Rosslare Europort, Co. Wexford, Ireland
+353 53 913 3158 | [email protected]

Privacy Policy

Last Updated: May 12, 2026  |  Effective Date: May 12, 2026

This Privacy Policy explains how Irish Ferries ("we," "us," "our," or "the Company") collects, uses, stores, shares, and protects your personal data when you visit our website at irizhferries.com, make a booking, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner.

We operate in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Acts 1988–2018 of Ireland, and all other applicable Irish and European Union data protection legislation. This policy applies to all users of our website and services, regardless of location.

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read and understood the practices described herein. If you do not agree with this policy, please do not use our website or services.

1. Who We Are (Data Controller)

For the purposes of applicable data protection law, the Data Controller responsible for your personal data is:

Company Name Irish Ferries
Registered Address Ireland
Email Address [email protected]
Website irizhferries.com

As the Data Controller, we determine the purposes and means of processing your personal data. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us using the details provided above or in Section 14 of this policy.

2. What Personal Data We Collect

We collect various categories of personal data depending on how you interact with us. The information we collect falls into the following categories:

2.1 Personal Identification Information

  • Full name (first name, surname)
  • Date of birth
  • Gender (where relevant for booking purposes)
  • Nationality and passport or national identity card details (where required for travel documentation)
  • Photograph or image (where uploaded for identification purposes)

2.2 Contact Information

  • Email address
  • Telephone number (including mobile number)
  • Postal address (billing and/or correspondence address)

2.3 Booking and Travel Information

  • Booking reference numbers and reservation details
  • Travel dates, routes, and destinations
  • Passenger details (including details of fellow travellers where provided by the lead passenger)
  • Vehicle details (make, model, registration number) where applicable
  • Special requirements or assistance needs (which may constitute special category data under GDPR)
  • Cabin and accommodation preferences
  • Meal preferences
  • Loyalty programme membership details

2.4 Payment and Financial Information

  • Payment card details (processed securely through our authorised payment processors — we do not store full card numbers)
  • Billing address
  • Transaction history and booking payment records
  • Refund and cancellation records

2.5 Account Information

  • Username and encrypted password (for registered account holders)
  • Account preferences and saved settings
  • Communication preferences and marketing opt-in/opt-out status

2.6 Usage and Technical Data

  • IP address and approximate geographic location derived from IP
  • Browser type and version
  • Operating system and device type
  • Pages visited on our website, time spent on pages, and navigation paths
  • Referring website or source
  • Search queries entered on our website
  • Clickstream data and interaction logs
  • Session identifiers

2.7 Communications Data

  • Records of correspondence with us (emails, live chat transcripts, telephone call logs)
  • Feedback, reviews, and survey responses you submit
  • Customer service enquiry records
  • Complaint records

2.8 Special Category Data

In certain circumstances, we may collect what is classified under GDPR as "special category" personal data. This includes:

  • Health and medical information (e.g., disability requirements, mobility assistance needs, dietary requirements related to medical conditions)
  • Information relating to dietary requirements that may indicate religious beliefs

We only collect special category data where strictly necessary and with your explicit consent, or where required by law. Such data is handled with heightened care and security measures.

2.9 Cookie and Tracking Data

We collect data through cookies, web beacons, pixels, and similar tracking technologies. Please refer to Section 10 of this policy for full details regarding cookies.

3. How We Collect Your Personal Data

We collect your personal data through various means, including:

3.1 Directly From You

  • When you make a booking or reservation online, by telephone, or through a travel agent
  • When you create or manage an account on our website
  • When you contact our customer service team
  • When you subscribe to our newsletter or marketing communications
  • When you participate in surveys, competitions, or promotions
  • When you submit feedback or reviews
  • When you check in for your ferry crossing
  • When you visit our terminal facilities

3.2 Automatically

  • Through cookies and similar tracking technologies when you browse our website
  • Through server logs and analytics tools
  • Through security cameras at our terminal facilities (CCTV)

