectively call the "Services"). Our Services are owned and/or operated, either directly or through our service providers and business partners, by Norwegian Cruise Line Holdings Ltd. (together with its subsidiaries and brands, Norwegian Cruise Line, Oceania Cruises, and Regent Seven Seas Cruises, the "Company," "we," "our," or "us").

This Privacy Policy describes what personal data we collect online and offline and how we use, share, and secure that data. It also describes your choices regarding your personal data, including the use, access, correction, and deletion of your personal data. Personal data is information, or a combination of different types of information, that could allow you to be identified.

We encourage you to review our Privacy Policy and click on the available links if you want additional information on a particular topic.

By providing us with your personal data or otherwise using our Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy and our Terms of Service.

When you cruise with us, register to cruise with us, set up an account through one of our websites, request information about our Company, communicate with us, visit our websites, apply for employment with us, sign up for our promotions, contests, sweepstakes, or webinars or access our Services through various other methods, we collect data about you and those interactions.

Data we collect directly from you or other sources

We may collect the following categories of data either directly from you or from our business partners or third parties and in accordance with applicable law:

• Personal details (e.g., name, salutation, title, date of birth, place of birth, gender, photographs, images, and military service)
• Contact details (e.g., email address, telephone number, mobile number, address, and emergency contact information)
• Health details (e.g., past medical history, temperature readings, test results, and vaccination history)
• Travel/vacation preference details (e.g., flight number, hotel booking, cabin number, special occasion dates, special accommodations, loyalty program information, dietary preferences, travel companions, and family members)
• Your location and activities (e.g., CCTV footage of public areas and records of your entries and exits from the ship)
• Details regarding your previous travels, locations you have visited, and contacts
• Government-issued documents (e.g., passports, alien resident cards, visas, residency permits, Social Security numbers, national and state identification numbers, driver’s licenses, and redress numbers)
• Details regarding your use of websites and applications (e.g., usernames, passwords, security answers, geolocation information, details regarding your interaction with websites, applications, and emails, such as whether you opened an email, which may permit us to recognize you across multiple devices, or to know if you watched the health and safety video or viewed certain content on our websites and applications)
• Financial details (e.g., credit card information, transactional history and purchases, amount paid for Services, bank information, income, and business information)
• Details of your play and spend at casinos, loyalty rewards, and, if you apply for credit for use at our onboard casinos, credit-related information
• Information available via public records and publicly available content on social media platforms
• Details regarding your interactions with our team members and call centers, including email communications and recordings of your calls
• Employment application details (e.g., name, employment history, telephone number, address, email address, education history, reference details, military service, and immigration status)

Data collected when you create an account with us, purchase our products, or use our Services may include data about yourself, those traveling with you, and your emergency contacts. By providing us with the personal data of any third party, you confirm that you have the authority to do so on their behalf and have provided them with the information set forth in this Privacy Policy.

We operate closed circuit television ("CCTV") cameras on our ships and destinations, including at all access points and throughout public areas. These CCTV cameras record continually and images of you may appear in these recordings.

Please be aware that we have photographers on board taking photographs for guests to purchase. If you would not like to be photographed, please let our photographers know and they would be happy to take reasonable steps to comply with your request. Please note that we are unable to guarantee that you will not be included in photographs on an incidental basis.

Data we collect automatically

When you access websites or otherwise receive Services, and to the extent permissible under applicable law, we automatically collect some categories of data from you, including data collected using cookies, embedded scripts, and other tracking technologies (“Cookies and Tracking Technologies”), for website analytics to improve your online experience, analyze website usage, provide better security, and to personalize online and offline marketing. More information about our use of Cookies and Tracking Technologies and your choices are available in our Cookie Policy. We respond to the Global Privacy Control where required by applicable law. 

