POLITIQUE DE CONFIDENTIALITE

 

 

PRIVACY POLICY AND INFORMATION POLICY ON THE PROCESSING OF PERSONAL DATA OF WEBSITE VISITORS

Contents

  1. Introductory Text.
  2. About us.
  3. Definitions.
  4. The processing of personal data (source of collection, categories of data, purpose and legal basis of processing).
  5. Who are the recipients of your data.
  6. Transfers of personal data to third countries or international organizations.
  7. How long we keep your data.
  8. The security of your data.
  9. Your rights under the GDPR and how to exercise them.
  10. How to exercise your rights and make a complaint.
  11. Special declarations.
  12. Useful contact details.

1. Introductory Text

The company with the name  » SEAJETS SEAJET II NE » (hereinafter referred to as the company or Seajets Maritime), headquartered in Piraeus, Attica (2, Gounari Street), with VAT number 997215650, Piraeus Ships’ Tax Office, respecting your privacy, is committed to the protection of your personal data. The purpose of this policy is to inform the visitor of this website and any potential data subject about the measures taken by the Company to protect the personal data it processes and to comply with the General Data Protection Regulation (EU) 2016/679 (hereinafter « GDPR »), the provisions of the applicable Greek legislation on the protection of personal data (Law No. 4624/2019, Law 2472/1997, Law 3471/2006, as applicable, etc.) as well as the relevant decisions, directives and guidelines of the Hellenic Data Protection Authority (« DPA ») and the European Data Protection Board (« EDPS »).

2. About us 

Seajets Maritime, with a state-of-the-art fleet of exclusively high-speed vessels, covering over 250 port connections of ports from Piraeus, Rafina and Crete to the Cyclades islands, acts as Data Controller with regard to the personal data it processes.

3. Definitions

For the purposes of this document, the following definitions are referred to and adopted, with a view to reflecting them in the relevant legal framework on the protection of personal data:

1. « Policy »: the set of contents and information in this Privacy and Information Policy for the processing of personal data.
2. « ‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. For the purposes hereof, « Data Subjects » are the visitors to this website.
3. « Company », « Data Controller »: the term « Company » or « Data Controller » means the legal entity « SEAJETS SEAJET II NE » that determines the purposes and manner of processing the personal data of the visitors of the website.
4. « ‘processing’ means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, search, use, disclosure by transmission, dissemination or otherwise making available, correlation or combination, restriction, erasure or destruction.
5. « Processor »: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Company.
6. « ‘recipient’ means the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not a third party.
7. « ‘third party’ means any natural or legal person, public authority, agency or body, with the exception of the data subject, the data controller, the data processor and persons who, under the direct supervision of the controller or the processor, are authorized to process personal data.
8. « ‘consent’ of  the data subject: any freely given, specific, explicit and informed indication of his or her wishes by which the data subject signifies his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her.
9. « ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.
10. « Data Protection Officer » (DPO), « DPO »: the Data Protection Officer, designated by the Company as the Data Controller, who has the position and duties defined by the applicable legal framework on the protection of personal data.

4. The processing of personal data (source of collection, categories of data, purpose and legal basis of processing)

We collect your data, through this Website, only when you provide it to us and at your request, in the context of our business relationship, for your information, for communication between us, for your identification and for the reservation of your tickets.
When visiting and navigating on our Company’s Website, the user’s network protocol address and login data are automatically recorded for optimization purposes and to ensure the security of our information systems, as we have a legitimate interest.
During the above processing, no identifiable elements of the user’s physical identity are disclosed, but these data are used exclusively for the operation of the Website and the optimization and security of our information systems.
Under no circumstances will Seajets Maritime use the data you provide to make automated decisions that may affect you.
In particular, in the Table below you can find out about your personal data that we process through our website, the purposes and legal bases of processing, by processing:

PROCESSING OF PERSONAL DATA OF WEBSITE VISITORS
EditCategories of personal dataPurpose of processingLegal basis for processing
 
 
 
 
Login to our website
 
–          IP address
–          date and time of access
–          geographical location access location
–          browser
–          operating system
 
 
Provide personalized services to you, proper connection establishment, system security and stability
a) a legitimate interest, in the context of making our website available to the general public and providing services to them;

Management of your travel bookings through our website and provision of our services
 
–          Full name of passenger
–          Destination
–          Date & departure/arrival time
–          Vehicle registration number (if available)
 
 
 
Managing your bookings and serving you as an individual or group customer
a)  the contractual relationship between us
b) the business relationship between us
(c) legal obligation
 
 
 
Communicating with you and managing our relationship with you
 
 
 
–          Full name
–          Phone
–          or email
 
 
Confirmation of your reservations and payments, to inform you about your itinerary
a)  the contractual relationship between us
b) the business relationship between us
(c) legal obligation
 
 
Collection of information related to passenger accidents, ticket replacement or refund requests, passenger & vehicle damage claims
 
 
 
 
–          Booking details
–          Passenger request
 
 
 
 
 
Management and satisfaction of your requests
a)  the contractual relationship between us
b) the business relationship between us
(c) legal obligation
 
(d) legitimate interest
 
Keeping a record of passenger complaints and suggestions
 
–          Booking details
–          Passenger request/complaint
 
 
Management and satisfaction of your requests
a) the business relationship between us
(b) legitimate interest
 
 
 
Collection of e-mails for newsletter (subscription to the newsletter service)
 
 
 
 
 
– E-mail
Where you have consented to this, we will send you promotional emails about our travel services, updates and SEAJETS offers, sometimes personalized to your preferences and interests, if you have opted in, in order to improve your customer experience. 
 
