Privacy Policy

Last Updated: June 30, 2026  |  Effective Date: June 30, 2026

At Irish Ferries, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website at irirshferries.com, book ferry services, or otherwise interact with us. We encourage you to read this policy carefully before using our services.

This Privacy Policy is governed by the General Data Protection Regulation (GDPR) (EU) 2016/679, the Data Protection Acts 1988–2018, and all applicable Irish and European Union data protection legislation. Irish Ferries acts as the data controller in respect of your personal data as described in this policy.

1. Who We Are

Irish Ferries is a travel company providing ferry and travel-related services to passengers travelling to and from Ireland. Our contact details are as follows:

Company Name Irish Ferries
Website irirshferries.com
Email Address [email protected]
Country of Operation Ireland
Supervisory Authority Data Protection Commission (DPC), Ireland

For all privacy-related enquiries, you may contact us directly at [email protected]. We aim to respond to all privacy enquiries within 30 days of receipt.

2. Personal Data We Collect

We collect various categories of personal data depending on how you interact with us. The information we collect falls into the following categories:

2.1 Personal Identification Information

When you create an account, make a booking, or contact us, we may collect the following personal identification data:

  • Full name (first name and surname)
  • Date of birth
  • Gender (where relevant for passport or travel documentation purposes)
  • Nationality
  • Passport or national identity card number and expiry date (where required for international travel)
  • Email address
  • Phone number (mobile and/or landline)
  • Home address and postal code
  • Country of residence

2.2 Booking and Travel Information

When you make a reservation or purchase ferry tickets, we collect information related to your travel arrangements, including:

  • Departure and destination ports
  • Travel dates and times
  • Passenger numbers and details (including any minors travelling with you)
  • Vehicle registration details (if applicable)
  • Cabin or accommodation preferences
  • Special assistance requirements or mobility needs
  • Dietary requirements (where relevant to onboard services)
  • Loyalty programme membership details

2.3 Payment and Financial Information

To process payments for your bookings, we collect:

  • Payment card details (credit or debit card number, expiry date, and CVV — processed securely through our payment processor)
  • Billing address
  • Transaction history and booking reference numbers
  • Bank account information (where direct debit or bank transfer is used)
Please Note: Irish Ferries does not store your full payment card details on our servers. All payment card data is handled by our PCI DSS-compliant third-party payment processor.

2.4 Usage and Technical Data

When you visit our website at irirshferries.com, we automatically collect certain technical and usage information, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited and time spent on each page
  • Referring website URL
  • Search queries entered on our website
  • Click-through data and navigation patterns
  • Date and time of your visit
  • Session duration and frequency of visits

2.5 Cookie and Tracking Data

We use cookies and similar tracking technologies on our website to enhance your browsing experience, analyse website performance, and deliver relevant advertising. For full details of the cookies we use, please refer to our Cookie Policy. You can manage your cookie preferences at any time through our cookie consent banner or your browser settings.

2.6 Communications Data

When you contact us by email, phone, live chat, or through our contact form, or when you participate in surveys, competitions, or provide feedback, we may collect:

  • The content of your messages and correspondence
  • Your contact preferences
  • Details of any complaints or queries raised
  • Survey responses and feedback submissions

2.7 Special Category Data

In limited circumstances, we may need to collect special category data as defined under Article 9 of the GDPR. This may include:

  • Health or disability information (where you require special assistance on board)
  • Dietary requirements that may indicate religious beliefs or health conditions

We will only collect and process such data with your explicit consent, or where it is strictly necessary to provide you with the appropriate level of care and service during your travel.

