This Privacy Policy outlines how “Adventure Beyond Chania” manages and protects your information when you use our services. We are committed to protecting your information, safeguarding your rights, and ensuring the security of your personal data.
Relevant Legislation
This policy complies with the following data protection legislation:
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation (GDPR/EC/2016/679)
Data Controller
The data controller for the personal data we process is Konstantinos Stroutzos, operating as “Adventure Beyond Chania,” located at Kolymvari, Platanias, Crete, Greece, GR 73006.
Personal Data Processors
We work with third-party service providers who comply with applicable data protection laws. We ensure any third parties processing data on our behalf meet GDPR requirements.
Collection and Use of Personal Data
We collect and process personal data only when necessary. This may include your name, email, telephone, and address, primarily for informing you about our services, offers, and related updates. We will never sell, rent, distribute, or disclose your personal data to unauthorized parties. If you are under 16 years old, you must obtain parental consent before using our services. Your IP address may be collected for statistical purposes.
Cookies – Anonymous Data
We use cookies to enhance your experience by remembering preferences. These cookies do not store personal data but rather anonymous information, including:
• Whether the user has consented to the cookie policy.
• The first time the visitor accessed our services.
• The number of times the visitor has returned.
• The pages visited.
You can disable cookies in your browser settings.
Your Rights
As a Data Subject, you possess rights under the GDPR. “Adventure Beyond Chania” respects these rights and provides contact details below for any concerns or questions regarding our data processing or to exercise your GDPR rights.
Contact Details
The Data Protection Officer for “Adventure Beyond Chania” is:
Konstantinos Stroutzos
Kolymvari, Platanias, Crete, Greece
GR 73006
Email: reserve@adventurebeyondchania.gr
Phone: +306984650797
Data Protection Principles
“Adventure Beyond Chania” adheres to the following principles:
• Personal Data is processed lawfully, fairly, and transparently.
• Data collected is limited to that necessary for our services, collected directly or via employers, and used only for that purpose.
• Data is retained only as long as required for contractual obligations or statistics for our clients.
• Data is adequate, relevant, accurate, and kept up to date.
• Data Subjects can request access, rectification, erasure, object to, restrict processing, or request data portability in writing.
• Data Subjects can complain to their national supervisory authority. “Adventure Beyond Chania’s” data protection compliance is overseen by our legal department.
• Data is processed based on the legal basis explained in our contracts, except where overridden by Data Subject’s fundamental rights. Consent can be withdrawn, but may impact service fulfillment.
• “Adventure Beyond Chania” does not use data for monitoring, profiling, or automated decision-making.
Transfers to third parties
For service provision, data may be processed by third parties. Data is only transferred when necessary for service fulfillment.
Data is not transferred outside the EEA unless the destination has adequate EU data security, Data Subject consent, or it satisfies “Adventure Beyond Chania’s” legitimate contractual interests.
Internal data transfers are subject to written agreements based on EU-recognized Standard Contractual Clauses.
Appendix – Definitions
• Personal Data: Information relating to an identifiable natural person.
• Processing: Any operation on personal data.
• Legal Basis for Processing: Conditions under Article 6 of the GDPR.
• Data Controller: Person or company determining data processing purposes.
• Data Processor: Entity processing data on behalf of the controller.
• Data Subject Rights: Rights under Chapter 3 of the GDPR, including the right to be informed, access, rectification, erasure, restriction, portability, objection, and rights related to automated decisions.
Updates to this policy
We may update this policy from time to time, so please check this page to ensure you are satisfied with any changes. This policy is effective from May 25, 2018.