Last updated May
The website https://travelsmart.gr/ (hereinafter the “Website”) is owned and operated by TRABEL SMART MONOPROSOPI IKE (hereinafter “Company”, “we”, “us” and “our”). We are committed to protecting the Website users’ (hereinafter “Users”, “you”, “your”) personal data by respecting and complying with the applicable data protection and privacy laws. In this Notice we provide you with transparent information on how we collect and process your personal data when you visit and use the Website and its services. We encourage you to carefully read this Notice which we have written in a clear and comprehensible manner to facilitate its understanding.
2. Who we are - Data Controller
The Website belongs to “TRAVEL SMART MONOPROSOPI IKE”, a private limited company legally seated in Agios Dimitrios, 30-32 Argostoliou Str., 17342, Attica, Greece. Company is the Data Controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and is responsible for the processing of your personal data.
You can contact us:
(a) By email at email@example.com
(b) By telephone at +30 2110121638, or
(c) By post at 30-31 Argostoliou Str., 17342, Attica, Greece.
3. What personal data we collect – Purposes and legal bases for the data processing.
A. Information provided voluntarily
3.1 Contact form. When you use the contact form of the Website, we process the requested data (e.g., name, email address, subject, message) to fulfill your requests by answering your questions and providing information. In this case, the legal basis for the processing is the consent (article 6 (1) (a) GDPR) that you give by ticking the specific check-box before submitting your message.
3.2 Booking form. When you submit a booking request through the booking form of the Website, we collect the requested data (e.g., full name, email address, comments) to process your request and contact you with more details. All this information is necessary to identify you, manage your requests and communicate with you in this regard. If you decide to proceed to a transaction with us, depending on the type of the service we may ask for more data (e.g., date of birth or passport number). We will also process payment and transaction data. The processing of the above-mentioned categories of data is necessary in order to take steps at your request prior to entering into a contract and facilitate the actual entering into this contract (article 6 (1) (b) GDPR). The processing of some data related to your transactions may also be necessary for compliance with a legal obligation to which we are subject (e.g., tax law etc.) (article 6 (1) (c) GDPR). In case we request personal information regarding your health (e.g. food allergies), we will ask for your consent in order to process and save them.
3.3. Marketing to existing customers. We may also use the contact details (email address) of our existing customers (e.g., those who have purchased a service) for marketing purposes to promote our latest offers and deals. The processing of personal data for marketing purposes is regarded as carried out for our legitimate interest to promote our services (article 6 (1) (f) GDPR). However, you are always entitled to object to this processing as we provide an opt-out option (“unsubscribe”) within each marketing email you receive.
3.4 Newsletter. We also process personal data when you subscribe to our newsletter. To subscribe to our newsletter, you submit a valid email address. We will send an automated email to the email address indicated after the first registration step to check whether you are the owner of the specified email address or whether the owner agrees to receive the Newsletter. We will add the email address provided to our mailing list only after confirmation of the Newsletter registration via a link in the confirmation email. We do not collect any further data beyond the email address. When you subscribe to our Newsletter, we will process your personal data to send you information on our latest deals and products. The legal basis for the processing is your consent (article 6 (1) (a) GDPR). Remember that you may at any time unsubscribe from the newsletter by following the instructions that we provide you within each email.
B. Information collected automatically
When you visit the Website, some information is automatically collected from our server and recorded in log files. This data may include your IP address, browser type, and URL. The temporary storage of the IP address is necessary to enable the delivery of the website to the user's computer. We store the above data to ensure the Website functionality, security, availability, integrity, and confidentiality of information from accidental or unlawful acts or incidents. The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.
4. Who we share your personal data with
Your data shall not be disclosed to any third party, apart from the following:
(a) Vendors who are required to have access to personal data to provide their services (IT services company, hosting providers, accounting office). All vendors are bound by specific agreements (controller-to-processor contracts) ensuring protection of your data.
(b) Authorized employees who have access to personal data only when this is necessary (e.g., to handle your requests) and are bound by non-disclosure and confidentiality agreements.
(c) Travel Agencies, Hotels, Transportation Service Providers, or other Offices (“Partners”) with whom we cooperate to provide you with the services. These Partners are also bound by specific agreements (controller-to-processor or controller-to-controller contracts) that provide for the respective responsibilities of both parties and ensure the security and confidentiality of the information.
(d) Public or independent authorities such as Public Prosecutor's Office, Cybercrime Division, Data Protection Authority (DPA), etc. when that disclosure is necessary to comply with a law or to prevent unlawful acts against us or users of the Website.
5. How long we retain your data
We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. In particular, when you fill out the contact form, we will keep the requested data until the communication request is fulfilled. When you fill out the booking form, we will keep the requested data for as long as we have an ongoing relationship and provide you with our services. Please note that we will keep transaction data for the period necessary to comply with applicable laws. When you subscribe to our newsletter, we keep your email until you unsubscribe from our mailing lists. We keep all the information collected automatically and stored in log files for one (1) month.
The above periods may be extended if (a) we must keep data to comply with applicable law or to keep evidence for such compliance; (b) there is a dispute or claim and we need to retain all relevant information until it is resolved; or (c) we must keep the information for our legitimate business interests, such as fraud prevention and website users’ security.
6. International Data transfers - Data security
Our servers are located in Greece. For service efficiency purposes, some of our third-party providers may hold servers outside the European Economic Area (EEA). We inform you that this data is transferred with adequate safeguards and is always kept safe.
We have adopted measures of a technical and organizational nature required to guarantee the security of your data and prevent it from being lost, processed, or accessed illegally. We regularly monitor our systems for possible vulnerabilities and attacks and review all processing practices to update security measures.
7. Links to third-party websites
The Website may contain links, hyperlinks, banners or tabs leading to websites operated by third-parties. We kindly recommend that you review the Privacy Notice of each external website and get informed about how each third-party uses your personal data. Company shall not be held responsible for processing activities carried out by those third-parties.
8. Rights of data subjects?
We want to ensure that you can exercise your rights enshrined under the applicable laws. To this end, for as long we retain your data you may exercise your rights free of charge. However, we may charge a reasonable fee in case of manifestly unfounded, disproportionate or repeated requests. In particular, you have the following rights:
- to request access to the personal data that we hold;
- to request rectification of inaccurate or incomplete data;
- to request erasure of your personal data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them;
- to request that we limit the processing of your personal data, which entails that in certain cases you can request us to temporally suspend the processing of the data or that we keep them longer than necessary;
- if you have given us your consent to process your data, you also have the right to withdraw such consent at any time. In the event that you withdraw your consent, this will not affect the legality of the processing carried out previously.
- When we process your data based on your consent of for the purposes of a contract, you can also request portability of your personal data.
- When the processing of your data is based on our legitimate interest, you are entitled to object to the processing.
You can exercise the above-mentioned rights by sending us an email message at firstname.lastname@example.org.
Finally, we inform you that you have the right to lodge a complaint with the competent Data Protection Authority if you have concerns that we have violated your rights.
9. Changes to the Privacy Notice
We may amend the information contained in this Privacy Notice when we consider this appropriate having regard the applicable laws. The version of the Privacy Notice that applies to the processing of your data, is the one available at the Website when you visit it. In case of an amendment, we will also change the “Last Updated” date at the beginning of this Privacy Notice.
10. Contact us
In case you need any clarification about the processing of personal data, please do not hesitate to contact us via e-mail at email@example.com.