Here at “The Ferries SA” the protection of your personal datais of paramount importance to us. By “personal data” we mean any information you provide to us that relates to a natural person who can be identified, directly or indirectly, inparticular by reference to an identifier such as a name, an identification number, location data, an online identifier or toone or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
When we are processing personal data it means we perform any operation or set of operations on your personal data or on your set of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
So we have prepared this Policy Statement in order to inform you regarding the basic principles by which we process your personal data when we provide our services to you.
Compliance with the BASIC PRINCIPLES REGARDING PERSONAL DATA PROCESSING
We at the “The Ferries SA” and our website as a data controller fully comply with the data protection principles mentioned in Article 5 of the General Data Protection Regulation
LAWFULNESS, FAIRNESS AND TRANSPARENCY
We are processing personal data lawfully, fairly and in a transparent manner in relation to the data subject.
LIMITATION of purpose
We collect personal data for specified, explicit and legitimate purposes and we do not process them any further in excess of those purposes.
MINIMIZATION of data
We ensure that the personal data of the data subjects are limited to what is necessary in relation to the purposes for which we are processing them, and we apply the appropriate organizational and technical measures to achieve this objective.
We are taking all measures to ensure that personal data are accurate and, where necessary, up to date with regular audits and modifications.
What categories of personal data we COLLECT
By “personal data” we mean any information you provide to us, and we are collecting the following personal data categories from you.
- Name, Surname, email address, telephone number and home address
- Travel Destinations, Travel Preferences, Family information
- Ferries Traveler data such as dates or arrival and departure, port, cabin, special needs, comments in relation to services’ preferences, provision of services or other services used).
why we are processing your personal data
We are processing your personal data especially for the below mentioned reasons:
- Route Search: we process your personal data for making and completing your search regarding your desired destination
- Customer service: we process your personal data for your optimum service regarding the route you want to choose
- Communication: Sometimes we may need to contact you by email, mail, phone or text message, depending on the contact information you have shared with us and your communication consent. Some of the reasons are mentioned below:
- Respond to your queries and handle any requests you have submitted to us.
- We may send you a customer’s satisfaction questionnaire regarding your experience while using our services.
- We may need to verify your information should you require information about your personal data.
- Compliance and Legal Claims: There may be cases where we may need to use the data you have provided, which may include personal data, for managing and resolving legal disputes or complaints, for regulatory inquiries and compliance, or for the implementation of the agreement(s), or for complying with legitimate requests from law enforcement authorities to the extent required by law.
THE LEGAL BASES BY WHICH WE PROCESS YOUR PERSONAL DATA.
We at The Ferries process your Personal data only if:
- The data processing is necessary for the performance of our contract
- It is necessary for us to comply with our legal obligations or for safeguarding our legitimate interests arising from your contractual relations with us or any other right we may have that derives from the local applicable Law.
- Data processing is based on your freely, by affirmative action given consent expressly and by unambiguous indication of the content of the text you are consenting about. You may have the possibility to withdraw your consent anytime. For collection of personal data of children under 16 years old, we are requesting the consent of the parents. We ensure that the processing of personal data takes place only for the purpose for which the data were initially collected. In case we may need to process collected personal data for another purpose, we will seek again your consent with express and determined written format.
WE ARE ALWAYS TRYING TO KEEP YOUR DATA SECURE
Here at “The Ferries” we are tirelessly performing various actions and procedures to prevent unauthorized access and misuse of our information systems, including personal data. We apply security procedures and technical and physical limitations of access and use of personal data on our servers. Only authorized personnel have access to personal data in their work.
OUR RELATIONS WITH THIRD PARTIES
Our basic function is redirecting you to the best offers regarding your destination of choice. Whenever we do that, we may use a third-party supplier or business partner to process personal data on our behalf. The choice of a third party ensures that this supplier or business partner will provide security measures to safeguard personal data that cover all associated risks.
how long we keep your DATA
We are retaining your personal data, for as long as it is necessary and reasonable for us to provide you with our services, to comply with applicable law, for the management of legal disputes, for the purposes of our activities, including the detection and prevention of fraud or other illegal activities. All the above personal data are subject to this Data Protection Policy.
your RIGHTS OF ACCESS to your data
It is our obligation to provide to you an access mechanism to access your personal data, in order for you to exercise the following rights:
RIGHT OF ACCESS
You have the right to be aware and verify the legitimacy of the processing we are performing. Thus, you have the right to access the data you have entrusted to us and get additional information about their processing.
RIGHT OF RECTIFICATION
You have the right to study, correct, update or modify your personal data that you have submitted to us
RIGHT of RESTRICTION OF PROCESSING
You have the right to request restriction of the processing of your personal data when:
(a) you contest their accuracy and until verification,
(b) you object to their deletion and, instead, you request the limitation of their use
(c) although your personal data are not needed anymore for processing, but they are indispensable to you establishing, exercising, supporting of legal claims, and
(d) you object to the processing and until it is verified that there are legitimate reasons that concern us and override the reasons why you are opposing to processing.
RIGHT of OBJECTion
You have the right to object at any time to the processing of your personal data in the case that they are necessary for the purposes of legitimate interests we pursue.
RIGHT TO DATA PORTABILITY
You have the right to receive, upon request, a copy of the digital data you have provided to us in a structured form and transfer these data to another controller
RIGHT TO BE FORGOTTEN
Upon request, you have the right to request from the deletion of your personal data. We will take the required organizational and technical actions to satisfy your request and will also secure it from any third parties using or processing personal data on its behalf. In cases of mandatory data processing required by law, this right is subject to specific restrictions or does not exist, as the case may be.
If you believe that any of your personal data that we hold is incorrect or inaccurate, you may request that you view this information, request it to be corrected or deleted.
Please contact us through the email@example.com in order to provide you the Data Subject Access Form.
DATA BREACH INCIDENT response
In the case we become aware of a suspected or actual personal data breach, we will immediately perform any investigation necessary and take appropriate remedial measures in a timely manner, according to our Data Breach Policy. Where there is any risk to your rights and freedoms as data subjects, we will notify the Hellenic Data Protection Authority without undue delay and, when possible, within 72 hours.
If you have any questions or need clarification regarding the processing of your personal data by our company, please send your message to firstname.lastname@example.org.