 
 
 
(a) consent

5. Who are the recipients of your data

In order to meet our customers’ requests or the needs of our business or to ensure the adequate and uninterrupted provision of our services, we may disclose personal data to third parties only if required by law or our contractual relationship and only when we are legally entitled to do so. In any case, we only share personal data that is necessary to fulfil the respective purposes and ensure the confidentiality of your personal data. By way of example, we may disclose your personal data to the following categories of recipients:

  1. Public bodies and authorities, such as public departments and agencies, regulatory authorities, police, competent authorities, prosecutors, other administrative agencies, etc., when we are obliged to do so by the applicable legal framework (e.g. Port Authorities, Ministry of Maritime Affairs and Insular Policy).
  2. Regulatory authorities for the purpose of either reporting any suspected violation of applicable law or exercising/defending our legal rights.
  3. Lawyers, auditors, accountants and other external professional advisors of our Company.
  4. Any interested party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.

Only trained, authorized employees of the Company have access to your data, who are responsible for the evaluation of your requests, the management and operation of the contract with the Company, for the fulfillment of the obligations arising from it, as well as the relevant obligations imposed by law, bound by absolute confidentiality and discretion.

Seajets Maritime, respecting the privacy of its website visitors, does not further transmit to third parties your personal data collected from its website unless necessary. It may transfer/disclose some of it to third legal entities to which it has entrusted, in part or in full, the processing of your personal data on its behalf (Data Processors), for specific purposes, such as for example a) the support of this website and b) the management of your ticket reservation with whom it has ensured the processing in accordance with  the  Regulation (GDPR) for the protection of your data, by signing contracts and committing to comply with adequate measures in accordance with the Regulation (GDPR).

6. Transfers of personal data to third countries or international organizations

In principle, our Company does not transfer the personal data of its Partners to third (non-EU or non- EEA (European Economic Area)) countries or international organizations that do not ensure an adequate level of protection (based on an adequacy decision or Privacy Shield certification). Any transfer  follows and complies with the  relevant provisions of the applicable legal framework, in particular Art. 44 et seq. GDPR In any case, Partners will be informed accordingly

7. How long we keep your data

We take all reasonable steps to ensure that your personal data is kept only for the period of time necessary in relation to the legitimate purpose of the processing. The retention of your specific personal data may be necessary for one or more of the following purposes:

  1. To meet institutional or other regulatory requirements
  2. Prove facts/agreements in case of a confrontation
  3. In the context of our operational needs
  4. To store anonymized data for statistical purposes

Personal data collected and subsequently not used for business purposes will be regularly reviewed and may be deleted. Upon termination of our business relationship, Seajets Maritime may retain your personal data for a period of up to five (5) years. We may retain your Personal Data for longer than five (5) years if necessary for legal, legislative or technical reasons. Our company will retain your Personal Data in accordance with the requirements of applicable law and its Retention Policy, in particular for as long as provided for in each case, for as long as required by the nature and purpose of the processing in question, for as long as required by the applicable legal and regulatory framework and in any case for the entire duration of the business relationship between us and its individual contractual obligations.

In the case of contractual relationships, your personal data is stored until the expiry of the contract in question, unless further storage is provided for by law.

In any case, we apply a maximum retention period of twenty (20) years (General Statute of Limitation of Claims), with the possibility of extending this period in the event of any claim or pending litigation or indication of control by a public authority. After the above period of time has elapsed, the data that is no longer necessary will be deleted in a secure manner and in a non-recoverable format.

In case you have given your consent in view of a specific processing and there is no other legal basis for it, you have the right to withdraw it at any time, by a simple declaration of withdrawal, which will be addressed to Seajets Maritime by completing the rights exercise form or by other means, without affecting the lawfulness of the processing based on it until its withdrawal.

8. The security of your data

We comply with applicable law and our privacy policies and implement reasonable and appropriate technical and organizational security measures to protect your personal data from accidental destruction, loss, unauthorized modification, disclosure or access, misuse and any other unlawful forms of processing. We always ensure that exclusive authorized users have access to your personal data, subject to confidentiality clauses, on a need-to-know basis and to the extent necessary to fulfil the respective purposes.

