Privacy Policy

Last Updated: June 29, 2026  |  Effective Date: June 29, 2026

This Privacy Policy explains how Irish Ferries ("we", "us", "our", or "the Company") collects, uses, stores, shares, and protects your personal data when you use our website at irishferrries.com, make a booking, travel with us, or interact with us in any other way. We are committed to protecting your privacy and handling your personal data in a transparent, fair, and lawful manner in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Data Protection Acts 1988–2018 of Ireland.

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read and understood the terms described herein. If you do not agree with any part of this policy, please refrain from using our services.

1. Who We Are (Data Controller)

Irish Ferries is the data controller responsible for your personal data collected through irishferrries.com and through any of our booking, travel, or customer service channels.

Company Name Irish Ferries
Website irishferrries.com
Email Address [email protected]
Data Protection Authority Data Protection Commission (DPC), Ireland

As a data controller, we determine the purposes and means of processing your personal data and we are legally responsible for ensuring that processing complies with all applicable data protection laws, including the GDPR and the Data Protection Acts 1988–2018.

2. What Personal Data We Collect

We collect various categories of personal data depending on how you interact with us. Below is a comprehensive overview of the types of data we may collect.

2.1 Personal Identification Information

  • Full name (first name and surname)
  • Date of birth
  • Gender
  • Nationality
  • Passport or national identity card number (where required for travel)
  • Customer reference or loyalty programme number

2.2 Contact Information

  • Email address
  • Phone number (mobile and/or landline)
  • Postal address (home, billing, or business address)

2.3 Booking and Travel Information

  • Travel route, date, and time of departure
  • Cabin or accommodation preferences
  • Vehicle registration details (if travelling with a vehicle)
  • Special requirements, accessibility needs, or mobility assistance requests
  • Dietary requirements or meal preferences (where requested)
  • Travel companions' details (including names and dates of birth of children)
  • Pet travel information
  • Booking history and transaction records

2.4 Payment and Financial Information

  • Credit or debit card details (processed securely via our payment providers — we do not store full card numbers)
  • Billing address
  • Transaction history and payment confirmation records
  • Refund and cancellation records

2.5 Usage and Website Data

  • IP address and approximate geographic location
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent on each page
  • Search queries made on our website
  • Referring website or source of visit
  • Links clicked and features used
  • Session duration and navigation paths

2.6 Cookie and Tracking Data

  • Cookie identifiers and preferences
  • Session tokens
  • Advertising identifiers and campaign tracking data
  • Analytics data collected via third-party tools (e.g., Google Analytics)

2.7 Special Categories of Personal Data

In certain circumstances, we may collect special categories of data as defined under Article 9 of the GDPR, including:

  • Health-related information (e.g., disability or mobility needs, medical requirements for travel)
  • Dietary requirements that may reveal religious beliefs or health conditions

We only collect such data where it is strictly necessary for providing our services and, where legally required, with your explicit consent. We handle all special category data with the highest level of care and implement additional safeguards.

2.8 Communications Data

  • Content of emails, chat messages, or correspondence you send to us
  • Records of telephone calls (which may be recorded for quality assurance and training purposes)
  • Survey responses and feedback submitted
  • Social media interactions and messages where you contact us via social platforms

3. How We Collect Your Personal Data

We collect your personal data through a number of different methods and channels, including:

  • Directly from you: When you make a booking online, by phone, or through a travel agent; when you register for an account or loyalty programme; when you contact our customer service team; when you complete a survey or competition entry; or when you subscribe to our newsletter.
  • Automatically: When you browse our website, we automatically collect certain technical and usage data through cookies, log files, and similar tracking technologies.
  • From third parties: We may receive data from travel agents or booking platforms who process bookings on your behalf, from payment processors who confirm transaction details, from social media platforms where you interact with our pages, or from analytics providers.
  • From publicly available sources: In limited circumstances, we may collect publicly available information where relevant to our services or legal obligations.

4. How We Use Your Personal Data

We process your personal data only for specific, explicit, and legitimate purposes. Below is a detailed explanation of how and why we use your data.

4.1 Service Provision and Booking Management

We use your personal data to process and manage your ferry bookings, confirm reservations, arrange ticketing, process payments, provide boarding passes, manage your account, and deliver the travel services you have purchased. This processing is necessary for the performance of a contract with you under Article 6(1)(b) of the GDPR.

4.2 Customer Support and Communications

We use your contact information to respond to your enquiries, provide customer support, send booking confirmations, travel reminders, and important service updates. This includes communicating any changes to your journey, delays, cancellations, or safety notices. This processing is necessary for the performance of a contract and, in some cases, to comply with legal obligations.

4.3 Payment Processing and Fraud Prevention

We use your financial data to process payments, issue refunds where applicable, and to detect, investigate, and prevent fraudulent transactions or other illegal activities. This is necessary for the performance of our contract with you and to protect our legitimate interests in preventing fraud.

4.4 Legal and Regulatory Compliance

We process certain data as required by Irish law, EU regulations, and international maritime regulations. This includes passenger manifest requirements, customs and immigration obligations, and tax record-keeping. Such processing is necessary to comply with our legal obligations under Article 6(1)(c) of the GDPR.

