PRIVACY POLICY
PRIVACY AND PERSONAL DATA PROTECTION NOTICE
1. Introduction
“SEAJETS SEAJET II NE” (hereinafter referred to as the “Company”), based in Piraeus Attica (2 Gounari street), with TIN 997215650, Ship Tax Office of Piraeus, is dedicated to safeguarding your personal data with full respect for your privacy.
The objective of this Privacy Policy and the incorporated Privacy Notice is to offer information regarding the processing of personal data belonging to the Company’s customers, users/visitors of the website and individuals involved in any business relationship with the Company. This pertains to the use of its online services and the fulfillment of these services. This document offers detailed insights into the types of personal data collected by the Company as the e Data Controller, the process of data handling (including collection, storage, usage, transmission, etc.), the purposes and legal basis of processing, any recipients, the retention period, the technical and organisational measures for the protection of personal data and the rights that natural persons have in the context of this processing, which in any case is carried out in a reliable, lawful and transparent manner.
To ensure transparency in the collection, usage, and storage of your personal data, the Company strongly encourages customers, potential customers, website visitors, and any interested parties to thoroughly review this Privacy and Data Protection Notice.
The Company operates as Data Controller with regard to the personal data (website visitors, passengers, persons with whom it has any business relationship, etc.) that it processes, ensuring compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), the provisions of the applicable Greek legislation on the protection of personal data (Law 4624/2019, Law 2472/1997, Law 3471/2006, as in force, etc.) as well as all relevant decisions, directives and guidelines of the Data Protection Authority (“DPA”) and the European Data Protection Board (“EDPB”).
2. Useful Definitions
- data “subject”: the website user, the customer/passenger and any other natural person who receive our services.
- “personal data”: any information relating to a specific natural person or a person whose identity can be verified, such as name, address, email, identity card number, etc.
- “sensitive or special categories of personal data”: personal data relating to religious, ideological, political beliefs, biometric data/information, data revealing racial or ethnic origin. Data relating to health or data relating to a natural person’s sex life or sexual orientation.
- “processing”: any operation or series of operations carried out, with or without the use of automated means, on personal data or on sets of personal data, i.e. processing is the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, search, use, disclosure by transmission, dissemination or any other form of disposal, correlation or combination, restriction, erasure or destruction of data.
- “profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
- “controller”: a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. In this regard, “SEAJETS SEAJET II NE”, based in Piraeus Attica (2 Gounari street, PC: 18531), with TIN 997215650, Ship Tax Office of Piraeus, phone number: (+30) 210 4121001 and email: [email protected].
- “processor”: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
- “recipient”: the natural or legal person, public authority, agency or other body to whom/which personal data are disclosed, whether it is a third party or not.
- “Data Protection Officer”, “DPO”: our Company has appointed a Data Protection Officer in accordance with art. 37-39 of the GDPR, which safeguards your privacy and your personal data. Their contact details are also available at the end of this document ([email protected]). For any clarification regarding the processing of your personal data, including any complaint or request to exercise your legal rights, please contact the Company’s DPO.
3. What data we collect, for what purpose and on what legal basis
We collect your personal data only when you provide it to us in the context of our (business) relationship, for communication between us, for the confirmation of your details and the booking of your tickets, to adequately inform you [voyage and travel details, departure, arrival, change in itinerary, any extraordinary measures or weather conditions, change of departure port, change of departure ship, emergency or damage, etc.]. The personal data you provide us [such as, but not limited to, your full name, your contact details, information related to your travel itinerary, any information related to ticketing] is processed only if there is an appropriate legal basis and a specific purpose of processing, in accordance with the provisions in force as currently in force. Please note that the provision of certain necessary personal data takes place in the context of the provision of the services that you entrust to us and wish to receive from us and consequently for the fulfilment of our contractual obligations.
