Privacy Policy

WEONCRUISE > Privacy Policy

Last updated: September 4, 2025

This Privacy Policy explains how [WeOnCruise] (“we,” “us,” “our”) collects, uses, shares, and protects information in connection with weoncruise.com and any related newsletters, social channels, or services (together, the “Services”).

By using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue use.

Short version: We use analytics and affiliate tracking to keep the site free, respect your choices (including Global Privacy Control), and give you simple ways to opt out, access, or delete your data.

1) Who we are & how to contact us

Controller: weoncruise.com
Email: [email protected]

EU/UK representative / DPO: We have not appointed a Data Protection Officer.

2) Scope & regional applicability

This Policy applies worldwide. Additional rights may apply depending on where you live:

  • EEA/UK: GDPR/UK GDPR and ePrivacy rules
  • California: CCPA as amended by CPRA (“CPRA”)
  • Other U.S. states (e.g., CO, CT, VA, UT, OR, TX, etc.): state privacy laws granting rights to opt out of targeted advertising, sale, and certain profiling
  • Children: See Section 14

3) What we collect

Information you provide directly

  • Contact details (e.g., name, email) when you subscribe or contact us
  • User content (comments, messages, support requests)
  • Preferences (newsletter choices, cookie consent selections)

Information collected automatically

  • Device and usage data (IP address, browser type, OS, pages viewed, timestamps, referrers)
  • Approximate location (country/city derived from IP)
  • Cookies and similar technologies (see Cookies below)

Information from third parties

  • Analytics & measurement (e.g., Google Analytics 4 or similar)
  • Affiliate programs (e.g., CJ Affiliate) for conversion tracking and fraud prevention
  • Email service providers (e.g., newsletter platforms)
  • Advertising partners (if used) for interest-based ads and frequency capping

We do not intentionally collect sensitive categories of personal data and we do not use sensitive data for inferring characteristics.

4) Why we collect it (purposes) & legal bases (EEA/UK)

Site operation & security (e.g., load balancing, debugging, abuse prevention)

  • Legal bases: Legitimate interests; compliance with law

Analytics & performance (understand traffic, improve content)

  • Legal bases: Your consent (where required); Legitimate interests

Affiliate tracking (credit qualifying purchases, prevent fraud)

  • Legal bases: Your consent for non-essential cookies (EU/UK); Legitimate interests and contractual necessity with affiliate networks

Marketing / newsletters (if you subscribe)

  • Legal bases: Your consent; Legitimate interests for service messages

Compliance (tax, legal obligations; respond to lawful requests)

  • Legal bases: Legal obligation; Legitimate interests

You can withdraw consent at any time (see Your Choices & Rights).

5) Cookies & similar technologies

We use cookies, pixels, tags, and local storage to operate the Services, measure performance, remember preferences, and (where in use) support advertising/affiliate links.

  • In the EU/UK, we obtain prior consent for non-essential cookies (analytics/marketing/affiliate).
  • Use the Cookie Settings link in our footer (or your browser’s controls) to manage or withdraw consent at any time.
  • See our Cookie Policy for details and a current list of vendors and purposes

Typical vendors and categories (examples):

  • Strictly necessary: security, consent management
  • Analytics: GA4 or equivalent (page views, engagement)
  • Affiliate: CJ Affiliate infrastructure (e.g., kqzyfj.com, jdoqocy.com, ftjcfx.com, lduhtrp.net) to attribute purchases you choose to make
  • Advertising (if enabled): frequency capping, basic personalization

6) How we share information

We share personal information with:

  • Service providers / processors (hosting, CDN, analytics, email, security) under contracts that limit use to providing services for us
  • Affiliate networks/partners to attribute qualifying purchases and prevent fraud
  • Authorities where required by law or to protect our rights, users, or the public
  • Business transfers (e.g., merger, acquisition) subject to this Policy

We do not disclose personal information to third parties for their own independent marketing without your consent.

7) “Sell” or “Share” (CPRA) & targeted advertising (U.S.)

  • We do not sell personal information for money.
  • We may engage in “sharing” or “targeted advertising” as defined by certain U.S. state laws when we use analytics/advertising cookies to show or measure ads across sites or services.

Your opt-out rights:

  • Use /do-not-sell-or-share/ (or the “Do Not Sell or Share My Personal Information” link in our footer) to opt out of sale/share and targeted advertising where applicable.
  • We honor Global Privacy Control (GPC): when your browser sends a GPC signal, we treat it as an opt-out of sale/share for that browser.

8) Data retention

We keep personal information only as long as needed for the purposes described in this Policy, including to comply with legal, tax, and accounting requirements. Typical retention ranges:

  • Analytics: 14–26 months (configurable)
  • Email subscribers: until you unsubscribe or after prolonged inactivity
  • Contact forms: up to 24 months (operational need), unless law requires longer

We regularly review and delete or anonymize data when no longer needed.

