PRIVACY POLICY

Date of entry into force: 1 January 2020

Hornblower Group. ("Hornblower", "we", "us", "our" or "us") is committed to protecting the privacy of your Personal Information. Hornblower has created this Privacy Policy ("Policy") to inform you of our policies regarding the collection, use and disclosure of Personal Information and the choices you have regarding such information.
This Policy applies to all Personal Information collected about you by Hornblower when you do any of the following (collectively, the "Services"):

(i) use our yacht charter, gastronomic cruise and ferry services;
(ii) communicate with us by any form of written, electronic and oral communication; (iii) use our website and all relevant websites and webpages linked to this Policy (this Policy).
(iii) use our website https://www.hornblower.com/ and all relevant websites and web pages that link to this Policy (the "Site");
(iv) download our mobile applications and any other applications that link to this Policy; and
(v) use any other features or content owned or operated by Hornblower.

Before using our services, please read carefully our Terms and Conditions, which can be found here: https://www.hornblower.com/terms-conditions/ ("Terms and Conditions") and this Policy. Unless otherwise defined in this Policy, terms used in this Policy have the same meaning as in our Terms and Conditions. By using the Services, you consent to the collection and use of your Personal Data in accordance with this Policy and our Terms and Conditions. If you are uncomfortable with any part of this Policy or our Terms and Conditions, you should not use or access our Services.

We may update this Policy from time to time. We will notify you of any changes by posting the new Policy on this website. We will notify you by email and/or by a prominent notice on our Service, prior to the change becoming effective, and we will update the "effective date" at the top of this Privacy Policy. You are advised to check this Policy periodically for changes. Changes to this Privacy Policy are effective when they are posted on this page.

1. Personal information we collect

We collect Personal Information when you use our Services, purchase tickets or submit Personal Information when requested on our Assets. Personal Information is any information about you that personally identifies you or can be used to identify you, such as your user ID, name, email address, name, phone number, address and payment account number (collectively, "Personal Information"). The types of Personal Information we may collect about you include, but are not limited to:

a) Information you provide us with

We collect information that you share with us when you use our Services. For example, when you book yacht charters, dining cruises and ferry services, we may ask you for your name, mailing address, email address and payment information. When you complete a form with us, we may collect your name, email address, telephone number, company name and party information. We may also collect your personal information in connection with employment at Hornblower that you leave on our site.

b) Information about your use of our Services

We may collect information about your use of the Services. For example, we may collect information that your browser sends whenever you visit our Service or when you access the Service through a mobile device ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, the unique identifier of your mobile device, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

c) Location data

We may use and store information about your location if you give us permission to do so ("Location Data"). We use this data to provide features of our Service, to improve and personalise our Services. You can enable or disable location services when using our Services at any time through your device settings.

d) Information you provide to our affiliates and subsidiaries

We may obtain your Personal Data from a company controlled by Hornblower or under common control with Hornblower.

2. Cookies and other tracking technologies

We use cookies and similar tracking technologies to track activity on our Services. Cookies are files containing a small amount of data that may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies, such as beacons, tags and scripts, are also used to collect and track information and to improve and analyse our services.

a) How we use cookies

In general, we use our own and third-party cookies for the following purposes
- to make our Services work properly;
- to provide a safe and secure browsing experience when using our Services; and
- to collect passive information about your use of our Services; and
- to measure how you interact with our marketing campaigns
- to help us improve our Services; and
- to remember your preferences for your convenience.

b) Types of cookies in our services

We use the following types of cookies on our Services:
- Strictly necessary cookies: these cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, some services cannot be provided. These cookies do not collect information about you for marketing purposes. This category of cookies is essential for our Services to work and cannot be disabled.
- Functional cookies: We use functional cookies to remember your choices so that we can tailor our Services to provide you with enhanced features and personalised content. For example, these cookies may be used to remember your name or preferences on our Services. We do not use functional cookies to target you with online marketing. Although these cookies can be disabled, this may result in reduced functionality when using our Services.
- Performance or analytics cookies: These cookies collect passive information about how you use our Services, including the web pages you visit and the links you click. We use the information collected by these cookies to improve and optimize our Services. We do not use these cookies to target you with online marketing. You can disable these cookies.
- Third-party cookies: these are cookies provided by external service providers and fall into one of the categories of cookies described above. These third party providers process your personal information on our behalf in accordance with our instructions and obligations under this policy.

