1.1. PROTECTION and PROCESSING of PERSONAL DATA
Personal Data (PD) is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identity identifier, such as name, identity number, location data, on-line identity identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. But also more personal information such as habits, preferences, biometric data, etc.
Every company that handles personal data relating to living natural persons, within the EU, is obliged from 25 May 2018 to fully comply with EU Regulation 679/2016, for the protection of personal data (PD). The validity of the Regulation is immediate in all EU Member States.
PD collection is a form of processing, such as storage, organization, structure, storage, alteration, retrieval, information retrieval, use, disclosure, deletion, or destruction.
The company must collect PD (ie personal information) for the efficient execution of day-to-day business operations and services and, in some cases, for its compliance with the requirements of the legislation and / or regulations it applies.
- Inform natural persons (you) about the PD that we collect and process, for what purpose, in what way and for how long.
- Ensure that individuals know their rights but also our obligation to be accountable and safe.
- It provides an easy and clear mean of securing your consent, as a legal basis for the elaboration of PD, and, at the same time, allows you to withdraw this consent whenever you wish.
2. WHAT PERSONAL DATA WE PROCESS
When you call us, visit our website, cooperate with us, ask questions or request our cooperation, we may ask you for information (ie PD such as: name, address, email, phone, etc.) depending on the type of relationship between us.
You may also choose to provide us with additional PD (as in the case of sending a CV) or additional information (such as tax or business details, as part of your briefing or co-operation investigation).
We collect information, directly or indirectly, in the following ways:
- Information that you send or give us, when contacting us or visiting our website, by electronic or other means.
- Information we receive from the use of our services or the services of our partners.
We use various technologies to collect and store information and these may include the use of technologies such as cookies (see also §7). We may use information from ad networks, our customers or third parties to inform you of specific services that may be of interest to you.
Our website does not collect any information related to the user’s behavior, activities and location. For more information on how to access, manage, modify, or delete information, see sections 5 & 6 below.
3. HOW WE USE PERSONAL DATA
We use the information we collect (as described above), and in accordance with the consent you have given us, to:
- We process and serve your request for the provision of a tourist service
- We can provide you with personalized and up-to-date services and / or products,
- We will contact you via Newsletter, according to your registration via the respective form, to inform you about new services or products that may interest you,
- We process the payment
- Answer possible questions you have asked us,
- When you contact us we maintain a file with the communication messages so that we can resolve any issues you may have.
We do not allow unauthorized entities to access your information without your consent. For all the above the necessary condition is your consent (see sections 5 & 8 below).
4. WITH WHOM DO WE SHARE YOUR PD?
We do not disclose or share PD with companies, organizations and individuals outside our company, unless one of the following applies:
- With your consent: We share your personal information with companies, organizations and individuals when we have your explicit consent (see sections 5 & 8 below).
- For lawful purposes: We share personal information with competent public services when reasonably necessary and in order to comply with laws, regulations, legal procedures or government requests.
Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection for them, ensuring that one of the following protection measures is implemented:
We will only transmit your personal data to countries that the European Commission considers to provide an adequate level of protection for personal data. For more information, see European Commission: Adequacy of personal data protection in non-EU countries.
Where we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which provide personal data with the same protection as in Europe.
Where we use providers based in the United States, we reserve the right to transmit data to them if they participate in the Protection Shield which requires them to provide similar protection for personal data shared between Europe and the United States. For more information, see European Commission: EU-US Protection Shield.
5. YOUR RIGHTS AND OUR OBLIGATIONS
5.1 YOUR RIGHTS
Our customers, users of our services and visitors of our website have, within the framework of the Regulation for the Protection of Personal Data, rights (which should not be in conflict with the relevant legislation). These rights of natural persons (you) are:
- Right of access to their PD
- Right to correct their PD
- Right to cancel their PD
- Right to restrict the processing of PD
- Right to information regarding the correction or deletion or restriction of processing of their PD
- PD portability right
- Right to object to the processing of PD
- Right to object to automated individual decision making including profiling.
5.2 OUR OBLIGATIONS
Our obligations include:
- The principle of accountability, regarding the 6 principles governing the processing of PD (legality, objectivity and transparency, limitation of purpose, minimization of PD, accuracy of PD, limitation of storage period, security, integrity, and confidentiality).
Any PD processing is legal only if one of the following 6 conditions applies:
- The data subject has consented to the PD processing
- The processing of PD is necessary for the execution of a contract, where the subject is a party
- Processing is necessary to comply with the legal obligation of the controller
- Processing is necessary to safeguard the vital interest of the natural person
- Processing is necessary for the performance of a duty in the public interest or in the exercise of public authority delegated to the controller
- The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interest or fundamental rights and freedoms of the natural person prevail.
In addition, we implement the appropriate technical and organizational measures to protect the company and our partners from unauthorized access or alteration, violation or destruction of the IFR we have in our possession.
We monitor data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.
Access to personal information is restricted and controlled, and these individuals are subject to strict contractual obligations of confidentiality.
In the event that external partners (for maintenance or support purposes) have potential access to PD, relatively
Appendices to existing cooperation agreements cover the requirements of the Regulation.
Throughout the PD processing cycle (from the collection to the destruction of PD) we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of PD. We require similar measures from third parties handling or processing PD.
Our website is not intended for children under the age of 16. When our services and products will be used by a child under the age of 16, the explicit consent of the parent is required, in order to process the PD of the minor.
6. ACCESS to YOUR OWN PD and YOUR INFORMATION
Within the rights provided to you by the Regulation, you can request information on your own PD or request a correction or restriction on the processing or deletion of PDs (see your rights in detail in section 5.1). In such cases you are required to complete a SAR (subject access request). We are obliged to reply to you within one month of receiving the SAR.
If you wish to complete a SAR application, please send a request to: firstname.lastname@example.org
The exercise of the rights of the natural person can always be done within the framework of existing legislation (such as tax or labor law).
Every time you use our services, our goal is to provide you with access to your own PD. If this information is incorrect, we strive to provide you with ways to quickly update or delete it – unless we retain this information because required by law or for legal purposes.
7. INFORMATION ABOUT COOKIES
You can be informed by the Link: cookies policy about the policy followed by our website regarding cookies.
Please note that you will soon be able to delete cookies from your computer at any time or not accept the use of cookie groups while browsing our website.
8. INFORMATION ABOUT RETURN POLICY
You can be informed by the Link: return policy about the terms followed by our website regarding the order/product(s) return or cancel policy.
9. YOUR CONSENT AND WITHDRAWAL
Our company in the context of:
Respect for the protection of privacy and security of personal data and remaining true to the relationship of trust that has been nurtured through long-term cooperation with its travelers, it needs your consent in order to continue to inform you, in print and online, about news and offers of travel destinations and travel packages. In order to give or withdraw your consent for your information, at any time, contact us at email@example.com or use the links you will find in our emails.
Our Website/Eshop will collect and process PD only where it can legally do so, such as:
(a) Requirement of relevant legislation,
(b) Processing necessary for the performance of a contract of which the natural person is a party
(c) Processing necessary to comply with the company’s legal obligation,
(d) Treatment necessary to safeguard the vital interests of the natural person.
Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679/EU, and in general the current national and European legislative and regulatory framework for the protection of personal data and competent courts for any outstanding disputes related to PD Your data are the competent Courts of Sparta.
We update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will post this update on our website.
We encourage you to read this Policy at regular intervals to know how your Data is protected.