9) Security

We use administrative, technical, and organizational safeguards (HTTPS, access controls, least-privilege, monitoring). No system is perfectly secure; please report any suspected incident to [email protected]

10) International transfers

We operate globally and may transfer personal information outside your country, including to the United States. Where required, we use lawful transfer mechanisms (e.g., EU Standard Contractual Clauses and UK Addendum) and take steps to protect your information consistent with applicable law.

11) Your choices & rights

EU/UK (GDPR/UK GDPR)

You may have the right to access, rectify, erase, restrict, object, or port your personal data; and to withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local supervisory authority.

California (CPRA)

You may have the right to know/access, correct, delete, opt out of sale/share, limit use/disclosure of sensitive personal information (if we ever collect it), and non-discrimination for exercising rights.

Other U.S. states (e.g., CO, CT, VA, OR, TX, UT)

You may have rights to access, delete, correct, and to opt out of targeted advertising, sale, and certain profiling. Some states provide an appeal process if we deny a request (see below).

How to exercise your rights

  • Use our Data Request Form: /data-request/ (or email [[email protected]])
  • We will verify your identity (e.g., email verification or additional information).
  • Authorized agents: You may designate an agent; we may require proof of authorization and your verification.

Appeals (for states that require it): If we deny your request, you may appeal within 45 days by replying to our decision email with “Privacy Appeal.” If your appeal is denied, you may contact your state Attorney General.

12) Your controls

  • Cookie Settings: Use the link in our footer to manage consent for cookies, advertising, and affiliate tags.
  • GPC: If your browser sends a Global Privacy Control signal, we treat it as an opt-out of sale/share for that browser.
  • Email: Use the unsubscribe link in any newsletter.
  • Do Not Track: We do not respond to DNT signals, but we do honor GPC where applicable.

13) Categories of personal information we collect (CPRA mapping)

  • Identifiers: IP address, device IDs, email (if you provide it)
  • Internet/Network activity: page views, referrals, interaction data
  • Approximate geolocation: at country/city level from IP
  • Commercial information: limited to affiliate attribution (which merchant, whether a purchase occurred) — we do not see your full payment details
  • Inferences: we do not create protected-class inferences; any content personalization is minimal and contextual
  • Sensitive personal information: not intentionally collected. We do not use or disclose SPI to infer characteristics.

Sources: You, your device/browser, our service providers, affiliate networks, and publicly available sources.

Purposes: See Section 4.
Recipients: See Section 6.
Retention: See Section 8.

14) Children’s privacy

Our Services are not directed to children under 13 (or the age defined by your jurisdiction). We do not knowingly collect personal information from children. If you believe a child provided personal information, contact us and we will delete it. If we learn a user is under 16 in jurisdictions requiring consent for “sale/share,” we will not “sell or share” personal information unless we receive affirmative authorization (“opt-in”) from the teen (13–15) or their guardian.

15) Third-party links

Our content may link to third-party sites we don’t control (including cruise lines, booking partners, or gear retailers). Their privacy practices are governed by their own policies. Review those before providing information.

16) Notice of financial incentive (if applicable)

If we offer a program that provides discounts, perks, or other benefits in exchange for personal information (e.g., email signup), we will provide a Notice of Financial Incentive describing material terms, how the value is calculated, and how you can withdraw at any time. If we do not offer such programs currently, this section does not apply.

17) Changes to this Policy

We may update this Policy from time to time. We’ll post the new date at the top and, if changes are material, provide additional notice (e.g., banner or email). Your continued use after changes means you accept the updated Policy.

18) How to contact us

Questions, requests, or complaints about privacy?
Email: [[email protected]]
Postal: [WeOnCruise / Address]
Supervisory authority (EEA/UK): You can find your authority at edpb.europa.eu or ico.org.uk (UK).

19) State-specific disclosures (California)

Right to Know categories (past 12 months):

  • Collected: Identifiers; Internet/Network activity; Approx. geolocation; Commercial info (affiliate attribution only)
  • Sources: You, your browser/device, service providers, affiliate networks
  • Business/Commercial purposes: As described in Section 4
  • Disclosed for business purposes: Service providers (hosting, analytics, email, security, affiliate platforms) — not for their independent use
  • Sold/Shared: We do not sell personal information for money. We may share as defined by CPRA when using cross-context behavioral advertising/analytics. Opt out at /do-not-sell-or-share/ or via GPC.

Non-discrimination: We will not discriminate against you for exercising your privacy rights.

20) Quick links (add to your footer)

  • Privacy Policy: /privacy-policy/
  • Cookie Policy: /cookie-policy/
  • Cookie Settings: (CMP/plugin link or button)
  • Do Not Sell or Share My Personal Information: /do-not-sell-or-share/
  • Data Request Form: /data-request/