PERSONAL DATA PROTECTION POLICY / PRIVACY POLICY

What is our ideology regarding the processing of our customers’ personal data?

On 25 May 2018, the (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing of the Regulation Directive 95/46 / EC (General Data Protection Regulation) was implemented.

The purpose of this document is to provide all information to you, regarding the processing of data of personal character, in a concise, transparent, comprehensible, easily accessible form, with simple and clear wording.

Our company, Traveltransfer, understands that, within the framework of the operation of the e-shop https://travel-santorini.gr/, it processes personal data of natural persons / individual businesses. The lawful processing of your personal data is of paramount importance to us. We want you to feel happy and secure when visiting our above e-shop and consider applying your data protection as a quality-oriented customer-oriented service.

*******

What is our Company, that is, your Data Controller?

Responsible for editing is the company named “FILITSIS E. – KITSIOU B.” with the distinctive title “FILITSIS E. – KITSIOU B.”. Its headquarters are located in Santorini, Greece, and on Fira. The company owns the VAT number EL800824642. Contact telephone number is +302286022879 and e-mail address is [email protected] . The legal representative is Filitsis Eleytherios.

The site (https://travel-santorini.gr/) uses the Secure Sockets Layer (SSL) protocol that uses encryption methods of the data exchanged between two devices by establishing a secure connection between them over the Internet, resulting in protection of your personal data as well as other data of special categories (sensitive data) (e.g. orders or investigations of the controller). You can recognize that you are in a protected connection by seeing the characters https: // and the lock symbol that appears in your browser’s address bar[1].

What are the personal data (or data of personal character) we process per treatment purpose? What is the legal basis for their processing?

  • Visit to the site: When you visit the site for information only, we only collect the data that your browser transmits to our server, the so-called server log files, namely:
    • Date and time of entry to the site
    • The volume of data sent in bytes
    • The browser you used when entering the site
    • The operating system you used when you entered the site
    • Your Internet Protocol address (IP) when you entered the site

Data processing is processed in accordance with Article 6 par.1 (f) of the GDPR, based on our legitimate interest in improving the stability and functionality of our site. The data will not be transferred or will be used in any other way. However, we reserve the right to check the server log files if specific signs of unauthorized use are found.

  • Cookies

Cookies are small text files that are sent to your device when you visit a web page. Cookies are then sent to the source website at each subsequent visit or to another website that recognizes this cookie. Cookies function as a memory on a webpage, allowing the website to remember your device during your next visits. Cookies can also remember your preferences, improve your user experience, and customize the advertisements you see depending on what you are interested in. You can configure your browser so that you do not receive cookies either as a whole or as the case may be. In this case, you cannot have further access to these services.

You can visit the website http://google.com/ads/preferences to set your preferences for Google cookies.

For more information on cookies, including how you can see the cookies set on your device and how to manage and delete them, visit the website https://www.Aboutcookies.org/

Sorts of cookies

Temporary and Permanent Cookies

We may use temporary cookies, which exists until you close your browser. We may use permanent cookies, which are kept for a longer timeframe.

Third party Cookies

Our site may allow the installation of third party cookies which appear on our site. These third-party cookies are not under our control. For further information referring to their use, you can visit the relevant third party website for further information. Details of possible third-party cookies are listed in the table below.

Cookies used on our site

Farebookings.com  This is the booking form through which the customer can book a route with the cars that our company has. The booking form is located at https://farebookings.com/ server, that provides it to our company Traveltransfer. The details required in order to complete the reservation by the customer are Name, surname, address, telephone and email. These data are stored on the server of the company https://farebookings.com/  under the TRAVELTRANSFER account, which is responsible for the management of these data.
WooCommerce  This set of cookies detects data from the shopping cart and consists of 3 different cookies. More specifically, the following: Ø  woocommerce_cart_hash Ø  woocommerce_items_in_cart Ø  wp_woocommerce_session_ The first two cookies contain information about the shopping cart as a whole and help WooCommerce know when changes are made to shopping cart data. The last cookie (wp_woocommerce_session_) contains a unique code for every user, in order to identify where to find the shopping cart data in the database for each customer. No personal information is stored in these cookies.
Cloudflare  These are security-related cookies. The cfduid cookie is used to identify individual customers who use a common IP address and apply security settings per user. It does not respond to any user ID in your application and does not store face identification information.  
WPMLWPML is a cookie used to memorize the language the user chooses, in order to remember the language, when the user returns to the site. The same cookie is used to receive language relevant information when it is not available in any other way.  

You can set up your browser in such a way that you are informed about the setting of cookies and you can either decide to accept them in inidvidually or in whole, or block the acceptance of cookies in some cases. Each browser differs depending on the way it manages cookies settings. This is described in every browser’s help menu, which explains how to change the cookie settings. Follow the links below depending on the browser you are using:

Internet explorer: https://support.microsoft.com/el-gr/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies

Chrome: https://support.google.com/accounts/answer/61416

Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and -websites-data-sfri11471/mac

Please keep in mind that in case you disable / delete cookies, you will not have further access to the services that serve the deleted cookies.

