Greek TravelTellers knows how sensitive your personal information is and we are committed to protecting same and respecting your privacy.
Greek TravelTellers is the data controller of your personal data.
Personal data means any information relating to an identified or identifiable natural person, in accordance with the General Data Protection Regulation (hereinafter referred to as “GDPR”). This may include information such as your name, gender, age, email address, or your phone number. Generally, the type of personal information we collect about you is limited to any information which is necessary to enable the provision of any services you purchase from Greek TravelTellers, such as your travel arrangements and bookings, or to arrange the provision or purchase of ancillary services and/or products on your behalf from 3rd party suppliers, or to provide information about such services.
1. Information we may collect
- Data processing to enable the use of the Website:
When you visit the Website, we may collect information about your computer, including (where available) your IP address, operating system and browser type, for system administration and to report aggregate information. This statistical data about our users’ browsing actions and patterns does not identify any individual.
- Data processing to enable the use of our services:
- We may collect and process some or all of the following personal data that you provide directly when you choose to:
- fill out a form,
- enquire for further information or for our services,
- book or purchase our services,
- contact us via email,
- contact us by phone, or
- subscribe to our newsletter.
You may be asked, as appropriate, to provide your full name, date of birth, age, e-mail address, mailing address, postal or zip code, phone number, the hotel in which you are staying, company name, or position within that company, payment details (such as credit card number, card expiry date, card verification code).
In some circumstances, we may collect personal information about you from a third party. This includes where a person purchases or reserves any service from Greek TravelTellers on your behalf, such as (but not limited to) a family or group reservation, or a reservation made for you by a travel agent. Where this occurs, we will rely on the authority of the person purchasing such service to act on behalf of any other traveler/participant on the reservation.
- Sensitive personal data:
Sometimes we may require that you provide more information (“sensitive personal data”), in order to ensure the safety and/or proper provision of our services. Below is a description of some of the extra information we may require:
Dietary Restrictions / Preferences: we understand that many of you prefer or are required to follow certain diets. We try to accommodate these choices and needs whenever possible. To accomplish this, your dietary preferences need to be recorded. This information is then transferred to our guides to ensure that your requirements can be met.
Health Condition: we may need information about your age, gender and general health so that we can assist in safeguarding your personal health and safety.
We will only collect sensitive information with your explicit consent, when it is reasonably necessary, and in connection with facilitating your request.
- Data Retention Period
Greek TravelTellers retains your information as long as it is necessary and relevant for its operations. In addition, we may retain information from closed accounts to comply with the law, prevent fraud, collect any fees owed, resolve disputes and take other action permitted by law.
- Data collected by third party providers
Greek TravelTellers uses a variety of third party service providers to help us provide our own services. Service providers may be located inside or outside of the European Economic Area (“EEA”). In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, the information collected through such means is disclosed to and gathered directly by these service providers as listed below, and any service provider’s use of such information is subject to the service provider’s privacy policies, and not Greek TravelTellers’. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
• Google, for the use of Gmail Suite where Greek TravelTellers email accounts & files are stored.
• Tawk.to, who provides the messenger and chat widget.
• PayPal and Stripe, as payment processing providers.
• Regiondo, as a booking engine.
2. Tracking technology we may use
Greek TravelTellers uses, or our 3rd party advertising partners use, various tracking technologies, such as cookies, web beacons, tags, scripts, analytics software or other similar technologies, that help us better manage, operate, administer, maintain, develop, analyse and support the Website and the services provided by Greek TravelTellers.
- Facebook Pixel
- Google Analytics
You may refuse to have cookies stored on your device by appropriately configuring your browser or by using a privacy plugin. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en-GB. Further information on the data processing in the context of Google Analytics is available under: https://policies.google.com/privacy?hl=en.
- Google AdWords conversion and remarketing
We also use Google Analytics to evaluate data from the Google services AdWords for statistical purposes. This way, in order to improve our services, we can analyse what happens after a user has clicked on one of our ads, e.g. whether a user has ordered a product or has viewed the ad from a mobile device. Furthermore, you may receive interest-based ads through these services. You can opt-out of such interest-based ads via the Google Ads setting pages: https://adssettings.google.com.
- Google Tag Manager
Generally speaking, cookies are small text files that are placed in your device’s browser, then stored on the device, and that can be used to help recognize that browser across different web pages, websites, and browsing sessions. Cookies can be used to recognise you when you visit the Website, remember your preferences, and give you a personalised experience that’s in line with your settings. Cookies also make your interactions with the Website faster and more secure.
For more information about the cookies we use and how to opt-out please visit our Cookies Notice.
3. Payments on our website
Recognizing the importance of electronic payment security, EveryPay is a licensed Payment Institution by the Bank of Greece (Decision No. 280/3 / 23-7-2018 GG B 3010 / 25-7-2018), and manages securely card payment transactions, in accordance with the regulatory framework of the card transaction security management standard. EveryPay is certified in accordance with the PCI DSS compliance standards. All EveryPay services are made through secure connections with 256bit SSL certificates. EveryPay also supports the ability to use the 3D Secure service, an additional security token for VISA & MasterCard. The Payer then has to enter his personal secret code to complete the transaction successfully.
A PCI-certified auditor has audited Stripe. They are a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they use the best-in-class security tools and practices to maintain a high level of security at Stripe. Stripe forces HTTPS for all services using TLS (SSL), including their public website and the Dashboard to ensure secure connections:
- Stripe.js is served only over TLS.
- Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection.
They regularly audit the details of their implementation, including the certificates they serve, the certificate authorities they use, and the ciphers they support. They use HSTS to ensure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including their API and website.
