Privacy Policy

For SEA TRAVELLER P.C. (hereinafter referred to as "SEA TRAVELLER" or the "Company") -with registered office in Kos, Marmari, postcode 85300, TIN (ΑΦΜ) 801754880, Tax Office of Kos- respecting and protecting your personal data is a priority and, therefore, we are committed to keeping them safe and processing them in accordance with the law and under conditions of absolute transparency.

By reading this Privacy Policy, you will learn what kind of personal data of yours the Company collects, in what ways and for what purposes, how we process and protect these data and what your rights are regarding our processing of them.

Your personal data are processed in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), any specific national and European legislation for certain sectors, the current Greek legislation for the protection of personal data (Law 4624/2019), as well as for the protection of personal data and privacy in the electronic communications sector (Law 3471/2006) and the decisions of the Data Protection Authority (DPA).

We understand that the protection of your personal data is a continual responsibility and therefore we will update and amend this Policy from time to time, if so required.

  1. Who we are

    2. Sea Traveller is a boat rental and travel experience company, based in Kos, that aims to offer you the holiday of your dreams. Through our homonymous website we introduce ourselves, present our services, inform you on related issues, allow you to contact us in various ways to have your questions answered and benefit from our services, as well as to check the availability of our boats and proceed to booking directly through the website.

  2. Explanation of basic terms

    3. Personal data: any information relating to and identifying a person, such as identification information (name, age, residence, occupation, family status, contact details, etc.), physical characteristics (weight, height, etc.), education (qualifications, degrees), job (experience, work behaviour, etc.), financial status (income, assets, financial behaviour), interests, activities, habits. The individual (natural person) to whom the data refer is called the data subject

    Sensitive personal data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for the purpose of positive identification of a person, data concerning the health of the data subject, data concerning his or her sex life or sexual orientation, criminal prosecutions and convictions, as well as membership of associations related to the foregoing.

    Processing of personal data: any operation carried out, whether or not using a computer, on personal data or on groups of personal data, such as collecting and recording, organising, structuring, storing, adapting or altering, retrieving and searching, using, disclosuring by transmission, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying data.

    Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determine the purposes and means of the processing of personal data.

    Processor: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

    Recipient: the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not.

    Consent of the data subject :any freely given, specific, explicit and informed indication of the data subject's wishes by which the data subject signifies his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data relating to him or her.

    Personal data breach: a breach of security leading to the accidental or illegal destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

  3. Categories of data subjects

    4. The personal data we process and are covered by this Privacy Policy, relate to our clients, our partners, the visitors to our website, those who interact with our social media, as well as those who apply for a job in the Company.

  4. What personal data we collect

    5. In order to be able to provide our services and depending on the requirements of every particular situation, we may collect and process the following personal data:

    4.1 Data of clients / people expressing interest in our services:

    • Identification and contact data: Full name, e-mail address, telephone number;
    • Official identification data: ID, passport;
    • Financial data: Fee information, bank account - debit card information, vouchers / proofs of payment;
    • Other data: Requested service, booking information (boat, dates, number of passengers, boat operator licence, with or without a skipper), requests, questions / wishes / complaints, reviews / ratings, data which you further declare in the contact form or in other communications with us, e.g. via messages on our social media;
    • In case of online booking through our website and payment by card, the card details are not stored in Sea Traveller's storage media during the transaction, but are directly registered in a secure environment offered by our partner-company (Viva payments) that has undertaken the routing of the cards.

    4.2 Data of our partners:

    • Identification and contact data: Full name, e-mail address, telephone number, postcode, address / headquarters;
    • Official identification data: TIN (ΑΦΜ), Tax Office;
    • Job data: Service provided, contract, contract details / contract terms, complaints and accusations against them, ratings / reviews;
    • Travel and expense data: booking details, travel history, expense details;
    • Financial data: Fee details, bank account information, vouchers / proofs of payment, agreed fee / desired fee;
    • Data from social media or other information systems: Data on public social media accounts such as LinkedIn, Facebook, Instagram, data on websites such as Vrisko, XO;
    • Other data: Requests, settlements, complaints.

    4.3 Data of the visitors of our website and our social media pages:

    • Internet browsing data, site usage & communication data and social media data. We monitor your interaction with the Company's social media accounts, we observe how you use our website and whether you open or forward our communications and we receive information collected through cookies. Details of our use of cookies can be found in the website's Cookie Policy.

    4.4 With regard to job applicants, the data that the Company keeps are : full name, address, e-mail address, telephone number, date of birth, previous experience and education, any references, desired position, desired salary and any other information that may be provided through the submission of the CV or is necessary depending on the open position.

