Privacy Policy

Last Updated: May 18, 2026 | Effective Date: May 18, 2026

Important Notice: This Privacy Policy explains how Irish Ferries (operating via irishz-ferries.com) collects, uses, stores, and protects your personal data. By using our website and services, you acknowledge that you have read and understood this policy. Please read it carefully before providing any personal information.

1. Introduction and Our Commitment to Your Privacy

Welcome to irishz-ferries.com. We are committed to protecting your personal data and respecting your privacy in full compliance with applicable Irish and European Union data protection legislation. This Privacy Policy applies to all personal data collected through our website, mobile applications, booking systems, customer service channels, and any other services we provide.

As a travel services operator based in Ireland, we are subject to the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018, the Data Protection Acts 1988–2018, the ePrivacy Regulations (SI 336 of 2011), and all related guidance issued by the Data Protection Commission (DPC) of Ireland.

We act as the Data Controller for personal data collected and processed in connection with our ferry booking and travel services. This means we determine the purposes and means by which your personal data is processed. Where we engage third-party service providers to process data on our behalf, they act as Data Processors under written data processing agreements that comply with Article 28 of the GDPR.

Our website address is irishz-ferries.com and our primary contact email for data protection enquiries is [email protected].

2. Who We Are — Data Controller Details

For the purposes of the GDPR and the Data Protection Act 2018, the Data Controller responsible for your personal data is:

Company Name	Irish Ferries
Website	irishz-ferries.com
Email Address	[email protected]
Business Type	Travel Services
Jurisdiction	Republic of Ireland
Supervisory Authority	Data Protection Commission (DPC), Ireland

3. Personal Data We Collect

We collect various categories of personal data depending on how you interact with our website and services. The following sections describe in detail the types of data we may collect from you.

3.1 Personal Identification Information

When you make a booking, create an account, or contact us, we may collect the following identifying information:

Full name (first name and surname)
Date of birth
Gender (where required for travel documentation)
Nationality and passport or national identity card details
Contact telephone number(s)
Email address
Postal/billing address
Emergency contact information
Photographs or profile images (where voluntarily uploaded)

3.2 Booking and Travel Information

In order to provide our ferry travel services, we collect information relating to your travel arrangements, including:

Travel dates, routes, and destination details
Cabin or accommodation preferences
Vehicle registration details (where applicable)
Number and ages of passengers travelling
Special requirements including accessibility needs, dietary requirements, or medical conditions disclosed voluntarily
Loyalty programme membership numbers
Travel history and previous bookings with us

3.3 Payment and Financial Information

When you make a payment for our services, we collect payment-related information. Please note that full payment card details are processed by our PCI DSS-compliant payment processing partners and are not stored on our own servers. We may retain:

Partial payment card details (last four digits, expiry date) for reference purposes
Billing address associated with the payment method
Transaction reference numbers and payment confirmation records
Refund and cancellation records

3.4 Usage Data and Website Interaction Data

When you visit irishz-ferries.com, we automatically collect certain technical and behavioural data, including:

IP address and approximate geographic location derived from IP
Browser type and version
Operating system and device type
Pages visited and time spent on each page
Referring website URLs
Search queries entered on our website
Links clicked and features used
Date and time of access
Error logs and crash reports

3.5 Cookie and Tracking Data

We use cookies and similar tracking technologies (including web beacons, pixels, and local storage) to collect data about your browsing behaviour on our site. Details of the cookies we use, their purposes, and how to manage your preferences are set out in our separate Cookie Policy. See also Section 9 of this Privacy Policy for a summary of our cookie usage.

3.6 Communications Data

When you contact our customer service team, submit an enquiry form, or communicate with us by telephone, email, or live chat, we collect and retain records of those communications, including:

The content of your messages and enquiries
Responses provided by our team
Call recordings (where you are notified in advance)
Feedback, reviews, and survey responses you submit

3.7 Special Categories of Personal Data

Certain types of personal data are classified as "special categories" under Article 9 of the GDPR and attract higher levels of protection. We may process such data in limited circumstances, such as:

Health and disability information — where you voluntarily disclose a medical condition or accessibility requirement to enable us to make appropriate arrangements for your journey
Dietary requirements — where they indicate religious beliefs or health conditions

We will only process special category data where you have provided your explicit consent, or where processing is necessary for reasons of substantial public interest in accordance with applicable Irish law.