4.5 Analytics and Service Improvement

We use anonymised and aggregated usage data to analyse how our website and services are used, to identify patterns and trends, to improve our website functionality, and to develop and enhance our services. This processing is based on our legitimate interests under Article 6(1)(f) of the GDPR.

4.6 Marketing and Promotional Communications

With your consent (or where permitted under the applicable ePrivacy regulations), we may send you promotional emails, newsletters, special offers, and information about our services and partners. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us directly at [email protected]. Opting out of marketing will not affect service-related communications.

4.7 Personalisation

We may use your data to personalise your experience on our website, including displaying tailored offers, routes, and content based on your booking history and browsing behaviour. This is based on your consent or our legitimate interests in providing a better user experience.

4.8 Safety and Security

We use certain data for the purpose of ensuring the safety of our passengers, crew, and vessels, including compliance with maritime safety regulations and emergency response planning.

5. Legal Bases for Processing

Under the GDPR, we are required to identify a valid legal basis for each processing activity. The legal bases we rely upon include:

Purpose of Processing Legal Basis (GDPR Article 6)
Processing bookings and payments Performance of a contract (Art. 6(1)(b))
Customer support and communications Performance of a contract (Art. 6(1)(b))
Legal and regulatory compliance Legal obligation (Art. 6(1)(c))
Fraud prevention and security Legitimate interests (Art. 6(1)(f))
Marketing communications Consent (Art. 6(1)(a))
Website analytics and improvement Legitimate interests (Art. 6(1)(f))
Special category data (health/accessibility) Explicit consent (Art. 9(2)(a)) or vital interests

6. Sharing Your Personal Data with Third Parties

We do not sell, rent, or trade your personal data to any third party for their own marketing purposes. We may, however, share your data with the following categories of third parties under appropriate data protection agreements:

6.1 Service Providers and Data Processors

We engage trusted third-party companies and service providers who process personal data on our behalf to help us deliver our services. These include:

  • Payment processing companies and banking institutions
  • IT infrastructure and cloud hosting providers
  • Customer relationship management (CRM) software providers
  • Email and communications platform providers
  • Website analytics and performance monitoring services
  • Port authorities and terminal operators
  • Hotel, coach, and accommodation partners (where you book package arrangements)
  • Accessibility and special assistance service providers

All such processors are bound by contractual Data Processing Agreements (DPAs) that require them to handle your data only as instructed by us and in compliance with the GDPR.

6.2 Legal and Regulatory Authorities

We may be required to disclose your personal data to competent authorities, including:

  • Irish Revenue Commissioners
  • An Garda Síochána or other law enforcement authorities
  • Border Force and customs authorities in the United Kingdom, France, or other relevant jurisdictions
  • The Data Protection Commission (DPC)
  • Courts of law or regulatory bodies, where required by a valid legal order or obligation

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your personal data may be transferred to the relevant third party as part of that transaction. We will notify you of any such transfer and any choices you may have as required by applicable law.

6.4 Group Companies

We may share data with affiliated companies within our corporate group where necessary for service delivery or administrative purposes, always subject to appropriate data protection safeguards.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our marketing activities. Cookies are small text files stored on your device when you visit our website.

We use the following types of cookies:

  • Strictly Necessary Cookies: Essential for the website to function correctly. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics).
  • Functionality Cookies: Remember your preferences and settings for a better experience.
  • Marketing and Targeting Cookies: Used to deliver relevant advertising and track campaign performance.

When you first visit our website, you will be presented with a cookie consent banner allowing you to manage your cookie preferences. You may also change your preferences at any time through your browser settings.

For full details on the cookies we use, please refer to our dedicated Cookie Policy.

8. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

Category of Data Retention Period
Booking and travel records 7 years from the date of travel (for financial and tax compliance under Irish law)
Customer account data For the duration of your account plus 3 years after last activity
Marketing preferences and consent records Until consent is withdrawn, plus 1 year thereafter
Payment records 7 years (in compliance with Irish Revenue requirements)
Customer service and complaint records 3 years from the date of resolution
Website analytics data 26 months from collection (anonymised thereafter)
CCTV footage (on-board and at terminals) 30 days, unless required for an investigation
Legal claim-related records 6 years from the date of the claim or potential claim

After the applicable retention period has expired, your data is securely deleted or anonymised in accordance with our internal data retention and destruction procedures.

9. Data Security

We take the security of your personal data very seriously and implement a comprehensive range of technical and organisational measures to protect your information against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

9.1 Technical Measures

  • Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted through our website
  • Encrypted storage of sensitive personal data on secure servers
  • Firewalls, intrusion detection systems, and anti-malware software
  • Multi-factor authentication for internal systems access
  • Regular security patches and vulnerability assessments
  • Tokenisation of payment card data through PCI DSS-compliant payment processors

9.2 Organisational Measures

  • Role-based access controls limiting data access to authorised personnel only
  • Regular data protection training for all staff who handle personal data
  • Internal data protection policies and procedures
  • Data Processing Agreements with all third-party processors
  • Regular internal and external data protection audits
  • A Data Breach Response Plan to address and notify relevant parties of any security incidents in accordance with GDPR Article 33 and 34 requirements

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required.