    We try to minimise the risk to your rights and freedoms by not collecting your sensitive personal data unless it is absolutely necessary and, in any case, with an explicit and clear justification of such a necessity.

    Sharing personal data of yours with us is not compulsory. However, failure to provide personal data which have been identified as necessary will prevent us from providing the contractual service. Failure to provide the other personal data, which are not necessary, shall in no way affect the provision of our services.

    Please help us keep your information up to date by informing us of any changes to your personal data.

  5. Social media

    6. Sea Traveller has its own social media accounts (Facebook, Instagram, Youtube, TikTok, Twitter, LinkedIn). We remind you that these accounts are publicly accessible and any content, comments, personal information you share there will be visible to the general public. For this reason, we recommend that you are careful with the information you share.

    Information about the processing of personal data by the relevant social media can be found in their Privacy Policies.

  6. How we collect your personal data

    7. We collect your personal data directly from you either in paper form or by email or via online form or our website's live chat or instant messaging software we use (Whats app, Viber, Facebook messenger etc.) or by phone or when you contact us through our social media pages.

    Some of your personal data are collected through cookies and third-party providers, such as Google.

    In addition, when searching for new employees-partners or in the context of marketing, we may receive data from social media, ad websites, websites with information and reviews, digital platforms or from third-party recommendations. In these cases, you are informed within one month at the latest or at the first contact, if the reason we use the data is to come in contact with you.

  7. Purposes of processing your personal data

    8. We use your personal data for the following purposes:

    7.1 Provision of our services; In order to be able to provide you with our services in the best possible way ensuring the quality of them and the security of our website.

    7.2 Customer service; To assist our clients with any issue related to the provision of our services.

    7.3 Marketing; For marketing, promotional and public relations purposes.

    7.4 Improvement of our services and satisfaction of our legitimate interests, e.g. by keeping statistics or conducting market - customer and user satisfaction researches.

    7.5 In the context of organisational and auxiliary functions necessary for the proper operation of the Company.

    7.6 Compliance with our legal obligations, such as, but not limited to, issuing invoices, other tax obligations, compliance with the provisions of the General Port Regulations (G.P.L.) and in particular G.P.L. No. 38, which regulates the rental of motor boats and small speedboats.

    7.7 Handling of our partners; Covering all kinds of issues related to our external partnerships.

    7.8 Staffing of the Company; It relates to the data we receive in the context of workforce search.

    7.9 Legal coverage of the Company.

  8. Legal basis for processing your personal data

    9. 8.1 The processing of your personal data is based on the conclusion and performance of a contract or - at your request - on preparatory actions for the conclusion and performance of a contract. The processing of personal data of our partners is based, respectively, on the conclusion and performance of a contract or preparatory actions for the conclusion and performance of a contract.

    8.2 The processing of your personal data carried out for marketing purposes or for your convenience and for the provision of privileges to you, as well as the processing of CV data is based on your consent.

    8.3 In some cases the processing of your personal data is necessary for the purposes of our legitimate interests or for the purposes of our compliance with national and / or European legislation.

  9. Personal data storage period and media

    10. 9.1 Personal data submitted for the above processing purposes will be kept by the Company for the period deemed absolutely necessary for the fulfillment of the above purposes and in accordance with the law.

    9.2 In respect of personal data processed in the context of our contractual obligations, the Company may retain it for so long as may be necessary to protect our legitimate interests in relation to potential liability associated with the provision of our services to you. Data relating to you will be retained throughout the duration of our business relationship and, after the termination of that relationship, for as long as the applicable legislation allows for claims by the parties or, if a claim is made, until the irrevocable resolution of any dispute.

    9.3 The data that we process on the basis of your consent, depending on the purpose of the processing, will be kept until your consent is withdrawn or the time for which you agreed to give your consent has expired or until they are no longer useful to us. As a general rule, the retention period is one (1) year.

    9.4 Data received by the Company about potential partners with whom it did not ultimately cooperate shall be retained for a period of one (1) year.

    9.5 Resumes and data received as part of the employee search process shall be retained for one (1) year.

    9.6 We restrict access to your data to those persons who need to use them for each specific purpose.

    9.7 Your personal data are stored securely, as appropriate, in electronic and physical folders, in our e-mail account, in the Company's social media accounts, in the server and the cloud back up of our website and in software programs we use for organisational and communication purposes (e.g. Viber, Whats app, Facebook messenger etc.).

    9.8 For any clarification on where and for how long your personal data are kept, please contact us at info@seatraveller.gr.

