Website Privacy Policy
Valid as of …………… 2023.
1. INTRODUCTION
Thank you for visiting https://travelid.gr/ website (hereinafter the “Website”) under the name of TRAVEL ID ΜΟΝΟΠΡΟΣΩΠΗ ΙΚΕ
Before using our website, please read this Privacy Policy carefully (hereinafter“Policy”).
1. DEFINITIONS
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Special Categories of Data” (Sensitive Personal Data) is data which is inherently particularly sensitive in relation to fundamental rights and freedoms of natural persons and needs special protection, since the context of its processing could be create significant risks to the fundamental rights and freedoms of natural persons, such as health data, data revealing racial or ethnic origin, religious or philosophical beliefs or relating to the sex life of a natural person or sexual orientation etc.
“Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2. POLICY
The company must collect Personal Data (PD (i.e. personal information) for the effective performance of daily business functions and services and, in some cases, to comply with the requirements of the legislation and/or regulations it applies.
The Company is committed to collecting and processing your personal data in accordance with the provisions of Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”).The Company as Controller informs you of the way in which information about you is collected and processed, which is governed by the following conditions and the relevant provisions of the GDPR and the relevant Greek and European privacy legislation. Specifically, this Policy presents the type of information that our Company may collect from you and informs you of how we use thisinformation.When you voluntarily provide us with personal data, such as your name, address or email address, we use this information with absolute confidentiality.
This Policy applies to the collection and use of your personal information by the Company and applies, in general, to any natural person who has or intends to have any kind of relationship with us.
3. WHAT DATA DO WE COLLECT FROM YOU?
In the course of our business activities and corporate operations, we collect the following Personal Data when you provide it to us:
- Your personal information & contact details such as name, phone, email,addressetc
- Co-travelers’ data: When you make a reservation for someone else through our website, we will ask for the absolutely necessary personal data required for the provision of our services, which may include special category of data (e.g. medical needs if required) and travel preferences for that person. Where this information concerns a person under the age of 18, the relevant information (on persons under the age of 18) shall be limited to name, nationality, date of birth, passport number and must be providedto us by a parent or legal guardian. Please be advised that you should be able to prove the other person’s consent or your status as a minor’s (under 18 years of age) parent or legal guardian, if requested.
- Preferences and interests such as requests for special lunch, cultural events.
- Data related to your health such as allergies, physical mobility problems. Data such as your cultural interests, any health problems and even dietary requirements may fall into the category of “sensitive” data. For this reason we retain such information only if we are required by applicable law or if you provide it to us voluntarily and expressly provide us with your consent, within the context of the provision of our services, e.g. specific nutritional requirements.
- Data you submit through the website’s contact form.
- Cookie data: we collect data through thebrowser cookies you use during your navigation on our Website in order to respond, forward and accurately route your request. In this case, we may collect information about the type of browser you use that as well as other data such as search history, IP address, screen resolution, operating system and your settings, access times, and report URL. If you’re using a mobile device, we may also collect data that recognizes your device, settings, and location. For more information about cookies used by the Website, guests are kindly requested to visit the Cookies Policy
4. HOW WE COLLECT YOUR PERSONAL DATA
We collect your Personal Data in the following ways:
- Directly from you:
- Through the online form when booking travel packages
- Through the online contact form
- By e-mail.
- If you choose to subscribe to the Company’s newsletter.
- By automated means through the use of the Website: When you visit the Company’s website, we may collect data from you from your browsing and using our services. This data may include your search history, IP address, screen resolution, browser, operating system, and settings, access times, and report URL, data collected through cookies (see cookies policy).
- From third parties: If you connect or connect to https://travelid.gr/ through a third-party service (e.g. Facebook), the third party service may send us information, such as your registration information and profile from that service.This information varies and is controlled by that service or as authorized by you through your privacy settings on this service. Also, to the extent permitted by applicable law, we may receive additional information about you, such as demographic or fraud detection information, from third-party service providers and/or partners, and combine it with information we have about you.
5. HOW WE USE YOUR PERSONAL DATA
We use your Personal Data to respond to your own requests in order to provide you with our services, give you information and in general communicate with you on topics that interest you and concern you, such as offers, products, catalogs etc. The purpose of data collection is the provision of our electronically available services, which are the following:
- To provide you with our services to you and specifically to provide you services in the fields of the scheduling, organization and completion of travel packages and in general any retail tourism productsuch as room reservation,tourist bus charter, airfare booking and other related services, such as keeping required documents in accordance with applicable law, requests related to accommodation, excursions, cruises, etc.
