1.INTRODUCTORY NOTE – WHO WE ARE
For years, we know very well that every trip has its own meaning, its own adventure, its own beauty. Now, every trip has its own convenience! With TRAVELFERRY, the new platform for booking and buying ferry tickets, you organize your trips easily and quickly, from the comfort of your home! TRAVELFERRY is our new proposal for the online purchase and booking of ferry tickets. Easy to use, reliable and secure for your financial transactions, it takes you to all your favorite destinations with one click! Guided by the many years of experience of Giovanti Travel in coastal shipping and tourism, we offer quality services and professional service. Our call center and our partners combine know-how, courtesy, continuous training, ensuring the best possible start for carefree and enjoyable trips! Because for all of us, the people of TRAVELFERRY, your journey is always important to us, we always are keeping safe the data of all users who visit our website!
We inform you that we have appointed a Data Protection Officer for the data that we receive and we are making a list of the duties of the Data Protection Officer appointed by our company, to perform, among others, the following tasks: a) The Data Protection Officer informs us and advises us on the obligations regarding the protection of your personal data, b) The Data Protection Officer monitors our compliance with current legislation regarding the protection of personal data, through the assignment of responsibilities, awareness and training of our employees involved in processing operations, and related controls. c) Our Data Protection Officer provides advice, when requested, regarding the impact assessment regarding the protection of your personal data, d) cooperates with the Hellenic Data Protection Authority (hereinafter "HDPA"), when the circumstances so require; e) The Data Protection Officer acts as our point of contact with the HDPA for issues related to the processing of personal data. The name of our company: TravelFerry belongs to the company with the name Markou Hotel and tourist company S.A. , based in Piraeus.
Postal Address: Akti Poseidonos 26, 18531 Piraeus (1st floor).
Contact Phone: +302104115000
E-mail address: firstname.lastname@example.org
E-mail Address of the DPO: email@example.com
You always could file a complaint at any time you wish to the supervisory authority of your country regarding data protection issues. In Greece, this authority is the Greek Authority for the Protection of Personal Data and you can find relevant details through the following link: www.dpa.gr. However, we would love to, and we would be really happy, if we were given the opportunity to address your concerns before you approach the Data Protection Authority, so please contact us first, using the contact details listed above.
Furthermore, you should know that, when you make a reservation through our Website, you enter into a contractual relationship with us. A necessary condition for the completion of a reservation through our website, is the collection, management and processing of your personal data. Your personal data are collected in order for us to be able to fulfill our contractual obligation to you, for specified, explicit and legal purposes and not to be further processed in a manner incompatible with those purposes (Article 5 (1b) of Regulation (EU) 2016/679). In this contractual relationship in which You are the Subject of Personal Data, our Company operates either as the Responsible Processor of your Personal Data or as the Executor of the Processing (Article 4 of Regulation (EU) 2016/679).
4.User / Visitor Rights regarding access in accordance with Article 15 of the GDPR, or correction in accordance with Article 16 of the GDPR or deletion in accordance with Article 17 of the GDPR or restriction of processing in accordance with Article 18 of the GDPR and limitation of portability
Firstly we want you to know that you have the right to request an overview of your personal data processed by our company or on behalf of our company. You also have the right to correct, delete or restrict the processing of your personal data as appropriate. You may also exercise these rights by contacting us by email at firstname.lastname@example.org and submitting a request to this email address.
A)You have the right to be informed upon request and free of charge, in accordance with Article 15 (1) of the GDPR, about the personal data we have stored about you. This includes in particular:
- the purposes of the processing of personal data,
- the categories of personal data we process,
- the recipients or categories of recipients to whom the personal data concerning you are disclosed or will be disclosed,
- if possible, the period for which the personal data will be stored or, where this is not possible, the criteria for determining that period,
- the existence of a right of request to the controller for the correction or deletion of personal data or a restriction on the processing of personal data concerning the data subject or a right of objection to such processing,
- the right to lodge a complaint with a supervisory authority,
- any available information about their origin, when personal data is not collected by the data subject,
- the existence of automated decision-making, including profiling, provided for in Article 22 (1) and (4) GDPR and, at least in such cases, important information on the logic followed and processing for the data subject.
