Privacy Policy

Cretan Odyssey takes the protection of your personal data as the Data Controller very seriously. We treat your personal data confidentially and in accordance with the provisions of data protection law. This privacy statement informs you about how, to what extent and for what purposes we process the personal data of customers using the Cretan Odyssey website.

SUBJECT OF DATA PROTECTION

Subject of data protection is personal data. Data is personal if it can be assigned to an identified or identifiable natural person. This includes information such as names, addresses, email addresses and telephone numbers.

COLLECTION, PROCESSING AND USE OF PERSONAL DATA ON REQUEST

The use of our website is generally possible without providing personal data. You are neither obliged to visit this website nor to provide any personal data. If you do not provide us with personal data, you might not be able to use the individual functionalities of this website. Otherwise, there will be no consequences for you. The collection of users’ personal data on our site is always on a voluntary basis, except in the cases described in the following. We would like to point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.

We collect, process and use your personal data, which you have provided us with when booking or registering an account for our member area, to the extent necessary in each case for the following purposes:

1. Registration and execution of the contract

» Data that you provide when setting up an account, such as your name, email address, telephone number, mobile phone number, address and data which will be provided depending on the service you use

» We collect, process and use transaction data regarding your activities on the websites (e.g. purchases, content that you generate or that relates to your account)

» Billing and other data you provide for the purchase

» Data collected in the context of reviews, chats and correspondence on the website or by email, fax and post

» Other personal data that we may ask you to provide for special purposes

» If you voluntarily provide us with additional personal data during registration, this data will also be used for the implementation of the usage relationship.

2. Contact establishment

If you provide us with personal data for the purpose of contacting us, this data will be used by us as this is necessary for the purpose of the respective communication.

3. Marketing and Opinion Research

3.1 Cretan Odyssey may process and use your personal data for marketing and opinion research purposes, e.g. to send emails with general information or of an advertising nature (newsletter), on the basis of the declaration of consent you have given us. You can revoke the declarations of consent granted to us in this regard at any time with effect for the future.

3.2 In addition to that, if you are already our customer, we may send emails of an advertising nature regarding products similar to the ones you already booked, on the basis of Cretan Odyssey’s, legitimate interest. You can opt-out of receiving these emails at the moment of booking or at any time after that.

3.3 If you wish to revoke your declaration of consent to receiving e-mails from us (3.1) or wish to opt-out (3.2), please follow the instructions contained in an applicable email you receive from us in order to revoke your consent or opt-out. In that case, you will no longer receive these types of email communications from us (after a short period in which your revocation or opt-out is technically processed). In addition, you can object to the use of your personal data for marketing purposes based on legitimate interests, e.g. in case of marketing e-mails to existing customers (3.2) or in case of postal marketing measures. In both cases, an email to the following address is sufficient: info@cretanodyssey.gr

Exercising your right to revoke consent, to opt-out or to object against the use of your data for marketing purposes is free of charge.

4. Information you provide to Payment Processors

All payments made are processed by a PCI/DSS-compliant (these are payment card industry security standards) payment processing service engaged by us. All information collected by these third-party providers for purposes of processing your payments is not available to us unless you have otherwise provided this in-formation to us in connection with your use of the Websites or our products and services.

5. Aggregate Information

We may share your information with affiliated or unaffiliated third parties on an anonymous, aggregate basis. While this information will not identify you personally, in some instances these third parties may be able to combine this aggregate information with other data they have about you, or that they receive from third parties, in a manner that allows them to identify you personally.

6. People who have access to the Data

Persons belonging to the following categories are authorized to process User Data: technical and administrative staff, as well as other staff members who have to process the Data for the performance of their duties.

With regard to the transfer of Data outside the EU, even in countries whose laws do not guarantee the same level of Privacy as that provided by EU law, the Data Controller informs that the transfer will in any case be made in accordance with the methods allowed by GDPR, for example based on user consent, on the basis of the standard contractual clauses approved by the European Commission, selecting parties participating in international programs for the free movement of data or implemented in countries that are considered safe by the European Commission.

DATA PROCESSING TO ENABLE THE USE OF THE WEBSITE

When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data about the start, end, and subject of your use of the website as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to users’ preferences. This data is always deleted as soon as it is no longer required and if there are no storage obligations. For information on the processing of pseudonymous usage profiles, see item VII.

DATA COLLECTED FROM OTHER SOURCES

We may obtain additional information about you from third parties to supplement our account information to the extent permitted by law. This includes demographic and navigation data, credit check data and other information from credit agencies, to the extent permitted by law.

Passengers' Name List:

Please be advised that following the compliance of our National Legislation with the relevant European Directive, the following details are required for issuing ferry tickets:

-Last name

-First Name (Written in Full)

-Sex

-Nationality

-Date of Birth (Full)

Please state your phone number so you can be easily informed in case of a trip cancellation due to force majeure or schedule modifications. It is also necessary providing to the ticketing agency, information about people who may need special care or assistance in an emergency.

The above was based on Presidential Decree 102/2019 (A ‘182) and the amendments made to the provisions of Presidential Decree 23/1993, “about the registration of persons traveling by passenger ships traveling to or from Greek ports” “, In accordance with Directive 98/41 / EC / 1998.