yomadic.tours as a Data Controller, in the context of the General Data Protection Regulation (EU) 2016/679 that has entered into force on 25.05.2018 (GDPR), the national legislation (L. 4624/2019) and the relevant instructions of the Personal Data Protection Authority (PDPPA), as applicable, is committed to protecting the personal data of visitors to its website and users of its electronic services, which are processed by authorized persons of Yomadic.tours, for reasons arising from the relevant business relationships, legal obligations, or the legitimate interest of Yomadic.tours.
This Policy is addressed to all natural persons, who enter and navigate on the website of Yomadic.tours (www.yomadic.tours) and carry out or may carry out any transaction with Yomadic.tours, through its website, as well as to all natural persons who enjoy our services.
1. What personal data we process and how we use it
We receive and store any information you knowingly provide to us when you browse our website, make a reservation and complete any online forms on the Website. Where required, this information includes, but is not limited to, your email address, first and last name, telephone number, pick-up address and destination, desired date and time of booking, number of people, or other personal information you wish to share with us via the Message/Additional Information field on our Website. You are requested to provide us with as much information related to the service we provide to enable you to take advantage of the features of the site. Users who are unsure what information is required are welcome to contact us.
In addition, when you visit the Website, our servers automatically record the information sent by your browser. This data may include information such as the IP address of your device, browser type and version, operating system type and version, language preferences or pages of our Site that you visit, the time spent on those pages, information you search for on our Site, times and dates of access, and other statistics.
2. Subject rights
In any case, you are in control of the processing of your personal data. In particular, in accordance with the applicable provisions of the GDPR, as a subject of personal data processing you have the following rights:
• Right to transparent information, communication and arrangements for exercising your rights (Articles 12, 13, 14 GDPR), concerning your right to be informed about how your personal data is used (as detailed in this Policy).
• Right of access to the personal data concerning you and if they are processed by Yomadic.tours, as Data Controller, the purposes of the processing, the categories of data and the recipients or categories of recipients (article 15 GDPR). Please note that Yomadic.tours will provide you with a copy of your personal data upon your request, but for any additional copies it reserves the right to charge reasonable costs.
• The right to correct inaccurate data and to complete incomplete data (Art. 16 GDPR).
• Right to erasure of your personal data (“right to be forgotten”), subject to the obligations and legal rights of Yomadic.tours for their retention based on the applicable laws and regulations (Art.17 GDPR)
• The right to restrict the processing of your personal data if, either the accuracy of the data is contested, or the processing is unlawful, or the purpose of the processing has ceased to exist and provided that there is no legitimate reason for its retention (Art.18 GDPR).
• Right to transfer your personal data to another controller, provided that the processing is based on your consent and carried out by automated means. The fulfilment of this right is without prejudice to the legal rights and obligations of Yomadic.tours to retain the data and fulfil its duty in the public interest (Art. 20 GDPR).
• Right to object on grounds relating to your particular situation in the event that your personal data are processed for the performance of a task carried out in the public interest or in the exercise of official authority vested in Yomadic.tours or for the purposes of the legitimate interests pursued by Yomadic.tours or a third party.
• Right to withdraw your consent already given (Art.7 GDPR), which concerns the possibility to withdraw your consent at any time for processing based on consent. The lawfulness of the processing of your data is not affected by the withdrawal of consent up to the point in time when you requested the withdrawal.
3. Purposes of processing
We may process Personal Data relating to you if one of the following applies:
(i) You have consented to one or more specific processing purposes on our behalf until you object to them, without any further action being required. Specifically, your personal data are used for our communication with you, for compliance with the applicable Greek and European legislation, for solving problems and questions that concern you, but also for providing clarifications and services, such as, but not limited to:
α) Improving customer service, i.e. the provision of the transport services you request (booking, confirmation).
b) Our communication with you for the receipt from your site, in order to better respond to your needs and which (information) is sent to you by e-mail.
c) For organisational reasons (e.g. list of customers with departure and destination within the day, customers with special offers).
d) For advertising and promotional purposes.
(ii) Providing information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations.
(iii) The processing is necessary for compliance with a legal obligation to which the service provided by us is subject and the purpose of the processing.
