About us – controller
The www.santoriniboatrental.gr company “SANTORINI BOAT RENTAL”, based in Thessaloniki and offering motor boat rentals on the island of Santorini, is the website’s owner.
We respect Privacy and comply with national and European laws on the protection of personal data by adapting the relevant functions of the www.santoriniboatrental.gr website, as well as the way we provide our services in accordance with the provisions of the above legislation.
According to General Data Protection Regulation No. (EU) 679/2016, the company is designated as Data Controller, based in Thessaloniki, P.C. 54250, tel. +30 6949960899, e-mail: firstname.lastname@example.org
Who this Policy is about
This Policy applies to everyone who:
- Browses through www.santoriniboatrental.gr
- Uses the contact form to make a reservation, make any request,
- subscribe to the list of recipients of our newsletters
- Uses our services
- Interacts with the company on social media (FB, Instagram, etc.)
For the purposes of the Regulation 679/2016:
|‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
|‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
|‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
|‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
|‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
|‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
|‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
|‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
|‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
|‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
|‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
|‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
|‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
|‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
|‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51;
How we collect your personal data
We collect Personal Data that is related to you, either directly from you or through third party affiliates. Thus, collection is carried out through this site and/or other means (such as via social media Fb Instagram Linedin), in accordance with the requirements of General Data Protection Regulation (EU) 2016/679, as supplemented by the relevant provisions of applicable national and European legislation.
Third party links
Our website may include links to third-party sites, discrete microsites, add-ons and applications (links, hyperlinks, banners) that may process your personal data. In this case, we are not responsible for protecting visitors/users data on these sites. The responsibility for the content, information, security of visitors and the protection of their personal data and the quality of the services provided shall be fully borne by the owners, administrators and beneficiaries of these sites, which visitors/users visit at their own risks.
The Personal Data we collect
- When you contact www.santoriniboatrental.gr through the contact form, we collect and process your full name, telephone, e-mail, and information you enter in the relevant box (Message).
- In order to make your reservation in addition to your contact details above, we also need your ID or passport details, your gender, date of birth, your motorbike or car driving licence, and credit or debit card details to complete the billing for our services.
- Your personal information is collected and processed when you visit social media accounts, when you follow these accounts, when you contact us and when you use the services that these sites offer to reach us, submit requests, questions, reviews, and obtain our products and services; such information includes profile names, comments, and data about you that you share with us.
Adhering to the principles of legitimate processing, we collect, store and process your personal data in a transparent manner for specified, express and legitimate purposes and do not further process it in a manner incompatible with those purposes.
We make the necessary efforts to ensure that the personal data we store and process is always accurate and up-to-date, but also appropriate and relevant and we restrict the collection and processing to the data absolutely necessary for the purposes of processing and to the extent necessary to the above purposes.
The data shall be kept in a form that allows the data subjects to be identified only for the time required for the processing of personal data or for other legitimate purposes.
Personal data shall be processed in a way that guarantees its proper safety, including protection against unauthorised or unlawful processing and accidental loss, leak, interception, destruction or damage, using appropriate technical or organisational measures.
Why we process your data
– We process your personal data with your consent when requesting the booking of motor boat rental services and you expressly consent to said processing. In this case you have the right to withdraw your consent at any time and easily by contacting us at telephone No. +30 6949960899 or at the e-mail address: email@example.com, thereby cancelling your reservation.
– Moreover, in any case you contact us to find out about products, services and to submit requests, such as when you use the contact form posted on our website or send an e-mail, or when you call us to answer your requests, questions and any complaints you may have and to provide support for our services and products.
–Similarly, we collect and process your personal data to respond to requests, questions, ratings you submit when you visit the company’s accounts on social media sites (such as facebook and Instagram).
-We process your data to execute the contract we have already entered into with you or are about to enter into legally in the pre-contractual phase.
– We process personal data when processing is necessary for the purposes of the legitimate interests we pursue.
– Furthermore, we process data when we have to comply with a legal obligation.
-With respect to the relevant provisions of the law, we may also use personal data for market research and marketing purposes, as well as to serve the internal purposes of the business and to improve the services provided.
