Privacy Policy

At Norwegian Cruise Line Holdings Ltd., our mission is to provide superior cruise holidays for our guests. This mission covers all of our activities including the products and experiences we offer on board our ships and extends to our online community through our websites and interactive features, including applications, widgets, blogs, social networks, social network "tabs" and other online or mobile offerings (which we collectively call the "Services"). Our Services are owned and operated by Norwegian Cruise Line Holdings Ltd. (together with its subsidiaries and brands, Norwegian Cruise Line, Oceania Cruises, and Regent Seven Seas Cruises, the "Company," "we," "our," or "us").

This privacy policy describes what data we collect online and offline and how we use, share, and secure that data. It also describes your choices regarding use, access and correction of your personal data. Personal data is information, or a combination of different types of information, that could reasonably allow you to be identified.

We encourage you to review our privacy policy and click on the available links or select “read more” if you want additional information on a particular topic. If you have any questions about how we handle or protect your personal data, please contact us at PrivacyTeam@nclcorp.com.

When you take a cruise with us, register to take a cruise with us, set up an account with us through one of our websites, ask for information about our Company, visit one of our websites, apply for employment with us or access our Services through various other methods, we collect data about you and your visit.

Data we collect directly from you or other sources

We collect the following categories of data either directly from you or from our business partners and third parties:

• Personal details (e.g., name, salutation, title, date of birth, place of birth and gender)
• Contact details (e.g., email address, telephone number, mobile number, address and emergency contact information)
• Health details, where applicable
• Travel / holiday preference details (e.g., flight number, hotel booking, cabin number, special occasion dates, special accommodation, loyalty programme information and dietary preferences)
• Government-issued documents (e.g., passports, alien resident cards, visas, residency permits, social security numbers, driver’s licenses and redress numbers)
• Details regarding our websites and applications (e.g., usernames, passwords, security answers and geolocation information)
• Financial details (e.g., credit card information, transactional history, amount paid for Services, bank information, income and business information)
• Information available via public records
• Employment application details (e.g., name, employment history, telephone number, address, email address, education history, military service and immigration status)

Data collected when you create an account with us may include data about yourself and those travelling with you. By providing us with personal data of any third party, you confirm that you have the authority to do so on their behalf and have provided them with the information set out in this privacy policy.

We operate closed circuit television ("CCTV") cameras on our ships, including at all access points and throughout public areas. These CCTV cameras record continually and images of you may appear in these recordings.

Data we collect automatically

When you access our websites or otherwise receive Services we automatically collect some categories of data from you, including data collected using cookies and other device identifying technologies (“Cookies and Tracking Technologies”). Further information about our use of Cookies and Tracking Technologies is available in our Cookies Policy.

Special categories of personal data

Some of the categories of data that we collect in connection with provision of our Services may constitute special categories of personal data (also known as sensitive personal data). In particular, we may collect personal data revealing racial or ethnic origin, religious, philosophical, or political beliefs, sexual orientation, or data concerning health, such as medical history or dietary restrictions, if in connection with our provision of Services.

We only collect this information when you choose to provide this to us or to a service provider such as a travel agent. We only use this information to provide a service you request, such as medical care on board one of our cruises or special dietary accommodation.

If, while travelling with us, you allege a personal injury or submit a claim after alleging a personal injury, we may collect personal data concerning the alleged incident, including healthcare information.

We may use your personal data for the following purposes:

• Identify and authenticate you: We use your identification data to verify your identity when you access and use our Services and to ensure the security of your personal data. We do this to comply with our contractual obligations to you.
• Provide you with Services: We process your personal data to provide the Services you or your organisation have requested. We do this to comply with our contractual obligations to you or your organisation.
• Advertise and market our Services: We may use your personal data to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalise the marketing messages we send to you. It is in our legitimate interest to provide more relevant and interesting advertising messages. Where necessary, we will obtain your consent before sending such marketing messages.
• Communicate with you: We may use your personal data when we communicate with you, for example if we are providing information about changes to our terms and conditions or if you contact us with questions. It is in our legitimate interest to provide you with appropriate responses and provide you with notices about our Services.
• Comply with our obligations under applicable laws: We may process your personal data to comply with applicable legal requirements, for example, we may provide certain information to governmental and recognised law enforcement agencies, such as providing personal data to the Transportation Security Administration and port agents in connection with commercial air travel you book through us, or to comply with other legal or regulatory requirements, where explicitly required by law.
• Customise your experience: When you use the Services, we may use your personal data to improve your experience of the Services, such as by providing interactive or personalised elements on the Services and providing you with content, offerings and experiences based on your interests, including shore excursions.
• Exercise our rights: We may use your personal data to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to legal claims, intellectual property infringement claims or violations of law or our applicable contract terms and conditions.
• Comply with our obligations: We may process your personal data to, for example, carry out fraud prevention checks or comply with other legal or regulatory requirements, where explicitly required by law.
• Ensure the safety of employees and guests: We may process your personal data to ensure the safety and security of all guests on board our ships. For example, we may check your information against a publicly available criminal record database in order to protect the safety of our guests and team members.
• Evaluate you for potential employment: We may process your personal data if you apply for a position as a team member with us including by making enquiries into any criminal and/or credit history.

