PRIVACY POLICY

​This website of Cretan Daily Cruises, recognizes and respects the right to protection of personal data of internet users, in accordance with European Regulation 2016/679 and Law 4624/2019. This policy text describes the collection and processing of user data when visiting or using the services provided by our Websites. The visitor of our Websites and / or user of our services must carefully read the terms and conditions of protection of his personal information mentioned here

Editor
Managed by Cretan Daily Cruises:
HEAD OFFICES & TICKETS
Iroon Polytechniou 226 - Pyrgos Kissamos, Chania Crete Post Code 73400
Tel. 28220 - 22888/83310/24344, Fax 28220 - 83321/83316
email: info@cretandailycruises.com

KEY DEFINITIONS


What is personal data

Personal data is any information that concerns an identified or identifiable natural person ("data subject"), such as name, e-mail address, VAT number, etc. Identifiable is defined as a natural person whose identity can be verified, directly or indirectly, in particular by reference to an identifier, such as name, identity number, location data, online identifier (IP address, e- mail, etc.) or one or more factors that characterize his physical, physiological, genetic, psychological, economic, cultural or social identity.

What is special category data

Specific categories of personal data are personal data that do not reveal racial or ethnic origin, political beliefs, religious or philosophical beliefs or trade union affiliation, or the processing of genetic, biometric data for the purpose of identification of a person, data relating to health or data relating to the sexual life of a natural person or sexual orientation.

What is personal data processing?

Processing of personal data is any act or series of operations performed with or without the use of automated means, on personal data, such as the collection, registration, organization, structure, storage, adaptation, modification, retrieval, retrieval of information, use, transmission to dissemination, correlation, combination, restriction, deletion and destruction of personal data.

What is the controller

The controller is the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and the manner of processing personal data,

What is performing the editing

The process is performed by the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller,

What is the recipient

The recipient is the natural or legal person, public authority, service or other body to which the personal data is disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigation under Union or Member State law shall not be considered as recipients. The processing of such data by these public authorities shall be carried out in accordance with the applicable data protection rules according to the purposes of the processing,

What is the consent of the data subject

The consent of the data subject is any indication of will, free, specific, explicit and fully aware, by which the data subject expresses his / her agreement, by a statement or by a clear positive action, to process the personal data concerning it.

Purpose of processing your personal data

The company collects and processes personal data of passengers and visitors of the websites for the following purposes and only to the extent absolutely necessary for the effective service of these purposes. These data are always relevant, relevant and not more than what is required in view of the following purposes, and are inaccurate and, if necessary, are updated and updated.
The purposes of processing your data are:

  • booking tickets for cruises,
  • information and participation in events-actions organized by our company,
  • communication with the company and
  • the collection of data in the context of the instructions of the Greek Authorities for dealing with the spread of COVID-19.

In particular, the collection and processing of personal data is based on the following legal bases:

  • In order for the company to comply with its legal obligation in the field of public health, such as protection against serious cross-border health threats (Completion of a passenger health questionnaire.
  • processing is necessary for the purposes of the legitimate interests pursued by the controller (information and communication)
  • processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of a contract (ticket reservation)

Collection of data during your navigation on our website

When visiting and navigating the Company's Websites, the user's network protocol address is automatically recorded, which are used exclusively and only for statistical purposes of traffic in the web presentation. In addition, cookies are collected for the purpose of authenticating your information when buying tickets and for the purpose of marketing. In the latter case (cookies for marketing purposes) information is collected for the processing of which you have consented. You can find out more details in the Cookies Policy.
We provide the possibility of communication, by sending comments through a contact form, in which the name, e-mail address and telephone number of the user who wishes to contact us are registered.
You can make ticket reservations through our websites. For this reason we process your data First name, Last name, EMAIL and Mobile number.
We collect your health data on the website. For this reason, a specially designed questionnaire is included to deal with the spread of COVID-19.

Data transfers outside the EU

The personal data of the visitors and / or users of our Website services are transmitted outside the EU through the Google file base application. This application helps us to provide you with the possibility of booking tickets through our website. The transfer of your data is necessary for the execution of a contract between the company and the passengers or in a pre-contractual phase upon your request.
For more information on the Google Privacy Policy, please visit https://policies.google.com/privacy?hl=en-US

Recipients of the data

Your health data is transmitted to EODDY only under the strict conditions of the relevant regulations of the Legislative Content Acts regarding the urgent measures to address the need to limit the spread of COVID-19 coronavirus and these implementing ministerial decisions.

Data retention time

The personal data concerning the visitors of the Website and / or users of our electronic services are collected and kept for the absolutely necessary time and then are deleted. In particular, data from visits are automatically deleted after six months and contact details, unless otherwise specified by law.

Data Security

To protect the personal data of users and visitors of our Website we use secure connection (https: //) and data security measures to prevent the risk of loss, misuse, unauthorized access and disclosure of your personal information.

Your rights

With regard to the protection of personal data concerning you, you have the following rights:
1) the right of access, ie the right to be informed if personal data concerning you are being processed;
2) the right to rectify, ie the right to demand the correction of inaccurate personal data;
3) the right to delete, ie the right to request the deletion of personal data concerning you;
4) right to restrict processing when the accuracy of the data is disputed, is illegal or for other reasons;
5) the right to portability, ie the right to request to receive the data relating to you in a structured, commonly used and machine-readable format, as well as to transfer this data to another e-processor; and
6) the right to object to the processing of your personal data, unless there are compelling and legitimate reasons for the processing which outweigh your interests, rights and freedoms.

For the exercise of your rights, under the restrictions of the current legislation (articles 17 par. 3 item bd, 20 par. 3 and 23 of Regulation 2016/679), you can contact the company, at the above contact details.

Right of termination

According to Regulation no. 679/2016, you have the right, if you consider that your rights regarding the protection of your personal data are violated, to file a complaint to the Personal Data Protection Authority of Character, which is based in Athens (1-3 Kifissias, PC 115 23) and by phone 2106475600 and fax 2106475628 or by e-mail complaints@dpa.gr