3.3 From Third Parties

  • From travel agents, tour operators, and booking platforms acting on your behalf
  • From social media platforms where you choose to connect your social account
  • From payment processors and fraud prevention services
  • From public authorities and border control agencies (where required by law)
  • From advertising and analytics partners

4. Legal Basis for Processing Your Personal Data

Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

Purpose of Processing Legal Basis
Processing bookings and providing ferry services Performance of a contract (Article 6(1)(b) GDPR)
Processing payments Performance of a contract (Article 6(1)(b) GDPR)
Communicating booking confirmations and service updates Performance of a contract (Article 6(1)(b) GDPR)
Compliance with legal obligations (e.g., tax, border control, safety) Legal obligation (Article 6(1)(c) GDPR)
Fraud prevention and security Legitimate interests (Article 6(1)(f) GDPR)
Website analytics and improvement Legitimate interests (Article 6(1)(f) GDPR)
Sending marketing communications (where opted in) Consent (Article 6(1)(a) GDPR)
Processing special category data (health/disability information) Explicit consent (Article 9(2)(a) GDPR) or vital interests
CCTV monitoring at terminals Legitimate interests (Article 6(1)(f) GDPR) and legal obligation

5. How We Use Your Personal Data

5.1 Service Provision and Contract Fulfilment

The primary purpose for which we process your personal data is to provide you with our ferry services. This includes:

  • Processing your booking, reservation, and payment
  • Sending booking confirmations, e-tickets, and boarding passes
  • Managing your account and booking history
  • Providing assistance and support during your journey
  • Handling check-in and boarding procedures
  • Accommodating special requests and accessibility requirements
  • Processing cancellations, amendments, and refunds
  • Administering our loyalty programme (where applicable)

5.2 Legal and Regulatory Compliance

  • Complying with Irish and EU maritime law and regulations
  • Meeting border control and customs requirements
  • Maintaining passenger manifests as required by law
  • Complying with tax and accounting obligations
  • Meeting anti-money laundering and fraud prevention requirements
  • Responding to lawful requests from regulatory authorities and law enforcement

5.3 Safety and Security

  • Ensuring the safety of passengers, crew, and vessels
  • Operating CCTV systems at terminal facilities for security purposes
  • Detecting, investigating, and preventing fraud and other criminal activity
  • Managing emergencies and incidents

5.4 Marketing and Communications

Where you have given us your consent, or where we have a legitimate interest to do so, we may use your personal data to:

  • Send you newsletters, promotional offers, and special deals
  • Provide personalised recommendations based on your travel history
  • Contact you about related services, products, and partners
  • Conduct customer satisfaction surveys
  • Invite you to participate in competitions and prize draws

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email, by updating your account preferences, or by contacting us directly at [email protected].

5.5 Analytics and Website Improvement

  • Analysing website traffic and user behaviour to improve our website and services
  • Conducting market research and business analysis
  • Developing new services and improving existing offerings
  • Testing and optimising website functionality

6. Sharing Your Personal Data with Third Parties

We do not sell your personal data to third parties. However, we may share your data with trusted third parties in the following circumstances:

6.1 Service Providers and Data Processors

We engage carefully selected third-party service providers who process data on our behalf and under our instruction. These include:

  • Payment processors: To securely process your payments and prevent fraud
  • IT and cloud service providers: For website hosting, data storage, and system maintenance
  • Email and communications platforms: To deliver booking confirmations and marketing emails
  • Analytics providers: To analyse website usage and user behaviour (e.g., Google Analytics)
  • Customer relationship management (CRM) providers: To manage customer accounts and communications
  • Security and fraud prevention services: To protect against fraudulent transactions

All our data processors are bound by contractual obligations under Article 28 GDPR and may only process your data in accordance with our instructions.

