Privacy Policy

Privacy Policy

1 Introduction.

1.1. Protection & Processing of Personal Data

Personal data (PID) is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identity number, location data, an on-line identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person in question. But even more personal information such as habits, preferences, biometric data, etc.

Every company that handles personal data concerning living natural persons, within the EU, is obliged from May 25, 2018 to fully comply with EU Regulation 679/2016, for the protection of personal data (PDX). The validity of the Regulation is immediate in all EU member states.

Data collection is a form of processing, as is storage, organization, structure, storage, alteration, retrieval, information retrieval, use, disclosure, deletion or destruction.

The company, through the Privacy Policy, informs natural persons about the processing of VAT, thus helping natural persons to make informed decisions about their relationship with the company.

1.2 Privacy Policy

The company needs to collect PII (ie personal information) to effectively carry out day-to-day business operations and services and, in some cases, to comply with the requirements of applicable laws and/or regulations.

The Privacy Policy states our compliance with the Regulation for the Protection of Personal Data but also our respect for the protection of privacy and security of personal data. In addition, it aims to:

  • Inform natural persons (you) about the Personal Data we collect and process, for what purpose, how and for how long.
  • Ensure that individuals are aware of their rights and our responsibility for accountability and security.
  • It provides an easy and clear means of securing your consent, as a legal basis for the processing of personal data, and, at the same time, gives you the possibility to withdraw this consent at any time.

This Privacy Policy was posted on the company’s website on 08.08.2018 and replaces a previous posting/version. The Privacy Policy applies, in general, to any natural person who has or intends to have any kind of cooperation with us.

2. What Persolal Data we process

When you call us, visit our website, cooperate with us, ask questions or request our cooperation, we may ask you for information (i.e. PD such as: name, address, email, telephone, etc.) depending on the type of relationship between us.

It is also possible that you may choose to voluntarily provide us with additional personal data (such as in the case of sending a CV) or additional information (such as tax or commercial information, in the context of informing you or exploring cooperation).

We collect information, directly or indirectly, in the following ways:

  • Information that you send us or give us, when communicating with us or visiting our website, by electronic or other means.
  • Information we receive from your use of our services or our partners’ services.
  • We use various technologies to collect and store information and these may include the use of technologies such as cookies (see also §7).
  • We may use information from advertising networks, our customers or third parties in order to inform you about specific services that may be of interest to you.
  • Our website as such does not collect any information related to the user’s behavior, activities and location.

For more information on how you can access, manage, amend or delete information, see sections 5 & 6 below.

3. How we use PD

We use the information we collect (as described above), and consistent with the consents you have given us, to:

  • We will process and serve your request for the provision of a tourist service
  • We may provide you with personalized and updated services and/or products;
  • We contact you via News letters, in accordance with your registration through the corresponding form, to inform you about new services or products that may be of interest to you,
  • We process the payment
  • Answer possible questions you have asked us,
  • Implement the framework of this Privacy Policy.

When you contact us we keep a record of your communications so that we can resolve any issues you may have.

We do not allow unauthorized entities, and without your consent, to access your information. All of the above requires your consent (see sections 5 & 8 below).

4. Who we share your personal data with

We do not disclose or share PII with companies, organizations and individuals outside of our company unless one of the following applies:

  • With your consent: We share your personal information with companies, organizations and individuals when we have your express consent, (see sections 5 & 8 below).
  • For external processing: We provide personal information to our external partners and to businesses or individuals we trust to process it for our own use, based on our instructions and in accordance with our Privacy Policy and any other confidentiality and security measures, such as EU Regulation 679/2016.
  • For lawful purposes: We share personal information with relevant public agencies when reasonably necessary and to comply with laws, regulations, legal process or government requests.

Whenever we transfer your personal data outside the EEA, we ensure a similar level of protection for it by ensuring that one of the following safeguards is in place:

  • We will only transfer your personal data to countries which the European Commission considers to provide an adequate level of protection for personal data. For more information, see European Commission: Adequacy of personal data protection in non-EU countries.
  • Where we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which give personal data the same protection as it has in Europe.
  • Where we use providers based in the United States of America, we reserve the right to transfer data to them if they participate in the Protection Shield which requires them to provide similar protections for personal data shared between Europe and the US. For more information, see European Commission: EU-US Protection Shield.

