Our Company www.hoteltransfers.gr ("we" or "us") is committed to protecting the information that you share online, using our Website. We treat the personal data you give to us with care and transparency, acting according to the European Regulation 2016/679 (GDPR) on the protection of the personal data and on the free movement of such data and the Greek Legislation.
Who are we?
If you have any questions about how we treat your personal data, please contact us via email to firstname.lastname@example.org
This Policy (together with our Terms & Conditions and any other documents referred to in such terms and conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and applies to all of your personal data irrespective of the medium or method by which we obtained/received your personal data.
Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not own, operate or control the websites of those third parties and as a result we do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, we encourage you to check their policies before submitting any personal information.
In this Policy, the term “personal data” means data relating to a living person who is or can be identified either from the data, or from the data in conjunction with other information, that is in, or is likely to come into, our possession, and includes personal data as described in data protection legislation (as defined below).
The term "Supplier" is the third party transport providers, with which our company has a contract.
The term "Data processing" means Any operation or set of operations which is performed on personal data, such as collecting, recording, organizing, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making the data available, aligning or combining data, or blocking, erasing or destroying data. Not limited to automatic means.
The term "Data Retention" means The policies and processes used within our Company for determining the time period for archiving and storing of personal data.
What kind of personal data we collect and how we use it?
We fully respect your privacy and we try to be transparent in our policies such as to what information we will collect and how we will use your information. Also, we only collect and use individual user details where we are legally entitled to do so or/and when we have a legitimate right to do so and/or when we operate a contract or when we have a pre-contractual relationship with you.
When you visit our website, we may collect:
- We may collect information such as your name, surname, email address, country and telephone, your travel details (arrival/departure time and flight number, accommodation name and credit card details (name surname of the card holder, credit card number, ccv, expiry date) in case you proceed to a booking using our online booking platform in order for us to arrange your transfer with the Supplier of the service (fulfillment of a contract/legitimate interest)
- Data provided by users for changing or cancelling their bookings: booking reference and booking email. (fulfillment of a contract/legitimate interest)
- We may collect information such as company name, email address, website, address, contact name and phone in order to register a travel agent in our services (fulfillment of a contract/legitimate interest)
Reasons for data collection ( legal basis)
- To fulfill our contractual obligations (booking, cancellations, payments etc)
- We have a legitimate business interest to collect this information: to continue to improve the services we provide to you, for statistical purposes, for better user experience and to answer to your questions and requests.
When we use the legitimate interest as the legal ground for our data processing, we always secure this by performing a balancing assessment, that verifies and balances our interest to process the data versus the individual’s right to privacy.
How we collect personal data
We may collect personal information from a variety of sources, including:
- Directly from you or someone acting on your behalf: We may collect personal information you or someone acting on your behalf shares with us such as your name and your contact details.
- Through our services: We may collect personal information about you when you use our services, for example, when you make a transfer booking.
The services offered by us are not directed at children under 16 years old. For children younger than 16 years old, the use of any of our services is only allowed with the valid consent of a parent or a guardian. If we become aware that we process information of a child under 16 years old without the valid consent of a parent or guardian, we reserve the right to delete it.
In certain circumstances, we may share your personal information with third parties:
- The Supplier : In order to complete your booking and fulfil the contract we have with you we will transfer relevant reservation details to the Supplier. We encourage you to review the privacy policies of any travel supplier whose products you purchase through this website. If you have a query about your transfer, we may contact the Supplier and ask them to handle your request. Please note that these suppliers also may contact you as necessary to obtain additional information about you, facilitate your transfer reservation, or respond to a request. In cases of reservation-related disputes, we may provide the Supplier with information about the reservation process as needed to handle the dispute. This may include a copy of your reservation confirmation as proof that a transfer was actually made.