Special or sensitive categories of personal data

Some of the categories of data that we collect in connection with the provision of our Services or through the employment application process may constitute special categories of personal data (also known as sensitive personal data) under applicable laws. In particular, we may collect personal data revealing racial, ethnic, or national origin, citizenship or immigration status, religious, philosophical, or political beliefs, sex life, sexual orientation, biometric information, status as transgender or nonbinary, children’s data, government-issued documents, financial details, or data concerning health, such as medical history or dietary restrictions, if in connection with our provision of Services or through the employment application process.

We collect this information when you choose to provide it to us or to a service provider or third party such as a travel agent or through the employment application process. We use this information to provide a service you request, such as medical care on board one of our cruises (whether in person or through our telehealth services), special dietary accommodations, or in connection with your application for employment, such as to monitor our compliance with applicable laws or make reasonable accommodations to the application process.

If, while traveling with us, you allege a personal injury or submit a claim after alleging a personal injury, we may collect personal data concerning the alleged incident, including healthcare information.

Optional facial recognition technology

With your consent, we may use facial comparison technology to facilitate and expedite your embarkation and/or disembarkation by taking your photograph and matching it against the photograph we collected from you during check-in or embarkation. This may involve the processing of your biometric identifiers or biometric data as defined under applicable privacy laws. When there is a match, you will be able to board the ship or be checked out of your cruise.

Separately, we may securely provide your disembarkation photograph to U.S. Customs and Border Protection (“CBP”), who uses its own facial comparison technology to match the photograph against images of you that CBP already has on file from your passport, other travel documents or prior CBP border inspections. Once we receive verification of your identity from CBP, we will delete your disembarkation photograph immediately. We do not retain your facial recognition data beyond the duration of your cruise or use it for any other purpose other than those described above. If you are a U.S. citizen, CBP will maintain your photograph for no more than 12 hours. For certain non-U.S. citizens, the U.S. Department of Homeland Security (DHS) will store your photograph for a longer period. For more information on how CBP uses your biometric data, please visit www.cbp.gov/travel/biometrics.

Global health data

For the health and safety of our guests and crew, we may process additional personal data during a pandemic or other global health crisis, including taking individuals’ temperatures through means such as thermal imaging cameras.

If we are made aware that an individual is exhibiting symptoms of an infectious disease, we may evaluate our transaction data and photographs taken during your cruise and may run facial recognition technology on our CCTV footage (which may involve the processing of biometric identifiers or biometric data as defined under applicable privacy laws) to notify the persons who were in close proximity with the affected individual and take appropriate action to mitigate the spread of the disease. Such steps may include medical examinations, testing, containment, and/or disembarkation of the affected persons.

We may use your personal data for the following purposes:

• Identify and authenticate you: We use your identification data to verify your identity when you access and use our Services and to ensure the security of your personal data. We do this to comply with our legal obligations and fulfill our contractual obligations to you.
• Provide emergency and security services: We provide you with emergency and security services to protect your vital interests or based on our legitimate interest of providing the services needed in case of urgent emergency or security situations on board. For this, we may use your personal and contact details, your location data or health data.
• Provide you and your group with Services: We process your personal data to provide the Services you or your organization have requested. We do this to comply with our contractual obligations or based on our legitimate interests of providing Services to you or your organization. For multi-guest bookings, we may allow all guests on the reservation to access and administer booking-related personal data of the guests on the same reservation in furtherance of our legitimate interest of allowing guests to conveniently administer their reservations. This may include personal and contact details, travel/vacation preference details or financial details.
• Advertise and market our Services: We may use your personal details, contact details, travel/vacation preference details, details regarding your use of websites and applications, and details regarding your previous travels, where permitted, to build a profile about you and place you into marketing segments to understand your preferences better and personalize the marketing messages we send to you. We may contact you with marketing communications, and where necessary, we will obtain your consent before contacting you with such marketing communications. Where consent is not required, it is in our legitimate interest to provide more relevant and interesting advertising messages.
• Communicate with you: We may use your personal data when we communicate with you. For example, if we are providing information about changes to our terms and conditions, in response to a question you submitted, or to notify you of changes to your itinerary or important health and safety information. We do this based on our legitimate interest to provide you with appropriate responses, verify your contact information, provide you with medical testing results, and provide you with notices about our Services, or alternatively where required by our contract with you or where required by law. Depending on the topic of our communication, we may use any of the personal data listed in the ‘Data We Collect’ section above.
• Comply with our obligations under applicable laws: We may process your personal data to comply with applicable legal or regulatory requirements. For example, we may provide certain information, such as your personal details, contact details, health details and government-issued documents, to governmental and recognized law enforcement agencies, such as the Transportation Security Administration in connection with commercial air travel you book through us, public health authorities, or port agents in connection with local and country requirements.
• Customize your experience and improve our Services: When you use the Services, we may use your personal data to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content, offerings, and experiences based on your interests, including shore excursions. Where necessary, we will obtain your consent before using your personal data in this way or alternatively we rely on our legitimate interest to provide more tailored Services. We frequently seek to improve our Services to provide you with a better experience, and we may collect data about how you are using our Services to do so. We use this data to understand what content on our Services interests you, make the booking process more convenient, fix operational issues with our Services, and maintain the safety and security of our Services. In some cases, this may be required by our contract with you or for compliance with legal requirements. Personal data we use may include personal and contact details, travel/vacation preference details, details regarding your previous travels, and details regarding your use of websites and applications.
• Exercise our rights: We may use your personal data to exercise our legal rights where it is necessary to do so, for example to detect, prevent, and respond to legal claims, intellectual property infringement claims, or violations of law or our terms and conditions.
• Prevent fraud and comply with legal obligations: We may process any of your personal data based on our legitimate interests to prevent fraud or comply with our legal obligations. For example, to carry out fraud prevention checks, which include building fraud-related profiles, making decisions on that basis by fraud prevention experts, and using CCTV images to prevent and detect fraud in our casinos.
• Protect the health and safety of guests and crew: We may process your personal data to protect the health and safety of all individuals on board our ships. For example, we may check your personal and contact information against a publicly available criminal record database and our internal records to protect the safety of our guests and crew or use your personal data, including your health data, to protect against the spread of communicable diseases. We do this to comply with our legal obligations, and based on our legitimate interests of protecting guests and crew. In some cases, we will process this data to protect your vital interests.
• Evaluate you for potential employment: We may process your personal data if you apply for a position as a team member with us, including by verifying any entitlements, monitoring equal opportunity employment, performing medical screenings (in some cases), and by making inquiries into any criminal and/or credit history based on our legitimate interests, to the extent necessary, and where permitted or required under applicable laws and regulations. The personal data we process may include your personal and contact details, health details, government-issued documents and employment application details.

Customer Testimonials

We may publish guest testimonials on our mailings, brochures, websites, and social media pages. Prior to publishing the testimonial, we obtain guests’ consent to publish their names, usernames, cruise dates, photos, videos, and travel destinations along with their testimonial, as applicable. If you wish to update or delete your testimonial, you can contact us via the methods described under “How to Contact Us.”

We may share any of the categories of personal data described above with third parties under the following circumstances, as permitted under applicable laws and regulations:

• Service providers and business partners: We may share your personal data with our service providers and other businesses that perform marketing services and other business operations for us or with which we have joint or cooperative business arrangements. For example, we may work with service providers and other businesses like travel agents to organize and facilitate your cruise, hotel, flight, or transportation accommodations, process your payments, maintain guest records, analyze data, provide onboard services, provide port services and excursions, provide medical services, facilitate targeted marketing and other communications, and facilitate services related to casinos, such as background checks and credit checks when you apply for casino credit. Where appropriate, we authorize our service providers to use personal data only as necessary to provide the requested services. Certain brands may cooperate with financial institutions to offer co-branded products or services to you, such as Norwegian Cruise Line’s co-branded credit card; however, we will do so only if permitted by applicable law. Travel agents may or may not process your information on our behalf. To the extent you engage with a travel agent that is collecting information for their own use, please check your travel agent’s privacy policy for details as to how they may process your personal data. If you booked your cruise through a travel agent and purchase future cruise credits while onboard, we may inform your travel agent of the future cruise credits so that they may contact you with reminders to timely use the credits. Some products, services, excursions, and activities are provided by third parties. We may share personal data about you with these other businesses, before, after, or during your cruise to improve Services to you. These companies have their own privacy policies which you should refer to if you use their services. We may also disclose sensitive personal data (as defined under applicable laws) to service providers and partners who provide your travel arrangements, provide health services, provide port and onboard services and excursions, operating systems or platforms providers, or other vendors who provide parts of the Services to you.
• Where required by law: We may provide certain personal data, including sensitive personal data (as defined under applicable laws), to governmental and recognized law enforcement agencies or other third parties where we believe necessary to comply with a legal obligation. We are required to cooperate with government and law enforcement agencies and public authorities of any country in your itinerary, including customs and immigration and public health and port authorities. Personal data about you, which may include health data, may be shared with these agencies (such as customs and the U.S. Department of Homeland Security and the Centers for Disease Control and Prevention) prior to boarding, during your cruise, or after disembarkation for security, immigration, or public health purposes.
• To protect our rights or the rights of a third party: We may share your personal data, including sensitive personal data (as defined under applicable laws), to identify, investigate, contact, or bring legal action against an individual who may be causing injury to or interference with our rights or property or the rights or property of a third person if we believe in good faith that disclosing this personal data is necessary or advisable. We may share your personal data with third parties such as fraud prevention providers to prevent or detect fraud with respect to our casinos and payment transactions. Personal data about you may also be shared with governmental and recognized law enforcement agencies to prevent and detect crime as well as to safeguard children and vulnerable adults.
• In the context of a transaction: We may share your personal data, including sensitive personal data (as defined under applicable laws), with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business, to the extent permitted by applicable law. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer your personal data to use it in a manner that is consistent with this Privacy Policy.
• With your family members, friends, and groups: When you book with a group or charter, we may share booking-related personal data about you with your group leader, such as your contact information so that they may contact you with group activities. If you make a multi-guest reservation, guests may be able to access the booking-related personal data of the other guests on the same reservation. This means that a guest on your same reservation may be able to: (1) complete online check-in for you and others in your reservation; (2) view your boarding pass and the boarding pass of others in your reservation; (3) pay for a product or activity for you or others in your reservation; and (4) update your contact information. If you have any questions or concerns about the processing of data for multi-guest reservations, please contact us via the methods described under “How to Contact Us.” We may also share, in emergency situations and/or with your consent, sensitive personal data (as defined under applicable laws) with other guests in your reservation, your emergency contacts, and/or your representatives or agents.
• Norwegian Cruise Line Holdings Ltd. family companies: NCL Corporation Ltd., NCL (Bahamas) Ltd., Norwegian Cruise Line Group UK Limited, Norwegian Cruise Line Group Italy S.r.L.,  Norwegian Cruise Line Group Germany GMBH, NCL US IP CO 1, LLC, NCL US IP CO 2, LLC,  Oceania Cruises Ltd., Seven Seas Cruises Ltd., Sixthman Ltd., Goodwill Credit, Ltd., our brands, Norwegian Cruise Line, Oceania Cruises, Regent Seven Seas Cruises, and Sixthman, and other subsidiaries are owned by Norwegian Cruise Line Holdings Ltd., and we work closely with other businesses and companies in the Norwegian Cruise Line Holdings Ltd. family. We may share certain personal data about you with our family of Norwegian Cruise Line Holdings Ltd. companies, including your buying and browsing history on the Services, contact details, past cruising details, including your use of onboard products and services like casinos and loyalty point information, and inquiries you have made about or products and services, for the purposes set forth above. We may also share your personal data to enable our family companies to market to you, where permitted by applicable law. Where necessary, we will obtain your consent before doing so.

We implement physical, technical, and organizational security measures designed to safeguard the personal data we process. These measures are aimed at providing ongoing integrity and confidentiality of your personal data. We evaluate and update these measures on a regular basis.

