1.1. Protection & Processing of Personal Data
Personal Data (IFRS) is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identity identifier, such as name, identity number, location data, on-line identity identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. But also more personal information such as habits, preferences, biometric data, etc.
Every company that handles personal data relating to living natural persons, within the EU, is obliged from 25 May 2018 to fully comply with EU Regulation 679/2016, for the protection of personal data (IFRS). The validity of the Regulation is immediate in all EU Member States.
IFRS collection is a form of processing, such as storage, organization, structure, storage, alteration, retrieval, information retrieval, use, disclosure, deletion, or destruction.
The company must collect IFRS (ie personal information) for the efficient execution of day-to-day business operations and services and, in some cases, for its compliance with the requirements of the legislation and / or regulations it applies.
- Inform natural persons (you) about the IFRS that we collect and process, for what purpose, in what way and for how long.
- Ensure that individuals are aware of their rights and our obligation to be accountable and safe.
- It provides an easy and clear means of securing your consent, as a legal basis for the elaboration of IFRS, and, at the same time, allows you to withdraw this consent whenever you wish.
2. What IFRS we process
When you call us, visit our website, cooperate with us, ask questions or request our cooperation, we may ask you for information (ie IFRS such as: name, address, email, phone, etc.) depending on the type of relationship between us.
You may also choose to provide us with additional IFRS (as in the case of sending a CV) or additional information (such as tax or business details, as part of your briefing or co-operation investigation).
We collect information, directly or indirectly, in the following ways:
- Information that you send or give us, when contacting us or visiting our website, by electronic or other means.
- Information we receive from your use of our services or the services of our partners.
- We use various technologies to collect and store information and these may include the use of technologies such as cookies (see also §7).
- We may use information from ad networks, our customers or third parties to inform you of specific services that may be of interest to you.
- Our website does not in itself collect any information related to the user's behavior, activities and location.
3. How we use IFRS
We use the information we collect (as described above), and in accordance with the consent you have given us, to:
- We process and serve your request for the provision of a tourist service
- We can provide you with personalized and up-to-date services and / or products,
- We will contact you via News letters, according to your registration via the respective form, to inform you about new services or products that may interest you,
- We process the payment
- Answer possible questions you have asked us,
When you contact us we keep a file of the communication messages, so that we can resolve any issues you face.
We do not allow unauthorized entities to access your information without your consent. For all the above, your consent is a necessary condition (see sections 5 & 8 below).
4. With whom do we share your IFRS?
We do not disclose or share IFRS with companies, organizations and individuals outside our company, unless one of the following applies:
- With your consent: We share your personal information with companies, organizations and individuals when we have your explicit consent (see sections 5 & 8 below).
- For lawful purposes: We share personal information with relevant public services when this is reasonably necessary and in order to comply with laws, regulations, legal procedures or government requests.
Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection for them, ensuring that one of the following protection measures is implemented:
- We will only transfer your personal data to countries that the European Commission deems to provide an adequate level of protection for personal data. For more information, see European Commission: Adequacy of personal data protection in non-EU countries.
- Where we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which provide personal data with the same protection as in Europe.
- Where we use providers based in the United States, we reserve the right to transmit data to them if they participate in the Protection Shield which requires them to provide similar protection for personal data shared between Europe and the United States. For more information, see European Commission: EU-US Protection Shield.
5. Your rights & our obligations
5.1 Your rights
Our customers, users of our services and visitors of our website have, within the framework of the Regulation for the Protection of Personal Data, rights (which should not be in conflict with the relevant legislation). These rights of natural persons (you) are:
- Right of access to their IFRS
- Right to correct their IFRS
- Right to cancel their IFRS
- Right to restrict the processing of IFRS
- Right to information regarding the correction or deletion or restriction of processing of their IFRS
- IFR portability right
- Right to object to the processing of IFRS
- Right to object to automated individual decision making including profiling.
5.2 Our obligations
Our obligations include:
- The principle of accountability, regarding the 6 principles governing the processing of IFRS (legality, objectivity and transparency, limitation of purpose, minimization of IFRS, accuracy of IFRS, limitation of storage period, security, integrity, and confidentiality).
Any IFRS treatment is legal only if one of the following 6 conditions applies:
- The data subject has consented to the IFRS processing
- The processing of IFRS is necessary for the execution of a contract, where the subject is a party
- Processing is necessary to comply with the legal obligation of the controller
- Processing is necessary to safeguard the vital interest of the natural person
- Processing is necessary for the performance of a duty in the public interest or in the exercise of public authority delegated to the controller
- The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interest or fundamental rights and freedoms of the natural person prevail.
In addition, we implement the appropriate technical and organizational measures to protect the company and our partners from unauthorized access or alteration, violation or destruction of the IFR we have in our possession. Specifically:
- We monitor data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.
- Access to personal information is restricted and controlled, and these individuals are subject to strict contractual confidentiality obligations.
- In case external partners (for reasons of maintenance or support) have, potentially, access to IFRS, relevant appendices to the existing cooperation agreements cover the requirements of the Regulation.
Throughout the IFRS processing cycle (from the collection to the destruction of IFRS) we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of IFRS. We require similar measures from third parties handling or processing IFRS.
Our website is not intended for children under the age of 16. When our services and products will be used by a child under the age of 16, the explicit consent of the parent is required, in order to process the IFRS of the minor.
6. Access to your own IFRS and your information
Within the rights provided to you by the Regulation, you can request information on your own IFRS or request a correction or restriction on the processing or deletion of IFRSs (see your rights in detail in section 5.1).
In such cases you are required to complete a SAR (subject access request). We are obliged to reply to you within one month of receiving the SAR.
If you wish to complete an SAR application please send a request to: firstname.lastname@example.org
The exercise of the rights of the natural person can always be done within the framework of existing legislation (such as tax or labor law).
Every time you use our services, our goal is to provide you with access to your own IFRS. If this information is incorrect, we strive to provide you with ways to quickly update or delete it - unless we retain this information because required by law or for legal purposes.
7. Information about cookies
You can find out from Link fragam travel cookies about the policy followed by our website regarding cookies.
Please note that you will soon be able to delete cookies from your computer at any time or not accept the use of cookie groups while browsing our website.
8. Your consent and withdrawal
Our company in the context of:
- Its compliance with the Regulation on Personal Data Protection (EU 679/2016) and the relevant national legislation
- Respect for the protection of privacy and security of personal data
and remaining true to the relationship of trust that has been nurtured through long-term cooperation with its travelers, it needs your consent in order to continue to inform you, in print and online, about news and offers of travel destinations and travel packages.
In order to give or withdraw your consent for your information, at any time, contact us at email@example.com or use the links you will find in our emails.
Our Travel Agency will collect and process IFRS only where it can legally do so, such as:
- (a) Requirement of relevant legislation,
- (b) Processing necessary for the performance of a contract of which the natural person is a party
- (c) Processing necessary to comply with the company's legal obligation,
- (d) Treatment necessary to safeguard the vital interests of the natural person.
Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679 / EU, and in general the current national and European legislative and regulatory framework for the protection of personal data. and competent courts for any outstanding disputes related to IFRS Your data are the competent Courts of Athens.
We update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will post this update on our website.
We encourage you to read this Policy at regular intervals to know how your Data is protected.
10. Ways of communication
IFRS Processing Officer
Name: Fragkiadakis Michalis
Phone: +30 2810824834