4. How We Use Your Personal Data

We process your personal data for specific, explicit, and legitimate purposes. We will not use your data in a manner that is incompatible with the purposes described below.

4.1 Providing and Managing Our Travel Services

The primary purpose for which we process your data is to deliver the ferry travel services you have booked. This includes:

Processing and confirming your booking reservations
Issuing tickets, boarding passes, and travel documentation
Processing payments and issuing receipts or invoices
Managing changes, cancellations, and refunds in accordance with our booking terms
Communicating essential travel information, schedule changes, and disruptions
Complying with port authority and border control requirements
Providing onboard services and accommodating your preferences and requirements

Legal basis: Performance of a contract (Article 6(1)(b) GDPR); Legal obligation (Article 6(1)(c) GDPR).

4.2 Customer Account Management

If you create a customer account on our website, we process your data to:

Create, maintain, and manage your account
Store your preferences and past bookings for convenience
Administer loyalty programmes and reward points
Enable you to access and manage your booking history

Legal basis: Performance of a contract (Article 6(1)(b) GDPR); Legitimate interests (Article 6(1)(f) GDPR).

4.3 Marketing and Promotional Communications

Where you have provided your consent or where we have a legitimate interest, we may use your contact details to send you:

Promotional offers, discounts, and special deals on ferry routes
Information about new services or routes we offer
Seasonal travel campaigns and newsletters
Personalised recommendations based on your travel history

You have the right to opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, contacting us at [email protected], or adjusting your account preferences.

Legal basis: Consent (Article 6(1)(a) GDPR); Legitimate interests (Article 6(1)(f) GDPR) for existing customers under Regulation 13(5) of SI 336 of 2011.

4.4 Analytics and Service Improvement

We analyse usage data to understand how our customers interact with our website and services, enabling us to:

Improve website functionality, design, and navigation
Develop new features and services
Conduct market research and trend analysis
Measure the effectiveness of our marketing campaigns
Generate internal business reports and performance metrics

Legal basis: Legitimate interests (Article 6(1)(f) GDPR).

4.5 Safety, Security, and Fraud Prevention

We process your data to maintain the safety and security of our passengers, crew, and vessels, and to prevent fraudulent activity, including:

Verifying your identity when required
Detecting, investigating, and preventing fraud, money laundering, and other illegal activities
Complying with port security and customs obligations
Responding to safety incidents and emergencies onboard

Legal basis: Legitimate interests (Article 6(1)(f) GDPR); Legal obligation (Article 6(1)(c) GDPR).

4.6 Legal and Regulatory Compliance

We may process your data as necessary to comply with our legal obligations under Irish and EU law, including:

Immigration and border control laws
Maritime safety regulations
Financial and tax reporting requirements
Responding to lawful requests from competent authorities
Establishing, exercising, or defending legal claims

Legal basis: Legal obligation (Article 6(1)(c) GDPR); Legitimate interests (Article 6(1)(f) GDPR).

5. Sharing Your Personal Data with Third Parties

We respect your privacy and do not sell your personal data to third parties. However, in order to provide our services effectively, we may share your data with trusted third parties in the following circumstances.

5.1 Service Providers and Data Processors

We engage third-party companies to perform functions on our behalf under written data processing agreements. These include:

Payment processors — to securely process payment card transactions
IT and cloud hosting providers — to host and maintain our website and booking systems
Email and communications service providers — to deliver booking confirmations and marketing emails
Analytics providers — such as Google Analytics, to help us understand website usage
Customer service platforms — to manage support ticket systems and live chat
Travel insurance partners — where you opt to purchase travel insurance through our platform

All service providers are required to process your data only on our instructions, maintain appropriate security measures, and comply with GDPR obligations.

5.2 Port Authorities and Government Bodies

As a ferry operator, we are legally required to share passenger manifest data with port authorities, immigration services, customs authorities, and coastguard agencies in Ireland, the United Kingdom, France, and other relevant jurisdictions, in compliance with applicable maritime and border control laws.

5.3 Business Partners

Where you book ancillary services such as hotel accommodation, car rental, or travel insurance through our website, we may share relevant details with those partners to fulfil your booking.

5.4 Legal and Regulatory Disclosures

We may disclose your personal data to law enforcement agencies, regulatory bodies, courts, or other competent authorities where we are legally required to do so, or where disclosure is necessary to protect the safety and rights of individuals or to defend legal claims.