When personal data are transmitted to a third country or to an international organization, the one who these data belong to, has the right to be informed of the appropriate guarantees in accordance with Article 46 of the GDPR on the transmission.
B)You have the right to demand from us, in accordance with Article 16 of the GDPR, without undue delay the correction of inaccurate personal data concerning you. For the purposes of the processing, you have the right to request the completion of incomplete personal data, including through a supplementary declaration.
C)You have the right to request from us, in accordance with Article 17 of the GIP, the deletion of personal data without undue delay, if one of the following reasons applies: • personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- withdraw your consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for the processing,
- oppose processing in accordance with Article 21 (1) or paragraph 2 of the GDPR and there are no compelling and legitimate grounds for processing in accordance with Article 21 (2) of the GDPR,
- personal data was processed illegally,
- personal data must be deleted in order to comply with a legal obligation,
- personal data has been collected in connection with the provision of information society services referred to in Article 8 (1) GDPR.
Once we have already disclosed your personal data and afterwards, we are required to delete them, considering the technology available and the cost of implementation, we will take reasonable steps to inform third parties who are processing your personal data that you have requested to delete any links with such data or copies or reproductions of such personal data.
D)You have the right to ask us to restrict processing in accordance with Article 18 of the GDPR, when one of the following conditions applies:
- question the accuracy of personal data,
- the processing is illegal and instead of deleting you request the restriction of the use of personal data,
- the controller no longer needs personal data for processing purposes, but this data is required by the data subject to establish, exercise or support legal claims,
- or have objections to processing under Article 21 (1) of the GDPR, pending verification as to whether the legitimate reasons of the controller override the reasons of the data subject.
E)You have the right under Article 20 of the GDPR to receive the personal data concerning you, which you have provided to us in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another responsible person. processing without objection from us when:
- processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or in a contract in accordance with Article 6 (1) (b) of the GDPR;
- processing is performed by automated means.
When exercising your right to data portability, you have the right to request that personal data be transferred directly from us to another controller, if this is technically possible.
At this point it is necessary to inform you that regarding the requests that are submitted but do not meet the requirements set by the current legislation or the guidelines of the Company, they may be requested to be re-drafted or rejected, and that some personnel data may be exempt from such requests for access, correction and deletion in accordance with applicable data protection laws and other laws and regulations. You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and in some cases, we will transfer your data to another processor upon request, if this is technically possible.
5.Right of Users pr/and Visitors to raise objections according to article 21 GDPR
Subject to Article 21 (1) GDPR, you may object to the processing of data for other reasons arising from the specificity of the situation. We would like you to know that under the terms of Article 21 (1) GDPR you may request in certain cases that we stop processing your personal data, but if there are compelling legal reasons, we will continue to process your personal data. In any case, you have the right to object to our use of your personal data for direct marketing purposes, including profile training, and if you do, we will comply with your request. It is particularly important to emphasize here that if you consent to let us use your personal data, you have the right to withdraw your consent without prejudice to the lawfulness of our processing of such data prior to the withdrawal of your consent.
The above general right of objection applies to all data processing purposes described in these data protection terms, where the data are processed under Article 6 (1) (f) GDPR. Unlike the special right of objection concerning the processing of data for advertising purposes (see above), we have an obligation under the GDPR to exercise this general right of objection only if you give us reasons of paramount importance, e.g. a potential risk to life or health. In addition, it is possible to contact the competent supervisory authority or the data protection officer of TravelFerry.
6.Preservation of personal data
It should be noted at this point that the personal data of the visitors / users are kept exclusively for the period required for the fulfillment of the purpose for which they were collected, in full compliance with applicable law. Furthermore, when the purpose of processing your personal data is completed, then they are deleted. The specific retention periods for each of the relevant processing purposes are set out herein as appropriate.