(c) Analytical

We may use third party service providers to monitor and analyse the use of our Service. We currently use Google Analytics. Google Analytics is a web analytics service provided by Google LLC ("Google") that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the data collected to contextualise and personalise ads in its own advertising network.
For more information about Google's privacy practices, please visit Google's privacy and terms webpage: https://policies.google.com/privacy?hl=en. The Google Analytics opt-out browser add-on gives visitors the ability to prevent Google Analytics from collecting and using their data, available at: https://tools.google.com/dlpage/gaoptout.

d) Behavioural Remarketing

Hornblower uses remarketing services to advertise on third party websites after you have visited our Services. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service. We use Google Ads for these purposes. The Google Ads remarketing service is provided by Google. You may opt-out on the Google Ads settings page: http://www.google.com/settings/ads.

e) Other tracking technologies

To see how our Site is performing, we sometimes use conversion beacons, tags, scripts and pixels, which trigger a short line of code to tell us when you have clicked a particular button or arrived at a particular page. We also use these tracking technologies to analyse usage patterns on our Site. The use of these technologies allows us to record that a particular device, browser or application has visited a particular web page.

f) Your choices

Your browser may give you the option to refuse some or all browser cookies. You can also delete cookies from your browser. You can exercise your preferences in relation to cookies served on our Site by following the steps below:

• First-party cookies: you can enable, disable or delete our cookies through the browser you use to access our Services. To do this, follow the instructions provided by your browser (usually found in the "Help", "Tools" or "Edit" settings). Please note that if you set your browser to disable cookies, you may not be able to access secure areas of our Services and some parts of the Services may not work properly for you. You can find more information on how to change your browser's cookie settings at http://www.allaboutcookies.org.
• Third-party cookies: modern browsers also allow you to block third-party cookies by following the steps described above.
• Do Not Track: We do not support Do Not Track signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

3. How we use your personal information

We will only use your personal information as described in this policy or as otherwise disclosed to you prior to such processing taking place.

a) To provide and maintain our Service

We will use your Personal Data to provide the information or perform the Services you request and to enable you to participate in interactive features of our Service when you choose to do so. If the applicable information is to be provided to or the Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing the applicable Services. Your information may be made available or provided to third party service providers and contractors who are contractually obligated to protect your information as described in this Policy.

b) To provide you with communications relating to the Service.

We will send you administrative or account-related information to notify you of changes to our Service. These communications may include information about Policy updates, confirmations of your transactions, security updates or tips, or other relevant transaction-related information. We process your contact information to send you such communications. Communications related to the Service are not promotional in nature. You may not unsubscribe from such communications; otherwise, you may miss important developments related to your account or the Services.

(c) To support the customer or to respond to the customer

We collect any information you provide to us when you communicate with us, for example, if you have questions, concerns, comments, disputes or problems. Without your personal information, we cannot respond to you or ensure your continued use and enjoyment of the Services.

d) To send you promotional and marketing e-mails.

We may use your personal data to contact you with newsletters, marketing or promotional material and other information that may be of interest to you based on the Services you have already purchased or enquired about, unless you have opted out of receiving such information. You may opt out of receiving any or all of these communications from us by following the unsubscribe link or instructions provided in any email we send you.