5.5 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business assets, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections being maintained.

6. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). This may occur when we use service providers located in countries such as the United States or the United Kingdom. Where such transfers take place, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:

Adequacy decisions — where the European Commission has determined that a country provides an adequate level of data protection
Standard Contractual Clauses (SCCs) — the EU-approved model contractual clauses for transfers to third countries
UK IDTA (International Data Transfer Agreement) — for transfers to UK-based entities post-Brexit
Binding Corporate Rules — where applicable for multinational corporate groups

You may request a copy of the relevant safeguards applicable to any international transfer of your data by contacting us at [email protected].

7. Data Security

We take the security of your personal data seriously and implement comprehensive technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. Our security measures include:

7.1 Technical Security Measures

SSL/TLS encryption — all data transmitted between your browser and our website is encrypted using industry-standard Transport Layer Security (TLS) protocols
Data encryption at rest — sensitive personal data stored on our systems is encrypted
Firewalls and intrusion detection systems — to protect our network infrastructure
Access controls — role-based access controls to limit who can access personal data within our organisation
Multi-factor authentication — for staff accessing sensitive systems
Regular security testing — including penetration testing and vulnerability assessments
PCI DSS compliance — for all payment card processing activities

7.2 Organisational Security Measures

Staff training on data protection and privacy obligations
Data protection policies and procedures reviewed regularly
Data Processing Agreements with all third-party processors
Privacy Impact Assessments (PIAs) for high-risk processing activities
Incident response and breach notification procedures

Please note: While we take all reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. If you believe your personal data has been compromised, please contact us immediately at [email protected].

8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are guided by applicable Irish and EU legislation, including the Statute of Limitations Act 1957 (as amended) and financial record-keeping requirements.

Category of Data	Retention Period	Reason
Booking and travel records	7 years from date of travel	Legal and tax compliance obligations
Payment transaction records	7 years	Financial reporting and Revenue obligations
Customer account data	Duration of account + 3 years after last login	Contract performance and legitimate interests
Marketing preferences and history	Until consent withdrawn + 1 year	Consent-based processing
Customer service communications	3 years from last contact	Legitimate interests and potential legal claims
Website usage/analytics data	26 months	Analytics and service improvement
Passenger manifest data	As required by maritime/immigration law	Legal obligation
CCTV footage (onboard/terminals)	31 days unless required for investigation	Security and safety

After the applicable retention period expires, personal data is securely deleted or anonymised in a manner that prevents re-identification.

9. Cookies and Tracking Technologies

Our website irishz-ferries.com uses cookies and similar tracking technologies to enhance your browsing experience, analyse site performance, and deliver personalised content and advertising. Cookies are small text files placed on your device when you visit a website.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the website to function correctly, such as session management and security tokens. These cannot be disabled.
Performance and Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics). These are set only with your consent.
Functionality Cookies: Remember your preferences such as language and currency settings.
Marketing and Targeting Cookies: Used to deliver relevant advertisements and track campaign effectiveness. These require your prior consent under SI 336 of 2011.

9.2 Your Cookie Choices

When you first visit our website, you will be presented with a cookie consent banner through which you can accept or decline non-essential cookies. You can change your cookie preferences at any time through our Cookie Preference Centre accessible via the cookie icon at the bottom of each page.

You can also manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website and your ability to complete bookings. For full details of all cookies used on our site, please refer to our Cookie Policy.

10. Your Rights Under GDPR and Irish Data Protection Law

As a data subject under the GDPR and the Data Protection Act 2018, you have a number of important rights regarding your personal data. We are committed to facilitating the exercise of these rights promptly and without undue delay, and in any event within one calendar month of receiving your request.

10.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about the purposes of processing, categories of data, recipients, retention periods, and your other rights. This is commonly known as a Subject Access Request (SAR).

10.2 Right to Rectification (Article 16 GDPR)

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you without undue delay.

10.3 Right to Erasure / Right to Be Forgotten (Article 17 GDPR)

You have the right to request the deletion of your personal data in certain circumstances, such as where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where you object to processing. This right is subject to exceptions where we are required by law to retain the data.

10.4 Right to Restriction of Processing (Article 18 GDPR)

You may request that we restrict the processing of your personal data in certain circumstances, such as while we investigate a dispute about the accuracy of your data or the lawfulness of our processing.

