Datenschutzerklärung |
1. INTRODUCTION
The purpose of this Privacy Policy is to explain:
a) what personal data we collect about you and the purposes we collect, use and share such data,
b) how we use the personal information you have shared with us so that you have a great experience when using this website and
c) your rights and choices regarding the personal data we collect and process and how we protect your privacy.
For the purposes of this privacy policy, any reference to “Athinas”, “we”, “us” and “our” means Athina-Papagianni-Avgouladaki.
This Privacy Policy forms part of the terms of use (“TOU”) of our website http://www.athinas.com (hereinafter the “Website”). We fully comply with the provisions of European Regulation 2016/679 for the protection of individuals against the processing of personal data and for the free circulation of such data” as implemented by Greek law with the Act 4624/2019.
The term “personal data” refers to information and data which are capable of identifying the subjects of such data. Such data can, e.g., relate to your personal or objective situation, in particular your name, date of birth, e-mail address, telephone number and / or postal address.
We process your personal data to offer our website and to perform our services of information and/or sale of products. Furthermore, we may process your personal data for statistical purposes, for compliance with our legal obligations and for the legitimate interests we pursue (see further below), except where such interests are overridden by your interests or fundamental rights and freedoms. We do not use your personal data in any way other than as stated in this Privacy Policy.
“Processing of personal data” is a term that includes collection, recording, organization structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
We use cookies on our website. To the degree that those cookies are not strictly necessary for the provision of our website and sale of products, we will ask you to consent to our use of cookies when you first visit our website.
By consenting to this Privacy Policy including our Cookies Policy, you consent to our processing of your personal data in accordance with the terms herein and you accept the practices described herein.
We maintain and process your personal data with confidentiality and respect to your privacy, in the context of the provision of services and products.
2. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
For the purposes of this Privacy Policy, the data controller is Athinas.
3. PERSONAL DATA COLLECTED
Data we collect from you when you visit this website:
(a) device data: device identity, operating system and version installed on the device;
(b) time, date, duration of the visit, user location, IP address, browser information, browser language or related information.
This information is collected in order for us to be informed about the visit to the website. We limit the collection of data to what is absolutely necessary, in order to achieve compliance with the data processing principle, which concerns the minimization of data processing.
Data we collect from you when you visit and subscribe to this website:
(a) device data: device identity, operating system and version installed on the device;
(b) time, date, duration of the visit, user location, IP address, browser information, browser language or related information;
(c)
Voller Name
Last name
Address
Email address
Home phone number
Mobile phone
Data we collect from you when you visit, register on this website and place an order:
(a) device data: device identity, operating system and version installed on the device;
(b) time, date, duration of the visit, location of the user, IP address, browser information, browser language or related information,
(c)
Voller Name
Last name
Address
Email address
Bank card number
Home phone number
Mobile phone
VAT NUMBER
Data we collect from you when you connect to our website through other websites:
If you link or connect to our website through a third party service (e.g., Facebook, Instagram, Google), the third party service may send us information such as your registration and profile information (i.e. user name, user ID associated with your social media account, picture, e-mail), and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website.
4. WHY DO WE COLLECT USERS PERSONAL DATA?
Users’/customers’ personal data will be processed by hand or by using electronic means that are such as to ensure, in relation to the purposes for which such data is communicated and collected, data security and confidentiality, as well as to prevent unauthorized access to such data, for the time strictly necessary to achieve the purposes of its collection.
Data will be processed at the legal and operational headquarters of Athinas and at the server of Athinas.
In general terms, we use users’/customers’ personal data to provide them with the services requested, process payment, provide customer services, sand notify about important changes to the tour reservation.
More specifically, we use personal data:
A. for data collection, storage and processing for the purposes of establishing and managing, in operational and administrative terms, the contractual relationship connected to the supply of the service requested;
B. to send communications by e-mail regarding the contractual relationship with the user/customer, including the issuance of invoices. to comply with statutory or regulatory obligations and requests;
C. for data collection, storage and processing to carry out anonymous and/or aggregate statistical analyses;
D. to keep our website and system secure and to prevent and detect fraud, security incidents and other crime;
E. to verify compliance with our terms and conditions and for the establishment, exercise or defense of legal claims;
F. to issue the required tax documents in furnishing our services related to sales.
Should the user/customer refuse to supply his personal data, he may not obtain the services required in relation to the purposes set out in points A) and B) above. In addition, Athinas may be prevented from supplying the service correctly and from complying with its contractual obligations set out in the terms and conditions.