Seajets Maritime is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we implement appropriate technical and organizational

security measures to safeguard and protect the personal and confidential information we process from destruction, loss, access, alteration and disclosure of your data by unauthorized third parties.

Because the Internet is an open system, transmitting information over the Internet is not completely secure. Although Seajets Maritime will take all reasonable steps to protect your Personal Data, we cannot guarantee the  security of any data transmitted to us over the Internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data you disclose to us is sent securely.

Seajets Maritime shall make every effort to have adequate technical and organizational security measures in place to maintain technical and physical security in accordance with Article 32 and the principles of the GDPR (e.g. security policies to secure the information infrastructure, classified access, application encryption, etc.).

Specifically, with regard to the aforementioned website, our Company applies the TLS 1.3 (Transport Layer Security) protocol with strong encryption, through which security is enhanced during data transmission on the internet.

Seajets Maritime is also committed to keeping its staff informed of the requirements of relevant national and European legislation on the protection of personal data. Our staff are aware that sensitive data can only be processed in very specific circumstances.

9. Your rights under the GDPR and how to exercise them

– Right to information, communication and reporting on the exercise of your rights (Articles 12, 13, 14 GDPR), i.e. your right to be informed about how your personal data is used (as detailed in this Notice).
– Right of access to the personal data concerning you and if the Company, as Data Controller, processes them (Art.15 GDPR). The Company will provide a copy of the personal data upon your request.
– The right to correct inaccurate data and to complete incomplete data (Art. 16 GDPR).
– Right to erasure of your personal data (« right to be forgotten »), subject to the Company’s obligations and legal rights to maintain them in accordance with the applicable laws and regulations (Art.17 GDPR).
– The right to restrict the processing of your personal data if, either the accuracy of the data is questioned, or the processing is unlawful, or the purpose of the processing is no longer valid but the deletion of the data is not appropriate (Art.18 GDPR).
– Right to transfer your personal data to another controller if the processing is based on your consent and is carried out by automated means or for the performance of the contract between us. (Art. 20 GDPR).
– Right to object on grounds relating to your particular situation in case your data are processed for purposes of the Company’s legitimate interests (article 21) and in particular to object to automated decision-making (article 22).
– Right to withdraw your consent already given (Article 7 GDPR) at any time for processing based on consent. The lawfulness of the processing of your data is not affected by the withdrawal of consent up to the point in time when you requested the withdrawal.
– Right to appeal to the competent supervisory authority, namely the Personal Data Protection Authority (1-3 Kifissia Street, Athens, P.O. Box 115 23, +30 210 6475600, [email protected] )

10. How to exercise your rights and make a complaint

You have every right to exercise your rights by sending an email to [email protected] or by letter to our company’s headquarters in Piraeus, Attica (2, Gounari Street), by filling in the relevant exercise form that we provide you (Exercise of Rights Form). Your relevant requests should be accompanied by appropriate proof of your personal identification, with  the  express reservation of the Company to request additional information for the purpose of identification and confirmation of your details. The above rights will be considered by completing and submitting the relevant rights exercise form as posted on our website and subject to the express instructions set out therein. Our Company will make every effort to take the required actions within one month from the date of invocation/exercise of the applicable right by you, unless the work involved in satisfying the request is characterized by particularities and/or complexities under which the Company reserves the right to extend the time for completion of the actions.

In any case, the Company will inform you about the progress of your request within one month of its submission.

11. Specific statements

  1. It does not process personal data from visitors/users of the website under the age of eighteen (18) years.
  2. It is not responsible for any damage (direct, indirect, positive, consequential) caused to the visitor due to the website or its use. The visitor is solely responsible for the protection of his system from viruses.
  3. It does not make decisions or carry out profiling based on automated processing of your data.
  4. It acknowledges that this policy may be amended/updated at any time. The visitor will be informed of all significant changes and the updated version will be posted on the website at any time. For this reason, the visitor of the website must be informed and refer to this policy regularly.

12. Useful contact details

Details of the Data Controller
Headquarters: Dimitriou Gounari 2, 18531 Piraeus, 7th floor, Greece Tel: +30 210 4121001
Fax: +30 210 4121912
E-mail: [email protected] Website: www.seajets.com
 
Data Protection Authority (DPA, the national competent supervisory authority)
Offices: 1 – 3 Kifissias Avenue, P.C. 115 23, Athens, Greece
Call Centre: +30 2106475600
Fax: +30 2106475628
E-mail:  [email protected] Website: www.dpa.gr
Data Protection Officer (DPO) details
Our company has also appointed a Data Protection Officer (DPO) to advise and inform its staff, to monitor the Company’s compliance with the GDPR and to be the point of contact with the competent supervisory authority and the Data Subjects. If you have questions about how Seajets Maritime processes your personal data or wish to exercise any of the aforementioned rights, you can contact our Data Protection Officer:
dpo@seajets. gr

Date of last modification : December 2020