Privacy Policy

Last Updated: May 14, 2026 | Effective Date: May 14, 2026

This Privacy Policy explains how irishsferries.org (referred to in this document as "we," "us," "our," or "the Website") collects, uses, stores, shares, and protects your personal data when you visit our website at irishsferries.org, make enquiries, book travel services, or interact with us in any way. We are committed to protecting your privacy and handling your personal data in a transparent, fair, and lawful manner.

We operate in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Acts 1988–2018 (as amended), and all applicable Irish and European Union data protection legislation. Our supervisory authority is the Data Protection Commission (DPC) of Ireland.

Please read this Privacy Policy carefully before using our website or submitting any personal information to us. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

The data controller responsible for your personal data collected through this website is the operator of irishsferries.org, a travel services information and booking website based in Ireland.

Website	irishsferries.org
Email Address	[email protected]
Country of Operation	Ireland
Governing Law	Irish Law / EU GDPR

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us at [email protected].

2. What Personal Data We Collect

We collect various categories of personal data depending on how you interact with our website and services. Below is a detailed breakdown of the types of data we may collect:

2.1 Personal Identification Information

When you make a booking enquiry, register an account, subscribe to our newsletter, or contact us directly, we may collect the following personal details:

Full name (first name and surname)
Date of birth (where required for travel documentation purposes)
Email address
Postal address (including city, county, and Eircode)
Phone number (mobile and/or landline)
Nationality and passport or identification document details (where required for booking or travel compliance)
Payment card information (processed securely through third-party payment processors; we do not store full card details)
Travel preferences and special requirements (e.g., accessibility needs, dietary requirements)

2.2 Booking and Transaction Data

When you make or enquire about a ferry booking or travel package through our website, we collect:

Booking reference numbers and itinerary details
Travel dates, departure and arrival ports
Number and names of passengers travelling
Vehicle registration details (where applicable for vehicle crossings)
Payment transaction history and confirmation records
Cancellation and refund requests

2.3 Usage and Technical Data

When you visit our website, we automatically collect certain technical information about your device and browsing activity, including:

IP address
Browser type and version
Operating system and device type
Pages visited and time spent on each page
Referring URLs (the website you visited before ours)
Date and time of your visit
Search terms used on our website
Clickstream data and navigation patterns

2.4 Cookie and Tracking Data

We use cookies and similar tracking technologies (such as web beacons and pixels) to enhance your experience on our website. Cookies may collect information such as session identifiers, user preferences, and interaction data. For full details on how we use cookies, please refer to our Cookie Policy.

2.5 Communications Data

If you contact us by email, telephone, or through any contact form on our website, we may retain records of that communication, including the content of your messages and our responses.

2.6 Marketing Preferences

If you opt in to receive marketing communications from us, we will record your consent and your stated preferences regarding the type of communications you wish to receive.

3. How We Collect Your Personal Data

We collect your personal data through the following methods:

3.1 Direct Collection

You provide data directly to us when you:

Complete and submit a booking or enquiry form on our website
Create a user account
Subscribe to our email newsletter or promotional communications
Contact our customer service team via email or telephone
Participate in surveys, competitions, or promotions
Leave reviews or feedback on our website

3.2 Automated Collection

We collect certain data automatically through the use of cookies, analytics tools, server logs, and similar tracking technologies as you browse and interact with our website.

3.3 Third-Party Sources

In certain circumstances, we may receive data about you from third parties, such as:

Payment processors and financial institutions (for fraud prevention and transaction verification)
Travel partner organisations and ferry operators whose services we promote or facilitate
Analytics and advertising platforms
Publicly available databases (where permitted by applicable law)

4. Legal Basis for Processing Your Personal Data

Under the GDPR and the Data Protection Acts 1988–2018, we are required to have a valid legal basis for processing your personal data. We rely on the following legal bases:

Processing Purpose	Legal Basis
Processing bookings and travel enquiries	Performance of a contract (Article 6(1)(b) GDPR)
Customer account management	Performance of a contract (Article 6(1)(b) GDPR)
Sending marketing emails and newsletters	Consent (Article 6(1)(a) GDPR)
Website analytics and performance monitoring	Legitimate interests (Article 6(1)(f) GDPR)
Fraud prevention and security	Legitimate interests (Article 6(1)(f) GDPR)
Legal compliance and regulatory obligations	Legal obligation (Article 6(1)(c) GDPR)
Processing special category data (e.g., accessibility needs)	Explicit consent (Article 9(2)(a) GDPR)

5. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

5.1 Service Provision and Booking Management

To process and manage your ferry booking enquiries and reservations
To communicate with you about your travel arrangements, itinerary changes, or booking confirmations
To process payments and issue refunds where applicable
To provide customer support and resolve complaints or disputes
To manage your user account and preferences

5.2 Website Operation and Improvement

To operate, maintain, and improve the functionality and security of our website
To analyse usage patterns and understand how visitors interact with our site
To diagnose and fix technical problems
To personalise your browsing experience and remember your preferences

5.3 Marketing and Communications

To send you promotional offers, travel deals, and newsletters — but only where you have provided explicit consent
To conduct surveys, market research, and gather feedback about our services
To target relevant advertisements through online advertising platforms (where you have consented to such use of your data)

