Data Protection Notice

Last updated on June 25, 2018.
 
Welcome to www.activeholidaysingreece.com.
 
Our Company takes the privacy of its users-clients seriously into account. For this purpose, we strictly comply with the present Data Protection Notice, which secures the high level of the Services provided and follows the provisions as designed by the Law.
 
This Privacy Notice is to let you know how the Company protects the privacy of your communications and collects, processes, uses and stores your personal data through our Website as well as the rights you have with regard to the foregoing collection and processing of your personal data. By visiting our Website and using our services you acknowledge of having read and fully taken into account this Privacy Notice.
 
This Privacy Notice applies only to our Website under the top level domain www.activeholidaysingreece.com. Users should be aware that our Website may also contain links to other websites, yet our Company cannot be held responsible for the data processing practices or the content of such websites.

1. Definitions

For the purposes of this Data Protection Notice the following definitions shall apply:

1.1. “Cookie” - short text of software code, which is transmitted from the web server of our Company and stored at your device each time that you enter the Website. “Personal Data” - Any information relating to an identified or identifiable user of our Website.

1.2. “Recipient” - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

1.3. “GDPR” - the General Data Protection Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended, replaced or superseded and in force from time to time and as transposed into member-state legislation.

1.4. “Processing” - Any operation or set of operations which is performed by the Company upon the personal data of the users of our Website, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

1.5. “Company” – The Company under the corporate name Gnosis Active Travel – Active Holidays in Greece, with registered offices at 131, Veikou str., 11741 – Athens – Greece.

1.6. “Website” – The world wide web website which is accessible through the domain name www.activeholidaysingreece.com including all of its webpages.

1.7. “Personal Data” - any information which relates to a User, who can be identified directly or indirectly.

1.8. “Consent” - Any explicit, specific and freely given indication by which the User, after  having been fully informed, signifies her agreement to personal data relating to her being processed.

1.9. “User” – Any internet user who accesses and browses at our Website.


2. Subject Matter

2.1. The present Notice sets out the terms and conditions which the Company follows in order to protect the privacy of the Users of www.activeholidaysingreece.com. It describes the conditions under which we make any collection and processing of your personal data and ensure their confidentiality.

2.2. The Company reserves the right to amend and update this Data Protection Notice, whenever it deems it appropriate, and any changes thereof shall come in force and effect from the instance they appear online at the present webpage of www.activeholidaysingreece.com.

2.3. If any provision of this Data Protection Notice is declared void or unenforceable, such provision shall be severed from this Data Protection Notice, which shall otherwise remain in full force and effect to the extent that the original intent of this Data Protection Notice will not be altered in any material respect.
 

3. Principles of Data Processing 

We fully respect your fundamental rights and render protection of your privacy a priority of the Company. In this context, when processing your personal data, we follow the following basic principles:

3.1. We submit your personal data to legitimate processing, and we maintain full transparency vis-à-vis the way we handle your personal data.

3.2. We collect and process your data only for specified, explicit, and legitimate purposes as outlined in this notice, and we do not process it further in a manner incompatible with these purposes.

3.3. We process your personal data only to the extent that it is appropriate and relevant to the above purposes, while limiting the processing to the measure necessary for these purposes.

3.4. We make reasonable efforts with your own assistance to ensure that your processed data is accurate and, where necessary, updated with regard to the purposes of the processing, taking all reasonable steps to immediately delete or correct it in case of inaccuracy.

3.5. We keep your personal data in a form that allows you to identify yourself only for the time required for the above processing purposes.

3.6. We process your personal data in a way that guarantees its security by using appropriate technical or organizational measures.

3.7. We do not intend to further process your personal data for purposes other than the ones for which they are collected.

3.8. We inform you that there is no obligation to provide your personal data and that there are no possible consequences from the choice not to provide it. Furthermore, we inform you that your personal data will not be used for automated decision making, including profiling.

3.9. Without prejudice to what is stated in this notice, we do not disclose and transmit your personal data to third parties without your consent, unless permitted by law or by our contractual agreement with you.

3.10. Please be advised that we do not pass on your personal data to a third country or international organization for which there is no European Commission decision under the GDPR.

