Privacy POLICY

WHO PROCESSES YOUR PERSONAL DATA?

Depending on the products and services you purchase, your personal data is processed by different legal entities acting as data controllers within the meaning of applicable data protection laws.

Condor Limited and Condor Ferries Holidays Limited, both trading as Brittany Ferries Guernsey, process your personal data collected via this website, our mobile applications, on board our ships, at ports and in our call centres, in order to provide our services.

Allocation of data controller roles

• Condor Limited acts as the data controller for the processing of personal data relating to the sale of ferry tickets only.
• Condor Ferries Holidays Limited acts as the data controller for the processing of personal data relating to the sale of ferry tickets combined with accommodation, excluding onboard accommodation (for example, ferry + hotel or other land-based accommodation packages).

Each entity is responsible for ensuring that personal data is processed in accordance with applicable data protection legislation for the activities for which it acts as data controller.

Company details

Condor Limited: Registered office: New Jetty Offices, White Rock, St Peter Port, Guernsey, GY1 2LL. Company registration number: 738. Place of registration: Guernsey, Channel Islands

Condor Ferries Holidays Limited: Registered office: New Jetty Offices, White Rock, St Peter Port, Guernsey, GY1 2LL. Company registration number: 38992. Place of registration: Guernsey, Channel Islands

In this Privacy Policy, references to “Brittany Ferries Guernsey”, “we” or “our” refer to Condor Limited and/or Condor Ferries Holidays Limited, as applicable, depending on the product or service concerned. In accordance with applicable personal data protection regulations, each entity acts as a data controller for the processing operations described above.

Brittany Ferries Guernsey undertakes to respect and protect your privacy. To do this, we ensure that the collection and processing of your data complies with the Data Protection (Bailiwick of Guernsey) Law, the UK General Data Protection Regulation (UK GDPR), The General Data Protection Regulation of the European Union and with national legislation applicable to its subsidiaries.

This Privacy Policy applies to the collection and processing of your data and to your relationship with Brittany Ferries Guernsey. It is essential to us that you can have confidence in Brittany Ferries Guernsey.

Details on how to contact the data controller are given at the end of this document.

WHAT PERSONAL DATA IS COVERED?

If you are a ferry customer, an accommodation customer, a potential customer, a passenger or a visitor to our website, during our contracts we collect and process personal data about you and anyone who accompanies you.

When managing your booking

Participation in marketing-related activities

Website/mobility

During your trip

The information collected for persons under the age of 18 is limited to their name, nationality, date of birth and official ID, and can only be provided to us by a person of legal age. If a 16- to 18-year-old is travelling independently, we will need to gather more information to put the travel contract in his or her name.

We may need to collect information about your health if you are a vulnerable customer, or if you have restricted mobility, to meet your needs, to provide you with an appropriate service, or if you need medical care during your journey.

With regard to your credit/debit cards, we do not store the cardholder's data, in accordance with the regulations in force.

WHO RECEIVES YOUR PERSONAL DATA?

We share your personal data with internal and external recipients, subject to the following conditions:

1. In order to provide the best service, we may share your personal data and give access to authorised personnel of Brittany Ferries Guernsey, including:

• Ferry crew
• The teams in charge of bookings and following-up on bookings, as well as the port teams using the Brittany Ferries Guernsey reservation tools
• IT services
• Sales and marketing services
• Medical services, if applicable
• Legal services, if applicable

As a general rule, any competent person within Brittany Ferries Guernsey authorised according to their duties to have access to certain specific categories of personal data.