The Company takes reasonable precautions to attempt to maintain the safety and security of our customers’ online transactions. Billing information is encrypted and transmitted through strong encryption technology.

We retain your personal data for as long as we have a relationship with you or in accordance with applicable law, and such relationship includes any request to receive marketing or other promotional materials from us or membership in our loyalty programs. When deciding how long to keep your personal data after our relationship with you has ended, we take into account our legal obligations, including requirements of regulators and governmental agencies that have authority over us. We may also retain records to investigate or defend against potential legal claims.

We will delete or anonymize your personal data at the end of the retention period. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

Our marketing emails, text messages, and most other electronic messages you receive from us will include instructions on how to unsubscribe, and you may unsubscribe at any time from our marketing by taking one the following steps:

1. Follow the instructions provided in the message
2. Click here to update your marketing preferences
3. Send your request by mail to the following address:

Norwegian Cruise Line Holdings Ltd.
Legal Department: Privacy Team
7665 Corporate Center Drive
Miami, Florida 33126

Our Services may be used by, or collect personal data about, children under the age of 16 only with the involvement of and, if required, consent from the child’s parent or guardian. To the extent we process personal data about children, we do so for the purposes described in the consent request and to provide the requested Services.

If you have reason to believe that we have collected personal data from someone under 16 years of age in connection with our Services without adequate involvement from the child’s parent or guardian, please let us know by contacting us via the methods described under “How to Contact Us.”

1. European Union, EEA, UK, and Brazil:

If you are located in the European Union, the EEA, the United Kingdom, or Brazil, you have certain rights regarding your personal data, subject to local data protection laws. These include the following rights:

• access your personal data
• rectify the data we hold about you
• erase your personal data
• restrict our use of your personal data
• object to certain uses of your personal data
• receive your personal data in a usable electronic format and transmit it to a third party (right to data portability)
• lodge a complaint with your local data protection authority

If you would like to exercise these rights, please click here.

    2. California:

You can find more information about how we process the personal data of California residents by reviewing our California Resident Privacy Notice here.

    3. Application of Other Local Laws

Where required by local privacy laws, and subject to applicable exceptions, you (or your authorized agent) may have the right to:

• Confirm whether we process your personal data and request access to your personal data.
• Request a list of third parties to which we have disclosed your personal data. In response, we may provide a list of specific third parties or categories of third parties to whom we have disclosed any personal data, depending on applicable law.
• Request a copy of, port, or transfer your personal data (in some situations, in a specific type of format, such as a structured and commonly used technological format). You may also have the right to request a representative summary of your data.
• Correct or update your personal data.
• Delete your personal data.
• Restrict the processing of your personal data.
• Object to our processing of your personal data.
• Appeal a decision relating to your rights request.

If you would like to exercise these rights or appeal a previous decision relating to a rights request, please click here or email us at the email address listed in the “How to Contact Us” section. You have the right to not receive discriminatory treatment for exercising your privacy rights. We will not discriminate against you for exercising any of the rights described above or penalize you if you do not provide or later withdraw your consent. Unless otherwise permitted by law, we will not deny you goods or services, provide you with a different level or quality of goods or services, charge you different prices or rates for goods or services, or retaliate against an employee, job applicant, or independent contractor because you have exercised your rights described above.

We may process certain personal data categories set forth above in ways that constitute “sales” or “targeted advertising”, as defined by applicable privacy laws. (However, we do not profile you in furtherance of decisions that produce legal or similarly significant effects concerning consumers, nor do we collect, use, or sell your personal data for training large language models.) For this purpose, we will disclose only those categories of data set forth above, and only to the categories of recipient third parties set forth above. You may have the right to request that we not process your personal data for such purposes. To opt out of sales or targeted advertising, please click “Your Privacy Choices” in the footer of our website. Where required by applicable law, we also respond to opt-out requests submitted via the Global Privacy Control.

