Last updated January 18th 2021
We respect the protection of the Users’ personal data (hereinafter also “You”) and their privacy and we comply with the applicable data protection and privacy laws. We encourage you to carefully read this Privacy Notice as well as our Cookies Notice, available on our Website, which have been written clearly and simply to facilitate their understanding. In both Notices we provide you with transparent information on how we process your personal data.
2. Who are we? Who is the Data Controller?
3. What Personal data do we collect?
Depending on how you interact with us and the purpose for which we need to process your data, we collect the following categories of data:
- identity and location data such as your name, surname, telephone number, residential address, email address or country from which you interact with us, geolocation data etc. We may also ask for data of a more official nature such as a copy of your ID document when it is necessary to comply with legal obligations associated with your requested services (e.g. to include your name on the list of passengers on board;
- economic and transaction information (e.g. information on your bookings and how you pay)
- correspondence data (e.g. your messages through our contact form)
- user-generated data (e.g. when you post a review)
However, we also collect information automatically when you visit our Website by using Cookies and similar technologies. For more information about cookies, see our Cookies Notice.
4. What are the purposes and the legal basis for the processing of your personal data?
When you fill in the online contact form (requested data: name, e-mail address, message and voluntarily telephone number), we process this data to fulfill your requests by answering your questions and providing information. In this case, the legal basis for the processing is the consent that you provide by clicking on the specific tick-box before submitting your message.
When you fill in our booking inquiry form to get informed about our services, we ask you to provide us with data such as name, e-mail, the services you are interested in and your comments and we come back to you with more details. All this information is necessary to identify you, manage your requests and communicate with you in this regard. If you decide to proceed to a transaction with us, we ask for more data such as payment details. The processing of the above-mentioned categories of data is necessary in order to take steps at your request prior to entering into a contract and facilitate the actual entering into this contract. The processing of some data related to your transactions may also be necessary for compliance with a legal obligation to which we are subject (e.g. tax law etc.)
The Website allows its visitors to post a review and rate our services, the proposed attractions etc. Comment functionality allows visitors to give their personal experience and feedback helping new visitors get to know our services. It also helps us foster personal relationships and interactions with users. The legal basis for the processing is the performance of the contract.
We may also use the contact details of our existing customers for marketing purposes to inform you about our latest offers and deals. The processing of personal data for marketing purposes may be regarded as carried out for our legitimate interest to promote our services. However, you are always entitled to object to this processing since we provide an opt-out option (“unsubscribe”) within each marketing email you receive.
We also use Third-party Plugins. For example, we have embedded the Facebook ‘Like’ button. The embedding of these plugins involves under certain circumstances data transmission to the respective social network. If you have previously received a cookie from these social media providers, for example because you have an account, your browser sends to these providers cookie-related information when you visit our website. It should be clarified that we are not responsible for any subsequent processing activities that social media providers carry out. We can no longer determine or influence the purpose and the means of data processing. Our Website enables only the transmission of the data and we may be jointly responsible with the social media provider only for the said processing activity. For more information about social plugins, we encourage you to read the Privacy Notices of the respective Social Media Providers and manage your privacy preferences. We embed these Plugins to promote our Website. Therefore, the data processing is necessary for the purposes of the legitimate interests pursued by our Company.
5. Who do we share your personal data with?
Your data shall not be disclosed to any third party, apart from the following:
(a) Vendors who are required to have access to personal data to provide their services. All vendors are bound by specific agreements (controller-to-processor contracts) ensuring protection of your data.
(b) Authorized employees who have access to personal data only when this is necessary (e.g. to handle your requests) and are bound by non-disclosure and confidentiality agreements.
(c) Third-party partners, such as Travel Agencies, with whom we cooperate in order to provide you the requested services. These partners are also bound by specific agreements that provide for the respective responsibilities of both parties and ensure the security and confidentiality of the information.
(d) Third-party partners setting cookies. Some Cookies are put in place by third-party service providers. Therefore, these partners have access to cookie related information (for more information about cookies, see our Cookies Notice).
(e) Social media providers as regards the above-mentioned use of Third-party Plugins.
6. How long do we keep your data?
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice. The criteria used to determine our retention periods include:
(a) The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you keep using the Services or if you have a booking or any request through our contact form, that has not yet been fulfilled)
(b) Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
(c) Whether retention is advisable considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations).
7. Data security – International Data Transfers
We process your data at all times in a confidential way, maintaining the mandatory duty to secrecy regarding the said data under the provisions set out in the applicable laws. We have adopted measures of a technical and organizational nature (e.g. antivirus, antimalware software, firewalls, encryption) required to guarantee the security of your data and prevent them from being altered, lost, processed, or accessed illegally, depending on the state of the technology, the nature of the stored data, and the risks to which they are exposed.
Our servers are located in Greece, which is member of the European Economic Area (EEA). For service efficiency purposes, some of our third-party providers may hold servers outside the EEA. We inform you that this data is transferred with adequate safeguards and is always kept safe.
8. What are the rights of Data subjects?
- to request access to the personal data that we hold;
- to request rectification of inaccurate or incomplete data;
- to request erasure of your personal data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them;
- to request that we limit the processing of your personal data, which entails that in certain cases you can request us to temporally suspend the processing of the data or that we keep them longer than necessary;
- if you have given us your consent to process your data, you also have the right to withdraw such consent at any time. In the event that you withdraw your consent, this will not affect the legality of the processing carried out previously.
- When we process your data based on your consent of for the purposes of a contract, you can also request portability of your personal data.
- When the processing of your data is based on our legitimate interest, you are entitled to object to the processing.
Finally, we inform you that you have the right to lodge a complaint regarding the processing of your personal data by us before the Hellenic Data Protection Authority (DPA, https://www.dpa.gr/ ).
9. Changes to the Privacy Notice
We may amend the information contained in this Privacy Notice when we consider this appropriate. Should we do so, we will notify you by various procedures through the Website, or we may even send you a notice to your email address when the change in question is relevant to your privacy, for you to be able to review the changes, assess them and, as the case may be, object or unsubscribe from any service or functionality. We will also change the “Last Updated” date at the beginning of this Privacy Notice. In any case, we suggest you to review this Privacy Notice from time to time in case minor changes are made. Any changes we make to our Privacy Notice are effective as of the “Last Updated” date and replace any prior Privacy Notices.