[1]              This paragraph is deleted if the ssl protocol does not apply

  • Web analysis Services

Google analytics:  This site is powered by Google Analytics, a Google LLC web analytics service, 1600 Ampitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses the so-called cookies, which are text files stored on your computer, in order to help our website analyze how users use it. The information generated by cookies about the use of this site (including the IP address) is generally transmitted to a Google server in the U.S. and stored there.

For our part, Google will use this information in order to evaluate the use of the website, compile reports on the activity of the website, and provide us with other services related to the use of the website and the Internet. The IP address transmitted by your browser in the Google Analytics context is not merged with other Google data.

You can refuse the use of cookies by choosing the appropriate settings in your browser, as outlined above. However, we should point out that in this case, you may not be able to use the full functionality of this website. You may permanently refuse to Google to collect cookie-generated data about the use of the website (including the IP address) and process them. You can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en=GB

More information referring to the operation way of the above service can be found here: https://support.google.com/analytics/answer/6004245?hl=en

  • Contact Form: In the context of communication between us (e.g. via the contact form or e-mail form), personal data is collected. The data collected in this case is exactly what you fill in the specific form, i.e. name, address, contact phone number, email address. This data is stored and used exclusively to respond to your request or for the contact and technical management by us. The legal basis for processing this data is our legitimate interest in order for us to respond to your request, which applies to Article 6 par. 1 of the GDPR. If the communication aims to conclude a contract between us, then the additional legal basis is based on Article 6 par. 1 (b) of the GDPR. Your data will be deleted after the final processing of our communication. This will happen if it can be deduced from the circumstances that the communication has been completed, provided that there are no legal claims for the storage of such data.
  • Data processing when opening a client account: Pursuant to Article 6 par. 1 (b) of the GDPR, your personal data will continue to be collected and submitted to process if you provide it to us for the implementation of a contract or the opening of a client account. The data which is collected can be seen from the corresponding entry forms. It is possible to delete the client account at any time. This can be done by sending a message to the above mentioned address of the controller. Once the contract has been fully processed, your data will be blocked and deleted unless you have explicitly given your consent to further use of your data or you have legally accepted the further commitment and use of such data from our website.
  • Data processing for handling payments and orders: In order to process your order, we cooperate with service providers who support us in whole or in part in the execution of the contracts that have been concluded. Certain personal data is transferred to service providers according to the following information: The personal data collected by us will be passed on to the transport company entrusted with the delivery to the extent necessary for the delivery of the goods. We will transfer your payment data to the authorized credit institution as part of the payment processing if this is necessary to handle the payments. The legal basis for data transmission is based on Article 6 par.1 (b) of the GDPR. Personal data regarding your credit or debit cards are not stored in our database in any way. You enter them on the inter-bank co-operation environment’s server and are used only for the need of a given transaction. Your personal data is safely stored on the server hosting our website.
  • Personal data processing in order to send a newsletter: Since you have given us your explicit consent and according to the personal data you have given us, we create your user profiles according to your personal interests and we will send you newsletters that will provide information about products, promotions etc. The legal basis for this treatment is Article 6 par. 1 (a) of the GDPR. At any time you can stop receiving updates from us either by using the relevant delete link at the end of the newsletter or by sending an email to [email protected].

How long do we keep your personal information?

We will retain your personal information for as long as you continue to interact with us (you maintain an Account, are registered to receive commercial communication from us, make a purchase from our online store, contact our customer service points, take part in a competition etc.) and is necessary for the fulfillment of the purposes we have collected and process it, as detailed above, or for the length of time that responsibility could arise from the processing, in accordance with the applicable law, or if these objectives cease to exist, is not required to keep them under a law e.g. for tax purposes. We also maintain them until you ask for their deletion, or what we maintain and process as part of your consent, until you take it back, or until you oppose their processing by us on which we base our legitimate interest.

To determine the retention time of your personal data, we take into account the nature of your data, its quantity, the purpose of its process, its security, etc. You have the right to ask us to delete your data. To exercise your right, please visit the relevant section in this Policy.

TRANSMISSION OF YOUR PERSONAL DATA TO THIRD COUNTRIES

The Company generally maintains your personal data within the European Economic Area. In case data is to be transmitted to third countries outside the European Economic Area for which no European Commission decision is available or International Organizations, all the appropriate safeguards, as provided for in the applicable data protection legislation on the transfers of personal data to third countries, and the relevant information will be posted on the company’s website at https://travel-santorini.gr/.

What are your rights with respect to your personal data?