Our websites, applications, and social media sites include links to other websites or applications whose privacy practices may differ from our practices. If you submit personal data to any of those other website or applications, your information is governed by their privacy policies. We are not responsible for the privacy practices or the content of any websites or applications to which our websites, applications, and social media sites provide links. We encourage you to carefully read the privacy policy of any website or application you visit.

Our websites include social media features, such as the Facebook "Like" button, and widgets, such as the "Share" button, or interactive mini-programs (the "Features"). Features are either hosted by a third party or hosted directly on our websites. Your interactions with these Features are governed by the privacy policy of the company providing it. These Features may collect your Internet protocol address or which page you are visiting on our websites and may set cookies to enable the Feature to function properly, as further described by those companies’ privacy policies.

We are headquartered in the United States but have global operations and affiliates. Accordingly, your personal data may be transferred to, stored, and processed in various countries, including those that are not regarded as ensuring an adequate level of protection for personal data under the laws in certain jurisdictions, such as the European Union, UK, Japan, and Israel. We have put in place appropriate safeguards (such as contractual commitments like the Standard Contractual Clauses) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

To exercise any privacy rights you have under applicable law, please click here. We will contact you if we need additional data from you to honor your requests. 

If you have any questions, comments, or concerns about how we handle your personal data, please contact us at PrivacyTeam@nclcorp.com and we will try to resolve your concern.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If you believe that we have not been able to assist with your complaint or concern, you can contact our Data Protection Officer or our representative in Germany by writing to PrivacyTeam@nclcorp.com or clicking here. You may have the right to make a complaint to the data protection authority of your country of residence.

We may update this Privacy Policy from time to time. If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page and as otherwise required by law. You can determine when this Privacy Policy was last revised by checking the updated date. We encourage you to periodically review this Privacy Policy to ensure you understand our privacy practices.

If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes, (for example, by sending an email to the email address we have on file) and, if applicable, obtain your consent before applying them to that personal data.

UPDATED: January 23, 2026

At Norwegian Cruise Line Holdings Ltd. (together with its subsidiaries and brands, Norwegian Cruise Line, Oceania Cruises, and Regent Seven Seas Cruises, the "Company," "we," "our," or "us"), our mission is to provide superior cruise vacations for our guests. This mission applies to all our activities, including the products and experiences we offer on board our ships, at our destinations and ports of call, and online through websites and interactive features, including applications, widgets, blogs, social networks, social network “tabs”, and other online and mobile offerings (which we collectively call the “Services”).

This California Resident Privacy Notice, which is provided in accordance with the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020 (“CPRA”) and other California privacy laws and regulations, only applies to California residents and explains what personal information we collect online and offline and how we use and disclose that personal information. It also describes your choices and rights under California privacy laws.

This California Resident Privacy Notice supplements our Privacy Policy, which you should read in full by clicking here.

When you cruise with us, register to cruise with us, set up an account with us, request information about our Company, communicate with us, visit websites, apply for employment with us, sign up for promotions, contests, or sweepstakes, or access our Services through various other methods, we collect personal information about you and your visit.

The chart below describes the categories of personal information we may have collected within the last 12 months, our sources for collection, our reasons for collecting personal information, and the categories of other parties with which we may have disclosed personal information for a business purpose. Please note that in the chart below, not every type of personal information listed under each category is used for every purpose, received from every source or disclosed with every party listed next to that category.

Data collected when you create an account with us, purchase our products or use our Services may include data about yourself and those traveling with you. By providing us with personal information of any other person, you confirm that you have the authority to do so on their behalf and have provided them with the information set forth in this California Resident Privacy Notice.

Please be aware that we have photographers on board taking photographs for guests to purchase. If you would not like to be photographed, please let our photographers know and they would be happy to take reasonable steps to comply with your request. Please note that we are unable to guarantee that you will not be included in photographs on an incidental basis.