5. ON WHICH LEGAL BASIS WE PROCESS USER’S PERSONAL DATA?
We will process user’s personal data where it is necessary on the following legal basis:
• 5.1. to fulfill a contract, or take steps linked to a contract, including in order to provide our offering, process your payment and to respond to enquiries and booking made by the user;
• 5.2. to comply with the law and for establishing, exercising or defending our legal rights;
• 5.3. to pursue our legitimate interest:
◦ 5.3.1. improving our websites, its features and our services;
◦ 5.3.2. marketing;
◦ 5.3.3. improving our services and offerings;
◦ 5.3.4. ensuring the security of the website;
• 5.4. where you give your consent.
6. WHO HAS ACCESS TO USERS’/CUSTOMERS’ PERSONAL DATA?
Athinas will make sure that all personal data supplied thereto is not disclosed and is processed in such a way as to guarantee its security and confidentiality, as well as to prevent unauthorized access thereto. All personal data and information provided by users/customers may be communicated, for the purposes set out above, to the following categories of parties:
• 6.1. Athinas employees and/or collaborators (e.g. banks) who assist in the provision of the services provided as well as those in charge of maintaining Athinas’s network and hardware/software equipment
• 6.2. Any other third party as Athinas may think is necessary to whom data communication is required for contract performance.
• 6.3. The parties whose right to access data is recognized by statutory provisions or by orders issued by the competent authorities
• 6.4. The parties that are delegated and/or appointed by the Data Controllers to carry out activities related to service supply.
7. HOW LONG WE RETAIN YOUR DATA?
We will keep your personal data in relation to the services we provide you with. Your personal data will generally be stored for up to ?? years. We may, however, keep your personal data for longer than ?? years if we need it to fulfil our contractual obligations to you, the law requires us to maintain it for a longer period or you have not withdrawn your consent.
8. TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF EUROPEAN ECONOMIC AREA (EEA)
Some third parties to whom we may transfer your personal data may be located outside of the EEA. In the event of a transfer, we will seek to ensure that appropriate safeguards to protect your data are in place which could include entering into a data transfer agreement with such third parties to ensure adequate protection for your information.
9. WHAT ARE YOUR DATA RIGHTS?
Your principal rights under data protection law are:
(i) the right to access;
(ii) the right to rectification;
(iii) the right to erasure (‘right to be forgotten’);
(iv) the right to restrict processing;
(v) the right to data portability;
(vi) the right to object to processing;
(vii) the right to complain to a supervisory authority; and
(viii) the right to withdraw your consent.
(i) The right to access: You have the right to confirmation as to whether or not we process your Personal data and, where we do, access to the Personal data that are processed, together with some additional information that include: (a) details of the purposes of the processing, (b) the categories of personal data concerned and the recipients or the categories of recipients of your personal data, (c) the periods your personal data are retained or the criteria upon which such periods are determined, (d) your rights under (ii), (iii), (iv), (v) and (vii), (e) when your personal data are collected by third parties, details as to their source, guarantees in relation to international transfers of your Personal data etc.
Provided that the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided
to you free of charge, but additional copies may be subject to a reasonable fee. For a copy of your personal data please send us a written notice to this e-mail: [ ??? ]
(ii) The right to rectification: In case of any inaccurate personal data about you, you have the right to request that the inaccurate personal data is rectified. Taking into account the purposes of the processing, you have the right to request that any incomplete personal data about you is completed.
(iii) The right to erasure (‘right to be forgotten’): In some circumstances you have the right to request the erasure of your personal data without undue delay. Those circumstances include: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw consent to consent-based processing; (c) you object to the processing under certain rules of applicable data protection law; (d) the processing is for direct marketing purposes; and (e) the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary (a) for exercising the right of freedom of expression and information; (b) for compliance with a legal obligation; or (c) for the establishment, exercise or defense of legal claims.
