The aim of this document is to explain how Travel the Greek Way (hereafter also referred as “we” or “us”) collects, processes and protects personal data that you provide when communicating with us through any media, included but not limited to online Travel the Greek Way’s request form, chat, phone, emails and texts.

This information is required to be provided by the General Data Protection Regulation (article 13; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016).

Please note that Travel the Greek Way does not carry out any automated decision-making.

1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

For any data protection concern, please contact Evgenia Mataragka at the address info (at) travelthegreekway (dot) com.

2. PURPOSES AND LEGAL BASIS FOR THE PROCESSING

Travel the Greek Way collects personal data for the following purposes:

a. To provide our services to you

This is the main reason why we need to collect personal data. We need information about you for answering tour requests (made with our online form), drafting itineraries, sending invoices, organising and following up tours.

b. To improve your customer experience

We process your personal data to improve our services. This includes tailoring our services to your needs and preferences, facilitating the use of our website by analysing the browsing history its users and sending promotional contents by post, email or online advertisement.

If you have requested to use or have used our services and have provided personal data to Travel the Greek Way in this context, we may use your contact details to send you marketing emails about similar services, unless you have opted out. You can opt out at any time by clicking on “unsubscribe” in promotional emails or by contacting us at the address displayed here above.

c. To comply with the law

In some cases, we are legally required to collect some personal data. This is the case when banks conduct anti-fraud checks or in the event of formal request by a government entity.

For this purpose, the legal ground for personal data collection is the compliance with a legal obligation.

3. TYPE OF INFORMATION COLLECTED

Collected personal data includes:

– Contact details, such as name and surname, phone number, email address, and physical address;

– Personal details, such as family members, personal preferences, pets;

– Travel information, such as passport details, catering preferences, departure location, destination and time of your flights;

– Bank details, when a credit card is used to book or pay for our services;

4. RECIPIENTS OF THE PERSONAL DATA

Collected data are processed by the employees of Travel the Greek Way. The employees having access to your data is limited to those whose assistance is needed for the intended activity.

In addition, under the circumstances listed below, we will share your personal data with the following people:

– When we need to store your data: Cloud storage providers;

– When we communicate by e-mail with you: Email services providers;

– When you use our website: Analytic tools and the website’s IT developers;

– Upon payment, when we are asked to provide information against fraud: Banks;

– When you book or pay with a credit card: E-payment interface provider and payment service providers;

5. STORAGE PERIOD OF THE PERSONAL DATA

Personal data are stored as long as necessary to fulfil the purposes set out here above. This means that data will generally be stored for the time needed for the performance of the contract and possible future contracts with Travel the Greek Way. Some personal data will be stored longer for us to comply with legal obligations, such as tax purposes.

6. YOUR RIGHTS

Under the General Data Protection Regulation, you have the following rights:

a. Right to request access to personal data (art. 15 of the Regulation)

b. Right to request rectification of personal data (art. 16 of the Regulation)

c. Right to request erasure of personal data, also referred to as the “right to be forgotten” (art. 17 of the Regulation)

d. Right to restrict the processing of personal data (art. 18 of the Regulation)

e. Right to object to the processing of personal data (art. 21 of the Regulation)

f. Right to data portability (art. 20 of the Regulation)

g. Right to lodge a complaint with a supervisory authority

Athens, September 2020