Our Company ("we" or "us") is committed
to protecting the information that you share with us online, using our Website.
We treat the personal data you give to us with care and transparency, acting
according to the European Regulation 2016/679 (GDPR) on the protection of
the personal data and on the free movement of such data and the Greek
We encourage you to read this Privacy Notice carefully when using our
website or services or transacting business with us. By reading this Privacy
Notice, the user is hereby informed on how we collect, process and protect
personal data furnished through our website at
By accessing, browsing and using our website, you confirm that you accept
including any orders you place, is governed by our Terms and Conditions and
important terms which apply to you.
Who are we?
The data controller of our Sites is Chatzi Maria, Travel Agency Personal
Company, based in the Shopping Centre Epsilon in Faliraki, Rhodes. We
are authorized by the Greek National Tourism Organization (EOT) with a
registry Number ΜΗ.Τ.Ε 11/43/E/60/00/00269/0/0. If you have any
questions about how we treat your personal data, please contact us via email
Linked services, third party sites and content
Our website may, from time to time, contain links to other websites which are
outside of our control and are not covered by this Policy. We do not own,
operate or control the websites of those third parties and as a result we do not
accept any responsibility or liability for other sites’ privacy policies. If you
access other websites using the links provided, we encourage you to check
their policies before submitting any personal information.
What kind of personal data we collect and how we use it?
When you visit our website, we may collect:
Information such as your computer’s IP address, browser type and version
and anonymous information collected from cookies when you are browsing
our website. We collect this information to help us understand how to improve
our services and our website and its content. We have a legitimate business
interest for this processing: to ensure that our website is operating effectively
and to provide you with great services and user experience;
We may collect information such as your name surname, email address and
voluntarily your phone in case you choose to communicate with us using our
website's contact form.
Personal information such as your email address and your credit card details
(name surname of the card holder, credit card number, ccv, expiry date) will
be provided by you when you use our online booking platform to place an
order with us and enter your payment card details. We collect this information
for the following reasons:
- To process your order. We engage PAYPAL as a third party processor to
process the payment of your order online. We collect this information to
perform a contract with you and, if you fail to give us the information that we
request, then we may not be able to provide the requested service. If you
consent to them doing so, the third party processor (PAYPAL) may store your
payment card details to speed up your transaction time.
- We have a legitimate business interest to collect this information: to continue
to improve the services we provide to you, for statistical purposes, for better
user experience and to answer to your questions and requests.
- To ensure you receive marketing and offers that are of most interest and
relevance to you. To help us achieve this, we may share your data with third
party analytics companies to understand your purchasing options. We have a
legitimate business interest to collect this information: to get to know your
preferences and to personalise our offers to you to improve the marketing you
receive from us.
Who do we share your info with?
We may share your personal information with a payment processor such as
PAYPAL in order to provide you our online booking services. We have a
legitimate business interest to do this and it is also necessary to perform the
contract with you.
We may also share your information with data analysis companies to perform
services on our behalf (such as, for example, Google, loadbalancer etc) who
will only be permitted to use your personal information for the purpose of
performing that particular function strictly in accordance with our instructions
and not for any other purpose.
In some circumstances, we may have to disclose your personal information by
law, because a court or the police or other legal or regulatory enforcement
agency has asked us for it and we are obliged to obey.
We require all third parties that we work with to treat your personal information
as confidential and to fully comply with all applicable data protection and
that is sent to your computer by a website and automatically saved on your
computer by your web browser (e.g. "Internet Explorer"). Each time you
request a page from the website, your web browser sends this cookie back to
the website server.
You are not obliged to accept cookies. If you wish, you can set your browser
to notify you before you receive a cookie so you have the chance to accept it
and you can also set your browser to refuse to receive or send all cookies.
The website contains step-by-step guidance on
how cookies can be switched off by users.
Data Transfers outside the EEA
We do not transfer the data we collect from you to countries outside the
European Economic Area ("EEA").
The data may exclusively be processed by PAYPAL operating outside the
EEA engaged in the processing of your payment details. By submitting your
personal data, you agree to this transfer, storing or processing. We will take
all steps reasonably necessary to ensure that your data is treated securely
In case we may need for some reason to transfer such data, we will only
transfer such data in countries that satisfy the adequate or comparable levels
of protection in order to protect personal data held in that jurisdiction, and
(where we are required to do so) solely under your consent.
