Our Company ("we" or "us") is committed to
protecting the information that you share with us online, using our Website.
We treat the personal data you give to us with care and transparency, acting
according to the European Regulation 2016/679 (GDPR) on the protection of
the personal data and on the free movement of such data and the Greek
We encourage you to read this Privacy Notice carefully when using our
website or services or transacting business with us. By reading this Privacy
Notice, the user is hereby informed on how we collect, process and protect
personal data furnished through our website at
By accessing, browsing and using our website (including sub-sites and
including text, images, videos, software, products, services and other
information contained in or presented on the website; all together the
website. Your use of our Sites, including any orders you place, is governed by
these, as they include important terms which apply to you.
Who are we?
The data controller of our Sites is based Stergos Giannikos Personal
Company, touristic boat services, based in Alikarnassou no.4, Rhodes. If you
have any questions about how we treat your personal data, please contact us
via email to
The use of our website is possible without providing personal data. You are
neither obliged to visit this website nor to provide any personal data. If you do
not provide us with personal data, you might not be able to use individual
functionalities of this website, such as our online booking platform. Otherwise
there will be no consequences for you. The collection of users’ personal data
on our site is always on a voluntary basis, except in the cases described in
We would like to point out that data transmission over the Internet (e.g.
communication by email) can have security gaps. A complete protection of
data against access by third parties is not possible.
We collect, process and use your personal data, which you have provided us
with when booking or communicating with us to the extent necessary in each
case for the following purposes:
1. Reservations and execution of the contract of services
- We collect, process and use transaction data regarding your activities on the
websites (e.g. purchases, content that you generate or that relates to your
- Billing and other data you provide for the purchase (credit card details)
- Data collected in the context of reviews and correspondence on the website
or by email, fax and post
- Other personal data that we may ask you to provide for special purposes
(any disabilities or phobias)
- If you voluntarily provide us with additional personal data during
reservation, this data will also be used for the implementation of the usage
2. Contact establishment
If you provide us with personal data for the purpose of contacting us, such as
your name/surname, email address and message, this data will be used by us
as this is necessary for the purpose of the respective communication.
3. Information you provide to Payment Processors
All payments made are processed by a PCI/DSS-compliant (these are
payment card industry security standards) payment processing service
engaged by us, for example PAYPAL. All information collected by these third-
party providers for purposes of processing your payments is not available to
us unless you have otherwise provided this information to us in connection
with your use of the Website or our products and services.
Data Processing to enable the use of the Website
When you visit our website, we collect the necessary data to enable you to
use it (usage data). This includes your IP address and data about the start,
end and subject of your use of the website as well as any identification data
(e.g. your login data when you log into a secure area). This data is used to
provide and design the service according to users’ preference. This data is
always deleted as soon as it is no longer required and if there are no storage
Linked services, third party sites and content
Our website may, from time to time, contain links to other websites which are
outside of our control and are not covered by this Policy. We do not own,
operate or control the websites of those third parties and as a result we do not
accept any responsibility or liability for other sites’ privacy policies. If you
access other websites using the links provided, we encourage you to check
their policies before submitting any personal information.
Legal Basis for data processing
If you reside within the European Economic Area (EEA), our processing of
your personal information will be legitimized as follows:
- Whenever we require your consent for the processing of your personal
information such processing will be justified pursuant to Article 6(1) lit. (a) of
the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article
in the GDPR describes when processing can be done lawfully.
- If the processing of your personal data is necessary for the performance of a
contract between you and our company or for taking any pre-contractual steps
upon your request, such processing will be based on GDPR Article 6(1) lit.
(b).”). If this data is not processed, our company will not be able or obliged to
execute the contract with you.
- Where the processing is necessary for us to comply with a legal obligation,
we will process your information on basis of GDPR Article 6(1) lit. (c), for
example complying in the fields of employment law.
- And where the processing is necessary for the purposes of our company’s
legitimate interests, such processing will be made in accordance with
GDPR Article 6(1) lit. (f), for example to communicate with you or detect
- We may share your personal information with a payment processor such as
PAYPAL in order to provide you our online booking services. We have a
legitimate business interest to do this and it is also necessary to perform
the contract with you.
In some circumstances, we may have to disclose your personal information by
law, because a court or the police or other legal or regulatory enforcement
agency has asked us for it and we are obliged to obey.
We require all third parties that we work with to treat your personal information
as confidential and to fully comply with all applicable data protection and
that is sent to your computer by a website and automatically saved on your
computer by your web browser (e.g. "Internet Explorer"). Each time you
request a page from the website, your web browser sends this cookie back to
the website server.
You are not obliged to accept cookies. If you wish, you can set your browser
to notify you before you receive a cookie so you have the chance to accept it
and you can also set your browser to refuse to receive or send all cookies.
The website contains step-by-step guidance on
how cookies can be switched off by users.
Data Transfers outside the EEA
We do not transfer the data we collect from you to countries outside the
European Economic Area ("EEA").
