At our company GS Tours Chania Ltd based in Chania, Crete, at 14 Episkopou Chrysanthou Street, we take all necessary measures and comply with all globally accepted regulations and based on international standards, in order to protect the personal data of all interested parties. Personal data is processed in such a way as to ensure that the processing of personal data is always carried out in accordance with the obligations set by the legal framework that governs both the company itself, as well as third parties who may process personal data on behalf of the company.
Taking into account the following legal framework:
- the relevant provisions of the National Law on the Protection of Personal Data and the Safeguarding of the Privacy of Communications (we refer indicatively and not restrictively to Law 2472-1997 on the protection of personal data, Law 3471-2006 on the protection of privacy in the field of electronic communications, as currently in force, the Regulations for the Safeguarding of the Privacy of Communications of the Hellenic Chamber of Commerce as published in Government Gazettes 87 & amp; 88-26-1-2005 and in force, Presidential Decree 47-2005),
- the relevant provisions of Community Law (European General Data Protection Regulation – GDPR – 2016-679).
Here is the personal data processing policy that we process and store in our company:
Type, purpose and methods of acquisition-processing of personal data
The purpose of processing, as well as the way we process the personal data we hold differs depending on the method of collection and the service for which it was requested. There are certain services that GS Tours Chania Ltd will not be able to provide if it does not have certain types of Personal Data, such as, we mention INDICATIVE and NOT RESTRICTIVE:
DATA TYPE
- Personal data, some of which are sensitive concerning:
- Personal information (name, surname, date of birth, nationality, ID number and/or passport)
- Contact details (email address, phone, address),
- Financial and payment details (bank details, credit/debit card numbers, billing details),
- Travel details (destinations, travel dates, reservations)
- Sensitive data (health information, dietary preferences, religious beliefs, travel insurance, family and companion information)
- When you use our website, we also collect information automatically (through cookies or analytics), some of which may constitute personal data. These include data such as language settings, IP address, type of browser used by the user, geolocation, device settings, device operating system, activity data, time of use, status report, user information (information about browser version), browsing result, browsing history, the kind of data you saw. This information is related to traffic and functionality. The purpose is to improve the functionality of the services provided to the public, as well as to analyze the website traffic. Third-party cookie identifiers and trackers analyze user behavior for marketing and retargeting purposes.
We may also collect data through cookies. The cookies used when browsing the website are:
- Strictly necessary cookies. These Cookies play a decisive role in the proper and uninterrupted and secure operation of the website and without them it would not be technically possible to provide its services. For this reason, strictly necessary Cookies are the only ones that cannot be disabled by you.
- Analytics Cookies. These Cookies collect data that is necessary to monitor performance, measure visits, monitor how users access and improve the performance and content of our website. Also marketing cookies for personalized ads and third-party cookies for tools.
The user may voluntarily provide through the website information such as: name, email, telephone, gender, nationality, destination and dates of travel, date of birth, passport/ID number, special requests, home address and payment details in order to make a reservation.
If you are identified as a natural person based on this information, such information is considered personal data, which is subject to this privacy policy.
You can choose which personal information you want to provide to us (if you wish). However, if you choose not to provide certain details, some of your transactions with us may be affected.
PURPOSE OF PROCESSING
The purpose of processing the personal data of our interested parties is to provide the services undertaken by our company, as well as to comply with legal and contractual obligations.
Here are the points at which we will ask for your personal information:
Provision of travel services and customer service: Customers’ personal data is processed in order to carry out the company’s service and to serve all customers according to their needs.
Provision of compensation: we use the personal data of customers to complete and provide the intended compensation of the customers in case of cancellation, errors, breach of contract or cancellation due to e.g. extraordinary circumstances. In addition, for compensation of employees in cases of invalid dismissals, injuries or labor disputes, and compensation of suppliers/partners in cases of breach of contract. Compensation also in case of violation of personal data.
Operational organization of GS Tours Chania Ltd: Your personal information is necessary for working in the company and communication, so that we can provide our services.
Other communications: We may sometimes contact you via email, mail, phone or text message on your mobile phone, depending on the contact information you have shared with us. This can happen for a number of reasons:
- We may need to respond to and manage requests you have made.
