Flash Sale · 25% off your first trip Cruise Way25
Privacy Policy · Cruise Way
Legal

Privacy Policy

Effective Date: May 1, 2026 · Last Updated: April 23, 2026

1. Introduction

Cruise Way ("we," "our," or "us") is committed to protecting the privacy of our customers. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform to book car rentals, flights, cruise packages, and related travel services across the United States and Canada.

We handle your personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) for European Economic Area (EEA) residents, the California Consumer Privacy Act (CCPA/CPRA) for California residents, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).[reference:0][reference:1]

Key Principles: We do not sell your personal data. We share it only with trusted partners necessary to fulfill your travel bookings. We employ industry-standard encryption and security measures to protect your information.

By accessing or using Cruise Way, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any portion of this policy, please discontinue use of our services immediately.

2. Information We Collect

We collect several types of information to provide and improve our travel booking services. The categories below outline the personal data we may request or automatically gather:[reference:2]

2.1 Information You Provide Directly

Category Examples Service
Identity & Contact Full name, email address, phone number, billing address, date of birth All bookings
Travel Documents Passport number, driver's license details, visa information Flights, car rentals (driver verification), cruises
Payment Information Credit/debit card number, expiration date, CVV, billing ZIP code All bookings (processed via secure PCI-DSS compliant gateways)[reference:3]
Booking & Travel Details Trip dates, pickup/drop-off locations, flight numbers, cruise itineraries, cabin preferences, frequent flyer/loyalty numbers, seat/cabin preferences Car rentals, flights, cruises
Special Requirements Dietary needs, accessibility requirements, health-related travel needs (e.g., adaptive driving devices), emergency contact information All bookings
Communications Customer support inquiries, chat transcripts, call recordings, survey responses All services

The above data categories are necessary to process travel reservations, verify identity, comply with legal obligations, and provide customer support. For car rentals specifically, we also collect driver's license information, insurance details, and rental history.[reference:4][reference:5]

2.2 Information Collected Automatically

Category Examples
Device & Technical IP address, browser type & version, operating system, device type, screen resolution, language settings
Usage & Analytics Pages visited, time spent on site, click patterns, referral source, search queries, booking funnel behavior
Geolocation Approximate location (city/country level derived from IP address); precise location only with explicit consent from our mobile app
Cookies & Similar Technologies See Section 6 for a complete breakdown of cookie types and purposes

2.3 Information From Third Parties

We may receive supplementary information from:

  • Travel Suppliers: Airlines, cruise lines, car rental agencies, and hotel partners may share booking confirmation details and loyalty program data.
  • Payment Processors: Transaction verification, fraud screening results, and payment confirmation status.
  • Identity Verification Services: For certain car rentals, we may verify driver's license authenticity through authorized third-party services.
  • Marketing & Analytics Partners: Aggregated demographic and interest data to help us personalize offers (where consent has been provided).

3. How We Use Your Information

We use your personal data for the following purposes, all of which are necessary to deliver our travel booking services effectively:[reference:6]

Purpose Description
Booking Fulfillment Process car rental reservations, flight ticket purchases, and cruise cabin bookings; generate and deliver booking confirmations, e-tickets, vouchers, and itineraries.
Payment Processing Securely handle credit/debit card transactions through PCI-DSS compliant gateways; process refunds, cancellations, and chargebacks.
Customer Support Respond to inquiries, resolve booking issues, manage changes or cancellations, and provide 24/7 travel assistance.
Identity Verification Verify driver's license authenticity for car rentals; validate passport details for international flights and cruises; prevent fraudulent bookings.
Personalization Tailor search results, recommend relevant travel deals, remember your preferences, and display offers aligned with your past booking history.
Marketing Communications Send promotional emails, newsletters, and exclusive deal alerts (only with your consent; you may unsubscribe at any time).
Legal & Regulatory Compliance Comply with tax laws, financial reporting requirements, customs and border protection regulations, and respond to lawful requests from government authorities.
Fraud Prevention & Security Monitor for suspicious activity, detect and prevent fraudulent transactions, protect against unauthorized access, and maintain platform integrity.
Analytics & Improvement Analyze usage patterns, measure website performance, conduct A/B testing, and improve user experience and service quality.