7.With whom and how we share your personal data (recipients of personal data)
We must inform you that there may be a need to share your personal data with third parties to help us provide you with services and products and to manage our website. For who these third parties may be, see below an indication of who they may be. Thew following list is not restrictive : a) shared information systems within the group, b) service providers, when required, to provide us with a service and provision of data analysis services (eg provision and maintenance of accounting software, shipping companies, ticketing agencies, certified auditors), c) service providers that help us organize campaigns and promotions, d) advertising companies, e) media agencies for marketing and research purposes; provided to those third parties.
Furthermore, we would like to inform you that in cases where the company to which TravelFerry belongs, as the controller of these data, transmits your data to third parties performing the processing, on the one hand the company itself determines the individual elements of the processing (way, means, retention period etc.) and on the other hand signs a special contract with the processors in order to ensure that the processing will be carried out in accordance with the applicable legal framework, that appropriate measures will be taken to protect the confidentiality and security of personal data and that any natural person he will be able to exercise his rights freely and unhindered.
This data can also be transmitted for the fulfillment of contractual obligations to companies within the BLUE STAR FERRIES as well as to other cooperating shipping companies respectively.
It is also important to know that these third parties may be based in the European Union or in other countries of the European Economic Area or in other parts of the world. When storing personal data outside the EEA we ensure an appropriate level of protection of the transferred data. If we are going to transmit your personal data to a third country, ie to a country outside the EEA or to an international organization, you will be informed before transmitting them, in accordance with the provisions of Article 13 (1) f of the GDPR. Finally, we may need to provide personal data to law enforcement in order to comply with a legal obligation or court order.
9.What personal data do we collect and how do we collect it?
- Information/Data when buying tickets.
If you purchase a ticket, you will be asked for your name, gender, age, country of birth, email address, telephone number and payment details (bank card number and details). We need this information to complete the execution of the contract between us and to comply with our legal obligations (PD 23/1999). In some cases, you may choose to provide us with other information, possibly health data, in order to secure the issuance of discount tickets (eg student status, capacity of three / multiple children, status of insured with NAT / disabled). This data is kept for as long as it is necessary for the legal protection of the company.
Purchasing tickets using credit / debit cards or anything else is done in the following ways:
- Alpha Bank via Cardlink with redirect directly to the bank environment
- Paypal with redirect directly to the paypal environment.
In the burger menu of our website at the bottom of it as well as in the page of payments there are logos that show that the payments cover the security protocols.
- Information/Data when you contact with us.
When you enter our website and you may have a question or a comment, you can submit it to our Company by filling it in the contact form available on the website. You will be asked to provide your e-mail information as well as information about your request / question / comment. We will use this information only to answer your question / comment. We will record your requests, your questions / comments and our respective answers and any other actions to manage your request / your communication. All information will be retained for 12 months after your question or your complain and for 12 months after your case has been settled or closed.
- Information/Data when you provide us with your e-mail address (e-mail) so that we can send you, our newsletter.
We will use your email address to inform you about new or existing products and / or existing or future offers and / or other services we provide. You can revoke the relevant consent at any time you want.
- Information/Data when participating in campaigns, prize draws, contests.
In case you decide to take part in contests, lotteries or other events / campaigns, you will be asked for various information such as your name, email address, telephone number and answers to any open questions in the contests. We need this information to process your participation and to be able to contact you about the gift you may have won. You may also be asked for your physical address or other information that may be required to send you gifts / tickets / products by mail. All information about your participation in our campaigns, prize draws and contests will be kept by us for a maximum period of 12 months after the end of the contest. The information will not be used for other purposes unless you have been expressly informed of such purposes and / or your prior consent has not been sought. We inform you that we also collect information from the Company's social media (eg Instagram, Facebook, Twitter) of the Company (eg for participation in company competitions) that are necessary for registration or connection, for which you have give the social media provider permission to share with us, such as your name and email address. The collection of other information may depend on the privacy settings you have established with your social media provider, so please review the service's privacy statement or policy. Please note that the retention period of your personal data collected through the competitions on social media is 12 months.