1. Regarding service providers and partners – your personal data may be transmitted to third parties:

• External service providers: Brittany Ferries Guernsey uses service providers to operate its websites and applications and to provide you with the services and products offered, and in particular:
  • IT subcontractors,
  • for payment: bank, insurance, third party certifying payment,
  • for marketing services: marketing monitoring, sending newsletters, printers.
  • for port services: port agents.
• Business partners:
  • For your hosted stay, if you have booked this type of product. We share your personal information with providers whose business is related to accommodation such as hotels, owners and managers of holiday rental properties and, where applicable, activity providers. Please note that the accommodation providers may contact you for additional information if necessary to facilitate your booking or to provide related services. These partners generally act as independent data controllers in respect of the personal data transmitted to them for the purposes of their own service delivery. You retain all applicable data protection rights in relation to such data, which must be exercised directly with the relevant accommodation or service provider, in accordance with their own privacy policies.
  • In the event that your ferry ticket has been booked by Brittany Ferries Guernsey on behalf of Islands Unlimited or Manche Iles Express, certain personal data necessary for the performance of the transport contract will be transmitted to the relevant carrier. This data includes your surname, first name, title, date of birth, contact details and nationality, as well as, where you have provided them, any information relating to requests for assistance at the port or on board. Such data is shared strictly for the purposes of executing your booking, providing the maritime transport service and complying with the legal and regulatory obligations applicable to maritime carriers. In these circumstances, Islands Unlimited or Manche Iles Express act as independent data controllers in respect of the personal data transmitted to them. You retain all applicable data protection rights in relation to this data, including the rights of access. These rights must be exercised directly with the relevant carrier, in accordance with its own privacy policy.

1. We may also be required to send your information to the authorities if required by law or as part of an investigation and in accordance with applicable regulations.

Depending on the country, to protect your health, public health workers could ask us for your contact information whenever they suspect a communicable disease on board the ferry you travelled on. Your information will help public health workers contact you if you have been exposed to a communicable disease. Your information is intended to be stored in accordance with applicable laws and used only for public health purposes. Depending on the country, we are also asked to provide passenger lists before departure and at the time of departure to port, local or national authorities.

1. Transfers of your data to a third country.

In order to provide you with our services, we may share your data with BAI SA and its subsidiaries located in the European Union (France, Spain and the Republic of Ireland) and in the United Kingdom. The latter is recognised by the European Commission as providing an adequate level of personal data protection. Transfers of personal data from the EU to this third country may be carried out without specific supervision.

If required, we also may share your data with Customs and Immigration systems related to our different destinations (United Kingdom, Guernsey, Jersey, France), under a legal obligation. As Guernsey and Jersey are also recognised by the European Commission as providing an adequate level of personal data protection, transfers of personal data from the EU to these third countries may be carried out without specific supervision.

We may use service providers located outside the European Union (in particular in the United States). In this case, we put in place appropriate protective measures to protect your personal data, in accordance with data protection regulations, in particular by signing the European Commission’s standard contractual clauses.

HOW DO WE PROTECT YOUR DATA?

Brittany Ferries Guernsey takes appropriate technical and organisational measures, in accordance with applicable legal provisions, to protect your personal data against unlawful or accidental destruction, accidental alteration or loss, unauthorised access or disclosure.

Some specific examples of security measures implemented include, but are not limited to:

• automated cyberattack protection systems are active,
• the level of security of websites is audited by companies that are experts in the subject,
• cyber security experts can get involved to deal with security incidents,
• the HTTPS protocol is used on all our websites,
• when submitting credit/debit card data during a booking, Secure Socket Layer (SSL) encryption technology is used to ensure a secure transaction.

HOW LONG DO WE KEEP YOUR DATA?

We only retain your personal data for the period necessary for the purposes set out in this policy and which we believe customers would consider reasonable, or in accordance with applicable law.

WHAT ABOUT COOKIES?

Cookies can be installed on your computer or mobile device based on preferences you have expressed or can express at any time. Please read our cookie policy for more information. The cookies used can be technical, personalisation, audience measurement or advertising. Please read our Cookie Policy for more information.

USE OF ARTIFICIAL INTELLIGENCE

In our business, we use artificial intelligence ("AI") and machine learning technologies to improve the quality of our services and the experience we provide to our users. The use of these technologies is carried out in compliance the applicable regulations and in accordance with the ethical principles of transparency, security and proportionality.

We may use artificial intelligence for the following purposes:

• Optimisation and improvement of our services – Legal basis: legitimate interest
  • improvement of technical performance and reliability of services;
  • development or enhancement of features;
  • content generation or optimization;
  • Content, service, or feature recommendations.