5. Data Sharing & Disclosure

We do not sell your personal data to third parties. We share your information only as necessary to fulfill your travel bookings and operate our platform:[reference:9][reference:10]

5.1 Travel & Booking Partners

  • Car Rental Agencies: Enterprise Rent-A-Car, Hertz, Avis, Budget, National Car Rental, Alamo, and local providers in Canada and the USA.
  • Airlines: Delta, United, American Airlines, Southwest, JetBlue, Air Canada, WestJet, Porter Airlines, and other carriers operating across North America.
  • Cruise Lines: Royal Caribbean, Carnival, Norwegian Cruise Line, Disney Cruise Line, Celebrity Cruises, Princess Cruises, Holland America Line, MSC Cruises, and others.[reference:11]

5.2 Service Providers

  • Payment Processors: Stripe, PayPal, and other PCI-DSS compliant gateways (we do not store full card numbers).[reference:12]
  • Cloud & Infrastructure: Amazon Web Services (AWS), Google Cloud Platform for hosting and data storage.
  • Communication Tools: SendGrid, Twilio for email/SMS booking confirmations and alerts.
  • Analytics: Google Analytics, Mixpanel (anonymized where possible).
  • Fraud Prevention: Third-party fraud detection services to protect against unauthorized transactions.

5.3 Legal & Regulatory Disclosures

We may disclose personal data when required by law, court order, subpoena, or governmental regulation—including to customs and border protection agencies for international travel, tax authorities for financial reporting, and law enforcement for fraud investigations.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content. Cookies are small text files stored on your device when you visit our website.[reference:13][reference:14]

Cookie Type Purpose Consent Required?
Strictly Necessary Essential for site functionality—session management, secure login, booking cart persistence, and payment processing. The site cannot function without these. No (always active)
Performance & Analytics Help us understand how visitors interact with our site—which pages are most popular, how users navigate booking funnels, and where improvements are needed. Data is aggregated and anonymized. Yes (where required by law)
Functional Remember your preferences—language selection, currency, recent searches, and saved travel dates to provide a more personalized experience. Yes (where required by law)
Marketing & Advertising Deliver relevant travel deals and promotions based on your browsing behavior. These may be set by us or third-party advertising networks. Yes (opt-in required)

You can manage your cookie preferences at any time through our Cookie Settings panel (accessible via the banner on our site) or through your browser settings. Note that disabling certain cookies may impact the functionality of our booking platform.

7. Data Security

We implement industry-standard technical and organizational safeguards to protect your personal information:[reference:15][reference:16]

  • Encryption: All data transmitted between your browser and our servers is protected using TLS 1.3 (Transport Layer Security) encryption. Payment card data is further protected through PCI-DSS Level 1 compliant payment gateways.
  • Secure Infrastructure: Our servers are hosted in SOC 2 Type II certified data centers with 24/7 physical security, biometric access controls, and redundant power systems.
  • Access Controls: Strict role-based access ensures that only authorized personnel with a legitimate business need can access personal data. All access is logged and audited.
  • Regular Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and remediate potential risks.
  • Employee Training: All staff receive mandatory privacy and security training upon hiring and annually thereafter.

While we strive to protect your information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we continuously work to minimize risk.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law:[reference:17]

  • Booking Data: Retained for 7 years from the date of your last transaction to comply with tax, accounting, and legal obligations in both the United States and Canada.
  • Marketing Data: Retained until you opt out of marketing communications, or after 3 years of inactivity (no bookings or email opens).
  • Account Data: Retained while your account remains active. If you close your account, we will delete or anonymize your personal data within 90 days, unless retention is required by law.
  • Usage & Analytics Data: Retained in aggregated or anonymized form indefinitely for business intelligence purposes.