(e) For internal use

We will use your information to compile analytics or valuable information to help us improve our Services and to detect, prevent and fix technical problems. We may also use your information to monitor the use of our Services, including but not limited to search terms entered, pages visited and documents viewed.

f) Enforce compliance with our terms and conditions and agreements or policies.

When you access or use our Services, you are subject to our Terms and Conditions and this Policy. To ensure that you comply with them, we process your Personal Data by actively monitoring, investigating, preventing and mitigating any actual or suspected unlawful, illegal or prohibited activity on our Services. We also process your Personal Data to: investigate, prevent or mitigate violations of our terms, agreements or internal policies; enforce our agreements with third parties and business partners; and, where applicable, charge fees based on your use of our Services. We cannot provide our Services in accordance with our terms, agreements or policies without processing your Personal Data for such purposes.

g) Maintain legal and regulatory compliance.

Our services are subject to certain laws and regulations that may require us to process your Personal Data. For example, we process your Personal Data to pay our taxes, meet our business obligations, ensure compliance with employment and contracting laws, or as necessary to manage risk under applicable law. If we do not process your Personal Data for such purposes, we cannot provide the Services in accordance with our legal and regulatory requirements.

4. Disclosure of your personal information

We may disclose your personal information as described below.

a) Within our corporate organisation

Hornblower is part of a corporate organisation that has many legal entities, business processes, management structures and technical systems. Hornblower may share your Personal Data with this organisation in order to provide the Services to you and to take action based on your request.

b) Service providers

We may employ third party companies and individuals to facilitate our Services ("Service Providers"), provide the Services on our behalf, perform services related to the Service, or assist us in analyzing how our Services are used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

c) Mergers and acquisitions

If Hornblower is involved in a merger, acquisition or asset sale, your personal information may be transferred. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

(d) Disclosure for law enforcement purposes

In certain circumstances, Hornblower may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). Hornblower may disclose your Personal Information if Hornblower has a good faith belief that such action is necessary to
- comply with a legal obligation;
- protect and defend Hornblower's rights or property
- prevent or investigate possible breaches in connection with the Service;
- protect the personal safety of users of the Service or the public; and
- protect against legal liability.

5. Data security

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. Our security measures include industry-standard physical, technical and administrative measures to prevent unauthorised access to or disclosure of your information, to maintain data accuracy, to ensure the appropriate use of information and to safeguard your Personal Information. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

6. Data retention

Hornblower will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Hornblower will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except where this data is used to enhance security or to improve the functionality of our Service, or where we are legally required to retain this data for longer periods.

7. Links to other websites

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's website. We strongly encourage you to review the privacy policy of each website you visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services.

8. Children's privacy

Our Services are not directed to children under the age of 18 ("Children"). We do not knowingly collect personal information from children under the age of 18. If you are a parent or guardian and you know that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verifying parental consent, we take steps to delete that information from our servers.

9. California Privacy Rights

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 ("CCPA"), the following is a summary of the categories of Personal Information, as identified and defined in the CCPA (see California Civil Code section 1798.140(o)), that we collect, why we collect your Personal Information, where we obtain the Personal Information, and the third parties with whom we share your Personal Information.

a) Categories of personal information we collect

We generally collect the following categories of personal information about you when you use our Services:

• identifiers such as name, address, unique personal identifier, email, phone number, IP address of your device, software and identification numbers associated with your devices;
• protected classifications, such as gender;
• commercial information, such as records of products or services purchased, obtained or considered by you;
• Internet or other electronic information relating to your browsing history, your search history, the web page visited prior to entering our Site, the length of visit and number of pages viewed, clickstream data, location preferences, your mobile carrier, date and time stamps associated with transactions and system configuration information;
• your geographic location, to the extent that you have configured your device to allow us to collect such information;
• audio recordings of your voice to the extent you call us, as permitted by applicable law;
• professional or employment-related information; and
• inferences about their preferences, characteristics, behaviour and attitudes.

We do not generally collect biometric information or education-related information. For more information about the personal data we collect and how we collect it, please see sections 1 and 2 above.

