• GDPR Privacy Policy

GDPR Privacy Policy

handling of personal information of EEA residents


Besides our Privacy Policy, following clauses apply with regard to the processing of personal data of residents in EEA countries, in terms of collection, use and storage according to the new General Data Protection Regulation (GDPR), (EU) 2016/679.


NYK Cruises Co., Ltd. (NYKC) ask for, collect and process the personal information specified below (where applicable), for which Privacy Notice is provided to you when your booking / visit to M.S. Asuka Ⅱ or any of Crystal vessels is confirmed and NYKC collects your personal data, and/or when the NYKC sends you passage tickets and/or other documents. We may obtain such personal information directly from you or may have obtained your personal information through booking agency or contract partners.
This personal information is necessary for adequate performance of NYKC’s operations and of the agreements between you and NYKC, mainly to safeguard NYKC’s legitimate interests, and to allow us to comply with legal obligations and as set forth in more detail below under Article 5. NYKC makes every effort to ensure that the information stored and processed is accurate and up to date.
If NYKC process your personal data for a purpose other than stated herein, we will inform you in advance of doing so and to the extent necessary seek your prior consent.

1. Photo2. Name / Surname3. Date and place of birth4. Mobile and home numbers5. Nationality6. Sex7. Body measurements8. Identification/ passport data9. Home address10. Bank account details11. Next of kin information12. Marital status13. Education / Work history14. Medical history / Vaccinations15. Visa information16. E-mail address17. CCTV footage and other information obtained through electronic means such as swipe card records


NYKC is committed to respecting the regulations that apply to all the data it processes. More specifically, NYKC commits in particular to the following principles:
Your personal data is processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency).
Your personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation).
Your personal details are kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed or as necessary under statutory law (storage limitation).
Your personal data is accurate, kept up to date, and every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy).
Only authorized personnel have access to this information. It is stored digitally and/or in form of hardcopies in order to enable NYKC to carry out its contractual obligations, its legal obligations with local and foreign governmental Authorities and applicable International Conventions, to safeguard our legitimate interests, resolve any disputes and claims and for the execution of our operations.
NYKC will disclose your personal data to local and foreign governmental authorities, where and only to the extent required or permitted to do so by law or under respective agreements with you.
We may share your information only to the extent required or permitted to do so with personnel, agents, service providers, affiliates, partners and any other third person or entity in connection with our operation or services who are also obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to your personal information.
NYKC may disclose your personal data if requested to do so by courts, law enforcement, governmental authorities or authorized third parties.


NYKC recognizes the importance of protecting children’s privacy. We may collect and process personal data in relation to children provided that we have first obtained their parent’s or legal guardian’s consent unless otherwise permitted under law. For the purposes of this privacy statement, “children” are individuals who are under the age of sixteen (16).


NYKC is committed to protecting your privacy and handling your data in an open and transparent manner, and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons which provide legal basis:

A. For the performance of contract / agreement (Art. 6 (1) lit. b GDPR)

The processing of personal data is necessary to comply with contractual obligations with regards to the contract / agreement entered between you and NYKC.

B. For compliance with a legal obligation (Art. 6 (1) lit. c GDPR)

The processing of personal data is necessary to comply with the legal requirements.

C. For the purposes of safeguarding legitimate interests (Art. 6 (1) lit. f GDPR)

The processing of personal data is necessary for the legitimate interests pursued by NYKC or by a third party.
A legitimate interest is when we have a business or commercial reason to use your information. Examples of such processing activities include: Claims, Court Proceedings, Arbitration and any other legal proceedings we may have the right to establish, exercise or defend.
To undertake means and processes to provide for NYKC’s data security, preventing potential crime, asset security, admittance controls and anti-trespassing measures, to manage business and for further developing products and services, NYKC sets up CCTV systems at our offices and other facilities, both onboard and ashore.

D. Consent (Art. 6 (1) lit. a GDPR)

Provision of specific consent for processing of special categories of personal data other than for the reasons set out hereinabove.
For example, consent will be obtained for medical and criminal records.
You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.


NYKC is committed to protecting your privacy and uses adequate security controls to prevent unauthorized access, use, loss, destruction and damage of the above information. We use firewalls, access controls, standards and other procedures to protect information from unauthorized access.
We conduct privacy and information security awareness training to emphasize and inform employees of the need to protect and secure personal information.


Your personal data may be disclosed to a third person or entity inside or outside of European Union, to fulfill requirements obliged by local authorities. In such cases NYKC endeavors that such person or entity comply with the European data protection standards and provide appropriate safeguards in relation to your personal information.


You have the following rights in terms of your personal data we hold about you, subject to jurisdictions and applicable law:

a) Receive access to your personal data.

This enables you to receive a copy of the personal data we hold about you.

b) Request correction [rectification] of the personal data we hold about you.

This enables you to have any incomplete or inaccurate data we hold about you corrected.

c) Request erasure of your personal information.

This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where information is held with no valid legal basis.

d) Object to processing of your personal data.

This enables you to object if you provide a reasonable basis and specific reasons for the objection. You have the absolute right to object if the processing of your personal data involves direct marketing and a non-absolute right if the data is processed for legitimate purposes. We will address your objection duly and according to the GDPR regulation and relevant applicable law.

e) Request the restriction of processing of your personal data.

You have the right to submit a request to restrict the processing and only keep the information stored until the basis of your request is resolved. Notification of incorrect information held will automatically restrict the processing of your personal data until such information is corrected. You have the right to explicitly and in writing ask NYKC to hold on your behalf your personal information which we no longer process.

f) Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organizations.

You also have the right to have your personal data transmitted directly by ourselves to other organizations you will name [known as the right to data portability].

g) Withdraw the consent that you gave us about the processing of your personal data at any time (where applicable).

Consent given for processing of medical and criminal records is bound by our legal obligation to comply with relevant laws, regulations and international conventions which makes it obligatory for NYKC to hold and process such information.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact our Chief Information Officer whose contact details are outlined below.


NYKC may modify or amend this Notice from time to time.
We will notify you appropriately when we make changes to it. We do however encourage you to review this Notice periodically so as to always be informed about how we are processing and protecting your personal information.


If you have any questions, suggestions or complaints regarding the issue of data protection,
please contact:Hiroshi KAWAMURA (Mr.)
Chief Information Officer (CIO)
NYK Cruises Co., Ltd.
2-2-1 Minatomirai, Nishi-ku
Yokohama, 220-8147 JAPAN
Phone: +81-(0)45-640-5371


NYKC will only retain your personal data for as long as necessary to fulfil the purposes we processed it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
NYKC will retain your personal data at least for the minimum time required by applicable laws in effect from time.