Customer Testimonials

We may post guest testimonials on our websites which might contain personal data. We obtain the guest’s consent via email prior to posting the testimonial to post their username, cruise date, and travel destination along with their testimonial, as applicable. If you wish to update or delete your testimonial, you can contact us at PrivacyTeam@nclcorp.com.

We may share your personal data with third parties under the following circumstances:

• Service providers and business partners: We may share your personal data with our service providers and business partners that perform marketing services and other business operations for us. For example, we may partner with other companies or vendors to organise and facilitate your travel, including via travel agents, arrange hotel accommodation, process your payments, including charging purchases to onboard accounts, provide onboard services, provide port services and excursions, facilitate targeted marketing and other communications by mail or email, facilitate services related to our casinos, maintain guest records and analyze data. These companies are authorised to use your personal data only as necessary to provide these services to us. Some onboard products and services and excursions and activities are provided by third parties. We may share sufficient personal data about you with these partners, before, after or during your cruise in order to improve Services to you. These companies have their own privacy policies which you should refer to if you choose to use their services. We may also share your personal data with third parties that have joint or cooperative marketing arrangements with us.
• Where required by law: We may provide certain personal data to governmental and recognised law enforcement agencies as required by law or other third parties where we believe necessary to comply with a legal obligation. We are required to cooperate with government and law enforcement agencies and public authorities of any country in your itinerary, including customs and immigration authorities. Personal data about you may be shared with these agencies (such as customs and the U.S. Department of Homeland Security) prior to boarding, during your cruise, or after disembarkation for security or immigration purposes).
• To protect our rights or the rights of a third party: We may share your personal data to identify, investigate, contact, or bring legal action against an individual who may be causing injury to or interference with our rights or property or the rights or property of a third person if we believe in good faith that disclosing this personal data is necessary or advisable. We operate casinos on our ships and may share your personal data with third parties to prevent or detect fraud. Personal data about you may also be shared with governmental and recognised law enforcement agencies in order to prevent and detect crime as well as to safeguard children and vulnerable adults.
• In the context of a transaction: We may share your personal data with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer your personal data to use it in a manner that is consistent with this privacy policy.
• Norwegian Cruise Line Holdings Ltd. family companies: NCL Corporation Ltd., NCL (Bahamas) Ltd., Oceania Cruises S. de R.L., Seven Seas Cruises S. de R.L., Sixthman Ltd., and our brands, Norwegian Cruise Line, Oceania Cruises and Regent Seven Seas Cruises are owned by Norwegian Cruise Line Holdings Ltd., and we work closely with other businesses and companies in the Norwegian Cruise Line Holdings Ltd. family. We may share certain personal data about you with other companies in the Norwegian Cruise Line Holdings Ltd. family including your buying and browsing history on the Services, contact details such as names, email addresses and addresses, dates of past cruises on one of our brands, your use of onboard products and services including casino and enquiries you have made about or products and services for the purposes set out above.

We implement physical, technical, and organizational security measures designed to safeguard the personal data we process. These measures are aimed at providing ongoing integrity and confidentiality for your personal data. We evaluate and update these measures on a regular basis.

The Company takes reasonable precautions in order to attempt to ensure the safety and security of our customer's online transactions. Billing information is encrypted and transmitted through SSL (Secure Sockets Layer) technology. SSL is the industry standard for securing Web-messaging transactions.

