Our Company www.rhodiandmc.com (“we” or “us”) is committed to protecting the information that you share online, using our Website. We treat the personal data you give to us with care and transparency, acting according to the European Regulation 2016/679 (GDPR) on the protection of personal data and on the free movement of such data and the Greek Legislation.
Who are we?
The data controller of our Site is Mitropoulos & co, G.P., under the Company name Leof. Dimokratias 73 85106 Paradisi – Rhodes. We are authorized by the Greek National Tourism Organization (EOT) with a registry Number ΜΗ.Τ.Ε: 1476E60000008300. If you have any questions about how we treat your personal data, please contact us via email to email@example.com
This Policy (together with our Terms & Conditions and any other documents referred to in such terms and conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and applies to all of your personal data irrespective of the medium or method by which we obtained/received your personal data.
In this Policy, the term “personal data” means data relating to a living person who is or can be identified either from the data, or from the data in conjunction with other information, that is in, or is likely to come into, our possession, and includes personal data as described in data protection legislation (as defined below).
Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not own, operate or control the websites of those third parties and as a result, we do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, we encourage you to check their policies before submitting any personal information.
What kind of personal data do we collect and how do we use it?
We fully respect your privacy and we try to be transparent in our policies such as what information we will collect and how we will use your information. Also, we only collect and use individual user details where we are legally entitled to do so or/and when we have a legitimate right to do so, and/or when we operate a contract or when we have a pre-contractual relationship with you.
When you visit our website, we may collect:
- Information such as your computer’s IP address, browser type and version, and anonymous information collected from cookies when you are browsing our website. We collect this information to help us understand how to improve our services and our website and its content. We have a legitimate business interest in this processing: to ensure that our website is operating effectively and to provide you with great services and user experience;
- We may collect information such as your name, surname, and email address in case you choose to communicate with us using our website’s contact form.
- We may ask you for personal information such as your name, surname, passport details, email address, billing address, phone number, your credit card details (name surname of the cardholder, credit card number, CCV, expiry date) and accordingly the personal data of any accompanied persons (if needed) to make travel and other arrangements or dietary information for familiarisation cruises and excursions.
This information will be provided by you when:
– you require more information about our services, activities, or online content
– you want to proceed to a reservation with us in order to fulfill our contract obligations and we have to use this information in order to provide you with the requested services and/or proceed with the necessary arrangements.
– you need to complete and fulfill your purchase, for example, to process and complete your payments, communicate with you regarding your reservation, and provide you with related customer service
Reasons for data collection ( legal basis)
– To fulfill our contractual obligations (reservation, payments etc)
– We have a legitimate business interest to collect this information: to continue to improve the services we provide to you, for statistical purposes, for better user experience, and to answer your questions and requests.
– We have a legitimate business interest to collect images and video footage from the events we organize for you for advertising and marketing purposes.
When we use the legitimate interest as the legal ground for our data processing, we always secure this by performing a balancing assessment, that verifies and balances our interest to process the data versus the individual’s right to privacy.
Images and visual content
We may organize some events for you (i.e. weddings, conferences etc). Part of the terms of conditions of your acceptance to attend these events is your acceptance to be included in photographs, and in doing so you grant to our company the permission to use these photos for legitimate business purposes such as evidencing that the event took place, local or internal publicity or promoting similar events in the future.
How we collect personal data
We may collect personal information from a variety of sources, including:
- Directly from you or someone acting on your behalf: We may collect the personal information you or someone acting on your behalf shares with us such as your name and your contact details.
- Through our services: We may collect personal information about you when you use our services, for example, when you make a travel booking or an event reservation.
- On-site: We may collect the personal information you provide directly to us on-site, such as when you attend one of our events.
- We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. If you are under the age of 13 then we will need consent from your parent/guardian before you can use our services. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know as soon as possible and we will delete this information immediately.
Your personal data may be disclosed to:
- public authorities under a legal obligation;
- our authorized service providers and suppliers who provide services to us such as event planning and organization, website hosting, data analysis, payment processing, order fulfillment, customer service, email delivery, credit card processing, auditing, consulting, and other similar services.
