The processing of your personal data performed for the provision of A.T.I. Travel General Tourism Company's services to you, are based on the conclusion and performance of a contract. The processing of your personal data performed for marketing or promotional purposes is based on your consent. We keep your personal data for as long as our transactional relationship lasts and for a minimum of fifteen (15) in order to fulfil our obligation to keep accurate records for tax and other administrative authorities. We keep the personal data of the persons who have given us their consent for promotional purposes until these persons declare that they no longer wish to receive newsletters or promotional material from us. Your personal data are neither shared nor published and are used solely and exclusively for reservations. Information, such as name, surname, date of birth, telephone number, e-mail and in some cases travel document information (passport or ID card), are the absolutely necessary details to make a reservation. The above-mentioned information is used:
1. In Airlines / Ferry Services for the issue of the airline/ferry service ticket.
2. In Hotels / Rooms to Let / Apartments for the reservation of the room.
3. In Museums for the issue of entry tickets.
4. In Carrier and Car Rental Services for the car rental and the issue of the train/bus tickets.
A.T.I. Travel General Tourism Company will not sell, trade or disclose to third parties information arising from the registration to and use of our website (such as names and addresses) without the user's or customer's consent. The above does not apply in the case of a prosecutor's warrant or other judicial intervention when there is an imminent risk for the user or for others. Protection & Processing of Personal Data:
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This also applies to more personal information, such as habits, preferences, biometric data, etc.
Every company that manages personal data relating to living natural persons, within the EU, is required, from 25 May 2018, to fully comply with the Personal Data Protection Regulation (EU) 679/2016. The Regulation is directly applicable in all EU member states.
The collection of personal data is a form of processing, such as storing, organizing, structuring, altering, retrieving, searching for information, using, deleting, or destroying.
When you call us, visit our website, collaborate with us, ask questions or request our collaboration, we may ask you for information (name, address, email, telephone number, etc.) depending on the kind of our relationship.
Furthermore, it is likely that you choose to voluntarily disclose to us additional personal data (as in the case of sending a CV) or additional information (such as tax or commercial information, in the context of your notification or inquiry for collaboration).
We collect information, directly or indirectly, in the following ways:
Information you send or give to us, when you contact us or visit our website, by electronic means or otherwise.
Information we receive from your usage of our services or our collaborators' services.
We use various kinds of technologies for the collection and storage of preferences and these may include using technologies such as cookies.
Our official website does not collect any information relating to the behaviour, activities and location of the user. Use of Personal Data:
We use the information we collect, (as described above) and according to the consent you provide us with, in order to:
- Process your and serve your requests for the provision of tourist services.
- Provide you with personalized and updated services or products.
- Contact you via newsletters, according to your subscription through the relevant form, to inform you about new services or products that may interest you.
- Process your payments.
- Answer your questions.
When you contact a representative of our Company, we keep a record of our communication messages so as to resolve any issues you may have.
We do not allow any unauthorized entities, especially without your consent, to access your information. Your consent is a prerequisite for all the above. The Rights of Our Customers:
Our customers, the users of our services and our website visitors, have rights, under the Personal Data Protection Regulation, which complies with the relevant legislation.
The Obligations of Our Company:
- The right of access to their personal data.
- The right to rectify their personal data.
- The right to delete their personal data.
- The right to restrict the processing of their personal data.
- The right to be informed about rectifying or erasing or restricting the processing of their personal data.
- The right to the portability of their personal data.
- The right to object to the processing of their personal data.
- The right to object to automated individual decision-making, including profiling.
Our Company's obligations include:
The principle of accountability, with respect to the 6 principles governing the processing of personal data (lawfulness, fairness and transparency, purpose limitation, minimization of personal data, accuracy of personal data, limitation of the storage period, security, integrity, and confidentiality).
Every process of the personal data is legitimate only if one of the following 6 conditions applies:
1. The data subject has consented to the processing of personal data.
2. The processing of personal data is necessary for the performance of a contract, where the data subject is a party.
3. Processing is necessary for compliance with the legal obligation of the controller.
4. Processing is necessary to safeguard the vital interest of the natural person.
5. Processing is necessary for the fulfilment of a duty to the public interest or during the exercise of public authority entrusted to the controller.
6. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless the interest or fundamental rights and freedoms of the natural person prevail.
In addition, we implement the appropriate technical and organizational measures to protect our Company and our collaborators against unauthorized access or alteration, tampering or destruction of the personal data we have in our possession. Specifically:
1. We control data collection, storage and processing practices, including physical security measures to protect against unauthorized access to systems and procedures.
2. Access to personal information is limited and controlled, and these persons are subject to strict contractual obligations of confidentiality.
3. In case external collaborators (for maintenance or support purposes) have, potentially, access to personal data, certain appendices to the existing collaboration contracts cover the requirements of the Regulation.
Throughout the entire personal data processing cycle (from collection to destruction thereof), we take the appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data. Similar measures are required by third parties handling or processing personal data. Access to Your Own Personal Data:
Within the scope of the rights granted to you by the Regulation, you may request:
- Information about your own personal data.
- Rectification of your own personal data.
- Restriction of processing of your own personal data.
- Erasure of your own personal data.
In such cases, you should file a request to our Company via email at firstname.lastname@example.org
and fill in an access request (SAR: Subject Access Request) that will be sent to you upon your request. We are obliged to respond to you within one month from the receipt of your request (SAR). Information on Cookies:
You can delete Cookies from your computer or not accept the use thereof, during navigation to our Company's official website https://atitravel-greece.com
. Legislative Framework – Regulation Update:
The law applicable is Greek law, as established in accordance with the General Data Protection Regulation (2016/679/ΕU), and in general the applicable national and European legislative and regulatory framework for the protection of personal data, while, for any disputes arising in relation to the personal data, the competent jurisdiction is the Courts of Athens.
We update the present Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, the updated policy will be published on our official website https://atitravel-greece.com
. How to Contact Us:
Address: 26A, Nikis Street, 10557, Athens
Telephone number: +30 210 3242085