In the following table you can find the personal data that we process as well as the purpose(s) and the legal basis of processing, by activity/processing:
PROCESSING OF CUSTOMERS’ PERSONAL DATA (WHILE USING THE ONLINE SERVICES) | |||
Activity/ Processing | Personal data (or categories of personal data) | Purpose of processing | Legal basis for processing |
Purchase of tickets (via the website) | Name and surname Destination [port of departure, port of arrival] Date and time of departure/arrival Gender Type of passenger Seat Date of birth Nationality Phone number Email Card loyalty number (if available) | The provision of our services through our Company’s website. The Company’s compliance with the current legislative framework regarding the registration of persons travelling on passenger ships and the specific recommendations by the competent Ministry. | A) The provision of our services (transport, transfer of passengers to the destination). B) The compliance with our legal obligation especially in the context of our accountability to the competent authorities as well as compliance with the legislation governing passenger data of passenger ships [indicatively: P.D. 120/97 (A 110), P.D. 23/99 (A 17), P.D. 102/2019, DIRECTIVE 2017/2109, No. 2432.6-8/9292/2020/10-02-2020 Decision of the Minister of Maritime Affairs and Insular Policy (MMAIP), as amended by No. 2432.6- 8/49711/2021/08-07-2021 Decision of the MMAIP (B 3084)]. |
Purchase or printing of tickets at Seajets central agencies or partner agencies | Name and surname Destination [port of departure, port of arrival] Date and time of departure/arrival Gender Type of passenger Seat Date of birth Nationality Phone number Email Card loyalty number (if available) | The management of your travel bookings and the provision of our services [reservations, ticketing, any ticket replacement or refunds]. The Company’s compliance with the current legislative framework regarding the registration of persons travelling on passenger ships and the specific recommendations by the competent Ministry. Provision of the best services to you. | A) The provision of our services (transport, transfer of passengers to the destination). B) The compliance with our legal obligation especially in the context of our accountability to the competent authorities as well as compliance with the legislation governing passenger data of passenger ships [indicatively: P.D. 120/97 (A 110), P.D. 23/99 (A 17), P.D. 102/2019, DIRECTIVE 2017/2109, No. 2432.6-8/9292/2020/10-02-2020 Decision of the Minister of Maritime Affairs and Insular Policy (MMAIP), as amended by No. 2432.6- 8/49711/2021/08-07-2021 Decision of the MMAIP (B 3084)]. |
Online check in | Reservation code Your last name or phone number | Creation of a boarding pass with the necessary data for boarding. Timely issuance of your boarding pass (Check in). Boarding the ship. | A) The provision of our services (transport, transfer of passengers to the destination). B) The compliance with our legal obligation especially in the context of our accountability to the competent authorities as well as compliance with the legislation governing passenger data of passenger ships [indicatively: P.D. 120/97 (A 110), P.D. 23/99 (A 17), P.D. 102/2019, DIRECTIVE 2017/2109, No. 2432.6-8/9292/2020/10-02-2020 Decision of the Minister of Maritime Affairs and Insular Policy (MMAIP), as amended by No. 2432.6- 8/49711/2021/08-07-2021 Decision of the MMAIP (B 3084)]. C) The legitimate interest of the Company (optimal provision of our services in the context of timely and uninterrupted service to you). |
Keeping a record of passenger data by route and journey | Passenger information: Surname, first name, gender, nationality, date of birth (age), passenger or crew (passenger type), phone number Ship personalisation details: ship itinerary, ship code & ship name. Travel details: date and time of departure, port of departure, gate, port of arrival, if checked in | The Company’s compliance with the current legislative framework regarding the registration of persons travelling on passenger ships (and related information, indicatively: ship, itinerary etc.) and the specific recommendations by the competent Ministry. | A) The provision of our services (transport, transfer of passengers to the destination). B) The compliance with our legal obligation especially in the context of our accountability to the competent authorities as well as compliance with the legislation governing passenger data of passenger ships [indicatively: P.D. 120/97 (A 110), P.D. 23/99 (A 17), P.D. 102/2019, DIRECTIVE 2017/2109, No. 2432.6-8/9292/2020/10-02-2020 Decision of the Minister of Maritime Affairs and Insular Policy (MMAIP), as amended by No. 2432.6- 8/49711/2021/08-07-2021 Decision of the MMAIP (B 3084)]. |
Subscribe to SEAJETS SEA CLUB [Join] | surname name gender address date of birth nationality mobile phone number email (mandatory fields) | Subscribe to SEAJETS SEACLUB, obtain a membership card and enjoy the relevant privileges. | The contractual relationship between us and your specific request for registration and in particular the performance of a contract regarding the provision of services and benefits to members of the program. |