3. How We Use Your Personal Data

We use the personal data we collect for specific, legitimate purposes in accordance with the lawful bases outlined in Article 6 of the GDPR. The following describes how and why we use your information:

3.1 Provision and Management of Travel Services

Legal Basis: Performance of a Contract (Article 6(1)(b) GDPR)

The primary reason we collect your personal data is to process your ferry bookings, issue tickets, and deliver the travel services you have purchased. This includes:

  • Processing and confirming your booking
  • Sending booking confirmation emails and travel documentation
  • Managing changes, cancellations, and refunds
  • Arranging special assistance or accommodation requirements
  • Communicating important travel updates, disruptions, or schedule changes
  • Complying with maritime safety and passenger identification obligations

3.2 Customer Account Management

Legal Basis: Performance of a Contract / Legitimate Interests

If you create an account with us, we use your data to maintain your account, allow you to view booking history, save passenger details, and manage your preferences and loyalty rewards.

3.3 Payment Processing

Legal Basis: Performance of a Contract

We process your payment information solely to complete the financial transaction for your booking. Payment processing is carried out securely in compliance with PCI DSS standards.

3.4 Customer Service and Support

Legal Basis: Legitimate Interests / Performance of a Contract

We use your contact and communications data to respond to enquiries, handle complaints, and provide after-sale support. We may also use your information to resolve disputes and enforce our terms and conditions.

3.5 Marketing and Promotional Communications

Legal Basis: Consent (Article 6(1)(a) GDPR) / Legitimate Interests

With your consent, or where we have a legitimate interest in doing so (for example, where you are an existing customer), we may use your contact details to send you:

  • Promotional offers, discounts, and special deals
  • Newsletters and travel inspiration content
  • Information about new routes or services
  • Personalised recommendations based on your travel history

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, by logging into your account and updating your preferences, or by contacting us at [email protected].

3.6 Website Analytics and Improvement

Legal Basis: Legitimate Interests / Consent

We use aggregated and anonymised usage data, along with cookies and analytics tools, to understand how visitors use our website, identify technical issues, and continuously improve our online services and user experience.

3.7 Legal and Regulatory Compliance

Legal Basis: Legal Obligation (Article 6(1)(c) GDPR)

We are required to process and retain certain personal data to comply with applicable Irish and EU laws, including maritime regulations, tax laws, anti-money laundering obligations, and border control requirements. We cooperate with regulatory authorities and law enforcement agencies where legally required to do so.

3.8 Fraud Prevention and Security

Legal Basis: Legitimate Interests / Legal Obligation

We use your data to detect, prevent, and investigate fraudulent transactions, security breaches, and other unlawful activities that may affect our business or our customers.

4. Sharing Your Personal Data with Third Parties

We do not sell your personal data to third parties. However, in order to deliver our services effectively and comply with legal obligations, we may share your data with the following categories of recipients:

4.1 Service Providers and Data Processors

We engage trusted third-party companies to assist us in operating our business and delivering services to you. These include:

  • Payment processors — to securely process credit and debit card transactions
  • IT and cloud hosting providers — to store and manage our data and systems securely
  • Email and communications platforms — to send booking confirmations and marketing communications
  • Customer support tools — to manage enquiries and complaints
  • Analytics providers — such as Google Analytics, to analyse website usage
  • Port and ferry terminal operators — to facilitate embarkation and disembarkation processes
  • Travel agents and distribution partners — where a booking is made through a third-party agent

All third-party processors are bound by data processing agreements in accordance with Article 28 of the GDPR, and are only permitted to process your data for specified purposes under our instructions.

4.2 Government and Regulatory Authorities

As a ferry operator serving international routes, we are required to share certain passenger data with government and border control authorities, including:

  • Irish immigration and customs authorities
  • UK Border Force (for routes to and from the United Kingdom)
  • French and other EU border authorities (for applicable routes)
  • Maritime safety and coast guard authorities
  • Revenue Commissioners (Ireland)

This sharing is carried out to comply with legal obligations under EU and international maritime law, and does not require your consent.

4.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your personal data may be transferred to the relevant third party as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements and Protection of Rights

We may disclose your personal data to third parties where we are required or permitted to do so by law, or where we believe it is necessary to:

  • Comply with a legal obligation or court order
  • Protect and defend the rights, property, or safety of Irish Ferries, our customers, or others
  • Prevent or investigate possible wrongdoing in connection with our services

5. International Data Transfers

Irish Ferries primarily processes your data within the European Economic Area (EEA). However, some of our third-party service providers may process data outside the EEA, including in countries such as the United States or the United Kingdom.

Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an EU adequacy decision (such as the UK, subject to ongoing adequacy review)
  • Other appropriate technical and organisational safeguards

You may request further information about international transfers and the safeguards we rely on by contacting us at [email protected].

6. Data Security

We take the security of your personal data extremely seriously. Irish Ferries has implemented a range of technical and organisational security measures to protect your information against unauthorised access, disclosure, alteration, or destruction. These measures include:

6.1 Technical Measures

  • SSL/TLS encryption for all data transmitted between your browser and our website (HTTPS)
  • Encryption of sensitive data at rest and in transit
  • Secure, access-controlled servers and cloud infrastructure
  • Regular security patching and system updates
  • Firewall protection and intrusion detection systems
  • Multi-factor authentication for staff accessing internal systems
  • PCI DSS compliance for payment card data handling

6.2 Organisational Measures

  • Role-based access controls limiting staff access to personal data on a need-to-know basis
  • Data protection training for all staff handling personal information
  • Internal data protection policies and procedures
  • Regular data protection impact assessments (DPIAs) for high-risk processing activities
  • Data breach detection, reporting, and response procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we are obligated under Article 33 of the GDPR to notify the Data Protection Commission (DPC) within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to you personally, we will also notify you directly in accordance with Article 34 of the GDPR.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. The following general retention periods apply:

Category of Data Retention Period Reason
Booking and transaction records 7 years from the date of travel Tax and legal compliance requirements under Irish law
Passenger identification data (e.g. passport details) As required by maritime regulations Legal obligation under international maritime and border control law
Customer account information Duration of account plus 3 years after last activity Service provision and legitimate business interests
Marketing preferences and communications Until you withdraw consent or opt out Consent-based processing
Customer service communications 3 years from the date of last correspondence Complaint handling and legal defence
Website usage and analytics data Up to 26 months Analytics and website improvement
Payment records 7 years Financial and tax compliance

When your data is no longer required, it will be securely deleted or anonymised in accordance with our data retention and disposal policies.

8. Your Rights Under Data Protection Law

Under the GDPR and the Data Protection Acts 1988–2018, you have a number of important rights in relation to your personal data. We are committed to facilitating the exercise of these rights promptly and without undue delay.

8.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within one month of receiving your verified request (this period may be extended by a further two months where requests are complex or numerous).

8.2 Right to Rectification (Article 16 GDPR)

If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct or update it. You can update many of your details directly through your online account, or by contacting us.

8.3 Right to Erasure — "Right to be Forgotten" (Article 17 GDPR)

In certain circumstances, you have the right to request that we delete your personal data. This right applies where:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Please note that this right is not absolute and we may be required to retain certain data to comply with legal obligations.

8.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we limit how we use your personal data in certain circumstances, such as where you contest the accuracy of the data or object to its processing pending our assessment of your objection.

8.5 Right to Data Portability (Article 20 GDPR)

Where we process your data on the basis of your consent or a contract, and the processing is carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible.

8.6 Right to Object (Article 21 GDPR)

You have the right to object to the processing of your personal data where it is based on our legitimate interests, including where data is used for direct marketing purposes. Where you object to direct marketing, we will immediately cease processing your data for that purpose.

8.7 Right to Withdraw Consent (Article 7 GDPR)

Where we rely on your consent as the legal basis for processing your data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

8.8 Rights Related to Automated Decision-Making and Profiling (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. We do not currently make such automated decisions that significantly affect you without human oversight.

8.9 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: [email protected]
Website: irirshferries.com

We may need to verify your identity before processing your request. We will respond to all valid requests within one calendar month. If we are unable to respond within this timeframe or if we refuse your request, we will inform you of the reasons and your right to complain to the supervisory authority.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, remember your preferences, and understand how our website is used. Cookies are small text files placed on your device by our website.