• Customer support and automation of certain responses – Legal basis: legitimate interest
  • use of chatbots and virtual agents;
  • Helps resolve simple requests quickly
  • Support to our teams (transcription and increased assistance).

• Analysis of customer satisfaction – Legal basis: legitimate interest
  • transcription of phone calls,
  • automated analysis of transcripts, opinions, feedback or comments,
  • Detection of recurring themes in order to improve the quality of our services.

Where the legal basis is based on legitimate interest, Brittany Ferries Guernsey has carried out a balancing of interests analysis demonstrating that its interest does not override the rights and freedoms of the data subjects.

Where certain processing operations are based on advanced profiling or optional use that is not strictly necessary (e.g. personalised marketing recommendations), we collect your explicit consent in accordance with Article 6.1.a of the GDPR.

Personal data is never used to train or retrain AI models, unless it has been previously irreversibly anonymized, or your explicit consent is obtained.

Brittany Ferries Guernsey does not take any decision that produces legal effects concerning you or significantly affects you that would be fully automated, within the meaning of Article 22 of the GDPR.

All important decisions relating to your booking, your trip, the management of your rights or your contractual relationship are made with human intervention.

Where appropriate, we carry out data protection impact assessments (DPIAs) when the use of AI is likely to pose a high risk to your rights and freedoms.

WHAT RIGHTS CAN YOU EXERCISE REGARDING YOUR DATA?

Within the limits and conditions authorised by the regulations in force, you may:

• access your personal data processed and obtain further information on the characteristics of the processing we carry out,
• have your personal data corrected, updated and erased, it being specified that the erasure can only be carried out when (i) the data are no longer necessary in relation to the purposes for which they were processed, (ii) you withdraw your consent and there is no other legal basis for the processing, (iii) you object to the processing of your personal data and there is no compelling legitimate reason for the processing (iv) it has been demonstrated that your personal data has been processed in an unlawful manner,
• object to the processing of your personal data based on a legitimate interest,
• object to the processing of your personal data for marketing purposes,
• receive the personal data you have provided to us or ask us to transmit this to a third party when the processing of your personal data (i) has been carried out by automated means and (ii) is based on your consent or on the performance of a contract binding us,
• request the restriction of processing of your personal data
• withdraw your consent to processing based on your consent,
• give instructions regarding the retention, erasure and communication of your personal data after your death,
• lodge a complaint with a supervisory authority.

HOW CAN YOU EXERCISE YOUR RIGHTS?

For reasons of confidentiality and protection of personal data, you must prove your identity when exercising your rights by clearly indicating your surname, first names, booking reference and any useful information enabling us to identify you (such as the email address corresponding to your online account).

In some cases, if in doubt, we may ask you to also provide us with a copy of an official identity document, such as a valid identity card or passport, as you prefer.

You must also provide us with the email address or postal address to which you wish to receive the response.

To exercise your rights, you can write to us using:

• our online form
• or send us an e-mail at dataprotection@brittanyferries.gg
• or letter to BAI SA, Data Protection Officer Brittany Ferries Guernsey, Port du Bloscon, B.P. 72, 29688, Roscoff cedex, France

WHAT RULES APPLY TO THE PROCESSING OF YOUR DATA WHEN YOU CLICK ON LINKS PLACED ON OUR WEBSITE, REDIRECTING YOU TO EXTERNAL SITES?

On our sites, you will find various links to the websites of our partners (accommodation, social networks, etc.).

We would like to draw your attention to the fact that this Privacy Policy does not apply to the processing of your personal data carried out by our partners or other third parties, which may occur when you visit their websites, and that we are not responsible for such data processing. If you would like information on how these partners and third parties process your personal data, we invite you to consult their privacy policy and contact them.

QUESTIONS AND CONTACT DETAILS

If you have any questions about this Privacy Policy, you can contact our Data Protection Officer by sending an email to: dataprotection@brittanyferries.gg.

If you feel, after contacting us, that your rights are not being respected, you can send a complaint online or by post to the supervisory authority.

CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy. We therefore recommend that you check it regularly, especially when booking.

This Policy was last updated on the 4th March 2026