3.11. In general, we comply with all applicable laws and comply with all our statutory obligations, as data controllers of your personal data.  


4. Types of Data Collected

At the following points and throughout your use of our Website www.activeholidaysingreece.com you may provide to the Company the following types of personal data:

4.1. At the point of your access and during the use of our Website

     - IP Address.
     - Browsing data.
     - Information on user preferences regarding our products / services.
     - End user device data.

4.2. At the point of subscribing to our newsletter service:

     - E-mail address.  

4.3. At the point of filling in the relevant communication form or the service provision form:

     - E-mail address.
     - Full name.
     - Country.
     - Selected activity.
     - Contact data, mostly address and telephone number (optionally).
     - End user device data.

4.4. At the point of provision of the service selected:
     
     - Contact data of the person who applied.
     - Details of the selected service.
     - Payment method.
     - Details regarding the execution of transaction.

4.5. If you communicate with us via email or by other means, we will collect your personal data related to such communications under the terms and conditions of this Privacy Notice, in order to respond to your requests and to improve our services.
 
4.6. The Company does not collect or gain access to its Users-clients data that relate to the online payment of its services, such as credit/debit card numbers and passwords. Such data are being collected and processed exclusively by the Bank we cooperate with, by redirecting from www.activeholidaysingreece.com to its website, i.e. at the point of payment, our User is being directed to the Website of the Bank which is fully and exclusively liable.
 
4.7. The Company does not collect or gain access in any way to special categories ("sensitive") of personal data by its Users-clients. You have an obligation to refrain from posting such data concerning yourself or third party data subjects. In the event that you submit such data to our Website, these will be removed as soon as we become aware of them.
 

5. Purposes and Legal Bases of Data Processing

5.1. Personal data necessary for the navigation and use of our Website is collected and processed by the Company pursuant to Article 6 § 1 (b) of the GDPR for the following purposes :

     - Technical capability for the smooth operation of our Website.
     - Friendly and user-friendly operation of our site.
     - Improve your online experience while navigating and using our Website.
     - Recording consumer habits through the use of anonymous statistical data.
     - Sending e-mails to our Users through our newsletter service.

5.2. Personal data necessary for the provision of our services within our contractual relationship is collected and processed by the Company pursuant to article 6 § 1 (b) of the GDPR for the following purposes :

     - Performance of our contractual obligations towards our Users and Clients.
     - Immediate, adequate and efficient provision of our services.
     - Tax use and use for pricing and proof of delivery of ordered services.
     - Communicating with our clients in the framework of the execution of our services and for the resolution of any complaints.
     - Improvement, management and review of our products and services to meet the needs of our clients as much as possible.
     - Administration, organization and function of our business.
     - Management of our clientele.
     - Extrajudicial or judicial use for the protection of our lawful rights and interests.

5.3. The Company collects and processes your personal data solely for the purposes mentioned above and only to the extent that is strictly necessary to effectively serve them. Data collected are relevant, appropriate and no more than what is required in view of the above purposes, whereas we strive to keep them accurate and up to date. Furthermore, your data are retained only for the period required to achieve the purposes, for which they are collected and processed, and are afterwards deleted.
 

6. Consent

6.1. The Company may process personal data only with your lawful consent for the following purposes:

     - For the purposes of commercial communication, marketing and advertising of our services or third party services via SMS, telephone, e-mail, internet, fax, mail, social media and / or any other appropriate communication channels.
     - For personified market research and / or analysis purposes to better understand your needs, preferences, interests, experiences and / or habits as a consumer.
     - To operate and manage any reward programs.

 
6.2. You give us your consent to the processing of your personal data for the above purposes with an electronic statement in a manner clearly distinguishable from other consents or notice and in an intelligible and easily accessible form using clear and plain language. Your consent is freely given and your personal data is given without such a provision being a legal or contractual obligation or a requirement on behalf of the Company for the performance of a contract between us.
 
6.3. In this context, by giving your consent, you explicitly state that you wish to provide your consent for the above purposes in accordance with the terms and conditions of this notice. You may provide your consent in the following ways:


     - When entering our Website.
     - When subscribing to our e-mail newsletter service.
     - When filling in the personal form requiring the provision of a service.
     - When ordering services through our website.
 
