Privacy Policy

Privacy Policy

Effective date: 01.01.2026
Last updated: 01.01.2026

1) Who we are (Data Controller)

Nuuk Cruise Agency ApS (“NCA”, “we”, “us”) is a travel agency and a contact point for cruise calls in Nuuk, coordinating sailings and excursions with affiliated operators.

Company details

  • Legal name: Nuuk Cruise Agency ApS
  • CVR no.: 45855155
  • Address: Kissarneqqortuunnguaq 27 0505, 3900 Nuuk, Greenland
  • Contact email: contact@nca.gl
  • Contact phone: +299 32 15 15
  • Website: www.nuukcruiseagency.gl

Plain-English summary: We help match demand (cruise lines/guests) with supply (local boat operators), and we need some personal data to do that safely and professionally.

2) What this policy covers

This Privacy Policy explains how we process personal data when you:

  • visit our website,
  • contact us,
  • request or book an excursion/service in Nuuk,
  • interact with our marketing (if you opt in),
  • communicate with us about changes, cancellations, accessibility, or safety.

This policy does not replace the privacy terms of the individual boat operator delivering your excursion. When you book an excursion, the operator will normally process your data too (see section 6).

3) Personal data we collect

Depending on how you interact with us, we may collect:

A) Identity and contact details

  • Name
  • Email address
  • Phone number
  • Nationality / language preference (if provided)

B) Booking and service details

  • Booking reference / cruise ship information (if relevant)
  • Date/time of excursion, number of guests, preferences
  • Special requests you choose to share (e.g., mobility needs, dietary info)

C) Payment and transaction data

  • Payment status, invoices/receipts, timestamps
    (We typically do not store full card details; payments are handled by our payment provider.)

D) Communications

  • Messages you send us (email, contact forms, support requests)
  • Call notes (if you call us)

E) Technical data (website/app)

  • IP address, device/browser info, pages visited, approximate location (city-level), cookies and similar identifiers (see section 5)

Sensitive data (special categories)
We ask you not to share sensitive personal data unless it’s necessary (e.g., accessibility needs). If you do share it, we’ll only use it to handle your request safely and appropriately.

4) Why we use your data (purposes)

We process personal data for these purposes:

  1. To provide and manage bookings (confirmations, logistics, changes, cancellations)
  2. To coordinate with local operators and relevant partners so your excursion can be delivered
  3. To handle customer service and respond to inquiries
  4. To run our business (accounting, auditing, preventing fraud, reporting)
  5. To improve our website and services (analytics, troubleshooting, performance)
  6. To send marketing (only if you opt in where required)

NCA was created to coordinate local operators and strengthen local value creation around cruise tourism in Nuuk; operationally, that coordination is exactly why some data needs to move between NCA and the operator delivering the trip.

5) Legal basis for processing

We process personal data under applicable data protection law in Greenland (the Greenland version of the Data Protection Act / persondataloven) and, where relevant (e.g., certain customer situations or suppliers), GDPR-like principles.

Our typical legal bases are:

  • Contract / booking administration: to take steps at your request and deliver the service.
  • Legitimate interests: to run and secure our business (support, fraud prevention, quality improvement).
  • Consent: for optional marketing and certain cookies.
  • Legal obligations: bookkeeping and compliance requirements.

6) Who we share data with

We share personal data only when needed, and with appropriate safeguards.

A) Local boat operators / excursion providers
When you book or request an excursion, we share the necessary information with the operator delivering it (e.g., name, number of guests, timing, special requests). These operators may be separate data controllers for their part of the service. NCA and the operator may, in some cases, act as independent controllers or jointly depending on the setup.

B) Cruise lines / shore excursion coordinators (when relevant)
If bookings are tied to a cruise call, we may share essential booking status/logistics where needed.

C) Service providers (“processors”)
Examples:

  • Website hosting and analytics providers
  • Email/support tools
  • Payment providers
  • Accounting tools

We require processors to handle data securely and only on our instructions.

D) Legal and safety
We may share data if required by law, or where necessary to protect guests, operators, and the public.

7) Cookies and analytics

We use cookies and similar technologies for:

  • essential site functions,
  • remembering preferences,
  • analytics to understand site usage,
  • marketing (only where applicable and enabled).

Cookie choices: [Link to cookie settings / banner]
If you use a consent banner, this section should match your actual cookie categories and tools.

8) International data transfers

Some of our service providers may process data outside Greenland/Denmark (for example, cloud hosting). Where data is transferred internationally, we use appropriate safeguards (such as contractual protections and security measures) to protect your information.

9) How long we keep your data (retention)

We keep personal data only as long as needed for the purposes above, including:

  • Bookings and customer service: typically for the period needed to manage your trip and any follow-up.
  • Accounting records (invoices/receipts): kept as required by applicable bookkeeping rules.
  • Marketing: until you unsubscribe or withdraw consent.
  • Analytics: according to our tool settings (often aggregated or pseudonymized over time).

10) Security

We use technical and organizational measures designed to protect personal data, such as:

  • access controls and role-based permissions,
  • secure hosting and encrypted connections (HTTPS),
  • vendor and processor agreements,
  • internal routines for handling requests and incidents.

No system is magical or invulnerable, but we aim for “boring, professional, and resilient.”

11) Your rights

Depending on the applicable rules for your situation, you may have the right to:

  • request access to your personal data,
  • request correction of inaccurate data,
  • request deletion (where permitted),
  • object to certain processing,
  • withdraw consent (where processing is based on consent),
  • request a copy of certain data.

To exercise your rights, contact us at contact@nca.gl

12) Complaints

If you believe we have not handled your data properly, please contact us first so we can try to resolve it.

You may also complain to Datatilsynet, which supervises personal data processing under the Greenland Data Protection Act set in force for Greenland. datatilsynet.dk

13) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and we’ll update the “Last updated” date at the top.