- Legal purposes: In some cases, we may need to use your information to manage and resolve legal disputes, for regulatory investigations and compliance.
- Fraud detection and prevention: We may use your personal data to prevent fraud and other illegal or unwanted activities.
If we use automated means of processing personal data, which have legal effects or which significantly affect you, we will take appropriate measures to protect your rights and freedoms, including the right to human intervention.
Lawful grounds for processing the personal data we hold:
We process the personal data you provide and store if we have a legitimate reason.
Lawful grounds for processing your personal data:
- Consent: we use your information to provide you with our services in accordance with the activity of GS Tours Chania Ltd. You can withdraw your consent, at any time, by contacting us at the addresses you will find at the end of this Privacy Policy.
Transmission-sharing of your data:
GS Tours Chania Ltd can transmit your personal data to third parties, if necessary for the implementation of the service we provide to you. Specifically:
- Service providers third parties: we may use service providers to process your personal data on our behalf. This processing is carried out for various purposes such as facilitating payments, sending advertising material, etc. Such providers are bound by confidentiality terms and are not allowed to use your personal data for their own or other purposes.
- Competent authorities (e.g., public, independent, etc.): We disclose personal data to law enforcement authorities and other government authorities to the extent required by law or strictly necessary to prevent, detect, or prosecute criminal offenses and fraud.
Personal data collected through the Company is generally not read in a third country outside the European Union (EU) or the European Economic Area (EEA). However, in the event of a transfer of your personal data to a country outside the European Union (EU) or the European Economic Area (EEA), we will ensure that one of the specific derogations provided for in the GDPR applies.
Storage Time
The period of storage of the data is decided based on the following specific criteria depending on the case:
– When the processing is imposed as an obligation by the provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions impose.
– When the processing is carried out based on a contract and depending on the purpose of the processing, your personal data is stored for as long as is necessary for the performance of the contract, the purpose of the processing and for the establishment, exercise, and-or support of legal claims based on the contract. After the predetermined period has elapsed, the data is deleted from our records.
We will also keep your data for as long as you maintain cooperation with our company and you have not requested its deletion. Your data, which you provide to us for the purpose of providing services to you, will be retained for as long as necessary so that we can continue to provide these services to you. To the extent reasonably necessary or necessary to comply with legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce terms and conditions, we may retain some of your information as required even after your account has expired or no longer need to provide our services to you.
Rights of the subject in relation to his or her personal data
Any natural person whose data is processed by the COMPANY enjoys the following rights:
Right to information:
You have the right to request information regarding the processing of your personal data.
Right of access:
You have the right to know and confirm that your data is being processed in a lawful manner. Therefore, at any time, you have the right to access your data and to request information about its processing and the lawfulness of its processing.
Right to rectification:
You have the right to correct, update or modify your personal data by contacting our company.
Right to erasure:
You have the right to request the erasure of your personal data. You can do this in order to protect your legitimate interests or even without justification. However, there are cases where this right is subject to specific limitations or does not exist, such as: the existence of an ongoing contract, the obligation to process personal data imposed by law, public interest, etc.
Right to restriction of processing:
You have the right to request restriction of the processing of your personal data in the following cases: (a) when you dispute the accuracy of your personal data and until it has been verified, (b) when you object to the erasure of personal data and request that its use be restricted instead of erasure, (c) when your personal data is not needed for the purposes of processing; They are, however, necessary for the establishment, exercise, support of legal claims, and (d) when you object to the processing and until it is verified that there are legitimate grounds concerning us that override the reasons why you object to the processing.
Right to object to processing:
You have the right to object at any time to the processing of your personal data, even in cases where, as described above, this is necessary for the purposes of legitimate interests pursued by us as controllers, as well as to the processing for the purposes of direct marketing and profiling.
Right to portability/transfer:
You have the right to receive your personal data free of charge in a format that allows you to access, use and process it using commonly used processing methods. You also have the right to ask us, if technically feasible, to transfer the data directly to another controller. This right applies to data that you have provided to us electronically and that are processed by automated means on the basis of your consent or in the performance of a relevant contract.