(b) Purposes for which personal data are processed under the CCPA

We collect Personal Information from you for the business purposes described in Sections 2 and 3. The CCPA defines a "business purpose" as the use of Personal Information for the operational purposes of the business or other notified purposes, provided that

the use of the Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.

The following activities are considered "business purposes" under the CCPA audit related to current consumer interaction and concurrent transactions, and auditing compliance with laws and other regulations; detecting security incidents; protecting against malicious, deceptive, fraudulent or illegal activity; and prosecuting those responsible for such activity; providing services on behalf of the company, including maintaining or servicing accounts, providing customer service, verifying customer information; repairing errors that affect intended functionality; internal research for technological development; verifying or maintaining the quality or security of, and improving, upgrading, updating, updating or enhancing, a service or device owned, manufactured by, made for or controlled by the company.

c) Sharing with third parties

The categories of third parties with whom we may share your personal information are listed in section 4 above.

d) CCPA privacy rights

If you are a California resident, you have rights with respect to your personal information; however, your rights are subject to certain exceptions. For example, we may not disclose certain personal information if disclosure would create a substantial, articulable and unreasonable risk to the security of the personal information, your account with us or the security of our network systems.

• Right not to be discriminated against: You have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your right to know, remove or opt out of sales.
• Right to Know: You have the right to request in writing (i) a list of the categories of personal information, such as name, address, email address, that a company has disclosed to third parties during the immediately preceding calendar year for the third parties' direct marketing purposes, and (ii) the names and addresses of those third parties. In addition, you have the right to request (i) the categories of personal information we have collected about you, (ii) the categories of sources from which the personal information is collected, (iii) the business or marketing purpose of the information collection, (iv) the categories of third parties with whom we have shared the personal information, and (v) the specific items of personal information we hold about an individual. You have the right to request a copy of the specific personal information we have collected about you during the 12 months prior to your request.
• Right of deletion: You have the right to ask us to delete any personal information we have collected from you or maintain about you, subject to certain exceptions.

To assert your right to know or your right to have your personal information deleted, please contact us at [email protected] or by telephone at 1-888-467-6256. To verify your identity, we may ask you to verify the personal information we already have on record. If we are unable to verify your identity from the information we have on record, we may request additional information from you, which we will only use to verify your identity and for security or fraud prevention purposes.

• Right to opt out of the sale: The CCPA broadly defines "personal information" and "sale," so sharing identifiers and identifiers linked to you for profit may be considered a sale. You have the right to opt out of the sale of your personal information. We do not sell your personal information. However, in 2019, we do share identifiers and inferences about you with our business partners in a manner that, under the CCPA, may be defined as a sale. As noted above, you have the right to know the categories of personal information we sell about you and the categories of third parties with whom we share that information.

Under the CCPA, you can also choose not to sell or share your information. Visit our Do Not Sell My Personal Information website for more information.

e) Shine the Light Act

If you are a California resident, you may request a notice from us describing the categories of personal information (if any) that we have shared with third parties, including our corporate affiliates, for their direct marketing purposes during the previous calendar year. You may request such a notice once a year, free of charge. To request a notice, please email us at [email protected]. In your request, please specify that you want a "California Privacy Rights Notice. We will respond to you within thirty (30) days or as permitted by law.

10. International transfers of personal information

Your Personal Information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Information, to the United States and process it there.

Hornblower will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy and no transfer of your personal information to an organisation or country will take place unless there are adequate controls in place that include the security of your personal information. If you do not want your information to be transferred, processed or maintained outside the country or jurisdiction where you are located, you should not use the Services.

For persons located in the European Economic Area ("EEA"), the United Kingdom or Switzerland at the time they access our Services, please see section 11 below.