When you visit websites or otherwise receive Services, and to the extent permissible under applicable law, we automatically collect some categories of personal information from you, including data collected using cookies, embedded scripts, and other tracking technologies (“Cookies and Tracking Technologies”), for website analytics to improve your online experience, analyze website usage, provide better security and to personalize online and offline marketing. More information about our use of Cookies and Tracking Technologies and your choices are available in our Cookie Policy. We respond to the Global Privacy Control. For information about how to opt out of the sales and sharing of your personal information online, as those terms are defined under applicable law, and from receiving targeted advertising based on your interactions, please review the “Your Privacy Choices” section below and visit our Cookie Policy.

As defined by the CCPA and CPRA, we may have “shared” or “sold” the following personal information for the purposes and to the parties set forth below:

We do not sell or share your sensitive personal information. We also do not knowingly sell or share the personal information of minors under 16 years of age without affirmative authorization.

We retain your personal information for as long as we have a relationship with you or in accordance with applicable law, and such relationship includes any request to receive marketing or other promotional materials from us or membership in our loyalty programs. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal obligations, including requirements of regulators and governmental agencies that have authority over us. We may also retain records to investigate or defend against potential legal claims.

We will delete or anonymize your personal information at the end of the retention period. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data. We will maintain anonymous data in deidentified form and will not attempt to re-identify the information unless required under applicable law.

California privacy laws provide California residents with specific rights regarding their personal information. This section describes those rights and explains how to exercise them. 

Right to Access Information

You have a right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and verify your request, as applicable, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purposes for collecting, selling, or sharing that personal information.
• The categories of third parties with whom we sell or share that personal information and the categories of personal information that were sold or shared with each category of third parties.
• The categories of other parties with whom we disclosed personal information for a business purpose and the categories of personal information that we shared with each category of other parties.
• The specific pieces of personal information we collected about you.

Right to Request Deletion of Your Personal Information

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive, confirm and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception to the deletion right applies.

Right to Request Correction of Your Personal Information

You have the right to request that we correct your personal information that we collected from you and retain, subject to certain exceptions. Once we receive, confirm and verify your request, we will correct your personal information, unless an exception applies.

Right to Opt Out of Sales or Sharing of Your Personal Information

You have the right to opt out of the sale or sharing of your personal information. 

Exercising Access, Deletion, Correction, and Sales/Sharing Opt-Out Rights

If you or your authorized agent wish to exercise the access, deletion, and correction rights described above, please submit a request to us by clicking here or calling us at the applicable toll-free number below. You may exercise your right to opt out of sales and sharing of your personal information both online and offline by clicking on the appropriate link below or calling us at the applicable toll-free number below.

            Oceania Cruises requests: Click “Your Privacy Choices” in the footer of our website or call (833) 553-0085

            Regent Seven Seas Cruises requests: Click “Your Privacy Choices” in the footer of our website or call (833) 284-4924

            Norwegian Cruise Line requests: Click “Your Privacy Choices” in the footer of our website or call (800) 665-9231

A request to exercise the access, deletion, and correction rights described above must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (2) describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. We will verify your identity by asking for certain identifying information and matching that against the information we have on file. In certain cases, we may need to ask for more information.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Right to Be Free from Retaliation

We will not retaliate against you for exercising any of the rights described above. Unless otherwise permitted by law, we will not deny you goods or services, provide you with a different level or quality of goods or services, charge you different prices or rates for goods or services, or retaliate against an employee, job applicant, or independent contractor because you have exercised your rights described above.

Shine the Light Requests

Under California Civil Code Section 1798.83, California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal data, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above data, please contact us by email to PrivacyTeam@nclcorp.com or write us at: Attn: Legal Department: Privacy Team, Norwegian Cruise Line Holdings Ltd., 7665 Corporate Center Drive, Miami, FL 33126. We will respond to such requests for data access within 30 days following receipt at the email or mailing address stated above. Please note that we are only required to respond to each customer once per calendar year.

If you have any questions, comments, or concerns about how we handle personal information, you may contact us at PrivacyTeam@nclcorp.com, and we will try to resolve your concern.