Login to SEAJETS SEA CLUB | email card number | Login to your account, view the data you have entered (with the possibility to modify/update it), aggregated/analytical points report. | The performance of a contract regarding the provision of services and benefits to members of the program. |
Communication via the call centre and recording of telephone conversations | Caller’s phone number (landline or mobile) Call content (recorded conversation) | The management of your travel reservations [bookings, ticketing, any replacement]. Providing evidence of a commercial transaction or other communication of a purely professional nature. | A) The contractual relationship between us. B) The legitimate interest of the Company in the context of providing its services and serving you. |
Subscription to the newsletter service | email address | To inform you about our news and offers, if you have consented to this in accordance with the specific requirements of the legal framework, where applicable, we will send you promotional messages about our travel services, updates and offers on our travel services. | A) your consent to subscribe to the newsletter service B) the business relationship between us and your specific request |
Contact form | Name Surname email content of the message | Contacting, managing/arranging or resolving your request, query or complaint. Confirmation of your reservations and payments, for information regarding your itinerary. | A) The business relationship between us and your specific request B) Legitimate interest in serving you |
Information on the use of Cookies: Our website (www.seajets.com) uses Cookies. Our Company, through the posted Cookies Policy, provides users/visitors of its website with information on the use of Cookies such as the type of Cookies used by the website, the duration of storage, the type of data they collect, the purpose of use of each Cookie, the way in which the user/visitor has the ability to configure or disable their use, etc. | |||
Information on payment and credit/debit card information/data: Regarding, in particular, the personal information/data of credit/debit cards required for the completion of your online ticket purchases, we inform you that Seajets does not process it in the first place. Your data is registered in secure electronic banking platforms, [ALPHA Bank/NEXI e-commerce], to which you are redirected during payment. |
We make every effort to ensure that your personal data is legally processed both at the initial collection step and during its processing, in accordance with the applicable provisions on personal data protection, and in particular, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679.
4. Personal data of children/minors
Acknowledging the sensitive nature of the children’s age, the Company declares that it does not process personal data from visitors/users of its website under the age of eighteen (18) years without the prior consent of the person responsible for the minor child.
It is essential to highlight that when the processing of personal data relies on consent as per Art. 6 par. 1, f (a) of GDPR 2016/679, particularly concerning the provision of information society services directly to a child, the processing is lawful if the minor is at least 15 years of age. If the minor is under 15 years of age, such processing is lawful only with the consent or approval of the person having parental responsibility for the minor (refer to art. 8 of GDPR 2016/679 in conjunction with art. 21 of Law no 4624/2019).
5. Recipients of your data
In order to fulfil our customers’ requests, the needs of our Company and for the adequate and uninterrupted provision of our services, we may disclose personal data to third parties only if required by law or our contractual relationship and only when we are entitled to do so. In any case, we only disclose personal data that is necessary for the fulfilment of the respective purposes and we ensure the confidentiality of your personal data. Personal data collected in our relationship may be processed in specific cases and under certain conditions by:
- The authorised and properly trained competent personnel of our Company, committed to absolute discretion and confidentiality;
- Partners of our Company, to whom the Company, pursuant to art. 28 of the GDPR entrusts the performance of specific tasks on its behalf (processors) and with whom it has ensured and ensures processing in accordance with the GDPR for the protection of your personal data, by signing contracts and commitment to comply with adequate technical and organisational measures, in accordance with the relevant provisions (GDPR art. 28, 32), including but not limited to the company Evresis Services Ltd in the context of providing call centre services, where applicable, and if necessary the company called Certus Online S.A. in the context of supporting the reservations system.
- Partner ticket agencies.
- Public bodies and authorities such as competent Port Authorities, Ministry of Maritime Affairs and Insular Policy, ISKTHEEA (Electronic Seat Reservation and Issuance of Passenger Tickets and Vehicle Movement Receipts System), Operations Room, in accordance with established procedures.