4. Use of your collected personal data
• process your online requests and bookings/orders and provide you with the requested services and information offered through the Website;
• verify and carry out financial transactions in relation to payments you make;
• audit the downloading of data from the Website;
• improve and customise the Website, our products, services and our business in general, such as by tracking your preferences, history and interactions with the Website;
• identify visitors to the Website;
• carry out data analytics, market research and data enrichment, such as by analysing your preferences, shopping history and interactions with the Website together with data collected from third parties, such as data that you agree to share with us on social networks (e.g., Facebook, Instagram, etc.) and/or that we may collect from publicly accessible databases;
• correspond with you to resolve your queries or complaints; and
• send you marketing communications containing news, information and updates about our products and services, offers, promotions and special events, and other marketing communications that may be of interest to you by SMS, email or telephone), and customise your experience with us to your interests and shopping habits and improving our services, notably via profiling.
Whenever we process your personal data, we act on the basis of a lawful “justification” (or legal basis) for such processing. In the majority of cases, the processing of your personal data will be justified on one of the following bases:
• processing is necessary to perform a contract with you or take steps that you have requested in order to enter into a contract by filling the online booking form (e.g. sale contract);
• processing is necessary for us to comply with a legal obligation;
• processing is in our legitimate interests as a business, and our interests are not overridden by your interests, fundamental rights or freedoms. Our legitimate interests may include our interest in using customer and Website user personal data to conduct and develop our business activities (in cluding by carrying out standard marketing activities), with current and potential customers and Website users; and in establishing, exercising or defending legal claims; or
• processing is based on your prior explicit consent, such as segmented and customised marketing activities. This consent can be expressed by clicking the check box with the consent clause.
5. Disclosure of your personal data
We may disclose your personal data to our service providers who assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in performing other tasks, as appropriate. Furthermore, your personal data may be disclosed to an insurance company affiliated with us to guarantee the safety of our customers during the tours and to the tour guide. In case of wine and gastronomy tours certain categories of your personal data, such as your name and your allergies may be disclosed to the restaurants.
Your personal data will be accessible by authorised personnel of Greek TravelTellers, and service providers acting on our behalf on a need-to-know basis.
Due to the nature of the Greek TravelTellers’ business, for the purposes set out above, we may transfer your personal data to third parties located in other countries outside the EU/EEA, including the USA and other countries that have data protection framework which may be not equivalent to that in your country of residence. In the event your personal information is transferred outside the EU/EEA, Greek TravelTellers undertakes the obligation to ensure that transfers to those countries will be made pursuant to the Standard Contractual Clauses approved by the European Commission or any other safeguards where permissible by the applicable data protection law each time in force, of which you can request a copy via email.
We may also share your personal data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any associated company, in which case personal data held by us about our users may be one of the transferred assets.
We will also respond to requests for personal data where required by to do so by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
We place great importance on the security of all personal data associated with our users. We have adopted security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access. For the best possible protection of your personal data outside the limits of our control, your device should also be protected (such as by installing an updated antivirus system) and your internet service provider should take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
While we take all reasonable steps to protect your personal data, we cannot guarantee that the personal data you disclose to us will be 100% secure, nor that any data breach will not occur.
You accept the inherent security implications of dealing on-line over the Internet and will not hold Greek TravelTellers or their processors responsible for any data breach unless it is due to our gross negligence. In particular, Greek TravelTellers excludes any liability for damage or loss suffered by the Website’s user as a result of the inadequacy, dysfunction or incompatibility of the user’s equipment with the Website and/or failure by the user to implement reasonable and necessary protection against harmful programs, devices or communications.
7. Your rights
Under Data Protection regulations, you have a number of important rights regarding your personal data that you may exercise at any time by contacting us at . These rights are as follows:
• Right of access, rectification and erasure: you have the right to request access to and obtain a copy of any of your personal data that we may hold, to request correction of any inaccurate data relating to you and to request the deletion of your personal data under certain circumstances.
• Right of data portability: under certain conditions, you have the right to receive all such personal data which you have provided to us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
• Right to restriction of processing: you have the right to restrict our processing of your personal data where:
• you contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;
• the processing is unlawful but you do not want us to erase the data;
• we no longer need your personal data for the purposes of the processing, but you require such data for the establishment, exercise or defence of legal claims; or
• you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether we have overriding compelling legitimate grounds to continue processing.
Where personal data is subject to restriction in this way, we will only process it with your consent or for the establishment, exercise or defence of legal claims.
• Right to object to processing justified on legitimate interest grounds: where we are relying upon legitimate interest to process personal data, then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a justification for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Greek TravelTellers will respond to any any appropriate request to access, correct, update or delete your personal information without excessive delay. Before we proceed with any request, we will take steps to verify the identity of the person making the request. We will promptly fulfill your request to delete your personal data unless this data is required to be retained by law. Also, we will not be able to delete information that is required to maintain our business purpose or that is required to facilitate your contract with us.
8. Your consent to provide personal information
9. Other provisions
- Protection of minors
- Links to third party websites
- Newsletter & emails
If you have purchased on the Website, there is a good chance you will receive emails from us. We will only send you emails which you have signed up to receive, or which pertain to the services we provided to you. To send you emails, we use the name and email address you provide us. The Website also logs the IP address you used when you signed up for the service to prevent abuse of the system. No identifiable information is otherwise tracked outside this Website except for the email address.
- Terms of Service
Please also visit our Terms & Conditions section establishing the use, disclaimers, and limitations of liability governing the use of the Website, a link to which can be found at the bottom of this page.