Skip to Content

Privacy Policy


1. PRIVACY POLICY, last review: 04/04/20261.1 Data Controller1.2 Scope 1.3 Categories of Personal DataIdentification Data: Name, address, email address, telephone numberBooking & Customer Data: Travel preferences, booking details, communication records, payment dataTechnical Data: IP address, browser data, cookies, usage dataMedical & Safety Data (where applicable): Health declarations, medical conditions, allergies, dietary restrictions1.4 Purpose and Legal Basis1.5 Retention Periods1.6 Data Sharing1.7 International Transfers1.8 Data Subject Rights1.9 Security2. EXTENDED COOKIE POLICY2.1 Use of Cookies2.2 Legal Basis2.3 Consent Management2.4 Retention3. MEDICAL & SAFETY DATA CLAUSE3.1 Purpose3.2 Legal Basis3.3 Role of the Captain3.4 Fitness to Travel3.5 Accuracy Obligation3.6 Confidentiality4. DATA PROCESSING & PARTNER CLAUSE (B2B / OPERATIONS)4.1 Role of Partners4.2 Joint Controller Clause 4.3 Data Minimisation4.4 Security & Confidentiality

1. PRIVACY POLICY, last review: 04/04/2026

1.1 Data Controller

Celis-T’Seyen BV, registered under Belgian company number BE0478.824.662, with registered office at Stationlei 10, 2288 Bouwel, Belgium, operating under the trade name “Arruno Exploration” (hereinafter “the Company”), acts as the data controller for the processing of personal data.

For operations conducted in Norway, processing may take place through a Norwegian branch (NUF). Depending on the activity, the Company may act either:

  • as sole data controller, or
  • as joint controller with operational partners.

1.2 Scope

This Privacy Policy applies to:

  • website visitors
  • customers and expedition participants
  • business contacts and partners

 1.3 Categories of Personal Data

The Company may process the following categories of personal data:

  • Identification Data: Name, address, email address, telephone number
  • Booking & Customer Data: Travel preferences, booking details, communication records, payment data
  • Technical Data: IP address, browser data, cookies, usage data
  • Medical & Safety Data (where applicable): Health declarations, medical conditions, allergies, dietary restrictions

1.4 Purpose and Legal Basis

PurposeLegal Basis
Handling inquiriesLegitimate interest
Contract executionPerformance of a contract
AccountingLegal obligation
MarketingConsent
Safety onboardExplicit consent / vital interests
Website analyticsConsent

1.5 Retention Periods

  • Customer data: 7 years
  • Contact requests: 12 months
  • Marketing data: until withdrawal of consent
  • Medical data: duration of voyage + maximum 1 year
  • Cookies: maximum 24 months

1.6 Data Sharing

Personal data may be shared with:

  • IT and hosting providers
  • payment providers
  • marketing platforms
  • operational partners involved in voyages

All such parties are bound by contractual data protection obligations.

1.7 International Transfers

Where data is transferred outside the European Economic Area, such transfers are safeguarded through:

  • Standard Contractual Clauses (SCCs)
  • additional technical and organizational safeguards where required

1.8 Data Subject Rights

Data subjects have the right to:

  • access
  • rectification
  • erasure
  • restriction
  • objection
  • data portability
  • withdraw consent

Requests can be addressed to: info@arruno-exploration.be

1.9 Security

The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

2. EXTENDED COOKIE POLICY

2.1 Use of Cookies

The website uses the following categories of cookies:

  • Strictly Necessary Cookies, required for website functionality
  • Analytical Cookies, used to analyse website usage and improve performance
  • Marketing Cookies, used to deliver relevant advertising and track engagement

2.2 Legal Basis

  • Necessary cookies: legitimate interest
  • Analytical & marketing cookies: consent

2.3 Consent Management

Users can:

  • accept or reject cookies via the banner
  • withdraw consent at any time

2.4 Retention

Cookies are stored for a maximum of 24 months unless otherwise specified.

3. MEDICAL & SAFETY DATA CLAUSE

This is the most important part for your liability position.

3.1 Purpose

The Company processes medical and health-related data strictly for:

  • ensuring the safety of passengers and crew
  • assessing fitness to participate in a voyage
  • enabling the captain to make operational safety decisions

3.2 Legal Basis

Processing is based on:

  • explicit consent (Article 9 GDPR)
  • protection of vital interests
  • maritime safety obligations

3.3 Role of the Captain

The Captain bears ultimate responsibility for the safety of all passengers and crew onboard.

In this context, the Captain must be fully informed of any medical condition that may affect a participant’s ability to safely take part in the voyage.

The Company is therefore entitled to process and disclose relevant medical information to the Captain and designated crew members on a strict need-to-know basis.

3.4 Fitness to Travel

The Company reserves the right to assess whether a participant is medically and physically fit to undertake the voyage.

Based on the information provided, the Captain may:

  • accept participation
  • impose conditions
  • refuse participation if safety cannot be guaranteed

3.5 Accuracy Obligation

Participants are legally responsible for providing complete, accurate and truthful medical information.

Failure to disclose relevant medical conditions may result in:

  • denial of boarding
  • termination of participation
  • exclusion of liability for resulting damages

3.6 Confidentiality

Medical data is:

  • strictly limited
  • only accessible to authorized personnel
  • never used for commercial purposes 

4. DATA PROCESSING & PARTNER CLAUSE (B2B / OPERATIONS)

4.1 Role of Partners

Depending on the collaboration, partners may act as:

  • data processors
  • independent controllers
  • joint controllers

4.2 Joint Controller Clause 

Where the Company cooperates with external partners in the organization of voyages or activities, the parties may jointly determine the purposes and means of processing personal data.

In such cases, the parties shall:

  • define their respective responsibilities
  • ensure compliance with GDPR
  • provide transparency to data subjects

4.3 Data Minimisation

Only strictly necessary data is shared with partners.

4.4 Security & Confidentiality

All partners must:

  • implement appropriate safeguards
  • ensure confidentiality
  • process data only for agreed purposes