6.2 Travel and Tourism Partners

  • Travel agents and tour operators acting on your behalf
  • Hotels, car hire companies, and other service providers where you have booked additional services as part of a package
  • Port operators and terminal management companies

6.3 Public Authorities and Legal Requirements

We may disclose your personal data to public authorities, regulators, and law enforcement agencies where required by law. This includes:

  • Irish and UK border control and immigration authorities
  • Customs and Revenue authorities (Revenue Commissioners in Ireland)
  • An Garda Síochána or other law enforcement agencies
  • The Data Protection Commission (DPC) where required
  • Maritime authorities and coast guard services
  • Courts of law, where required by judicial order

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your personal data may be transferred to the relevant third party as part of that transaction. We will notify you of any such change in accordance with applicable law.

6.5 Professional Advisers

We may share your data with our legal advisers, auditors, insurers, and other professional advisers where necessary for legitimate business purposes, subject to confidentiality obligations.

7. Data Security

We take the security of your personal data extremely seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our security measures include:

7.1 Technical Measures

  • Encryption: All data transmitted between your browser and our website is protected using SSL/TLS encryption (HTTPS). Sensitive data such as payment information is encrypted both in transit and at rest.
  • Firewalls and intrusion detection: We employ robust firewall systems and intrusion detection/prevention tools to protect our network infrastructure.
  • Access controls: Access to personal data is strictly limited to authorised personnel on a need-to-know basis, using role-based access controls.
  • Multi-factor authentication: Required for access to systems containing personal data.
  • Regular security testing: We conduct regular vulnerability assessments and penetration testing.
  • Secure payment processing: We comply with Payment Card Industry Data Security Standards (PCI DSS). We do not store full payment card numbers on our systems.

7.2 Organisational Measures

  • Staff training and awareness programmes on data protection and information security
  • Data protection policies and procedures for all employees
  • Confidentiality agreements with staff and contractors
  • Regular review and audit of data processing activities
  • Incident response and data breach notification procedures
  • Data minimisation and purpose limitation practices

7.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34 GDPR.

8. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general data retention periods are as follows:

Category of Data Retention Period Basis
Booking and transaction records 7 years from date of transaction Legal/tax obligation (Companies Act 2014; Taxes Consolidation Act 1997)
Customer account data Duration of account + 3 years after last activity Legitimate interests / contractual
Passenger manifest data As required by maritime regulations Legal obligation
Marketing preferences and consent records Until consent is withdrawn + 3 years Legal obligation (consent record keeping)
Customer service correspondence 3 years from date of last contact Legitimate interests
CCTV footage (terminal facilities) 30 days (unless required for investigation) Legitimate interests / legal obligation
Website analytics data 26 months (anonymised thereafter) Legitimate interests
Fraud and security investigation records Up to 6 years Legal obligation / legitimate interests
Financial and payment records 7 years Legal obligation (tax and accounting law)

At the end of the applicable retention period, your personal data will be securely deleted or anonymised in accordance with our data disposal procedures. Where data must be retained beyond these periods due to an ongoing legal claim or investigation, we will retain it only for as long as necessary.

9. Your Rights Under GDPR

Under the General Data Protection Regulation and the Data Protection Acts 1988–2018, you have the following rights in respect of your personal data:

9.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you, together with information about how we use it. This is known as a Subject Access Request (SAR). We will respond to your request within one month of receipt, free of charge (unless the request is manifestly unfounded or excessive).

9.2 Right to Rectification (Article 16 GDPR)

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. If you have a registered account, you may also update certain information directly through your account settings.

9.3 Right to Erasure / "Right to Be Forgotten" (Article 17 GDPR)

You have the right to request that we delete your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where the data has been processed unlawfully. This right is subject to exceptions, including where we are required to retain data to comply with a legal obligation.

9.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of your data following a rectification request, or where you have objected to processing based on legitimate interests.

9.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on your consent or on a contract, and the processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit this data directly to another controller where technically feasible.

9.6 Right to Object (Article 21 GDPR)

You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, including profiling for direct marketing purposes. Upon receiving an objection to direct marketing, we will cease processing your data for that purpose without delay.

9.7 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects. Where we engage in such processing, we will inform you and provide you with the ability to request human review.

