HOW WE COLLECT, USE AND STORE YOUR DATA
In accordance with the EU General Data Protection Regulation (‘GDPR’) which comes into effect on 25 May 2018, we want to have in place a clear policy about what data we collect, why we collect it, how we use it and how we store it. We also want you to be clear about your rights in this regard.
Personal Data and Processing
When we refer to personal data, we mean any information which relates to an identified or identifiable individual.
Where we refer to process or processing, we mean anything which we may do with your personal data including collecting, storing, using, disclosing to third parties and erasing it.
Personal Data We Collect
We collect personal data from and about you whenever you are in contact with us directly or if you elect to utilize our services. This may be directly through email, phone or submission form on our website, or indirectly through a third party travel agent or supplier.
Examples of personal data which we might collect include (but are not limited to):
- Names, gender, ages, nationality and passport information of all persons travelling and or making relevant reservations;
- contact details (such as telephone number, permanent address and e-mail addresses) of the person making the reservation;
- financial information such as your intended budget or estimated spending allowance (to assist you with booking travel-related experiences;
- information in respect of any medical condition, special requirements or reduced mobility which may affect any person travelling;
- next of kin information;
- special dietary requirements;
- written records about our interactions whether by telephone, email or person;
- bank account or credit card information to process payments;
- company’s invoicing details (where booking through a legal entity);
- your feedback on our service, including from third parties and testimonials.
Where you are making an enquiry, the personal data we will need to collect and use will be your name and contact details for the purposes of responding to your enquiry.
Where you are proceeding with a booking, the personal data we will need to collect and use will be all personal data strictly necessary to provide you with the services you have requested in the most efficient way possible. We will also need this information to comply with any legal requirements and or obligations we are bound by, including for use (including transmission to third parties as appropriate) in emergency situations.
Specific Categories of Personal Data
As part of collecting your personal data, we may have access to data which reveals your ethnic origin, sexual orientation, gender classification and or health status. Such data is unlikely to be relevant or used in relation to the provision of our services unless specifically requested and or required by you. There may be other categories of specific personal data but such data will not be stored or used unless strictly necessary.
Examples of such special categories include information relating to any disability, medical condition, restricted mobility or other health related issue which may affect your travel arrangements (and related requirements) as well as dietary restrictions which inadvertently disclose your religious beliefs.
Personal Data Collected Automatically from our Website
When you use our website, we collect information about the services you use and how you use them.
- Usage Information. We collect information about your interactions with our website, such as the pages or other content you view, your searches for villas, the experiences and activities you book with others through us, and other actions on website.
- Location Information. We may collect different types of information about your general location (e.g. IP address ).
- Details about how you’ve used our website (including if you clicked on links to third party applications), IP address, access times, hardware and software information, device information, device event information (e.g., crashes, browser type), unique identifiers, and the page you’ve viewed or engaged with before or after using our website.
- Transaction Information. We collect information related to your transactions on our website or through our website, including the date and time, amounts charged, and other related transaction details.
Information We Collect from Third Parties
We may collect information that others provide about you when they use our website, or obtain information from other sources and combine that with information we collect through our website. We do not control, supervise or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.
- Third Party Services. If you link, connect, or login to our website with a third-party service (e.g., Facebook, Twitter, Google, Instagram), we may collect information from the third-party service, such as your registration and profile information. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
Who may we provide your personal data to?
Where you make a booking, personal data strictly necessary for the purpose will be provided to the relevant suppliers including but not limited to the villa owners, caretakers, experience providers, cooks, car hire companies, transfer companies and restaurants, together with any other third party (such as banks and/or credit card companies) who specifically require this information in order for us to offer our services. Information may also be disclosed to government authorities where we are required to do so by law. Where this is the case, you will be informed accordingly.
We will limit the information we provide to such third parties to enable them to provide their services and we will take appropriate steps, where applicable and where we have the authority to, to ensure that they comply with GDPR requirements in the provision of their services, in so far as we are able to.
Where Will Your Personal Data Be Processed?
Your personal data may be processed within Greece and/or any other country(ies) of the European Economic Area (EEA). EEA countries are all member states of the European Union together with Norway, Iceland and Liechtenstein.
We may also process personal data outside the EEA where necessary. Data protection laws vary outside the EEA. Personal data will not be transferred to a country outside the EEA unless (1) the country to which it is transferred is one which the European Commission considers to provide an adequate level of data protection or (2) the personal data is transferred to a company which is required by our contract with them only to deal with the data in accordance with our instructions and to maintain appropriate security to protect the personal data which we, to the best of our knowledge, believe they have or (3) we are obliged to provide the personal data to any government and or public authority in order to provide our services.
Protecting Your Personal Data
We take appropriate technical and organizational measures to protect against unauthorized, unlawful or accidental access to, use and or processing of and destruction or damage to your personal data. We may store your personal data on third party servers which have the necessary protections in place and which are GDPR compliant.
Can We Contact You In The Future?
We will only retain and use your personal data for marketing purposes where you have clearly provided your consent for us to do so. You will always have the opportunity to opt out of receiving such e-mail marketing communications at any time and whenever we send you any e-mail marketing material.
You may provide your consent by opting to receive marketing material either on-line or by telephone. You may also elect the ways in which you wish for us to communicate with you, be that by post, email or telephone
Access to your Personal Data
You have the right, at any time to request that we disclose what personal data of yours we are storing, where it has been processed, for what purpose and to whom it has been disclosed. This is something that we will not charge you for. We will use our best efforts to respond to your request without delay and in any event within 1 month of receiving your request provided that your request is not unnecessarily complex or you have made numerous requests in which case we may be able to extend our response time by a further 2 months.
What should you do if the personal data we are holding is inaccurate, out of date or incomplete?
If you believe this is the case, please tell us by e-mail as soon as possible. We will rectify the problem within 10 business days.
How long we retain and process your personal data
We will not process your personal data in a form which enables you to be personally identified for any longer than is necessary in order to fulfil the purpose for which it was originally collected or for any other legitimate business purpose.
Where your personal data has been provided for the purpose of the holiday arrangements or other services you have contracted, we will retain this data for a period of 6 years from the completion of our services to you.
If you have consented to receiving marketing communications from us, we may continue to use your personal data for this purpose until you withdraw your consent.
Can you ask us to delete your personal data?
Of course you can. Please tell us by e-mail (firstname.lastname@example.org) if you want your personal data to be deleted from our database.
If you’ve used our website we may use advertising on other websites and on social media sites and apps, to remind you about the services we provide based on your browsing.
Complaints about the processing of your personal data
If you have any complaint about the way in which your personal data has been dealt with, please let us know by e-mail to email@example.com. We will investigate and respond to you as soon as we reasonably can.