Unfortunately, the transmission of information via the internet is not
completely secure. Although we will do our best to protect your personal data,
we cannot guarantee the security of any data transmitted to our website and
any transmission is at your own risk.
Special categories of personal data
We do not collect sensitive personal data, unless you provide us them along
with an explicit consent for every related purpose of processing.
At , it is not part of our policy to seek or
obtain personal data directly from minors (i.e. under the age of 18) without
their parental or legal guardian’s consent. However, as it is impossible to
always determine the age of persons who access and use our website, we
encourage parents or guardians to contact us if they notice any case of
unauthorized data provision by minors in order to exercise accordingly their
rights such as deletion of their data
How long do we keep your personal data?
We will maintain Personal Information for as long as we are required to do so
by applicable law(s), or for as long as necessary for the purpose(s) for the
reason for doing so. We will delete Personal Information when it is no longer
needed and/or take steps to properly anonymize it so that you can no longer
be identified from it (unless we need to keep your information to comply with
legal or regulatory obligations to which we are subject) and, in any case, upon
expiration of the maximum storage term set forth by applicable law.
In any case we do not store the personal data we collected from you in order
to answer to your questions or requests or after the provision of our services
for more than 3 months.
You, the user, as a data subject, have a number of rights.
access your personal data stored at any time and get a copy of this
information. Furthermore, the data subject can have access to the following
· the purposes of the processing;
· the categories of personal data concerned;
· the recipients or categories of recipients to whom the personal data have
been or will be disclosed, in particular recipients in third countries or
· where possible, the envisaged period for which the personal data will be
stored, or, if not possible, the criteria used to determine that period;
· the existence of the right to request from the controller rectification or
erasure of personal data, or restriction of processing of personal data
concerning the data subject, or to object to such processing;
· the existence of the right to lodge a complaint with a supervisory authority;
· where the personal data are not collected from the data subject, any
available information as to their source;
· the existence of automated decision-making, including profiling, referred to
in Article 22(1) and (4) of the GDPR and, at least in those cases,
meaningful information about the logic involved, as well as the significance
and envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have a right to obtain information as to
whether personal data are transferred to a third country or to an international
organisation. Where this is the case, the data subject shall have the right to
be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may
at any time contact our lawyer or contact our company at
require us to rectify, inaccurate, incorrect or incomplete data; (right to
obtain from us the erasure or the limitation of the data processing, for
example where the data is no longer necessary for the purposes of
processing; (right to be forgotten and the right to restriction of
· receive your Personal Information, which you have provided to us, in a
structured, commonly used and machine-readable format, and you have
the right to transmit that data to another entity without limitation. (right to
object to the processing of your data where we are relying on our legitimate
interests as the legal ground for processing. (right to object)
If you would like to exercise any of these rights, please contact our company
If you think any information we have about you is incorrect or incomplete,
please write to us or email us and we will correct or update any information as
soon as possible. If you believe that our company has not complied with your
data protection rights, you can file a complaint to the Greek Data Protection
We may link to other websites which are not within our control. Once you
have left our website, we cannot be responsible for the protection and privacy
of any information which you provide. You should exercise caution and look at
the privacy statement applicable to the website in question.
Social media login
Our websites and apps provide plug-ins to social media websites, including
Facebook, Youtube and Instagram.
If you make use of, or log-in to, the social media features on our websites or
apps, we may (depending on your privacy settings) access, use and store
information about you, including, but not limited to: your name, e-mail
address, gender, location, profile, picture, contacts, and any other information
you have chosen to make available.
To find out more about the reasons and extent to which social media sites
collect and process your data, or to change your privacy settings, please refer
Our company has taken the necessary technical and organisational
measures to protect the personal data provided by you against loss,
destruction, manipulation and unauthorised access. Our employees and
all persons involved in data processing are obliged to comply with the
data protection laws and to treat personal data confidentially. Our
employees have been trained accordingly.
We use a secure online transmission procedure, the so-called "Secure
Socket Layer" (SSL) transmission, to protect the personal data of our
users. You can see this from the fact that an "s" (https://) is added to the
address component http://. The SSL encryption guarantees that your
data is transmitted in an encrypted and complete way.
appropriate, notified to you by email. Please check back frequently to see any
Your continued use of our website after the updates to this Policy is deemed
acceptance of those changes. If any proposed change is unacceptable to you,
you may request that we remove your personal data (and/or that of other
individuals for whom you made your travel reservations) from our records.
If you would like to get in touch with us, please contact:
Shopping Center Epsilon
tel. +30 6945370301