5.4 Legal and Regulatory Compliance

To comply with applicable Irish and EU legal obligations
To respond to lawful requests from regulatory authorities, law enforcement agencies, or courts
To detect, prevent, and address fraud, security breaches, or other illegal activity
To enforce our Terms and Conditions and protect our legal rights

6. Sharing Your Personal Data with Third Parties

We do not sell your personal data to third parties. However, we may share your data with trusted third parties in the following circumstances:

6.1 Service Providers and Data Processors

We engage third-party companies to perform services on our behalf. These service providers act as data processors and are contractually required to handle your data securely and only for the purposes we specify. Such providers may include:

Payment processors: To securely process booking payments and refunds
Email and communication platforms: To send transactional and marketing emails
Website analytics providers: Such as Google Analytics, to help us understand website usage
Cloud hosting and IT infrastructure providers: To host our website and store data securely
Customer relationship management (CRM) tools: To manage customer enquiries and communications
Ferry and travel operators: To fulfil travel bookings made through our website

6.2 Legal and Regulatory Disclosure

We may disclose your personal data to government bodies, law enforcement agencies, regulatory authorities, or courts where we are legally required to do so, or where disclosure is necessary to:

Comply with a legal obligation under Irish or EU law
Protect the vital interests of you or another individual
Prevent or detect fraud or criminal activity
Establish, exercise, or defend legal claims

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your personal data may be transferred to the relevant successor organisation. We will notify you of any such transfer and ensure that your data continues to be protected in accordance with this Privacy Policy.

6.4 Aggregated and Anonymised Data

We may share aggregated, anonymised, or de-identified data with third parties for research, marketing, or analytical purposes. Such data cannot be used to identify you personally.

7. International Data Transfers

Our primary operations and data storage are based within the European Economic Area (EEA), and we endeavour to keep your personal data within the EEA at all times. However, some of our third-party service providers may be based outside the EEA, including in the United States or other countries.

Where we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:

Adequacy decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection
Standard Contractual Clauses (SCCs): EU-approved contractual clauses that impose data protection obligations on the recipient
Binding Corporate Rules (BCRs): Where applicable within multinational corporate groups
Explicit consent: Where no other safeguard is applicable and you have provided informed consent to the transfer

You may request further information about international data transfers and the safeguards we apply by contacting us at [email protected].

8. Data Security

We take the security of your personal data extremely seriously and implement a range of technical and organisational measures to protect it from unauthorised access, loss, destruction, alteration, or disclosure. Our security measures include:

SSL/TLS encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols
Access controls: Access to personal data is restricted to authorised personnel only, on a need-to-know basis
Password protection: User accounts are protected by passwords, and we encourage the use of strong, unique passwords
Regular security audits: We conduct periodic reviews and assessments of our security practices and infrastructure
Data minimisation: We only collect and retain the minimum amount of personal data necessary for the stated purposes
Secure data storage: Personal data is stored on secure servers with appropriate technical and physical safeguards
Incident response procedures: We have established protocols for detecting, reporting, and responding to personal data breaches

Important Notice: While we take all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is entirely secure. We cannot guarantee absolute security, and you share information with us at your own risk. Please contact us immediately at [email protected] if you believe your account or personal data has been compromised.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34 of the GDPR.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general data retention periods are as follows:

Data Category	Retention Period
Booking and transaction records	7 years (to comply with Irish tax and accounting obligations)
Customer account information	Duration of account plus 3 years after account closure
Marketing consent records	Until consent is withdrawn, plus 1 year thereafter
Website analytics data	Up to 26 months (in accordance with standard analytics platform settings)
Customer communications and enquiries	3 years from the date of the last communication
Legal claim or dispute records	6 years from the resolution of the matter (in accordance with the Statute of Limitations Act 1957)
Cookie data	Varies by cookie type — see our Cookie Policy for details

Upon expiry of the applicable retention period, we will securely delete or anonymise your personal data in accordance with our internal data destruction procedures.

10. Your Rights Under GDPR

As a data subject under the GDPR and the Data Protection Acts 1988–2018, you have the following rights with respect to your personal data. We are committed to facilitating the exercise of these rights in a timely and transparent manner.

10.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you, along with information about how we use it, the legal basis for processing, how long we retain it, and with whom we share it. This is known as a Subject Access Request (SAR).

10.2 Right to Rectification (Article 16 GDPR)

If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.

10.3 Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)

In certain circumstances, you have the right to request that we delete your personal data. This right applies where:

The data is no longer necessary for the purpose for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required to comply with a legal obligation

Please note that this right is not absolute and may be subject to exceptions, such as where retention is necessary for legal compliance or the establishment of legal claims.

10.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or have objected to processing pending verification of our legitimate grounds.

10.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or the performance of a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit this data directly to another data controller where technically feasible.

10.6 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data where that processing is based on our legitimate interests. You also have an unconditional right to object to the processing of your personal data for direct marketing purposes. Upon receipt of such an objection, we will cease processing your data for that purpose immediately.