- Third-party service providers: We use service providers to process your personal data on our behalf. This processing is for several purposes, including. website hosting, data analysis, payment processing, customer service, email delivery, credit card processing, auditing, consulting and other similar services Third party service providers are bound by confidentiality clauses and are not allowed to use your personal data for other purposes than instructed by us
- Payment providers and (other) financial institutions: We may share your credit card information with Alpha Bank in order for them to authenticate and charge your credit card. When a chargeback is requested for your transfer reservation by either you or by the holder of the credit card used to make your reservation, we need to share certain reservation details with the payment service provider and the relevant financial institution to handle the chargeback. This may also include a copy of your reservation confirmation or the IP address used to make your reservation. We may share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.
- Public authorities under a legal obligation. We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our legitimate business rights or properties, or the rights and properties of our business partners.
- Our advisors, which includes our accountants, auditors, lawyers, other professional advisors and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
Our company does not share or sell your personal information with non-affiliated third parties without your knowledge and explicit consent for their own marketing or commercial use.
International transfer of personal data
Your personal data will not be transferred to countries outside the EU.
In case we may need for some reason to transfer such data, we will only transfer such data in countries that satisfy the adequate or comparable levels of protection in order to protect personal data held in that jurisdiction, and (where we are required to do so) with your consent.
In case personal data is transferred from the EU to outside the EU, we use Model Clauses, ensuring that such data transfers are compliant with applicable privacy legislation.
Linked services, third party sites and content
Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, please check their policies before submitting any personal information.
As a data subject, you have a number of rights. You can:
- a) access your personal data stored at any time. You can also ask for free copy of this information. Furthermore, the data subject can have access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
- b) require us to rectify, inaccurate, incorrect or incomplete data; (right to rectification)
- c) obtain from us the erasure or the limitation of the data processing, in certain situations, for example where the data is no longer necessary for the purposes of processing; (right to erasure and the right to restriction of processing)
- d) receive your Personal Information, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another entity without limitation. (right to data portability)
- e) object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing. (right to object)
- f) If you believe that the organisation has not complied with your data protection rights, you can file a complaint to the Greek Data Protection Authority (http://www.dpa.gr/portal/page?_pageid=33,15048&_dad=portal&_schema=PORTAL)
We rely on you to ensure that your personal data is complete, accurate and current. Please do inform us promptly of any changes to or inaccuracies of to your personal data by contacting us.
Where we base our data processing on our legitimate interest or the public interest, you have the right to object at any time to that use of your personal data subject to applicable law.
We are entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the personal data requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to data protection legislation.
To access what personal data is held, identification will be required (see below).
How we protect your personal data
Our company is designed to provide reasonable and appropriate organizational, technical, and administrative measures to protect your personal data against unauthorized or unlawful access, alteration, disclosure, or destruction. We use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission, to protect the personal data of our users. You can see this from the fact that an "s" (https://) is added to the address component http://. The SSL encryption guarantees that your data is transmitted in an encrypted and complete way.
We observe reasonable procedures to prevent unauthorised access to, and the misuse of, personal data and protect the data we hold, our systems, networks, and services.
We use appropriate business systems and procedures to protect and safeguard the personal data you give us. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by contacting us at email@example.com.
For your protection, we will only implement requests with respect to personal information about you (not anyone else), and we may need to verify your identity before implementing your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law. We will try to respond to your requests within 30 working days.
Data retention period
For travel agents, we may store their information for as long as they maintain their profile account. For deletion requests please send us an email at firstname.lastname@example.org
You are not obliged to accept cookies. If you wish, you can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to refuse to receive or send all cookies. The website www.allaboutcookies.org contains step-by-step guidance on how cookies can be switched off by users.
Special categories of personal data
We do not collect sensitive personal data, unless you provide us them along with an explicit consent for every related purpose of processing.
Social media login
Our websites and apps provide plug-ins to social media websites, including Facebook and Twitter.
If you make use of, or log-in to, the social media features on our websites or apps, we may (depending on your privacy settings) access, use and store information about you, including, but not limited to: your name, e-mail address, gender, location, profile, picture, contacts, and any other information you have chosen to make available.
If you would like to get in touch with us, please contact:
hoteltransfers.grAirport Transfer Services
255 Rodos - Lindos Avenue
85100 Rhodes GR
Gr t. +30 2241 0 85332 – f. +30 22410 85662
UK t. +44 20 339 32052