At El Greco Tours, we prioritize the protection of your personal data and are committed to complying with the General Data Protection Regulation (GDPR) and applicable data protection laws in Greece. This Privacy Policy outlines how we collect, use, store, and protect your personal data.

By using our website elgrecotours.gr, you consent to the collection and processing of your data in accordance with this Privacy Policy. If you do not agree with any part of this policy, please refrain from using our website.

1. Definitions

This Privacy Policy uses terms defined by the European General Data Protection Regulation (GDPR). Below are key terms and their definitions:

• Personal Data: Any information relating to an identified or identifiable natural person (data subject), such as name, email address, phone number, or IP address.

• Data Subject: A natural person whose personal data is processed by El Greco Tours.

• Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.

• Controller: The entity that determines the purposes and means of processing personal data. El Greco Tours is the data controller.

• Processor: An entity that processes personal data on behalf of the controller.

2. Name and Address of the Controller

El Greco Tours
Platanias Highway Exit
GR73100 Chania, Greece
Phone: +30 28210 84700
Email: info@elgrecotours.gr
Website: www.elgrecotours.gr

3. Data Protection Officer (DPO)

The DPO for El Greco Tours is responsible for overseeing data protection matters. You can contact the DPO at:

El Greco Tours IT Department
Platanias Highway Exit
GR73100 Chania, Greece
Phone: +30 28210 84700
Email: gdpr@elgreco.gr
Website: www.elgrecotours.gr

You may contact our DPO directly for any questions regarding data protection.

4. Cookies

El Greco Tours uses cookies to enhance your experience on our website. Cookies are small text files stored on your device when you visit our website. They help us improve the website’s functionality and provide a better user experience. You can manage cookies through your browser settings at any time.

Cookies We Use:

• Necessary Cookies: Essential for website operation (e.g., session cookies, language preferences).

• Functional Cookies: Used for analytics (e.g., Google Analytics) and website optimization.

You can find detailed information on how to manage and opt-out of cookies in our Cookie Policy. For more information, please refer to our Privacy Policy.

5. Collection of Personal Data

We collect personal data when you use our website or services, such as booking a trip, contacting us, or subscribing to newsletters. The personal data we collect may include:

• Name, email address, phone number, country, city, postal code, and other relevant information.

We use this data for purposes including:

• Providing services (e.g., bookings, customer support).

• Improving website functionality and services.

• Complying with legal obligations.

6. Contact Possibility via the Website

If you contact us via email or a contact form, we store the personal data you provide (e.g., name, email address) to respond to your inquiries. This data is not shared with third parties, except when necessary to fulfill your request or as required by law.

7. Data Retention Period

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once the data is no longer needed, we will delete it securely.

For example, personal data related to hotel reservations will be deleted 5 days after your stay.

8. Rights of the Data Subject

As a data subject, you have the following rights under the GDPR:

• Right of Access: You can request confirmation of whether we are processing your personal data and obtain a copy of the data we hold.

• Right to Rectification: You can request the correction of inaccurate data.

• Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to certain conditions.

• Right to Restriction of Processing: You can request that we limit the processing of your data in certain cases.

• Right to Data Portability: You can request a copy of your personal data in a machine-readable format, or transfer it to another data controller.

• Right to Object: You can object to the processing of your data in certain situations, including for direct marketing purposes.

• Right to Withdraw Consent: You can withdraw your consent to processing at any time.

To exercise any of these rights, please contact our Data Protection Officer (DPO) at gdpr@elgreco.gr.

9. Third-Party Services and Social Media

We use third-party services such as Facebook, Google Analytics, Google+, Twitter, and LinkedIn to improve our services and provide social media features. These services may collect and process your personal data.

• Facebook: We use Facebook’s social media buttons to allow you to share content. Please refer to Facebook’s Privacy Policy for more information.

• Google Analytics: We use Google Analytics for website analytics, with IP anonymization. For more information, see Google’s Privacy Policy.

• Twitter: Twitter’s Privacy Policy can be found at Twitter Privacy Policy.

• LinkedIn: For more information, see LinkedIn Privacy Policy.

By using our website, you consent to the data collection and processing practices of these third-party services.

10. Legal Basis for Data Processing

We process personal data based on the following legal grounds:

• Consent: For specific processing purposes (e.g., marketing).

• Contractual Necessity: To fulfill a contract with you (e.g., hotel bookings).

• Legal Obligation: To comply with legal requirements (e.g., tax laws).

• Legitimate Interests: To pursue our legitimate business interests, provided these do not override your rights.

11. Data Security

We have implemented technical and organizational measures to protect your personal data. However, no internet-based data transmission is completely secure, so we cannot guarantee absolute security. You are also free to contact us through alternative means, such as by telephone.

12. No Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal effects or significantly affects you.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will post any updates on this page and indicate the date of the last update.

14. Contact Information

If you have any questions or concerns regarding this Privacy Policy or our data processing practices, please contact us:

El Greco Tours IT Department
Platanias Highway Exit
GR73100 Chania, Greece
Phone: +30 28210 84700
Email: gdpr@elgreco.gr
Website: www.elgrecotours.gr

By using our website, you acknowledge that you have read and understood this Privacy Policy.