10.7 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal. You may withdraw your consent to marketing communications at any time by clicking the "unsubscribe" link in any marketing email we send you, or by contacting us at [email protected].

10.8 Rights Related to Automated Decision-Making and Profiling (Article 22 GDPR)

You have the right not to be subject to decisions made solely by automated processing (including profiling) that produce significant legal or similarly significant effects on you. We do not currently engage in fully automated decision-making that produces legal effects. Where we use any form of profiling, we will inform you and obtain your consent where required.

How to Exercise Your Rights

To exercise any of your rights listed above, please contact us in writing at:

Email: [email protected]

We will respond to your request within one calendar month of receipt, as required under Article 12 of the GDPR. Where requests are complex or numerous, we may extend this period by a further two months, in which case we will notify you of the extension within the first month. We may request proof of identity before processing your request to ensure the security of your personal data.

11. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your user experience, analyse website performance, and deliver relevant content. Cookies are small text files placed on your device when you visit a website.

We use the following categories of cookies:

Strictly Necessary Cookies: Essential for the basic functionality of our website and cannot be disabled. These cookies enable core features such as security, session management, and page navigation.
Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information about page visits, traffic sources, and user behaviour. These cookies help us improve our website's performance.
Functional Cookies: Allow our website to remember your preferences and settings (such as language preferences or saved travel details) to provide a more personalised experience.
Marketing and Targeting Cookies: Used to deliver relevant advertisements and promotional content based on your browsing behaviour, both on our website and across third-party platforms. These cookies require your explicit consent.

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept, reject, or customise your cookie preferences. You may update your preferences at any time.

For full information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

12. Children's Privacy

Age Restriction: Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, process, or store personal data from individuals under the age of 18.

If you are under 18 years of age, please do not submit any personal data to us through our website. Travel bookings and enquiries involving minors must be made by a parent or legal guardian acting on their behalf.

If we become aware that we have inadvertently collected personal data from a child under the age of 18 without verified parental consent, we will take immediate steps to delete that data from our records. If you believe that we may have collected data from or about a child under 18, please contact us without delay at [email protected].

Where travel bookings include minor passengers, we collect only the minimum information necessary (such as name and date of birth for travel documentation purposes) and such data is processed solely for the purpose of facilitating the travel arrangements made by the adult booking on their behalf.

13. Links to Third-Party Websites

Our website may contain links to third-party websites, including ferry operators, travel partners, and other travel-related services. These third-party websites have their own privacy policies and data protection practices, which are independent of ours.

We are not responsible for the privacy practices, content, or data handling of any third-party websites. We encourage you to read the privacy policies of any third-party sites you visit before providing any personal data to them. The inclusion of a link to a third-party website does not constitute our endorsement of that website or its privacy practices.

14. Marketing Communications

We will only send you marketing communications, promotional offers, and newsletters where you have provided your explicit, freely given, and informed consent to receive such communications. This consent is obtained through opt-in mechanisms on our website, such as a clearly labelled checkbox during the booking or registration process.

Each marketing email we send will include a clear and easy-to-use unsubscribe mechanism, allowing you to opt out of future marketing communications at any time. Alternatively, you may withdraw your consent to marketing at any time by emailing us at [email protected] with the subject line "Unsubscribe."

Please note that even if you opt out of marketing communications, we may still need to send you important service-related communications (such as booking confirmations, itinerary changes, or security alerts) which are necessary for the performance of our contract with you.

15. Filing a Complaint with the Data Protection Commission

If you believe that we have not handled your personal data in accordance with applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority for data protection matters in Ireland.

Data Protection Commission (DPC) Contact Details:

Website: www.dataprotection.ie

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Phone: +353 (0)1 765 0100

LoCall: 1800 437 737

Email: [email protected]

Before lodging a formal complaint with the DPC, we respectfully encourage you to contact us directly in the first instance at [email protected] so that we may attempt to resolve your concern promptly and to your satisfaction. We take all privacy complaints seriously and will investigate and respond to your concern as quickly as possible.

You also have the right to seek judicial remedies if you consider that your rights under the GDPR have been infringed as a result of the processing of your personal data in non-compliance with applicable law.

16. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal requirements, or operational changes. When we make material changes to this Privacy Policy, we will:

Update the "Last Updated" date at the top of this page
Notify registered users by email where the changes are significant
Display a prominent notice on our website to alert visitors to the update

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our website after any changes to this Privacy Policy have been posted constitutes your acknowledgement of those changes.

17. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Ireland, including the General Data Protection Regulation (EU) 2016/679, the Data Protection Acts 1988–2018, and all other applicable Irish legislation. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Ireland.

18. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us using the details below. We aim to respond to all privacy-related enquiries within 5 business days and to fulfil formal data subject rights requests within the legally required timeframe of one calendar month.

Website	irishsferries.org
Email	[email protected]
Subject Line for Privacy Requests	"Privacy Request" or "Data Subject Rights Request"
Supervisory Authority	Data Protection Commission (DPC), Ireland — www.dataprotection.ie

Your privacy matters to us. We are committed to processing your personal data responsibly, transparently, and in full compliance with Irish and EU data protection law. Thank you for trusting us with your information.