Information to be provided where personal data are collected from the data subject / have not been obtained from the data subject (articles 13, 14 GDPR)You have the right to be informed about information[1] about your data processing at the time of its download, such as (for example) what data we process, for what purpose, for how long we keep it.
Right of access by the data subject (article 15 GDPR)You have the right to confirm your data processing and to provide you with a copy of your under process data.
Right to rectification (article 16 GDPR)You have the right to request without undue delay the correction of inaccurate personal data and the completion of incomplete data by means of a supplementary statement
Right of erasure («right to be forgotten») (article 17 GDPR)Έχετε το δικαίωμα να ζητήσετε τη διαγραφή προσωπικών σας δεδομένων, το οποίο δύναται να ικανοποιηθεί υπό προϋποθέσεις (πχ ανάκληση συγκατάθεσης/ επιτυχής εναντίωση κλπ)
Right to restriction of processing (article 18 GDPR)You have the right to ensure that the processing of your personal data is restricted if certain conditions are met (e.g. inaccurate personal data, illegal processing, inappropriateness of such data, your objections to processing)
Right to object (article 21 GDPR)You have the right to request the interruption of the processing of your personal data at any time and for reasons related to your particular situation. However, there are legally established cases where this right can not be served.
Automated individual decision-making, including profiling (article 22 GDPR)You have the right not to be the subject of a decision taken solely on the basis of automated processing, including profile training, which produces legal effects that affect you or significantly affect you in a similar way.
Right to data portability (article 20 GDPR)You have the right to receive your personal data from the Company and forward it to another processor without objection by us if the conditions set by the GDPR are met.
Communication of a personal data breach to the data subject (article 34 GDPR)You have the right to be notified without delay by our Company in case of violation of your personal data.

The above rights apply across the whole EU, regardless of where the data is processed and where the Company’s headquarters are located. You may exercise the above rights upon request by sending an e-mail to the mail address of the company [email protected] . We are obliged to respond to you within one month of receipt of your request. It is possible to extend this deadline by another two months, if necessary, taking into consideration the complexity of the request and the number of requests. Surely you will receive through mail information referring to the extension of the deadline and the reason of this extension. In case it is not technically feasible to exercise your rights via email correspondence, you may send an in-paper request to the headquarters of our company, namely 101 Alimountos St., Ilioupoli. The response to your request will be made at the postal address you provide.

[1]  The information to be provided to data subjects under Articles 13 and 14 may be provided in conjunction with standard icons in order to provide a clear overview of the intended treatment in a clear, comprehensible and easily legible manner. If the icons are available electronically, they are mechanically readable.

Transactions’ Security

The https://travel-santorini.gr/ website recognizes the importance of the security of your Personal Data and your electronic transactions and takes all the necessary measures, using the most up-to-date and advanced methods, to ensure maximum security. All information that relates to your personal data and your transactions is secure and confidential. The security of the e-shop https://travel-santorini.gr/ is achieved by the following methods:

Customer Recognition

The codes that are used optionally, for your identification are two: the E-mail (Entrance code) and the Personal Secret Safety Code (Security Password), which each time you enter them grant you access with absolute security to your personal information. You are given the ability to change your Personal Secret Safety Code (Security Password) as often as you wish. You have access to your information through the above codes and you are solely responsible for maintaining privacy and hiding it from third parties. Also, the administrator of the system has access to the Entrance code, but not to the Personal Secret Safety Code (Security Password) that you have entered. In case of loss or leakage of the password, you must immediately notify us, otherwise www.traveltransfer.gr is not responsible for the use of the password by an unauthorized person. We strongly recommend, for security reasons, that you change your password at regular intervals and avoid using the same and easily detectable codes (e.g. birthday).

Firewall

The https://travel-santorini.gr/ e-shop is hosted on a webserver that has “firewall” mechanisms.

Trading Confidentiality

Confidentiality is self-evident. The same basic principles governing classic transactions also apply in the case of e-commerce. All information submitted by the user member of the e-shop https://travel-santorini.gr/ is confidential and all necessary measures have been taken, so that they can be used only insofar as this is deemed necessary in the context of the services provided. The measures taken are as follows:

– Only authorized employees have access to your transaction information and only when necessary, e.g. in order for them to handle your requests.

– If third parties are used to support the systems, https://travel-santorini.gr/ takes care to ensure privacy.

Credit card security

All the actions you make within https://travelsantorini.gr/ concerning the registration and sending of your personal information (including your credit card information) are made in the perfectly secure environment of the partner bank or the electronic payment platform Paypal). In this case, the card data is not stored anywhere but used during its check and debit. So the transactions you make with https://travel-santorini.gr/ via credit cards are absolutely safe.

What are the Company’s obligations when processing your personal data?

The current reference area for processing your personal data may be renewed and enriched in order to monitor legislative developments as well as the experience we will gain from the implementation of the GDPR. For this reason, since you are interested in this subject, you are invited to check this area frequently. Any changes to this Policy will be posted here immediately.

Contact

If you have any questions regarding this Policy, please contact us at [email protected]