10.5 Right to Data Portability (Article 20 GDPR)

Where we process your data on the basis of your consent or for the performance of a contract, and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

10.6 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as our legal basis, including profiling based on legitimate interests. You also have an absolute right to object to the use of your data for direct marketing purposes, and we will cease such processing immediately upon receipt of your objection.

10.7 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Where we use automated decision-making, you have the right to request human review of the decision, express your point of view, and challenge the outcome.

10.8 Right to Withdraw Consent

Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

10.9 How to Exercise Your Rights

To exercise any of your rights, please contact our Data Protection team using the following details:

Data Protection Enquiries
Email: [email protected]
Website: irishz-ferries.com

We may require you to verify your identity before processing your request to ensure we do not disclose personal data to an unauthorised person. We will not charge a fee for legitimate requests, but we reserve the right to charge a reasonable administrative fee or refuse requests that are manifestly unfounded or excessive.

11. Children's Privacy

Our website and booking services are intended for use by adults aged 18 years and over. We do not knowingly collect or solicit personal data directly from children under the age of 18 without verifiable parental or guardian consent.

Where children travel as passengers, any personal data relating to minors (such as their names, ages, and passport details for international travel) is collected from and provided by the responsible adult making the booking, who confirms their authority to provide such data.

If we become aware that we have inadvertently collected personal data directly from a child under 18 without appropriate parental consent, we will take steps to delete such information from our records as promptly as possible. If you believe that a child has provided us with their personal data without appropriate consent, please contact us at [email protected].

12. Legal Basis for Processing — Summary

In accordance with the transparency requirements of Article 13 and 14 of the GDPR, the following table summarises the principal legal bases upon which we rely to process your personal data:

Purpose of Processing	Legal Basis (GDPR Article 6)
Processing and fulfilling travel bookings	Article 6(1)(b) — Contract performance
Processing payments	Article 6(1)(b) — Contract performance
Sending booking confirmations and travel updates	Article 6(1)(b) — Contract performance
Marketing communications (with consent)	Article 6(1)(a) — Consent
Marketing to existing customers (soft opt-in)	Article 6(1)(f) — Legitimate interests
Website analytics and improvement	Article 6(1)(f) — Legitimate interests
Fraud prevention and security	Article 6(1)(f) — Legitimate interests
Compliance with immigration/maritime law	Article 6(1)(c) — Legal obligation
Tax and financial record-keeping	Article 6(1)(c) — Legal obligation
Processing special category data (health/accessibility)	Article 9(2)(a) — Explicit consent

13. How to File a Complaint

We are committed to resolving any privacy concerns you may have. If you believe that we have not complied with our data protection obligations, we encourage you to contact us in the first instance so that we can address your concerns.

13.1 Contact Us First

Please direct your complaint or concern to:

Privacy Complaints
Email: [email protected]
Website: irishz-ferries.com

We will acknowledge your complaint within 5 working days and aim to provide a full response within 30 calendar days.

13.2 Complaints to the Data Protection Commission (DPC)

If you are not satisfied with our response, or if you wish to raise a concern directly with our supervisory authority, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the competent supervisory authority for data protection matters in Ireland under Article 77 of the GDPR:

Authority	Data Protection Commission (DPC)
Address	21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone	+353 (0)1 765 0100 / 1800 437 737 (LoCall)
Email	[email protected]
Website	www.dataprotection.ie

You also retain the right to seek judicial remedies in the Irish courts if you believe your rights under the GDPR have been infringed.

14. Third-Party Websites and Links

Our website may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to those third-party sites. We have no responsibility or liability for the content or privacy practices of any third-party websites. We encourage you to review the privacy policies of any external sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or regulatory guidance. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date, and where appropriate, by sending you a direct notification by email.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our services after any changes are posted constitutes your acknowledgement of the revised policy.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please do not hesitate to contact us:

Company	Irish Ferries
Email	[email protected]
Website	irishz-ferries.com

Our Commitment: We are dedicated to maintaining the highest standards of data privacy and security for all our customers. This Privacy Policy is compliant with the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018, and all applicable Irish data protection legislation as enforced by the Data Protection Commission of Ireland.

This Privacy Policy was last reviewed and updated on May 18, 2026. Version 1.0.