- Our advisors, which include our accountants, auditors, lawyers, other professional advisors, and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
Our company does not share or sell your personal information with non-affiliated third parties without your knowledge and explicit consent for their own marketing or commercial use.
International transfer of personal data
Your personal data will not be transferred to countries outside the EU.
In case we may need for some reason to transfer such data, we will only transfer such data in countries that satisfy the adequate or comparable levels of protection in order to protect personal data held in that jurisdiction, and (where we are required to do so) with your consent.
In case personal data is transferred from the EU to outside the EU, we use Model Clauses, ensuring that such data transfers are compliant with applicable privacy legislation.
Linked services, third-party sites, and content
Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, please check their policies before submitting any personal information.
As a data subject, you have a number of rights. You can:
- a) access your personal data stored at any time. You can also ask for a free copy of this information. Furthermore, the data subject can have access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
- b) require us to rectify, inaccurate, incorrect or incomplete data; (right to rectification)
- c) obtain from us the erasure or the limitation of the data processing, for example where the data is no longer necessary for the purposes of the processing; (right to be forgotten and the right to restriction of processing)
- d) receive your Personal Information, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another entity without limitation. (right to data portability)
- e) object to the processing of your data where we are relying on our legitimate interests as the legal ground for the processing. (right to object)
- f) If you believe that the organization has not complied with your data protection rights, you can file a complaint to the Greek Data Protection Authority (http://www.dpa.gr/portal/page?_pageid=33,15048&_dad=portal&_schema=PORTAL)
If you would like to exercise any of these rights, please contact us at firstname.lastname@example.org
We are entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular, because of its repetitive character (in this case, if we decide to provide you with the personal data requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to data protection legislation.
To access what personal data is held, identification will be required (see below).
How we protect your personal data
Our company is designed to provide reasonable and appropriate organizational, technical, and administrative measures to protect your personal data against unauthorized or unlawful access, alteration, disclosure, or destruction. We use a secure online transmission procedure, the so-called “Secure Socket Layer” (SSL) transmission, to protect the personal data of our users. You can see this from the fact that an “s” (https://) is added to the address component http://. The SSL encryption guarantees that your data is transmitted in an encrypted and complete way.
We do our best to protect the data, systems, networks, and services. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by contacting us at email@example.com
For your protection, we will only implement requests with respect to personal information about you (not anyone else), and we may need to verify your identity before implementing your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law. We will try to respond to your requests within 30 working days.
We may need to retain certain information for recordkeeping purposes, as required under applicable legal obligations, and/or to complete any transactions that you began prior to requesting such change or deletion. Some of your information may remain within our systems and other records, in compliance with applicable law.
Data retention period
We will maintain Personal Information for as long as it is necessary to comply with any applicable law(s), or for as long as necessary for the purpose(s) set out in this Privacy Notice or while there is a legitimate business reason for doing so. We will delete Personal Information when it is no longer needed and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject) and, in any case, upon expiration of the maximum storage term set forth by applicable law. In general, your personal data will be retained by us for two years from the last date of contact or transaction.
You are not obliged to accept cookies. If you wish, you can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to refuse to receive or send all cookies. The website www.allaboutcookies.org contains step-by-step guidance on how cookies can be switched off by users.
Special categories of personal data
We do not collect sensitive personal data unless you provide us with them along with explicit consent for every related purpose of processing.
Social media login
Our websites and apps provide plug-ins to social media websites, including Facebook, Youtube, and Instagram.
If you make use of, or log in to, the social media features on our websites or apps, we may (depending on your privacy settings) access, use, and store information about you, including, but not limited to: your name, e-mail address, gender, location, profile, picture, contacts, and any other information you have chosen to make available.
If you would like to get in touch with us, please contact:
Rhodian Tours | DMC
Leof. Dimokratias 73, 85106, Paradisi, Rhodes, GREECE
Tel. Number: GR +30 2241 122627
UK +44 20 33932052
Mail us: firstname.lastname@example.org