While we take every reasonable precaution to secure your data, no method of transmission over the internet or electronic storage is entirely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practical standards of data protection.

10. Your Rights Under the GDPR

As a data subject under the GDPR and the Data Protection Acts 1988–2018, you have the following rights with respect to your personal data:

10.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed. We will respond to such requests within one month of receipt, free of charge.

10.2 Right to Rectification (Article 16 GDPR)

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.

10.3 Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)

You have the right to request the deletion of your personal data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where the data has been processed unlawfully. This right is subject to certain legal exceptions.

10.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have disputed.

10.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

10.6 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data where that processing is based on legitimate interests, including profiling. You also have an unconditional right to object to the use of your personal data for direct marketing purposes.

10.7 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects concerning you, unless such processing is necessary for a contract, authorised by law, or based on your explicit consent.

10.8 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

How to Exercise Your Rights: To exercise any of the above rights, please contact us in writing by email at [email protected]. We may need to verify your identity before processing your request. We will respond within one calendar month. If your request is complex or numerous, we may extend this period by a further two months, and we will notify you accordingly.

11. International Data Transfers

Irish Ferries operates ferry services between Ireland, the United Kingdom, and France, and as such, some of your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). This may include transfers to the United Kingdom, which is a third country for GDPR purposes following the UK's departure from the European Union.

Where we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, including:

  • Transfers to countries with an EU adequacy decision (such as the UK, pursuant to the EU–UK adequacy decisions adopted in June 2021)
  • Use of the European Commission's Standard Contractual Clauses (SCCs) for transfers to processors in countries without an adequacy decision
  • Where applicable, Binding Corporate Rules (BCRs) or other approved transfer mechanisms under Article 46 of the GDPR

You may request a copy of the appropriate safeguards we have in place for any international data transfers by contacting us at [email protected].

12. Children's Privacy

Our website and services are primarily intended for individuals aged 18 years and over. We do not knowingly collect personal data directly from children under the age of 18. Where bookings include travel by minors, the data provided about those minors is provided by a parent or legal guardian and is collected solely for the purpose of facilitating safe travel arrangements.

If you are a parent or guardian and believe that we have inadvertently collected personal data from a child under 18 without appropriate consent, please contact us immediately at [email protected] and we will take prompt steps to delete such data.

We comply with the provisions of the GDPR and the Data Protection Acts 1988–2018 regarding the processing of children's personal data, and we do not use children's data for marketing or profiling purposes.

13. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services, including partner hotels, tour operators, travel insurance providers, and car hire companies. We are not responsible for the privacy practices of these third parties, and their websites are governed by their own privacy policies. We encourage you to review the privacy policy of any third-party site you visit via a link from our website.

Similarly, if you access our website through a third-party platform or booking aggregator, that platform's own privacy policy will apply to the data you provide directly to them.

14. Marketing and Communications Preferences

We may contact you from time to time with information about our services, promotions, exclusive offers, travel tips, and partner services that we believe may be of interest to you. We will only do this where:

  • You have given us your explicit consent to receive marketing communications; or
  • You are an existing customer and we are promoting similar services (subject to your right to opt out at any time)

You can update your marketing preferences or unsubscribe at any time by:

  • Clicking the "unsubscribe" or "manage preferences" link in any marketing email
  • Logging into your account on irishferrries.com and updating your communication settings
  • Contacting us directly at [email protected]

Please note that even if you opt out of marketing communications, we will still send you transactional communications that are necessary for the management of your bookings and account.

15. How to Lodge a Complaint with the Data Protection Commission

If you are not satisfied with how we have handled your personal data or responded to your rights request, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority responsible for data protection in Ireland.

Data Protection Commission (DPC)

Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone: +353 (0)761 104 800
Email: [email protected]
Website: www.dataprotection.ie
Online Complaints Form: forms.dataprotection.ie/contact

We would, however, encourage you to contact us directly in the first instance so that we can address your concern promptly and effectively before escalating to the DPC. We take all privacy complaints seriously and will endeavour to resolve any issues as quickly as possible.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or the expansion of our services. When we make significant changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Display a prominent notice on our website informing you of the update
  • Where required by law or where the changes materially affect your rights, notify you directly by email

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website and services following the posting of any changes constitutes your acceptance of those changes, to the extent permitted by applicable law.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:

Irish Ferries — Privacy Enquiries

Email: [email protected]
Website: irishferrries.com

We aim to acknowledge all privacy enquiries within 5 business days and to provide a full response within one calendar month in accordance with the requirements of the GDPR. Where the nature of your request requires additional time, we will inform you of the extended timeline and the reasons for the delay.

Note: This Privacy Policy was last reviewed and updated on June 29, 2026. It applies to all personal data collected by Irish Ferries through irishferrries.com and through our travel services. This policy is governed by the laws of Ireland and the applicable provisions of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018.