11. Special notice for persons from the European Economic Area, United Kingdom and Switzerland

This section only applies to persons who access or use our Services while located in the EEA, the United Kingdom and/or Switzerland (collectively, the "Designated Countries"). We may ask you to identify which country you are in when you use some of the Services or we may rely on your IP address to identify which country you are in.

Where we rely on your IP address, we cannot apply the terms of this section to anyone who masks or hides their location information so that they do not appear to be located in the Designated Countries. If any of the terms of this section conflict with other terms contained in this Policy, the terms of this section will apply to users in the Designated Countries.

a) International transfers of personal information

We may store, process and transmit personal information in locations around the world, including locations outside the country or jurisdiction where you are located. These countries or jurisdictions may have less protective data protection laws than the laws of the jurisdiction in which you reside. If you do not want your information transferred, processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.

We transfer your personal information subject to appropriate safeguards as permitted by applicable data protection laws. In particular, where your personal information is transferred outside the designated countries, we have in place the necessary contractual arrangements for the transfer of personal information with the third parties to whom your information is transferred. For such transfers, we rely on legal transfer mechanisms, such as Binding Corporate Rules, Standard Contractual Clauses, or we work with U.S.-based third parties that are certified under EU-U.S. and Swiss-U.S. law. EU-US and Switzerland-US Privacy Shield Framework. US Privacy Shield Framework.

b) Our relationship with you

Hornblower is a controller with respect to any Personal Information collected from individuals who access or use its Services. A "controller" is an entity that determines the purposes for which and the manner in which any Personal Information is processed.

c) Marketing

We will only communicate with individuals located in the designated countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the consent of the individual. Where we rely on a legitimate interest, we will only send you information about our Services that are similar to those that were the subject of a previous sale or sales negotiations with you. If you do not want us to use your personal data in this way or to disclose it to third parties for marketing purposes, please click on the unsubscribe link in your emails or contact us at [email protected]. You can object to direct marketing at any time and free of charge.

d) Your individual rights

We provide you with the rights described below when you use our Services. We may limit your requests for individual rights in the following ways (a) where denial of access is required or authorized by law; (b) where granting access would adversely affect the privacy of others; (c) to protect our rights and property; and (d) where the request is frivolous or burdensome. If you wish to exercise your rights under applicable law, please contact us at [email protected]. When we comply with your requests for individual rights of correction (or rectification), erasure or restriction of processing, we will notify third parties who also process the relevant personal data, unless this is impossible or involves disproportionate effort. In certain circumstances, you have the following data protection rights:

• Right to access, update or delete information we hold about you: where possible, you can access, update or request deletion of your personal information directly in the settings section of your account. If you are unable to perform these actions yourself, please contact us for assistance.
• Right of rectification - You have the right to have your data rectified if it is inaccurate or incomplete.
• Right to object: You have the right to object to our processing of your personal data.
• Right of restriction: you have the right to request that the processing of your personal data be restricted.
• Right to data portability: you have the right to a copy of the information we hold about you in a structured, machine-readable and commonly used format.
• The right to withdraw consent: you also have the right to withdraw your consent at any time where Hornblower relied on your consent to process your personal information.
• Automated individual decision-making, including profiling: although you have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, under applicable law, we do not subject your personal data to such processing activities. .

Please note that we may ask you to verify your identity before responding to such requests.

If you believe that we have violated or infringed your rights under this Policy, please contact us at [email protected] so that we can work with you to resolve your concerns. You also have the right to lodge a complaint with a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the EEA.

12. Contact

If you have any questions about this privacy policy, please contact us by email at [email protected].

WHAT INFORMATION IS COLLECTED?

To use our website to purchase event tickets, you must provide certain personal information required for the transaction, such as name, address, phone number, credit card number or email address. In addition, you must provide certain demographic information, such as postcode, city, user name, age, IP address, search history and other device history. In addition, we may collect the following information regarding your interaction with the website and/or our services: payment methods, delivery options, seating charts and/or information you voluntarily provide to us.