THE GENERAL DATA PROTECTION REGULATION (GDPR) BY BLUE & WHITE TRAVEL
PRIVACY AND PERSONAL DATA PROTECTION POLICY
INTRODUCTION
Privacy and protection of personal information and data are very important to us for all our customers. Below, read how we process and protect your data, how we use your information, and how we protect your privacy. Any information which is provided by you to “Blue & White Travel” will be treated following the terms of the EU 2016/679 General Data Protection Regulation (GDPR), Data Protection Acts, Ν. 2472/1997 and Π.Δ. 207/1998 and 79/2000 art. 8 of Ν. 2819/2000 (Greek government) as well as the European Union directive 95/46/EU and 97/66/EU and/or such amending or replacement legislation as may be adopted in Greece from time to time.
Personal Data Controller and Data Protection Officer
Ilia Stella tou Spirou 6 str Aristeidou, Piraeus 18531+30210 4112100 booking@blueandwhite.gr
PRIVACY, CONFIDENTIALITY, AND PERSONAL DATA PROTECTION “Blue & White Travel” respects the personal data of our clients, partners, and employees. In the text that follows, we describe, simply and clearly, how we process your personal data which we either collect from you or you give to us. Please read carefully the following information (hereinafter: “Declaration”) to get informed about the way that we collect, store, use, transfer and protect the personal data we receive from you:
In General:
“Blue & White Travel” collects and stores only and exclusively the personal data that you notify via insertion of the obligatory personal information in the relevant fields or/and via your answers within the framework of specific actions conducted by “Blue & White Travel”. You may participate voluntarily and the requested data are only the ones necessary for the company’s proper operation.
“Blue & White Travel” collects only the personal data that are offered voluntarily by you to serve you in the best possible way. When additional, optional data are requested, you will be informed accordingly at the time of their collection.
because of our obligation to safeguard and protect its members and subscribers’ data, “Blue & White Travel” is bound to protect and use properly such data (hereinafter “personal data”) that are being collected through its Sites. During the process of your registration as a user and subscriber to our newsletter, we collect and process part or all the following personal data: Name – Surname, Gender, Age, Place of Birth, Place of Residence, Family Status, Studies, Professional Experience.
More specifically: A. Collection of your personal data takes place only if you choose voluntarily to provide them – for example, in case you register to our Sites or our newsletter. Our ability to effectively communicate with you is necessary to obtain your written consent and continue sending you our newsletter. Consequently, it is necessary, during your registration, to provide us with the true personal data that will be requested of you. During your registration for the services offered via our Sites, you consent also to the storing and use of your personal data, following this Declaration. We are allowed to process your personal data, to offer personalized services, according to law and according to our contractual obligations to you and the legitimate interests of our company (articles 6, lit. 1c, lit. 1b and lit. 1f) of Regulation (EU) 2016/679). Your personal data are not used for purposes other than the ones described in this Declaration, unless we receive your prior consent, or if such use is obligatory or permissible by law.
The purpose of the collection, use, and process of your personal data is (a) the offering of the services that you request through our Sites, for of receipt of which is required your data’s use or/and process (e.g. sending newsletter to your email), (b) your best update and facilitation in your browsing, through a listing of your personal preferences in your profile.
B. Your rights regarding the processing of your personal data The personal data that you make known to “Blue & White Travel” through its Sites, either during your registration or at a later stage, are collected and used following the legislation in place, relating to the protection of personal data; more specifically, following the new European General Data Protection Regulation (EU) 2016/679 as well as the rest of the applicable legislation on personal data protection. More specifically, you have the following rights:
• Right to erasure of your personal data: Following your relevant request, we will erase the personal data that we have of you. However, some data will only be erased following a specific detention period, for example, in some instances, we are obliged by law to preserve the data or because such data are required for the completion of our contractual obligations towards you.
• Right to object against the processing of your data: You may, at any time, object against the processing of your personal data, in the future. If you object, we will stop processing your data, unless there are legitimate grounds for their further processing. Processing of your data for marketing reasons does not constitute a legitimate ground.
• Right to complain about a supervisory authority.
• Right to ask for the restriction of the processing of your personal data.
• Right to be informed about your personal data: Following a relevant request from your end, we will provide you with information regarding the personal data we have of you.
• Right to rectification of your personal data: If you notify us accordingly, we will rectify any inaccurate personal data relevant to you. We will complete incomplete data since you inform us respectively, subject that this is necessary for your data process.
• Right to revoke your consent: You may, at any time, revoke your consent for the process of your personal data in the future. The legality of processing your data before this point will not be affected by this.
If you exercise one of these rights, we will take all reasonable steps to satisfy your request within a reasonable time and at most within one (1) month from the submission of your request. We will inform you in writing about the course of your request, or the reasons why they may impede the exercise of the right in question, and/or the satisfaction of one or more of your rights, following the GDPR. Please note that in some cases it may not be possible to meet your relevant requests, such as when the fulfillment of the right is contrary to a legal obligation or impedes a contractual legal basis for processing your data.
However, if you believe that a right or a legal obligation of our Company regarding the protection of your Personal Data is violated, and having previously contacted the Data Protection Officer of our Company (DPO) for the matter, you have exercised your rights to the Company and or you did not receive a response within one month (extending the deadline to two months in case of a complex request), or you believe that the response you received from the Company is not satisfactory and your issue has not been resolved, you may complain about the competent supervisory authority, Personal Data Protection Authority, 6 str Aristeidou , TK 18531 Piraeus, email: complaints@dpa.gr,