Right to withdraw consent:
GS Tours Chania Ltd informs you that as long as the processing is based on your consent, you have the right to freely withdraw it, but without affecting the lawfulness of the processing based on it before you revoked it.
Right to complain to the DPA
You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr)
Call Center: (+30) 210 6475600,
Submission methods:
- Postal Service: 1-3 Kifissias Avenue, 115 23 Athens
- In-person submission at the Authority’s offices (1st floor). Opening hours at the Protocol Office: 09:00 – 13:00.
- Email: [email protected]
Electronically through the web portal by filling in an online form: https://www.dpa.gr/el/syndesi/prosvasi
Statements
- COMPLIANCE WITH LEGISLATION
The Provider must act in full compliance with applicable local, national and international laws and regulations in all locations where it conducts its business activities. In addition to complying with applicable laws and regulations, providers are expected to act in accordance with high standards of business ethics and this Code.
- HUMAN RIGHTS
The Provider conducts its business activities in a manner that supports and respects the protection of internationally recognized human rights and must ensure that it is not complicit in human rights violations.
- CHILD OR FORCED LABOR
The Provider must not use any form of forced labor. The use of workers under the legal working age in the jurisdiction where the work is performed is prohibited.
- RESPECT and DIGNITY
The Provider must treat its employees with respect and dignity. The Provider must not accept any form of harassment, violence or verbal abuse of its employees. The Provider must not discriminate against employees in hiring, promotion, or salary on the basis of race, color, gender, religion, national or ethnic origin, age, sexual orientation, parental or marital status, etc.
- HEALTH & SAFETY
The Provider must provide its people with a safe and healthy working environment in compliance with all applicable laws and regulations. Providers must ensure that appropriate health and safety information is provided to their employees, subcontractors and contractors and that appropriate training and protective equipment is provided.
- ENVIRONMENT
The Provider must support a proactive approach to environmental challenges and take initiatives to promote greater environmental responsibility and encourage the development and dissemination of environmentally friendly technologies. The Provider shall seek to minimise its impact on the environment through energy savings, recycling and appropriate waste disposal.
- PRIVACY & DATA PROTECTION
The Provider agrees to comply, as applicable, with all European Union legislation and all other applicable national, regional or international directives, laws and regulations related to privacy and data protection when processing Personal Data. The Provider must inform in writing of the locations where the Personal Data is processed. The Provider must not, and must ensure that its subcontractors are not, process Personal Data in a country outside the European Economic Area without prior written approval. The Provider must keep the Personal Data confidential, has no rights to the Personal Data and, unless specifically agreed otherwise in writing or unless agreed herein, must not give access, disclose or transfer Personal Data, in whole or in part, to any third party during or after the expiration of the Agreement. The Provider must not use the Personal Data for any purpose other than the provision of the Services. After the expiration or expiration of the Agreement, the Provider must retain all available Personal Data for one (1) month after the expiration or expiration of the Agreement. Upon termination or termination of the Agreement, Provider must provide a complete and up-to-date copy of all Personal Data, including any backups thereof, in such form as may be requested. After the aforementioned period, the Provider shall, and must ensure that its subcontractors must, destroy all Personal Data in tangible form and permanently delete all Personal Data from all computer hardware, including storage media, and the software used by the Provider to process the Personal Data and must confirm in writing that this has been done. The Provider may not assign to third parties, including, but not limited to, subcontractors, for the processing of Personal Data, unless prior written approval has been obtained from the Data Controller.
- MONITORING AND COMPLIANCE
Providers are expected to have management practices in place that ensure compliance with applicable laws and regulations and identify and mitigate risks associated with the principles of this Code. Customers may request information from the Provider on matters covered by this Code and reserve the right to audit the Provider’s activities relevant to this Code, either on their own or by an accredited third-party auditor, as well as to review and verify the implementation of corrective actions throughout the supply chain. If the Provider has materially breached this Code, the agreement shall be terminated with immediate effect.
This document was last updated on February 05, 2025
Issue date : January 2009. GS Tours Chania Ltd
Episkopou Chrysanthou 14 Str. 73100 Chania, Crete, Greece
Greek Tourism Organization –
Registered Number : 1042E60000057100
Copyright © 2025