(iv) The right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: (a) you contest the accuracy of the personal data; (b) processing is unlawful but you oppose erasure; (c) we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data, however, we will only otherwise process the personal data with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
(v) The right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit those personal data to another data controller without hindrance from us where: (a) the legal basis for our processing is consent or the performance of a contract between you and us; and (b) the processing is carried out by automated means.
In addition, where technically feasible, you have the right to request that your personal data are transmitted directly to the other controller.
This right to data portability shall not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, this right to data portability may not adversely affect the rights and freedoms of others.
(vi) The right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the Personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
In addition, you have the right to object to our processing of your personal data in the following instances:
– When the processing of your personal data is made for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
– for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is: (a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
(vii) The right to complain to a supervisory authority: If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
(viii) The right to withdraw your consent: To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us sent to the following e-mail: [ ??? ] or by using our website contact form. The e-mail must be accompanied by supporting documents on the identity of the applicants. In case of exercise of one of the above mentioned rights, we will try to satisfy, in writing, your request within (1) month from the submission and identification of the applicant. In case we are unable to satisfy the request, we will explain in writing the reasons.
The exercise of these rights is free of charge, unless you make unjustified or excessive requests. In this case, we will be entitled to charge you with a reasonable fee based on administrative costs.
We are committed to maintaining the confidentiality of personal data of all visitors to the site www.athinas.com and to protect the personal data that you may provide us.
The registration of the user data for the provision of services through this website, implies the consent of the user in the collection, processing and use of his personal data under the terms of this privacy policy. The user, however, will be required to expressly give his/her consent to any such action.
The supervisory authority for the Company is:
Principle of Personal data Protection
Kifissias 1-3, PC 115 23, Athens
Call Center: + 30-210 6475600
Fax: + 30-210 6475628
E-mail: contact@dpa.gr
10. MISCELLANEOUS
10.1 Payment Information
In order to pay you, we process your payment information such as your IBAN and account information. We do not use your account information in any other way other than for payment purposes. In the event that we use third-party payment vendors, we allow these payment vendors to collect information for the purpose of collecting fees from users on the Website. We do not have access to the payment information that you provide to these payment vendors and this information is subject to the privacy policy of the payment vendors.
10.2 Social Networks
Our website may use the so-called social plug-ins (“plug-ins”) of social networks, such as the plug-in “Like” of the social networking site called “Facebook”: the browser on the Internet will establish a connection to the Facebook servers and the fact that you visited our website will be forwarded to Facebook, even if you are not connected to Facebook and regardless of whether you have activated the relevant plug-in. If you are logged in to your Facebook account during your visit to our website, Facebook may link your access to the website to your Facebook account. If you click the “Like” button, it will be uploaded to Facebook and saved there. So you can share the “Likes” you have made with your friends on Facebook. We have no influence on the nature and extent of the information transmitted to Facebook, nor is it able to know exactly what information is transmitted to you on Facebook and for what purposes Facebook uses this data. If you do not wish Facebook to link your visit to our website to your Facebook account, you must log out of your Facebook user account before visiting our website. Additional information about the collection, storage and use of your personal data by Facebook as well as the available settings for the protection of your personal data can be found in the Facebook privacy notes at http://www.facebook.com/about / privacy /.
10.3 Collection and use of personal data of children
The possibility of registering on this website is addressed only to persons over 16 years of age.
If it is found that personal data belonging to persons under the age of 16 has been collected, it will be deleted as soon as possible.
The parents or the legal guardians of the minors are solely responsible for the protection of the minors and we are not responsible for any use of our website by minors without the knowledge of their parents.
Parents / guardians should be aware that any other information or information provided voluntarily by minors – or others – in the form of e-mails, or in any other way, may be used by third parties to send e-mails, messages that should not be received by minors. In these cases, we bear no responsibility in this regard. We urge all parents to inform their minor children about the safe and responsible use of the Internet, especially regarding the submission of personal data or information through it.
11. CHANGES TO THIS POLICY
Occasionally we may make changes to this Policy. When we make significant changes to this Policy, we will give you clear notice as appropriate, e.g. either by visible notification on this website or by e-mail. Therefore, you should make sure to read any such notice carefully.
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. For more information please read our 
DE 
EN_US