The data may exclusively be processed by PAYPAL operating outside the
EEA engaged in the processing of your payment details. By submitting your
personal data, you agree to this transfer, storing or processing. We will take
all steps reasonably necessary to ensure that your data is treated securely
In case we may need for some reason to transfer such data, we will only
transfer such data in countries that satisfy the adequate or comparable levels
of protection in order to protect personal data held in that jurisdiction, and
(where we are required to do so) solely under your consent.
Unfortunately, the transmission of information via the internet is not
completely secure. Although we will do our best to protect your personal data,
we cannot guarantee the security of any data transmitted to our website and
any transmission is at your own risk.
Special categories of personal data
We do not collect sensitive personal data, unless you provide us them along
with an explicit consent for every related purpose of processing.
At , it is not part of our policy to seek or
obtain personal data directly from minors (i.e. under the age of 18) without
their parental or legal guardian’s consent. However, as it is impossible to
always determine the age of persons who access and use our website, we
encourage parents or guardians to contact us if they notice any case of
unauthorized data provision by minors in order to exercise accordingly their
rights such as deletion of their data
How long do we keep your personal data?
We will maintain Personal Information for as long as we are required to do so
by applicable law(s), or for as long as necessary for the purpose(s) for the
reason for doing so. We will delete Personal Information when it is no longer
needed and/or take steps to properly anonymize it so that you can no longer
be identified from it (unless we need to keep your information to comply with
legal or regulatory obligations to which we are subject) and, in any case, upon
expiration of the maximum storage term set forth by applicable law.
In any case we do not store the personal data we collected from you in order
to answer to your questions or requests or after the provision of our services
for more than 3 months.
You, the user, as a data subject, have a number of rights.
access your personal data stored at any time and get a copy of this
information. Furthermore, the data subject can have access to the
the purposes of the processing;
· the categories of personal data concerned;
· the recipients or categories of recipients to whom the personal data have
been or will be disclosed, in particular recipients in third countries or
· where possible, the envisaged period for which the personal data will be
stored, or, if not possible, the criteria used to determine that period;
· the existence of the right to request from the controller rectification or
erasure of personal data, or restriction of processing of personal data
concerning the data subject, or to object to such processing;
· the existence of the right to lodge a complaint with a supervisory authority;
· where the personal data are not collected from the data subject, any
available information as to their source;
· the existence of automated decision-making, including profiling, referred to
in Article 22(1) and (4) of the GDPR and, at least in those cases,
meaningful information about the logic involved, as well as the significance
and envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have a right to obtain information as to
whether personal data are transferred to a third country or to an international
organisation. Where this is the case, the data subject shall have the right to
be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail himself of this right of access, he or she may
at any time contact our lawyer or contact our company at
require us to rectify, inaccurate, incorrect or incomplete data; (right to
obtain from us the erasure or the limitation of the data processing, for
example where the data is no longer necessary for the purposes of
processing; (right to be forgotten and the right to restriction of
· receive your Personal Information, which you have provided to us, in a
structured, commonly used and machine-readable format, and you have
the right to transmit that data to another entity without limitation. (right to
· object to the processing of your data where we are relying on our
legitimate interests as the legal ground for processing. (right to object)
If you would like to exercise any of these rights, please contact our company
If you think any information we have about you is incorrect or incomplete,
please write to us or email us and we will correct or update any information as
soon as possible. If you believe that our company has not complied with your
data protection rights, you can file a complaint to the Greek Data Protection
We may link to other websites which are not within our control. Once you
have left our website, we cannot be responsible for the protection and privacy
of any information which you provide. You should exercise caution and look at
the privacy statement applicable to the website in question.
Our company has taken the necessary technical and organisational measures
to protect the personal data provided by you against loss, destruction,
manipulation and unauthorised access. Our employees and all persons
involved in data processing are obliged to comply with the data protection
laws and to treat personal data confidentially. Our employees have been
We use a secure online transmission procedure, the so-called "Secure Socket
Layer" (SSL) transmission, to protect the personal data of our users. You can
see this from the fact that an "s" (https://) is added to the address component
http://. The SSL encryption guarantees that your data is transmitted in an
encrypted and complete way.
No automated decision-making
We do not use your personal data for automated individual decisions.
Social media login
Our websites and apps provide plug-ins to social media websites, including
Facebook, Youtube and Instagram.
If you make use of, or log-in to, the social media features on our websites or
apps, we may (depending on your privacy settings) access, use and store
information about you, including, but not limited to: your name, e-mail
address, gender, location, profile, picture, contacts, and any other information
you have chosen to make available.
To find out more about the reasons and extent to which social media sites
collect and process your data, or to change your privacy settings, please refer
appropriate, notified to you by email. Please check back frequently to see any
Your continued use of our website after the updates to this Policy is deemed
acceptance of those changes. If any proposed change is unacceptable to you,
you may request that we remove your personal data (and/or that of other
individuals for whom you made your travel reservations) from our records.
If you would like to get in touch with us, please contact:
Stergos Giannikos Personal Company
Touristic boat services
CITY OF RHODES