5. Your rights & our obligations

5.1 Your rights

Our customers, users of our services and visitors to our website have, within the framework of the Regulation for the Protection of Personal Data, rights (which should not be in conflict with the relevant legislation). These rights of natural persons (you) are:

  • Right of access to their personal data
  • Right to correct their PD
  • Right to erasure of their personal data
  • Right to restrict the processing of personal data
  • Right to be informed about correction or deletion or restriction of processing of their personal data
  • Right to portability of TINs
  • Right to object to the processing of personal data
  • Right to object to automated individual decision-making including profiling.

5.2 Our obligations

Our responsibilities include:

  • The principle of accountability, regarding the 6 principles governing the processing of personal data (lawfulness, objectivity and transparency, purpose limitation, minimization of personal data, accuracy of personal data, limitation of storage period, security, integrity, and confidentiality).
  • Any processing of personal data is lawful only if one of the following 6 conditions applies:
    • The data subject has consented to the GDPR processing
    • GDPR processing is necessary for the performance of a contract, where the subject is a contracting party
    • The processing is necessary to comply with a legal obligation of the controller
    • The processing is necessary to safeguard the vital interest of the natural person
    • Processing is necessary for the performance of a duty in the public interest or in the exercise of public authority delegated to the controller
    • The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interest or the fundamental rights and freedoms of the natural person prevail.

In addition, we implement the appropriate technical and organizational measures to protect the company and our partners from unauthorized access or alteration, violation or destruction of the PII in our possession. Specifically:

  • We control our data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.
  • Access to personal information is limited and controlled, and such individuals are subject to strict contractual obligations of confidentiality.
  • In the event that external partners (for reasons of maintenance or support) have, potentially, access to VAT, relevant appendices to the existing cooperation agreements cover the requirements of the Regulation.

Throughout the entire GDPR processing cycle (from collection to GDPR destruction) we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of GDPR. We require similar measures from third parties who handle or process GDPR.

Our website is not intended for children under the age of 16. When our services and products will be used by a child under the age of 16, the express consent of the parent is required in order for us to process the minor’s personal data.

6. Access to your personal data and information

Within the framework of the rights granted to you by the Regulation, you can request information about your personal data or request correction or limitation of processing or deletion of data (see your rights in detail in section 5.1).

In such cases you are asked to complete a subject access request (SAR). We are obliged to respond to you within one month of receipt of the SAR.

In case you wish to fill out a SAR application, please send the relevant request to: gdpr@manessistravel.gr

The exercise of the rights of the natural person can always be done within the framework of existing legislation (such as tax or labor legislation).

Whenever you use our services, our goal is to provide you with access to your personal data. If this information is incorrect, we strive to provide you with ways to quickly update or delete it – unless we need to retain this information because we are required by relevant law or for legal purposes.

7. Update on cookies

You can find out from the link Manessis cookies policy about the policy followed by our website regarding cookies.

It is pointed out that soon you will be able to delete cookies from your computer at any time or not to accept the use of cookie groups when browsing our website.

8. Your consent and its withdrawal

Our company in the context of:

  • The Privacy Policy
  • Its compliance with the Regulation on the Protection of Personal Data (EU 679/2016) and the relevant national legislation
  • Respect for the protection of privacy and security of personal data

and remaining true to the relationship of trust that has been cultivated through long-term cooperation with its travelers, it needs your consent in order to continue to inform you, in print and electronically, about news and offers of travel destinations and travel packages.

In order to give or withdraw your consent for your information, at any time, contact us at gdpr@manessistravel.gr or use the links you will find in our emails.

Our Travel Agency will only collect and process Personal Data where it can legally do so, such as:

  • (a) Requirement of relevant legislation,
  • (b) Processing necessary for the performance of a contract to which the natural person is a contracting party
  • (c) Processing necessary to comply with a legal obligation of the company,
  • (d) Processing necessary to safeguard the vital interest of the natural person.

You may be asked to provide additional consent if your GDPR is to be used for purposes not stated in this Privacy Policy.

9. So

Applicable Law is Greek Law, as formulated in accordance with the General Regulation for the Protection of Personal Data 2016/679/EU, and in general the current national and European legislative and regulatory framework for the protection of personal data. and competent courts for any arising disputes related to your Personal Data are the competent Courts of Athens.

We update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will post an update on our website.

We encourage you to regularly read this Policy to know how your Data is protected.

10. Methods of communication

Manessis Travel

PD Processing Manager Name: Karakostas Vassilis Address: Filellinon 4, 105 57 Athens

Email: karakostas@manessistravel.gr

Phone: 210 3290220 Fax: 2103211140