1.1. Protection & Processing of Personal Data
Personal data (PD) is any information relating to an identified or identifiable individual person. An identifiable individual person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identification element, such as name, identity number, location data, on-line identity card or one or more factors that specifies to the physical, physiological, genetic, psychological, economic, cultural or social identity of that individual person. But even more personal information such as habits, preferences, biometric data, etc.
Every company that manages personal data relating to living individuals within the EU, is required from 25 May 2018 to comply fully with EU Regulation 679/2016, for the protection of Personal Data (PD). The validity of the Regulation is direct in all EU Member States.
The PD collection is a form of processing, such as storing, organizing, structuring, storing, changing, retrieving, searching for information, using, disclosing, deleting, or destroying.
The company must collect PD (ie, personal information) for the effective implementation of everyday business functions and services and, in some cases, to comply with the requirements of the legislation or/and the regulations it applies.
- Inform the individual persons (you) about the PD we collect and process, for what purpose, how, and for how long.
- Ensures that the individual persons are aware of their rights and our duty to accountability and security.
- Provides an easy and clear mean of securing your consent, as a legal basis for the process PD, and at the same time gives you the option to withdraw this consent whenever you want.
2. What PD we process
When you call us, visit our website, cooperate with us, ask questions or ask for our cooperation, we may ask you for information (ie PD such as: name, address, email, phone, etc.) depending on the type of the relationship between us.
Also, it is likely, you may choose to voluntarily disclose additional PD (as in the case of sending a CV) or additional information (such as tax or commercial information, as part of your briefing or collaborative inquiry).
We collect information, directly or indirectly, in the following ways:
- Information you send us or give us yourself, during contact with us or visit our website, by electronic or other means.
- Information we receive from your use of our services or our partners’ services.
- We use various technologies for collecting and storing informations, and in those may include the use of technologies such as cookies (see and §7).
- We may use information from ad networks, our customers or third parties, in order to let you know about specific services that may be of interest to you.
- Our website by itself does not collect any information related to behavior, activities, and location of the user.
For more information on how to access, manage, modify, or delete information, see Sections 5 & 6 below.
3. How we use the PD
We use the information we collect (as described above), and consistently with the consents you have given us, to:
- We process and serve your request for a tourist service.
- We can provide you personalized and up-to-date services and/or products.
- We contact you to let you know about new services or products that may be of interest to you.
- We are processing the payment.
- We answer any questions you have asked us.
When you communicate with us we keep a record with the communication messages, so we can resolve any issues you may have.
We do not allow unauthorized entities, and without your consent, to have access to your information. For all the above prerequisite is your consent (see sections 5 & 8 below).
4. With who do we share your PD
We do not disclose or share PD with companies, organizations, and individual persons outside of our company, unless one of the following situations applies:
- By your own consent: We share your personal information with companies, organizations and individual persons when we have your explicit consent, (see sections 5 & 8 below).
- For legitimate purposes: We share personal information with competent public services when it is reasonably necessary and in order to comply with laws, regulations, legal procedures or governmental demands
Each time we transfer your personal data outside the EEA, we provide a similar degree of protection for them, by ensuring that one of the following protection measures is implemented:
- We will transfer your data of personal nature only to countries for which the European Commission considers that they provide an adequate level of protection for personal data. For more information, see the European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use specific service providers, we reserve the right to use specific contracts approved by the European Union, which give personal data the same protection as in Europe.
- Where we use providers based in the United States of America, we reserve the right to transmit data to them if they participate in the Shield Protection, which requires them to provide similar protection for personal data shared between Europe and the US. For more information, please refer to the European Commission: EU-US Privacy Shield.
5. Your rights & our obligations
5.1 Your rights
Our clients, our users of our services and the visitors of our website have, in the context of Regulation for the Protection of Personal Data, rights (which should not be against the relevant legislation). These rights of individual persons (you) are:
- Right to access their PD.
- Right to correct their PD.
- Right to delete their PD.
- Right to limit the processing of PD.
- Right to information about correcting or deleting or limiting the processing of their PD.
- Right of portability of PD.
- Right to oppose the processing of PD.