  10. Measures we take for the protection of your data

    11. When you give us your personal data, we take steps to ensure their safety. In order to protect your personal data, we take physical, technical and organisational measures, whether they are in physical or electronic form. We update and monitor the security technology we use on an ongoing basis. We restrict access to your personal data to only those employees who need to know that data in order to provide benefits or services to you. In addition, we educate our employees on the importance of confidentiality and privacy and security of your personal data. Among other things, we have implemented the following technical and organizational measures and procedures to protect your personal data from any loss, alteration, illegal processing or modification:

    • Anonymization / pseudonymization, where applicable;
    • Use of antivirus;
    • Access to the electronic media of the Company only with a password;
    • Security monitoring and detection / handling of security breaches;
    • Backup copies;
    • Procedure for managing requests from subjects;
    • Data minimisation;
    • Emailing using security protocols that guarantee, to the extent possible, the prevention of data leakage;
    • Measures for the physical security of printed material and IT devices (locking of drawers, etc.).

    In addition, our website has an SSL certificate. The SSL (Secure Sockets Layer) protocol is currently the global standard on the Internet for the certification of websites to network users and for the encryption of data between network users and web servers. An encrypted SSL communication requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus protecting personal data. All information sent using the SSL protocol is protected by a mechanism that automatically verifies whether the data have been changed in transit.

    We must point out that, although we make every effort to safeguard your personal data, and in particular any data we receive via our website, we are unable to guarantee the absolute security of data transmission via the Internet or any other public network, as this is not under our complete control.

  11. When and how we transfer your personal data to others

    12. 11.1 As part of our activities, we may contract with third parties (processors) who will provide services on our behalf (e.g. accountants, IT, legal advisors, boat operators). Thus, we may need to share some of your personal data with them. However, we only share with them the data that are necessary so that they can provide the services we ask them to provide and we require them to protect your data and not to use them for other purposes.

    11.2 Furthermore, your personal data may be transferred to the competent authorities (e.g. port authorities, tax authorities, judicial authorities, Greek police, auditing bodies) and only to them, when required for the provision of our services to you or when required by a provision of law or a court order or a prosecutor's order / decree, as well as for the protection of the Company's rights.

    11.3 We do not offer or sell your personal data.

  12. Your rights

    • Right to information:

      You have the right to receive clear information in relation to how we use your personal data. For example, why we receive your personal data, where it will be stored, for how long, for what purpose and so on.

    • Right of access:

      You have the right to access your personal data as long as you contact us. We will try to assist you as quickly as possible depending on our workload.

    • Right to rectification:

      You have the right to request that we correct your personal data if they are incorrect or not up to date.

    • Right to erasure / right to be forgotten:

      You have the right to request deletion of your personal data from our computers and our records provided that this does not contravene our legal and regulatory obligations.

    • Right to withdraw consent:

      You can withdraw your consent to the processing of your personal data even if the processing was carried out so far with your consent. If such a withdrawal does not allow us to perform the contract we have agreed with you, you must contact us again so that we find a new way of working together that is beneficial to both parties.

    • Right to object to the processing on the basis of legitimate interests:

      If you consider that you have a legitimate interest, you have the right to object to the processing of your data.

    • Right to data portability:

      You have the right to transfer your data from our database to another database.

    • Right to restrict processing:

      You have the right to request that we restrict the processing of your data (e.g. we may store them, but not use or process them) in accordance with what is set out in the General Regulation.

    • Right to disable cookies:

      You have the right to choose yourself whether and which cookies to accept, with the exception of the essential ones, i.e. those that are strictly necessary for the operation of our website.

    Finally, you have the right to lodge a complaint with the competent Greek independent authority, which is the Data Protection Authority (http://www.dpa.gr/).

  13. Transfer of personal data outside the EU

    14. In principle, your personal data that we collect and process are not transferred outside the European Union. We commit that your personal data shall in no case be transferred outside the EU without ensuring the adequate level of protection in accordance with the applicable law [transfers based on an adequacy decision, transfers subject to appropriate safeguards, binding corporate rules, explicit derogations for specific situations (CHAPTER V GDPR) ].

  14. How to contact us

    15. For any questions about the processing of your personal data or the cookies we use, or if you want to exercise your rights, you can contact us using the online contact form on our website or by sending an email to info@seatraveller.gr.

  15. Version Information - Changes and Updates

    16. This Policy was last updated on 15/06/2022. We reserve the right to modify and update our Privacy Policy at any time, for any reason, without notice to you, other than by posting the updated Policy on our website. We encourage you to check this webpage frequently to keep up to date with the current and applicable Privacy Policy.