Personal data protection policy
Our business under the name “Holidayplan -Spyridon Chergkeletzakis” based in: Piraeus, Rodopis Street, Number: 90 Tel: 2104620120 and electronic contact address: firstname.lastname@example.org, in its capacity as Data Controller, provides information on our processing of your personal data.
1. Definition of the term “personal data”
The term “personal data” means the information referring to an identified or identifiable natural person, (in vivo) such as: name, surname, address, email, telephone number etc.
2. What is the Processing of Personal Data?
Any act or series of acts performed or not by automatic means, personal data or personal data sets, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, limitation, erasure or destruction.
3. What data do we collect?
We only collect and process from our business the necessary personal data from our consumers and only to perform these obligations arising from the parties’ agreement. Except for any data collected by Cookies, the data is limited to what you have provided explicitly for that purpose and provided you have given your consent. We also collect information when you visit our sites with a prerequisite that you have consented thereto, which consent is presumed from the consent form by filling the corresponding fields.
Identity data such as name, surname, personal e-mail address.
An identifier (IP address) for security purposes and a smooth operation of our website and services.
4. Why we collect your personal data
The processing of your data is carried out either by our Company’s specially authorized personnel or by our computer systems and electronic devices. Your personal data will be requested only when you make a reservation, pre-booking and are necessary for the execution of the tourist services you have requested and we provide you.
In general, your data is processed to provide you with the following services:
a) Lease from our company of vehicles with driver owned by us and our co-operating vehicles for transporting you to hotels, airport, tourist attractions and organized excursions.
b) Reservation in hotel units
c) Reservation of ferry tickets
d) Rental yacht
e) Lease of aircraft and helicopters
5. Legalization for the use of your personal data.
Our business collects your personal data that is necessary to meet the tourist services we offer you at your request. It also collects your personal data. It also collects your personal data in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public or law enforcement agency.
6. How long will your data be retained?
The personal data processed by our business are compulsorily complied with throughout the processing goal and up to seven (7) years after the expiration of our collaboration. Upon expiration of this period, the data is destroyed and deleted without your consent being required unless otherwise specified in the text by the legislative and regulatory framework so as to be able to meet its legal obligations relating in particular to compliance with the Taxation legislation or in so far as it is necessary to safeguard the rights of the enterprise before a court or other competent authority. Items in the physical store are not destroyed or deleted for tax purposes
7.What are your rights?
We would like to inform you that, under the applicable law, you have and you can exercise the following rights
a) The right of access to your personal data as well as to the processing information
b) The right to correct inaccurate and fill in any incomplete data
c) The right of deletion (“right to oblivion”). You have the right to ask for the removal of your personal data held by our company after our services have been completed and unless compliance with the Law is not required.
d) The right to limit the processing of your data to the cases expressly provided by the law
e) The right to transfer your data to another – but not to us – controller as well
f) Your right to object to the processing of your personal data in cases expressly prescribed by the law. The exercise of one of these rights is done by submitting your relevant written request to our Company, which we undertake to respond within one (1) month of receipt.
g) The right to withdraw consensus-consent.
In any case, if you find yourself violating your privacy, you have the right to have recourse to the Hellenic Data Protection Authority. (Kifisias 1-3, Postal code: 115 23, Athens, tel:210 6475600, website: www.dpa.gr,email: email@example.com) Our company will inform the competent authorities within 72 hours of the system breach event, and our customers whose data was lost.
8.Who can I contact for any questions / issues?
For any questions, clarifications or requests regarding the protection of your personal data, please contact us at our e-mail addresses “firstname.lastname@example.org”
Newsletter: Our business allows you to choose if you want to be informed about our promotional activities, such as special offers etc.).
Website update services: The company provides information services for its customers.
9. What is the legal basis for processing your data from the Company?
Your data is processed in accordance with: a) the terms of our contractual relationship; b) your consent; c) the obligations of our company arising from the law (eg tax legislation, etc.) the legitimate interest of our Company.
10. What are the recipients of your data?
Our company guarantees that it will not transmit, notify, concede of your data to third parties for any purpose or use unless this is made mandatory by applicable law or is required by public / judicial bodies / authorities.
Access to your data is provided by our confidential business staff and our collaborating vehicles that are committed in writing on terms that comply with applicable law and are fully associated with the transfer of our customers.
11.What protection does our website have?
Our website features modern dynamic antivirus protection programs (ClamAV) provided by current versions of cpanel. Our business is committed to keeping confidentiality, not to send to third parties without your permission, to take appropriate security measures and to comply with the legal framework for the protection of your personal data, in particular Regulation 679/2016 / EU (otherwise GDPR).
12. How can you control the use / deletion of your personal data
You may control the use / deletion of your personal information by contacting our email address “email@example.com”.
13. How can you exercise your rights?
In order to exercise your rights, you can submit a request by sending us
§ If you wish to correct your data in your user account, you can log in to it and make any corrections or changes without a request being necessary.
§ If you wish to withdraw your consent to a newsletter, you can do so by selecting the link “To delete from newsletter list click here” link at the bottom of each newsletter.
14. When do we respond to your Requests?
We will respond to your requests free of charge, without delay, and in any case within (1) one month after we receive your request. However, if your request is complex or there are a large number of your requests, we will notify you within one month if we need to take another two (2) months extension within which we will respond to you.
If your claims are manifestly unfounded or excessive due in particular to their recurrence, the undertaking may impose a reasonable fee, considering the administrative costs of providing information or executing the requested action or refusing to respond to the request.
15. What is the applicable law when processing your Data from us?
Applicable law is Greek law as formulated in accordance with the General Regulation on the Protection of Personal Data 2016/679 / EU and in general the current national and European legislative and regulatory framework for the protection of personal data.
Suitable Courts for any emerging disputes relating to your data are the competent Courts of Athens.