- To communicate with you and give you updates via messages regarding the stages of the contract/application process.
- To send you our Newsletter, in order to inform you about the products and services available.
- To provide information on products and services for which you have expressed interest and in general to respond customer service requests.
- To ensure the availability and unhindered access and use of our website and the enforcement of the terms of use of the website and other policies.
- To enable you to comment(Like / Do Not like) on articles/information published on the website,
- To enable us to personalise the services provided
- To improve the quality of services in order to improve the quality of our travel organization’s services and to ensure that our services are of interest to you.
- To Personalise the service/create a traveler’s Profile: We may use your personal information to make your experiences more suited to your personal taste, based on your preferences and interests, and we can recommend personalized services through relevant advertising communication that is tailored and matched to your needs, preferences and interests that we have diagnosed when creating your “profile”. We can only compile your profile if you have given us your express consent by completing and
- To issue the applicable invoices and collect debts,if necessary, in the context of the pricing for our services and any process for the recovery of your arrears.
- To protect and ensure the security of transactions (sothat we can identify and prevent cases offraud, abuse, security incidents and other harmful activities and conduct security investigations and risk assessments). In addition, we may also receive information about the commission of offences if necessary to protect our legitimate interests, i.e. to protect our assets, our clients and employees/ our partners.
- To comply with legitimate obligations, such as for the protection of our legal rights before judicial or other authorities and for the fulfilment of performance and compliance obligations before supervisory/supervisory national and where is needed, international, authorities.
5. LEGAL BASIS FOR PROCESSING OF PERSONAL DATA.
The Company collects only Personal Data necessary in order to meet your requests in the context of our business activity and its general operation. Where additional, optional information is sought, you will be informed of this at the time of collection of the data. Under Greek and EU legislation (including GDPR), we process Personal Data, since we have the legal basis to carry out the processing. Therefore, whenweprocessyourPersonalData, werelyononeofthefollowinglegalprocessingbases:
- For the performance of a contract: the processing of your Personal Data is necessary for our fulfillment and compliance with our contractual obligations.
- When we have a legitimate interest: We may process data about you when we have a legitimate interest in carrying out a lawful activity in order to ensure the continuity of this activity, provided that this does not affect your interests; such activity may be, but not limited to, providing information about our Products upon your request, as well as our new relative products, to improve of our services (better understanding of your needs and expectations), to prevent incidents of fraud, or appropriation, to ensure the security of our systems. i.e. to protect IT and communication systems and ensure that they work properly and are constantly improved.
- When there is a legal obligation: We process your Personal Data in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or authority or to comply with other insurance, accounting or tax provisions.
- When we haveyour consent: We may occasionally ask for your permission to process some of your Personal Data, such as, but not limited to, sending news and updates or compiling profiles, and processing your Personal Data will only be processed in this way if you agree to it. You can withdraw your consent anytime by contacting the Company in
- In exceptional cases where processing is necessary to safeguard the vital interest of the natural person.
The Company may collect “sensitive” personal data only when our clients, the data subjects voluntarily offer such data and have provided explicit consent to the processing thereof.
The company also reserves the right to regularly communicate with our clients by telephone, mail, email, SMS or any other means of communication, using the contact information which has been obtained lawfully, within the context of the company’s contractual relationship with the user (article 11§ 3 of N. 3471/2006) provided that the user has not opposed this communication. This communication may include an update on services provided, research to improve the services provided to the Customers and other promotional activities and to serve similar purposes.
6. SOCIAL MEDIA SHARE BUTTON
The Company has official social media accounts, specifically on Facebookand Instagram. On its website, the company incorporates an additional social media share button for Facebook and Instagram, inviting website visitors and users to follow the company in the respective social media (follow/like) as well as upload posts and comments. During your use of the social media we may collect certain personal data (such as your profile data in the corresponding medium).
Based on European Court of Justice case-law, the Company is considered a Joint Controller for processing your data together with each social medium. Within this context, the company has posted the Privacy Policy on an easily accessible spot on each corporate social media account, it strictly complies with the obligations relating to the protection of personal data by taking the appropriate technical and organisational measures (such as limiting the number of people with access to corporate social media accounts) in order to ensure the safe processing of data (see below par.9)
The purpose of the data processing is to make visible and promote the company’s image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.