- Information/Data about your visit and use of our website
We inform you that we collect certain data and information when you enter our website, such as your IP address, device category, browser and web browser type, clicks and views. The information about your use of the website and services allows us to make categorizations, ie to form groups of website visitors or customers with certain common characteristics, such as age group, gender or region. It is possible to add you to one of our categories. We use the categories to personalize our web page and, for example, to change the order in which certain topics are viewed so that you are more likely to see them. We may also use the categories to display online ads that we think that they interest you and to send you commercial messages. We use these personal data in order to promote our products and services to our consumers and our website visitors, as required by our legitimate interests and we use them in order to attract more consumers, and to improve the sales of our products and services. We retain these personal data for a maximum period of 12 months.
- Promotion of Products - Marketing
Moreover, it should be noted that there are cases in which we combine information about your online searches (clicks and views), your settings on our website, your customer service requests and your contact history. This information allows us to use different channels to manage the relationships and marketing of our products and services to you via e-mail, advertising, social media, telephone or online advertising, which may include content personalization. and website offers to suit your preferences. You may opt out of receiving newsletters, promotional mail, social media and phone calls, and you may object to our use of your personal data for direct marketing purposes (for more information on this process, read the following paragraphs of this policy). We emphasize that the use of this personal data is deemed necessary and required, in the context of our legitimate interests, in order to enable the promotion of our products and services to our customers and visitors to our website, to be able to attract more customers and improve the sales of our products. We retain personal data as determined in accordance with the relevant purposes for which personal data has been collected (eg. when you visit our website, to participate in prize draws). Personal data are usually deleted or made anonymous within a maximum period of 12 months.
- Information/Data on the maintenance and optimization of our website
It should be further emphasized that your personal data are also used for the maintenance and analysis of our website, in order to resolve performance issues, improve availability and user experience. We record every use of our website. The use of your personal data for these purposes is necessary in the context of our legitimate interests and the information are retained for a maximum period of 12 months. The logs of the use of the website will be deleted within 12 months after their creation.
10.Purposes of using the personal data of the visitors of our website.
We present below the set of ways in which we intend to use your personal data and describe the respective legal bases on which all our actions are based. Next, we also describe, depending on the circumstance, what our legitimate interests are.
We emphasize at this point the retention of our right to process your personal data for more than one legal reason depending on the specific purpose for which we use your data. You can contact us in case you need clarification for the specific legal reason on which we rely to process your personal data. In addition to the following terms, we describe more than one reason why we rely on these actions:
A) Firstly, we note the provision of the Company's services:
We collect and use your data mainly to provide you with our services (sale of ferry tickets) and to execute the relevant contract that you wish. This contract cannot be executed without processing your data.
It is noted that the legal basis of this elaboration is the execution of the contract between us in accordance with article 6, paragraph 1 (f) GDPR.
Furthermore, in the event that you voluntarily choose to provide health data or other data (eg capacity of three children / insured NAT) that apply to you in order to be included in the respective discount category, the legal basis for processing your health data is your explicit consent. You have the right to revoke your consent to the further processing of your personal data by sending a message to email@example.com, but revoking your consent does not affect the legality of the processing prior to the revocation. Also, if you participate in any of our customer surveys, this is done on a purely voluntary basis. No information is stored during this anonymous investigation, which allows conclusions to be drawn for the research participant. Only the date and time of your participation are saved. Any personal information you provide in response to our inquiry is deemed to have been given voluntarily and is stored in accordance with the GCC. Please do not enter your name or similar information in the free text fields, which allows conclusions to be drawn for you or others. In the case of a declaration of consent in the context of a customer inquiry, the legal basis for data processing, which is based on consent, is Article 6 (1) (a) GIP. Once you have given consent as part of a customer survey, you have the option to revoke that consent at any time with effect for the future. More detailed arrangements for these cases can be found in the specific data protection authorities of each customer investigation.