6.4. You have the right to withdraw your consent at any time. Withdrawal of your consent does not affect the lawfulness of the treatment of your data prior to its revocation. Your consent is also revoked in the same manner as provided.
 

7. Data Recipients
 
7.1. Our Company does not assign your personal data or interconnect its database with any third parties, public authorities or other organizations for financial or other consideration.
 
7.2. For the execution of the purposes mentioned in this Notice, the Company may provide access to or transmit the following types of your data to the following processors for and on behalf of:

     - Your financial data with the credit institutions, with which we partner each time to process payments to and from your bank accounts and credit card accounts;
     - Your personal data to our internet and data hosting providers for hosting purposes.
     - Your personal data to our information technology maintenance and support providers for the smooth operation of Website and our information and communication systems.
     - Consumer behavior data and contact information to third-party marketing and advertising companies for the commercial communication, marketing and advertising of our services or third-party services.
     - Your personal data to third-party consultants to provide data analysis services.
     - Your financial details and contact details with collection agencies in the event of due payments towards our Company.
     - Your personal data to auditors, accountants, financial or professional consultants as well as investors as part of the transfer of part or all, merger, division of a branch or other succession, liquidation or other bankruptcy procedure of our business.
     - Your personal data to natural or legal persons that co-operate with us as far as organizing events, trips and other services provided through our Website are concerned, and which services you select to enjoy.
 
7.3. The processing of your personal data by our data processors mentioned above is executed under our control and orders and is subject to the same data protection policy or to a policy of at least the same level of protection.
 
7.4. In the event that we are required by a court or other administrative authority and in any other case that we are legally bound to do so, our Company may transfer your personal data to public authorities to the extent specified by law prior to you being informed.
 
7.5. You authorize our Company to provide on your behalf your contact details and more precisely your full name, address, e-mail and telephone number (or any of these) as well as any other detail to any professional or company with which we co-operate (indicatively to tour operators, guides and other partners at any stage of the trips-events that we organize), so that they will be able to provide you the selected service. Our Company requests them to respect your personal Data, use it only within the scope as designed in the Website and not transmit it to other parties. Nevertheless, you recognize and accept that our Company cannot exercise any control to the aforementioned partners regarding the securitization of your data, so you assume such responsibility and you are aware that our Company is not responsible or liable for any damage occurred in case such partners use your personal Data for different reasons than providing the selected service or if they transfer it to third parties without your permission.
 

8. Data Security and Confidentiality

8.1. In order to ensure the proper use and integrity of your personal data and to prevent their unauthorized or accidental access, processing, deletion, alteration or other use, the Company applies appropriate internal policies and takes all appropriate organizational, technical, physical, logical and procedural security measures, as well as technical standards, in accordance with applicable laws and regulations.
 
8.2. The processing of your data by the Company is conducted in a manner that ensures their confidentiality and physical and logical security, taking into account the latest developments, implementation costs and the nature, scope, context and purposes of the processing, as well as the risks for your rights and freedoms, which are applicable in each circumstance.
 
8.3. Your personal data is processed solely by authorized personnel of the Company, bound by strict obligations of confidentiality.
 

9. Retention of Personal Data

9.1. We keep your personal data for as long as it is each time necessary for the relevant purposes of their processing.
 
9.2. The Company may retain your personal data after the expiration of their relevant processing purposes in the following limited cases:

     - In case that there is a legal obligation under a relevant statutory provision.
     - For reasons of tax and social security audit reasons within the statutory limitation period.
     - For research or statistical purposes of for the proper organization and operation of our business provided that anonymity or pseudonymization of your data takes place.
     - In case of any claims against the Company, for as long as necessary to defend our rights and legitimate interests before any competent court and any other public authority.
 
9.3. After the period of retention, your personal data is erased from our databases and systems in accordance with our data protection policies and provided that their retention is no longer required for the fulfillment of the purposes we have described above.
 