(iv) The processing relates to a task carried out in the public interest or in the exercise of official authority vested in us.
(v) The processing is necessary for the purposes of legitimate interests pursued by us or by third parties. In any case, we will be happy to clarify the specific legal basis applicable to the processing, and in particular whether the provision of Personal Data is a legal or contractual requirement or a requirement necessary for the conclusion of a contract.
We will not use personal data about you to make automated decisions that affect you or for profiling, except as described above.
4. How to exercise these rights
Any requests to exercise user rights can be addressed to the Holder via the contact details provided in this document. These requests may be exercised free of charge and will be dealt with by the Owner as soon as possible and always within one month.
5. Children’s privacy
α) We do not knowingly collect personal information directly from children under the age of 13. If you are under the age of 13, do not submit personal information through our site or service. We encourage parents and legal guardians to monitor their children’s Internet use and to help enforce this Policy by instructing their children to never provide Personal Information through our Site or Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Site or Service, please contact us.
b) Indicated use of children’s images on a website and social media (Facebook, Instagram, Youtube). Specifically: Images of children depicted on our Website depict children with dignity and respect, such as, but not limited to, covering their facial features with icons in order to avoid identifying the person. Permission is always sought from the children themselves before photographs are taken. Yomadic.tours obtains informed consent from the child, the child’s parent or guardian, before using, editing, sharing and publishing any photo or video of that child on the website and social media. Personal and other information that could be used to identify a child that could potentially put them at risk is not used in any form of communication.
6. Who are the recipients of personal data
We may share your personal data with service providers – external partners (called data processors) within or outside the Company in Greece or abroad, such as, but not limited to, digital services and technology (IT) providers, including cloud services, who have been instructed to process personal data on our behalf, for the Permitted Purposes, strictly and only in accordance with our instructions.
Yomadic.tours retains control and remains fully responsible for your personal data and will use appropriate protection measures as required by applicable law to ensure the integrity and security of your personal data during the employment of the aforementioned service providers.
Yomadic.tours may also share your personal data with public or governmental bodies, such as regulatory or law enforcement authorities, lawyers or courts where we are required to do so by law or regulation or at their request, if permitted by law and required to comply with a legal obligation or to document, exercise, defend or defend against legal claims.
In all other cases, we will disclose your personal data only at your request or with your consent, where we are required to do so under applicable law or regulation or pursuant to a judicial or official request, or where we suspect fraudulent or criminal activity.
7. Links to other websites
Our website contains links to other websites that are not owned or controlled by us. Please note that we are not responsible for the privacy practices of such other sites or third parties. We encourage you to be aware when you leave our Site and to read the privacy statements of each website that may collect Personal Information.
8. Information Security
We secure the information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. Yomadic.tours, with a view to the security and protection of your personal data, takes relevant provision to take adequate and necessary technical and organizational measures to safeguard both technological and physical security in accordance with Art. 32 GDPR (including but not limited to: encryption and regular testing, restricted access, special passwords for authorised persons to access its databases, etc.).) and respects the principles of processing in accordance with the letter of the GDPR, namely the principles of legality, objectivity and transparency, purpose limitation, data minimisation, accuracy, storage period limitation and integrity and confidentiality (Article 5 of the GDPR).
9. Data breach
In the event that we become aware that the security of the Site has been breached or that users’ personal information has been disclosed to unaffiliated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate action, including, but not limited to, investigating and reporting, as well as notifying and cooperating with law enforcement authorities. In the event of a data breach, we will use reasonable efforts to notify affected individuals if we believe there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do so, we will post a notice on the Website, send you an email and contact you by phone.
10. Changes and amendments
Yomadic.tours declares that, based on its current data protection policy and in the context of the current legislative and regulatory framework, it may revise or amend this Policy, which will always be available on our website. The Policy, as amended by the most recent amendment, shall always be deemed to apply.
11. Acceptance of this policy
You acknowledge that you have read this Policy and agree to all of its terms and conditions. By using the Website or its Service, you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Site and its Services.
12. Useful contact details
If you have any questions about your rights or if you have specific requests regarding your personal data, please contact Yomadic.tours at email@example.com or our call centre at +302104405281.
This document was last updated on 29.03.2023