9.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function. These cannot be disabled.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences and settings to improve your experience.
  • Targeting and Advertising Cookies: Used to deliver relevant advertisements and measure their effectiveness.

9.2 Managing Your Cookie Preferences

You can manage and withdraw your consent to non-essential cookies at any time through our cookie consent tool (available as a banner when you first visit our site) or through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

For full information about the cookies we use, please read our Cookie Policy.

10. Children's Privacy

Our website and services are primarily intended for use by adults aged 18 years and over. We do not knowingly collect personal data from children under the age of 18 without the consent of a parent or legal guardian.

When passengers under the age of 18 are included in a booking, their personal data is provided by the adult passenger making the booking (the responsible adult), who is responsible for ensuring they have the authority to provide that information on behalf of the minor.

If you believe we have inadvertently collected personal data from a child under 18 without appropriate parental consent, please contact us immediately at [email protected] and we will take prompt action to delete the relevant data.

Irish Ferries complies with the requirements of the GDPR and the Data Protection Acts 1988–2018 in relation to the processing of children's personal data.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not operated by Irish Ferries. These may include partner travel companies, accommodation providers, tourism organisations, and social media platforms. We have no control over the content or privacy practices of these third-party sites.

We strongly encourage you to review the privacy policy of any third-party website you visit. Irish Ferries accepts no responsibility or liability for the privacy practices of any external websites or services linked to from our website.

12. Legal Basis for Processing — Summary

The following table summarises the primary legal bases under Article 6 of the GDPR on which we rely to process your personal data:

Purpose of Processing Legal Basis
Processing and fulfilling bookings Performance of a contract (Art. 6(1)(b))
Processing payments Performance of a contract (Art. 6(1)(b))
Customer account management Performance of a contract / Legitimate interests (Art. 6(1)(b)(f))
Sending marketing communications Consent / Legitimate interests (Art. 6(1)(a)(f))
Website analytics and improvement Legitimate interests / Consent (Art. 6(1)(f)(a))
Legal and regulatory compliance Legal obligation (Art. 6(1)(c))
Fraud prevention and security Legitimate interests / Legal obligation (Art. 6(1)(f)(c))
Sharing passenger data with border authorities Legal obligation (Art. 6(1)(c))
Special category data (health/mobility needs) Explicit consent (Art. 9(2)(a))

13. Complaints to the Data Protection Commission

If you are not satisfied with our response to any privacy enquiry or concern, or if you believe we have processed your personal data in a manner that is inconsistent with applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission (DPC), which is the supervisory authority for data protection matters in Ireland.

Data Protection Commission (DPC)
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland

Website: www.dataprotection.ie
Phone: +353 (0)1 765 0100
Email: [email protected]

We would encourage you to contact us directly in the first instance so that we can attempt to resolve your concern before you escalate the matter to the DPC. You may also have the right to seek a judicial remedy in the Irish courts if you believe your rights under the GDPR have been infringed.

14. Changes to This Privacy Policy

We may update or amend this Privacy Policy from time to time to reflect changes in our business practices, technologies, legal requirements, or regulatory guidance. When we make significant changes to this policy, we will notify you by:

  • Posting the updated Privacy Policy on our website at irirshferries.com with a new "Last Updated" date
  • Sending an email notification to registered account holders (where the changes are material)
  • Displaying a prominent notice on our website homepage

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our website and services after any changes to this policy constitutes your acknowledgement of the updated terms.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or to the way in which we handle your personal data, please do not hesitate to contact us using the details below. We are committed to addressing all privacy-related enquiries promptly, professionally, and in accordance with our obligations under the GDPR and the Data Protection Acts 1988–2018.

Privacy Enquiries — Irish Ferries

Email: [email protected]

Website: irirshferries.com

Response Time: We aim to respond to all privacy enquiries within 30 days of receipt.

This Privacy Policy was last reviewed and updated on June 30, 2026. Irish Ferries is committed to transparency, accountability, and the protection of your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988–2018.