10. Your Rights

10.1. Without prejudice to applicable law and subject to any limitations thereof, you have the following rights:

     - Request for access to your personal data and information related to their processing and obtain a copy thereof.
     - Request for the rectification of any inaccuracies or any missing personal data of yours.
     - Request for the erasure of your personal data.
     - Request for the restriction of the processing of your personal data in cases explicitly provided for by law.
     - Request for the portability of your personal data to another controller in a structured, commonly used and machine-readable format (eg cd).
     - Object to the processing of your personal data in cases explicitly provided for by law.
     - Object to a decision taken solely on the basis of automated processing, including profiling, which has impact on you or significantly affects you. Any requests relevant to the above are addressed in writing to our contact details mentioned in this Notice.
 
10.2. The Company will respond to any of your requests within one month from their receipt. Upon prior notice, this period may be extended by a further two months if necessary, taking into account the complexity of the request and the number of any other pending requests. In case of rejection of your request, we will provide relevant justification.
 
10.3. If your request does not meet the requirements of applicable law, the Company reserves the right either to: (a) impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or (b) reject your request.
 
10.4. In the event of any violation of your personal data, which may place your rights and freedoms at a high risk, and provided that it does not fall under one of the exceptions expressly provided for by applicable law, we undertake to inform you without undue delay.
 
10.5. If there are any doubts as to the identity of the individual submitting the request, we reserve the right to request the provision of additional information necessary to confirm his / her identity.
 
10.6. If your rights are infringed, we inform you that you have the right to file a complaint with the Greek Data Protection Authority or with any other competent supervisory authority.
 

11. Your Obligations

11.1. By using our Website and by providing your personal data upon your consent, you acknowledge that you are required to state your actual, accurate and complete information requested by the Company. Furthermore, you must inform our Company of any changes to your information so as to ensure it is kept up-to-date and accurate.
 
11.2. If you are found to be in breach of your obligations or if our Company has reasonable suspicion that the information you provide is false or incomplete or in any way contrary to applicable law or this Privacy Notice, we retain the right to reject your application for registration or to suspend or terminate your account immediately without notice. In this case, you have no right to any compensation due to the rejection of your application, or the suspension or termination of your account.
 
11.3. You acknowledge that our Company may delete, cross-check, supplement or modify the information you provide based on information lawfully provided by third parties. In this case, our Company will provide you with relevant notice in compliance with applicable law.
11.4. By using our Website you confirm that you are over sixteen (16) years old. If you are under the age of sixteen (16) you have the obligation to abstain from any use of our Website and from any transfer of your personal data without the consent of the person who exercises your parental responsibility. If you fail to comply with the foregoing obligations, you must immediately notify the Company. In any case, using the Site, you acknowledge that the Company is not responsible for your violation of the obligations mentioned above to the extent that it is unable, even if it makes reasonable efforts, to verify your age or to receive consent from your guardian.
 

12. Cookies

Our Website uses cookies. For more information please review our Cookie Notice https://www.activeholidaysingreece.com/en/cookies/ 
 
13.  Commercial communication
13.1. At the point of filling in the service provision form at our Website as well as the point of providing us your e-mail address, you consent to receive from us commercial/advertising e-mails regarding our services.
 
13.2. This communication will display clearly the identity of our Company and will allow you to object and ask easily and with no charges the termination of such communication.
 
 

14. International Jurisdiction and Applicable law
 

14.1. Any dispute between you and the Company arising from or in relation to the subject matter of this Data Protection Notice shall be governed and construed in accordance with Greek law without reference to its conflict of laws principles and shall be subjected to the exclusive jurisdiction of the competent courts of Athens, Greece.
 
14.2. If a provision of the present Data Protection Notice is canceled by a decision of a competent court as unlawful, invalid or unenforceable, this will not affect the validity and enforceability rest of its provisions, which will remain in full force and will be accordingly applied.
 

15. Contact

For any further request or query about how we use your personal information, you may address us by using the following contact data of our Company:
Gnosis Active Travel – Active Holidays in Greece,
Address : 131 Veikou Str., 11741 Athens, Greece
Telephone: ( 30) 2111833368
email : info@activeholidaysingreece.com 
European Regional Development Fund
Back to top