- Right to oppose automated individual decision making including profile training PD.
5.2 Our obligations
Among our obligations are included:
- The principle of accountability, concerning the 6 principles governing the processing of PD (legality, objectivity and transparency, purpose limitation, minimization of PD, accuracy PD, storage period limitation, security, integrity, and confidentiality).
- Every processing of PD is legal only if one of the following 6 conditions apply:
- The data subject has consented to the processing of PD.
- The processing of PD is necessary for contract implementation, where the subject is a contracting party.
- Processing is necessary for the compliance with legal obligation of the processor supervisor.
- Processing is necessary to safeguard the vital interest of the individual person.
- Processing is necessary for the performance of a task in the public interest or in the exercise of the public authority entrusted to the processor supervisor.
- Processing is necessary for the purposes of the legitimate interests pursued by the processor supervisor or by a third party, unless prevailed by interest or fundamental rights and freedoms of the individual person.
In addition, we implement the appropriate technical and organizational measures to protect the company and our partners from unauthorized access or alteration, violation or destruction of the PD we have in our possession. Specifically:
- We control data collection, storage and processing practices, including physical security measures, for protection against unauthorized access to systems and processes.
- Access to personal information is limited and controlled, and these individuals are subject to strict contractual obligations of confidentiality.
- In the case where external partners (for maintenance or support purposes) have, potentially, access to PD, relevant appendices to existing cooperation contracts meet the requirements of the Regulation.
Throughout the entire PD processing cycle (from collection to the destruction of PD) we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of PD. Similar steps are required by third parties handling or processing PD.
Our website is not intended for children under the age of 16. When our services and products will be used by a child under the age of 16 the parent’s explicit consent is required, to process the juvenile’s PD.
6. Access to your own PD and update
Under the rights provided by the Regulation, you may request an update of your own PD or request a correction or limitation of processing or deletion of PD (see analytically your rights in section 5.1).
In such cases you are requested to fill out an access request SAR (subject access request). We are obliged to respond to you within one month of receipt of the SAR.
In case you wish to fill out a SAR application please send a relevant request to: [email protected]
The exercise of the individual person’s rights can always be done in the context of existing legislation (such as tax or labor law).
Every time you use our services, our goal is to provide you with access to your own PD. If these items are incorrect, we are making efforts to provide you ways to quickly update or delete them – unless we need to keep this information because it is required by relevant legislation or for legitimate purposes.
7. Update for cookies
You can get informed from link Galea Travel cookies policy for the policy followed by our website according to cookies.
8. Your consent and its removal
Our company under the context:
- Of its Compliance with the Regulation for the Protection of Personal Data (EU 679/2016) and the relevant national legislation
- Of the respect for the protection of privacy and security of personal data
and remaining faithful to the relationship of trust that has been cultivated with long-term cooperation with its travelers, needs your consent to continue to inform you, by paper and electronically, about news and travel locations and travel packages deals.
In order to give or withdraw your consent for your information, at any time, contact us at [email protected] or use the links you will find in our emails.
Our Travel Agency, will only collect and process PD where it can legitimately do so, such as:
- (a) Requiring relevant legislation.
- (b) Necessary processing for the contract implementation of which the individual person is a contracting party.
- (c) Necessary processing to comply with a legal obligation of the company.
- (d) Necessary processing to safeguard the vital interest of the individual person.
The Applicable Law is the Greek Law, as formulated in accordance with the General Regulation for the Data Protection 2016/679/EU, and in general the current national and European legislative and regulatory framework for the protection of personal data, and competent courts for any litigation issues related to your PD data is the competent Courts of Athens.
We update this Policy whenever necessary. If there are any significant changes to the Policy or the way we use your Personal Data, we will post to our website the update of this.
We urge you to read, at regular intervals, this Policy so you know how are your Data being protected.
10. Ways of communication
Processing Manager PD
Name: Gyftopoulos Loudovikos
Address: 15 Aggelou Metaxa 15 & 13 Dousmani str, 166 75 Glyfada
Email: [email protected]
Telephone: 210 8986157 / 210 8986158
Fax: 210 8986169