– We use technical information we collect from user activity on the Internet to operate and protect the site from attacks and malware, as well as anonymously for statistical purposes, or when data is necessary to navigate our website and use its services.
Your Rights in detail
We respect the rights provided for by law and facilitate their exercise by providing detailed information.
In specific, you have the following rights: Right to update, right of access, information, correction, deletion, restriction, objection, portability or withdrawal of consent. Please note that revoking your consent may not affect the legal processing that was done before you withdraw your consent, and we may subsequently be unable to provide specific products or services to you.
The right not to subject data to a decision made solely on the basis of automated processing, including profile compilation, which produces legal effects that relate to the data or substantially affect it in a similar manner.
To exercise the above rights, you can submit your request in writing by mailing it to: SANTORINI BOAT RENTAL, 20 Antaiou str., 54250 Thessaloniki, or by sending an email to: firstname.lastname@example.org and submitting, in the event that you believe that the processing of your personal data violates applicable law on the protection of personal data, a complaint to the Privacy Authority (Postal Address 1-3, Kifisias, P.C. 115 23 Athens, tel. 210. 6475600, e-mail address email@example.com).
If you wish to contact us for any information regarding the processing of your personal data and the exercise of your rights, you may contact the DPO of SANTORINI BOAT RENTAL (Aimilia Brouzou) at the address 27, Dodekanisou Str., Thessaloniki 546 26 or at the e-mail firstname.lastname@example.org
We will respond in writing (e-mail or postal letter) within one (1) month of receipt of the request and identifying the applicant for the actions taken following the request. This period may be extended by a further two months, if necessary, taking into account the complexity of the request and the number of requests, giving notice of such extension and the reasons for the delay.
These rights are exercised at no cost to you. If the claims are manifestly unfounded or excessive, in particular because of their repeated nature, the Company may either: a) impose a reasonable fee, taking into account the administrative costs of providing the information or the communication or execution of the action requested, or b) refuse to comply with the request.
In addition, if you exercise one or more of the foregoing rights to correct, delete and restrict the processing of your personal data, such requests will also be transmitted to any third party recipient to whom the personal data may have been transmitted for purposes of processing, unless if this is proven to be impossible or if it entails a disproportionate effort.
Transmission of personal data
Your personal data may be transmitted by us to affiliate advertising/promotion companies, statistical analysis companies, suppliers and service providers who, as executors of the processing on our behalf, have all the legal responsibilities and provide sufficient assurances for the application of appropriate technical and organisational measures to ensure that the processing meets the requirements of the law and that your rights are protected.
If the processors are established outside the EU, or the data is to be processed outside the EU, then your personal data will only be transmitted: i) to a country for which the European Commission has issued a decision of competence; or ii) if the data controller or processor has provided adequate guarantees and provided that there are enforceable rights and effective remedies for the data subjects; or iii) in any other case provided for by law.
All personal data is kept for a predetermined and limited period of time, depending on the purpose of the processing, after which such personal data is safely deleted from our databases.
In particular, where there is no other legitimate reason for conservation:
– We maintain your personal information we collect through the booking form and contact form at www.santoriniboatrental.gras well as through any other means of communication with the business, for a period of four months from the completion of our communication.
– We retain the personal information we collect through our company’s social media accounts, as long as you are in any way linked to those accounts (e.g., connected via facebook and Instagram).
The length of time that your Personal Data may be retained by us is further determined by our respective obligations under the applicable Legislation (such as tax laws and so on) for their maximum maintenance period.
As long as there are legal claims/civil claims of the company under the contract, we may keep your personal data until expiry of the statutory time limit for claims.
We do not provide services directly to minors, so we do not knowingly process personal data regarding minors.
Data privacy and security
We take all reasonable and necessary steps to safely process the personal data of visitors/users of our website.
The Parties shall endeavour to amicably resolve any dispute which may arise hereunder. In the event that an amicable settlement is not possible, any claim regarding this site will be subject to the provisions of Greek law and the Thessaloniki Courts shall have jurisdiction.
We may at any time update or amend this Policy to reflect any changes to the operation of the site, our services and the provisions of the law.
Modifications shall be posted on this site.
LAST UPDATED MARCH 2023