When data is no longer needed, we securely delete or destroy it—paper records by cross-cut shredding, electronic files through secure deletion protocols, and hardware via certified destruction methods.

9. International Data Transfers

Cruise Way operates primarily in the United States and Canada. However, your personal data may be transferred to, stored, or processed in countries outside your country of residence—including countries whose data protection laws may differ from those in your jurisdiction.[reference:18][reference:19]

When we transfer personal data across borders, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for GDPR-governed transfers.
  • Adequacy Decisions where applicable (e.g., Canada has been recognized by the EU as providing adequate protection).
  • Binding Corporate Rules for intra-group transfers where relevant.

By using our services, you acknowledge that your data may be transferred internationally as described above.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:[reference:20][reference:21]

Right Description Jurisdiction
Access Request a copy of the personal data we hold about you, including details about how we process it. GDPR, CCPA, PIPEDA
Rectification Request correction of inaccurate or incomplete personal data. GDPR, CCPA, PIPEDA
Erasure ("Right to be Forgotten") Request deletion of your personal data, subject to legal retention requirements. GDPR, CCPA, PIPEDA
Restriction of Processing Request that we limit how we process your data in certain circumstances. GDPR
Data Portability Receive your data in a structured, machine-readable format and have it transmitted to another controller. GDPR
Object to Processing Object to processing based on legitimate interests, including direct marketing. GDPR
Withdraw Consent Withdraw previously given consent at any time, without affecting the lawfulness of prior processing. GDPR, PIPEDA
Opt-Out of Sale/Sharing Opt out of the sale or sharing of personal data for targeted advertising (see Section 11 for California-specific rights). CCPA/CPRA

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may require identity verification before processing certain requests.

11. California Privacy Rights (CCPA / CPRA)

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have additional rights:[reference:22][reference:23]

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information from California consumers:

  • Identifiers: Name, email, IP address, postal address, phone number, passport number, driver's license number.
  • Commercial Information: Booking history, travel preferences, payment card type, transaction records.
  • Internet/Electronic Activity: Browsing history, search history, interactions with our website and advertisements.
  • Geolocation Data: Approximate location derived from IP address.
  • Sensitive Personal Information: Driver's license details, passport information, payment card details (processed but not stored), health-related travel requirements.

Your CCPA/CPRA Rights

  • Right to Know: Request disclosure of the specific pieces and categories of personal information we have collected about you.
  • Right to Delete: Request deletion of personal information, subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of personal information for cross-context behavioral advertising. Cruise Way does not sell personal data, but we may share limited data with advertising partners for targeted offers (which you can opt out of).
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information for purposes permitted by law.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us at privacy@Cruise Way.com or call our toll-free line at 1-800-VOYAGE-1. You may also designate an authorized agent to make a request on your behalf.

12. Children's Privacy

Cruise Way is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take immediate steps to delete such information from our systems.[reference:24]

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can take appropriate action.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we do, we will:

  • Post the revised policy on this page with an updated "Effective Date."
  • Notify registered users via email for material changes.
  • Display a prominent notice on our website for at least 30 days following significant updates.

Your continued use of Cruise Way after the effective date of any revised policy constitutes your acceptance of the changes. We encourage you to review this page periodically to stay informed about how we protect your privacy.

14. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact our Privacy Team:

Email (General Inquiries): privacy@Cruise Way.com
Data Protection Officer (DPO): dpo@Cruise Way.com
Phone (Toll-Free): 1-800-VOYAGE-1 (1-800-869-2431)
Mon–Fri, 8:00 AM – 8:00 PM EST
Mailing Address: Cruise Way Privacy Office
350 Park Avenue, Suite 1200
New York, NY 10022
United States
Canadian Office: Cruise Way Canada
655 Bay Street, Suite 400
Toronto, ON M5G 2K4
Canada
Lodge a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with your local data protection authority. For EU residents, you may contact the supervisory authority in your member state. For Canadian residents, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.