We retain your personal data for as long as we have a relationship with you, and such relationship includes any request to receive marketing or other promotional materials from us or membership in our loyalty programmes. When deciding how long to keep your personal data after our relationship with you has ended, we take into account our legal obligations, including requirements of regulators and governmental agencies that have authority over us. We may also retain records to investigate or defend against potential legal claims.

We will delete your personal data when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

All emails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time by taking one the following steps:

1. Follow the instructions provided in any Company email
2. Click on one of the following links to update your preferences: Norwegian Cruise Line, Oceania Cruises, or Regent Seven Seas Cruises
3. Send mail to the following address:

   Norwegian Cruise Line Holdings Ltd.
   Legal Department: Privacy Team
   7665 Corporate Centre Drive
   Miami, Florida 33126
   +912271279333

Please allow up to 2 weeks to be unsubscribed from all Company emails.

If you are located in the European Union:

You have certain rights regarding your personal data, subject to local European Union data protection laws. These include the following rights:

• access your personal data
• rectify the data we hold about you
• erase your personal data
• restrict our use of your personal data
• object to our use of your personal data
• receive your personal data in a usable electronic format and transmit it to a third party (right to data portability)
• lodge a complaint with your local data protection authority.

If you would like to discuss or exercise these rights, please contact us at the details below. We encourage you to contact us to update or correct your data if it changes or if the personal data we hold about you is inaccurate. We will contact you if we need additional data from you in order to honor your requests.

Our websites are not intended for children under the age of 16, and the Company does not intentionally collect personal data from children under 16 via its websites, or mobile or other applications except as guests named in a booking. If you have reason to believe that we have collected personal data from someone under 16 years of age via our websites or other applications including mobile applications, please let us know by contacting us at PrivacyTeam@nclcorp.com.

We may process personal data about children who are guests before, during or after our cruises in order to provide our Services. We do not process personal data about children for any other purpose nor do we seek to collect personal data about children. If you have reason to believe that we have collected personal data from someone under 16 years of age other than in connection with providing our Services, please let us know by contacting us at PrivacyTeam@nclcorp.com.

1. Resident of California:

Under California Civil Code Section 1798.83, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal data, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes and (b) the names and addresses of all such third parties. To request the above data, please contact us by email to PrivacyTeam@nclcorp.com or write us at: Attn: Legal Department: Privacy Team, Norwegian Cruise Line Holdings Ltd., 7665 Corporate Centre Drive, Miami, FL 33126. We will respond to such requests for data access within 30 days following receipt at the email or mailing address stated above. Please note that we are only required to respond to each customer once per calendar year.

Additionally, California law requires that we indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. We do not currently alter our practices when a Do Not Track signal is received. To learn about Do Not Track and for information about how to opt out of receiving targeted advertising, please click www.aboutads.info/choices.

Our websites, applications, including mobile applications, and social media sites include links to other websites whose privacy practices may differ from our practices. If you submit personal data to any of those sites, your information is governed by their privacy policies. We are not responsible for the privacy practices or the content of any sites to which our websites, applications, including mobile applications and social media site provides links. We encourage you to carefully read the privacy policy of any website you visit.

Our websites include social media features, such as the Facebook "Like" button, and widgets, such as the "Share" button or interactive mini-programmes that run on our websites (the "Features"). These Features may collect your Internet protocol address, which page you are visiting on our websites, and may set a cookie to enable the Feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these Features are governed by the privacy policy of the company providing it.

We are headquartered in the United States, but have global operations and affiliates. Accordingly, your personal data may be transferred to, stored and processed in various countries, including those that are not regarded as ensuring an adequate level of protection for personal data under European Union law or by the European Commission. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

If you have any questions, comments, or concerns about how we handle your personal data, then you may contact us at PrivacyTeam@nclcorp.com and we will try to resolve your concern.

If you are located in the European Union, please contact our Data Protection Officer at PrivacyTeam@nclcorp.com. If you are located in Germany, you may also contact our representative in Germany at PrivacyTeam@nclcorp.com. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.

We may update this privacy policy from time to time without prior notice. You can determine when this privacy policy was last revised by checking the effective date. We encourage you to periodically review this privacy policy to ensure you understand our privacy practices.

If you have a registered account, we may notify you of any changes to our privacy policy via email and we may ask you to affirmatively acknowledge and consent to the changes the next time you use our Services.

If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes before applying them to that personal data.