The legal basis for processing is your consent, which you provide when you actively click on the social media share button, the “like” or “follow” button on the Company’s social media. You can withdraw your consent at any time in the same manner in which you provided it, i.e. by clicking “unlike” or “unfollow”.
The Company is not responsible for how each social medium processes your data and it is your responsibility to be informed about it by reviewing the Facebookand Instagram Privacy Policy.
Finally, while the Company wishes and encourages users to comment on posts and/or pages it maintains on social media, it informs users that any post or comment uploaded should respect the basic rules of politeness, decency and respect to different views, ensuring a safe online environment and .will remove any content deemed to violate the terms of use of the website, such as insulting, pornographic, or threatening content or content violating intellectual property rights, and may block users who violate these terms. In any case, if you consider that content posted on the Company’s official social media accounts violates the terms of use, please contact us immediately.
7. DATA RECIPIENTS
We do not disclose your Personal Data to third parties who are not affiliated with us, unless this is required by our legitimate business and business needs, in order to meet your requests and/or if required or permitted by law or professional standards and/or if we have your express consent to that.
Also, your data, to the extent appropriate for fulfilling our contractual obligations, improve our service and meeting your requests, may be transmitted to specific recipients to fulfil each of the processing purposes and within the business competences of each recipient, which may be:
- The Company’s employees Company in the course of their work-related duties
- Company’s business Partners such as hotels, airlines, ferry companies, insurance companies, transportation companies, tour operators, or third-party service providers.
- To the extent appropriate for fulfilling our contractual obligations, improve our service and meeting your requests, personal data may be forwarded to business partners such as legal providers, consulting and audit services, IT companies, Online booking systems, Internet Service Providers, or other services necessary for the operation of the website and the execution of the company’s services.
- Public authorities, such as, but not limited to, tax authorities, judicial, public and independent authorities, police authorities, where this is strictly necessary to defend legal rights or fulfil obligations of the Company.
It should be noted that when storing, accessing and/or processing the user’s personal data, the employees and agents of the company fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data as well as with current Greek legislation and jurisprudence on the protection of personal data. The company requires of its employees, its website hosting and service providers, as well as its third party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.
In the event of our reorganization or sale to another organization, the Company may also disclose Personal Data relating to the sale, assignment or other transfer of the business.
In addition, the Company may, if necessary, when conducting audits related to the protection of Personal Data and security and / or for investigation or response to a complaint or security threat, make disclosures of Personal Data.
8. INTERNATIONALTRANSFERS
It is possible that we may transfer the Personal Data we collect from you to countries other than the country in which Personal Data was originally collected. These countries may not have the same laws for the protection of Personal Data as the country in which Personal Data was originally collected. When we transfer your Personal Data to these other “third” countries, we take appropriate measures to protect it in accordance with this Policy and all applicable privacy laws. Each time we transfer your personal data outside the EEA, we ensure a similar degree of protection for them, ensuring that one of the following protection measures is implemented:
- We will only transfer your personal data to countries for which the European Commission has issued an adequacy decision i.e. it considers that they provide an adequate level of protection for personal data.
- When we use specific service providers in third countries, we reserve the right to use specific contracts approved by the European Union Commission, which ensure personal data the same protection they have in Europe (StandardContractual Clauses or SCC).
- One or more of the derogations provided for in Article 49 of the GDPR shall apply.
9. NETWORK AND INFORMATION SECURITY
The Company applies all reasonable and appropriate technical and organisational security measures to protect your Personal Data against unauthorized access, misuse, loss or destruction. Such measures include, where necessary, the use of firewalls, secure server installations, encryption, implementation of appropriate access rights systems and procedures, application of access control policy, careful selection processing and control of compliance with the GDPR and other reasonable organisational and technical measures to provide appropriate protection of your Personal Data; such measures are being updated taking into account the developments in the technology and the cost of their implementation.
All employees are bound by confidentiality agreements and your Personal Data is processed only by specially authorized company personnel.
10. TECHNICAL AND ORGANISATIONAL MEASURES
The Company has taken appropriate technical and organizational measures to safeguard the security and protection of Personal Data in order to ensure the safe storage of Personal Data and prevent accidental loss or destruction and unauthorized and/or illegal access to them, use, modification or disclosure of them.