- Competent personnel performing boarding control on board.
6. How we transfer the information we collect internationally
The Company does not transmit your personal data within the EU or outside the EU to third countries or international organisations that do not ensure an adequate level of protection. We will only transmit your personal data to countries that the European Commission considers to provide an adequate level of protection for personal data. In any case, any transmission shall follow and comply with the relevant provisions of the applicable legal framework, in particular art. 44 et seq. of the GDPR 2016/679 while users will be informed accordingly by updating this Personal Data Protection Policy or by a more specific notice/update by the Company.
7. How long we retain your data
We retain your personal data in accordance with the requirements of the law, in particular for as long as provided for in each case, for as long as required by the nature and purpose of the processing in each case, for as long as specified by the applicable legal and regulatory framework and in any case for the entire duration of the business relationship between us and our individual contractual obligations, depending on the nature of this, taking into account the legal obligations of our Company and any legal claims that may be raised in order to justify the time of retention of the personal data..
It is noted, in particular, that when processing is required by the provisions of the applicable legal framework, your personal data is retained for as long as the relevant provisions require or in the event of an emergency or after an accident, until any investigations or court proceedings are completed.
It is noted in particular that when processing is carried out on a contractual basis, your personal data is retained for as long as is necessary for the performance of the contract and for the establishment, exercise, and/or support of legal claims under the contract.
8. Security of your data
Our Company shall ensure, inter alia, that adequate and appropriate technical and organisational measures are taken to ensure an appropriate level of security against the risks involved in processing, and in particular by accidental or illegal destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed and the safeguarding of both technical and physical security in accordance with article 32 of the GDPR. It has relevant policies and generally adheres to the principles of processing in accordance with the letter of the GDPR (art. 5 of GDPR), to ensure the availability, integrity and confidentiality of your data.
We always ensure that only authorised users have access to your personal data, subject to confidentiality and secrecy clauses, while our Company takes sufficient actions to keep its staff informed about the culture and requirements of relevant European and national legislation on data protection.
9. Social media
Our Company uses social media pages that include, but are not limited to:
- Facebook: https://www.facebook.com/
- Instagram: https://www.instagram.com/?hl=el
- YouTube: https://www.youtube.com/?hl=el&gl=GR
- LinkedIn: https://www.linkedin.com/
With regard to certain processing, we and the data controllers of the aforementioned social media platforms act jointly as Controllers of your data, under art. 26 of the GDPR. As regards the processing of data by social media data controllers, we only have limited influence on them. So, we act within our capabilities and in accordance with the applicable personal data protection legislation.
The Data Controller of the social media platforms manages the overall IT infrastructure of the respective service, sets its own technical and organisational data protection measures and maintains its own relationship with you as a user and, therefore, as your Data Subject (provided that you are a registered member of the respective social media service).
For more information on the processing of your data by social media platform providers and your rights in general, please refer to the respective Privacy/Data Protection Policies of each provider:
– For Facebook:https://www.facebook.com/privacy/explanation
– For Instagram: https://help.instagram.com/519522125107875
– For YouTube: https://www.youtube.com/yt/about/policies/
– For LinkedIn: https://www.linkedin.com/legal/privacy-policy
The data you provide us when visiting our social media page, such as comments, videos, images, “likes”, public messages, etc., are published on the platform of the social media you choose and are not used or processed by us for purposes other than informing you about our promotional activities, such as discounts, special offers, competitions that we may organise, but also in the context of your service, when you wish to contact us that way. The processing of your personal data is carried out on the basis of art. 6 par. 1 f(f) of GDPR, in order to provide the best services to you.
10. GDPR Rights: Procedures for Enforcement
In any case, you have control over the processing of your personal data. As a data subject, you hold the rights provided for in the GDPR, particularly articles 12 to 23, as well as under the current national legislation. These include:
- Right to information, communication, and modalities for the exercise of your rights (art. 12, 13, 14 of GDPR), i.e., your right to be informed about how your personal data is used (as detailed in this Notice).