9.8 Right to Withdraw Consent

Where we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]
Website: irizhferries.com

We may need to verify your identity before processing your request. We will respond to all valid requests within one calendar month. In complex cases, we may extend this period by a further two months and will notify you accordingly.

10. Cookie Policy (Summary)

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our marketing activities. Cookies are small text files stored on your device when you visit our website.

10.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of our website, including session management and security. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors use our website by collecting anonymous statistical data (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences and settings to improve your experience.
  • Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

10.2 Managing Cookies

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can also manage your cookie preferences at any time through your browser settings or by accessing our Cookie Preference Centre on our website.

Please note that disabling certain cookies may affect the functionality and performance of our website. For more detailed information about the cookies we use, please refer to our full Cookie Policy.

11. International Data Transfers

As a company operating ferry services across multiple routes, some of which involve travel between Ireland, the United Kingdom, and continental Europe, we may need to transfer your personal data to countries outside the European Economic Area (EEA) in certain circumstances.

Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, in accordance with Chapter V of the GDPR. These safeguards may include:

  • Adequacy decisions: Transfers to countries recognised by the European Commission as providing an adequate level of data protection
  • Standard Contractual Clauses (SCCs): The use of EU-approved model contractual clauses between us and the recipient of the data
  • Binding Corporate Rules: For transfers within corporate groups that have implemented binding corporate rules approved by a supervisory authority
  • Certification mechanisms: Where the recipient has an approved certification mechanism in place

Specifically, with regard to the United Kingdom, following Brexit, the EU Commission has issued an adequacy decision in respect of the UK, meaning that data may be transferred to the UK under the same framework as transfers within the EEA.

For further information about international data transfers and the safeguards we have in place, please contact us at [email protected].

12. Children's Privacy

Our website and online booking services are intended for use by adults aged 18 years and over. We do not knowingly collect personal data directly from children under the age of 18 years.

Where a booking includes minors as passengers, the personal data of those minors is collected from and provided by a responsible adult (the lead passenger or booking party), who is responsible for ensuring they have the appropriate authority to provide such information.

If you are a parent or guardian and you believe that your child has provided us with personal data without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our systems.

We are committed to complying with applicable laws regarding the protection of children's data, including the Data Protection Acts 1988–2018 and the GDPR.

13. Third-Party Websites and Links

Our website may contain links to third-party websites, including those of our travel partners, port operators, and other service providers. Please note that this Privacy Policy applies solely to information collected by irizhferries.com and does not extend to any third-party websites.

We are not responsible for the privacy practices of third-party websites and encourage you to read the privacy policies of any external websites you visit. The inclusion of a link to a third-party website does not constitute our endorsement of that website or its privacy practices.

14. How to File a Complaint with the Data Protection Commission

If you have concerns about how we handle your personal data and are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority for data protection in Ireland.

Data Protection Commission (DPC) Contact Details
Address 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Phone +353 (0)1 765 0100 / 1800 437 737 (LoCall)
Email [email protected]
Website www.dataprotection.ie
Online Complaint Form forms.dataprotection.ie/contact

We would, however, appreciate the opportunity to address your concerns before you approach the DPC, and encourage you to contact us in the first instance using the details provided in Section 15 below.

If you are located in another EU member state, you may also have the right to lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or the place of the alleged infringement.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please do not hesitate to contact us:

Irish Ferries – Privacy Enquiries
Company Irish Ferries
Email [email protected]
Website irizhferries.com

We aim to respond to all privacy-related enquiries within 5 business days and to all formal rights requests within one calendar month as required by GDPR.

16. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. Any significant changes will be communicated to you through one or more of the following methods:

  • A prominent notice on our website homepage
  • An email notification to registered account holders
  • A notification within your account dashboard

The updated policy will always display the date it was last revised at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

Your continued use of our website or services after the effective date of any changes constitutes your acknowledgement of the revised Privacy Policy.

Privacy Policy Version: 1.0

Last Reviewed: May 12, 2026

Next Scheduled Review: May 12, 2027

Applicable Law: GDPR (EU) 2016/679 | Data Protection Acts 1988–2018 (Ireland)