B) Support of information systems and / or at the same time the development and improvement of the provided services: We use your personal data in order to detect problems on the server and to ensure the proper operation of our website. TravelFerry, which belongs to the above-mentioned Company, uses the personal data of the users, which it collects through the website, in order to offer new services through the website or to improve the services already provided. It is noted that the legal basis of this processing is the legal interest of the Company to ensure the smooth operation of its website and to improve the services provided by it.
C) We expressly state that we owe to comply with our legal obligations: When we receive relevant warrants from courts or public authorities, we may process your personal data in order to respond to these requests. It is noted that the legal basis of this elaboration is the compliance with our legal obligations.
D) In addition, we note that we use the information of your personal data in order to conduct corporate competitions by processing this personal data that you submit through the website and social networks for your participation in our company competitions. In other words, you have the opportunity through our website, from our newsletter to participate in competitions. Unless otherwise provided by the specific data protection authorities of each competition or if you have not given us additional express consent, the personal data you provided to us in connection with the competition will be used solely for the conduct of the competition (eg announcement of winners, notification of winners, sending of the prize). The legal basis for data processing is in principle Article 6 (1) (b) of the GDPR. In the case of a declaration of consent in the context of a tender, Article 6 (1) (a) GDPR is the legal basis for the processing of data based on consent. Once you have given your consent in a contest, you have the option to revoke that consent at any time with effect for the future. More detailed arrangements for these cases can be found in the special data protection authorities of each tender.
Recipients / categories of recipients: The transfer to third parties takes place only if this is required for the processing of the tender (eg sending the prize through a cooperating company). As a rule, further transmission to third parties is excluded. Storage duration / criteria for determining the storage duration: After the end of the competition and the announcement of the winners, the personal data of the participants are deleted. In the case of prize material, the winners' data is kept for the duration of the legal guarantee warranty, so that post-defect recovery or exchange is possible in the event of a defect. It is noted that the legal basis of this processing is the execution of the contract, ie by participating in the tender you accept the terms of this contract and enter into a contract with the Company).
E) It is further noted that we use the information of your personal data in order to promote the products and services of our Company: The information about the use of the website and our services enable us to create sections, which group the visitors of our website and consumers with common characteristics such as age, gender and region. The sections are then used to customize our website and change e.g. the order of your search results or you get an ad that we think is relevant to you. We also can process your data that you have posted on social media (for example, if you are participating in a corporate competition through a social network), provided that you have given the social media provider permission to share it with us. The legal basis for the abovementioned treatment is Article 6 (1) (f) GDPR or, where appropriate consent, Article 6 (1) (a) GDPR. The processing of existing customer data for the same advertising or third party advertising purposes should be considered a legitimate interest.
G) Furthermore, it is noted that we use the information of your personal data in order to send the TravelFerry newsletter with our company products. For this reason, we will send you our newsletter when you have given us your consent for it or when a transactional relationship between us has preceded in accordance with what is provided in article 11 par. 3 of law 3471/2006. It is noted that the legal basis of this processing is your consent (when you fill out the relevant form on our website) or our legal interests (when you are already our customers) while at the same time the legal basis for processing data in the context of sending the newsletter is consent in accordance with Article 6 (1) (a) GDPR. It is emphasized at this point that in any case you will have the right to declare at any time if you no longer wish to receive our newsletter and in case you make such a decision, your decision will be fully respected by us and our company.
For any dispute arising from the use of this website, the Greek courts will have exclusive jurisdiction.
13.Data Protection Officer
You can contact the Company Data Protection Officer for asking questions regarding the processing of your personal data at firstname.lastname@example.org .