- Right of access to the personal data concerning you and if they are processed by the Company, as Data Controller (art. 15 of GDPR). The Company will provide a copy of the personal data upon your request.
- Right to rectify inaccurate data and complete incomplete data (art. 16 of GDPR).
- Right to erasure of your personal data (“right to be forgotten”), subject to the Company’s obligations and legal rights to keep such data in accordance with the applicable laws and regulations (art. 17 of GDPR).
- The right to restrict the processing of your personal data if, either the accuracy of the data is questioned, or the processing is unlawful, or the purpose of the processing no longer applies but the erasure of the data is not appropriate (art. 18 of GDPR).
- Right to portability of your personal data to another controller, if the processing is based on your consent and is carried out by automated means or for the execution of the contract between us (art. 20 of GDPR). In this case, you can receive the data that concerns you and you have provided us, in a structured commonly used and machine-readable format.
- Right to object on grounds relating to your particular situation where your data is processed for the purposes of the Company’s legitimate interests (article 21 of GDPR) and in particular to object to automated decision-making, including profiling (article 22 of GDPR).
- Right to withdraw your consent already given (article 7, par. 3 of GDPR) at any time for processing based on consent. The lawfulness of your data processing is not affected by the withdrawal of consent up to the point in time when you requested the withdrawal.
You also have the possibility to lodge a complaint with the competent supervisory authority, in particular in the Member State where you have your usual residence or place of work or the place of the alleged infringement, if you deem that the processing of your personal data infringes the GDPR (art. 77 of GDPR) and that your request has not been sufficiently fulfilled by us. The competent supervisory authority in Greece is the Hellenic Data Protection Authority (1-3 Kifisias Ave,, Athens, P.O. 115 23, +30 210 6475600, [email protected]).
11. How to exercise your rights and lodge a complaint
You have every right to exercise your rights either by sending an email to [email protected] (by filling in the Form of exercising the rights) or by sending a letter to our address or delivering it to our headquarters in Piraeus, Attica (2, Gounari Street, 7th floor, P.C.: 18531).
Our Company strives to take necessary actions within one (1) month of receiving your request, unless the operations relating to the fulfilment of the request are characterised by particularities and/or complications, on the basis of which the Company reserves the right to extend the time to complete the procedure. In any case, you will be informed about the progress of your request within one (1) month of its submission. We reserve the right, on occasion and where strictly necessary, to request specific information from you in order to confirm your identity and to ensure your right to access your personal data (or to exercise any other right you may have). This is a safety measure that ensures that personal data is not disclosed to any person who is not entitled to receive it. We also reserve the right to contact you for more information about your request in order to reduce our response time.
12. Specific declarations
1. The Company disclaims any responsibility for damages (direct, indirect, positive, or consequential) resulting from the use of the website. Visitors are solely responsible for safeguarding their system against viruses and other malicious software.
2. The company affirms that it does not make decisions or carry out profiling based on automated processing of your data.
3. This Privacy Policy may be amended at any time. The user will be informed of all important changes and the updated version will be posted on the website every time. For this reason, the visitor should be informed and regularly refer to this policy. This notice supersedes any previous disclosures we may have provided in the past about our information practices. We reserve the right to change this notice and to implement any changes to the information previously collected, in accordance with the law. If there are material changes to this notice or our information practices change in the future, we will notify you by posting the changes on our website.
4. The Company asserts that no other use of the visitor’s personal data will be made for purposes other than those mentioned herein, without prior notification and, where required, consent.
13. Useful contact information
Data Controller’s Information |
Headquarters: 2 Dimitriou Gounari, 18531 Piraeus, 7th floor, Greece Tel: +30 210 4121001 Fax: +30 210 4121912 Email: [email protected] Website: www.seajets.com |
Information on the Data Protection Authority (DPA, the national competent supervisory authority) |
Offices: 1 – 3 Kifisias Avenue, P.C. 115 23, Athens Call Centre: +30 2106475600 Fax: +30 2106475628 Email: [email protected] Website: www.dpa.gr |
Data Protection Officer (DPO) |
[email protected] |
Date of last modification: August 2023