- physical security measures such as access control and logging information, security policies, implementation of secure destruction measures of records, installation of security locks, etc..
- electronic security measures such as encryption, pseudonymization, access control of information systems users, installation of hardware and security software, etc.
- regular training and updating of authorised users
- adequate adequacy checks of safety systems.
Our data centers where your Personal Data are stored are located in Greece, where the Company’s data center is located and the backup location is situated within the Company’s premises in a place that conforms with all necessary security measures. Also stored data are found in a cloud service provider whose data centers are located in the European Union. A second copy is created from the original backup, in an encrypted format that is kept in a different location bearing all security measures. If you need more information about protection measures you can contact (enter security, a second copy is created in an encrypted format that is kept outdoors bearing all security measures. If you need more information about protection measures you can contact .
11. RETENTION PERIOD
Personal Data shall be retained for the period necessary for the performance and completion of the processing purposes mentioned above, including the purposes of complying with legal, accounting or information requirements, and to meet your needs, both in physical file and in electronic form.
We retain your personal data for the duration of our contractual relationship. The personal data we process is not retained for a longer period of time than is necessary for the performance of the contract and any services directly related to it:
- in the case of the provision of a service we retain the data for as long as necessary for the completion of the service and for up to (18) months from the completion of the order concerned and at least for as long as specified by the applicable legal (tax or other) obligation.
- In case you contact us or submit a request, your personal data shall be retained for as long as necessary for responding to your request and for twelve (12) monthsaftertherequest has been addressed.
- For the purposes of sending newsletters and/or perform marketing activities, your personal data shall be kept until you object to the processing and/or withdraw your consent. The withdrawal of consent shall be without prejudice to the lawfulness of the processing based on consent during the period prior to its withdrawal. To withdraw your consent you can send a message to (see below under“YourRights’).
We will also retain your personal data:
- To the extent required by law (for example, in order to comply with tax legislation)
- In order to comply with court proceedings (any ongoing or future court proceedings)
- To establish, exercise or defend our legal rights, personal security of the users and the public.
At the end of the retention period, Personal Data is destroyed both in physical or electronic form and deleted from Company’s information systems or are anonymized them so that you can no longer be identified by them.
However, some necessary personal data regarding your contractual relationship with the company as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by the company and the legal claims of the parties.
12. YOUR RIGHTS
Under the GDPR (articles 12-22) you have the following rights:
- Request a copy of your personal data.
- Withdraw your consent when this is the legal basis of the processing of your personal data.
- Request that your personal data be corrected if it is inaccurate.
- Request erasure of the personal data you have provided, under the conditions set out by law.
- Request restriction of processing, under the conditions set out by law.
- Request the portability of your personal data, if you have provided us with the data and the processing is based on consent or performance of a contract and processing is based on automated means.
- Oppose some form of processing of your personal data by the company.
To exercise theaboverights, you can contact us via e-mail: or by post or in person at the Company’s premises at 35 Sorou St., Marousi, Athens. We shall take all possible measures to satisfy your request within a reasonable period, but no later than one (1) month after the submission of the request and your identification. This period may be extended by a maximum of two (2) months if the request is complex or there is a large number of requests. The Company may retain the minimum necessary Personal Data to safeguard its legitimate interests.
Finally, you have the right to submit a request to the company inquiring on how the company processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Data Protection Authority (http://www.dpa.gr/, Kifisias 1-3, P.C. 115 23, Athens, 210 6475600), by submitting the designated form on the website https://www.dpa.gr/el/syndesi/polites/kataggelia.
13. MINORS
Our company is committed to protecting the privacy of minors. Please be advised that the content and services of this Website are not intended for children under 15 years of age. Personal Data should not be submitted to the Company through the Website by persons under the age of 15 unless submitted by the legal parent of guardian. If it is discovered that a person under the age of 15 has submitted Personal Data to the Company, without the express consent of the legal parent or guardian, we shall immediately delete, upon request, that data in accordance with policy of deleting our Company.
14. CalOPPA Do-Not-Track NOTICE
The Company does not monitor its users on third-party websites and therefore does not respond to donottrack (DNT) signals. The Company does not allow third parties to collect personal data directly from our users on our website as through the use of third-party ads.
15. PRIVACY POLICY CHANGES
The company may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.
If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.