PERSONAL DATA PROTECTION POLICY

1. INTRODUCTION

The sole proprietorship “ANARGIROS KAFIERIS”, based in Fira, Thira, Cyclades with VAT number 167705022 / Tax Office of Thira, complying with the provisions of no. 2016/679 General Data Protection Regulation of the European Union and with Law 4624/2019, hereinafter referred to as “the company”, “we”, “us”, has established this Personal Data Protection Policy (hereinafter referred to as “the Data Policy” or “the “Policy”), in order to inform you, the users, who visit the website and navigate to it, make a purchase, register as a Member or in any other capacity use the services of our business (hereinafter referred to as the “User”, “you”, “your”):

2. DATA CONTROLLER

The controller of your personal data is the sole proprietorship under the name “ANARGIROS KAFIERIS”, based in Fira, Thira, Cyclades and with VAT number 167705022 / Tax Office of Thira e-mail…………………………….., telephone ………………………

3. COLLECTION AND PROCESSING OF PERSONAL DATA

3.1. General

Our company collects and processes your personal data only when absolutely necessary.
Our company takes all necessary security measures to protect and ensure the privacy, confidentiality and integrity of personal data. Our security measures are constantly improving in line with technological de-velopments.
In any case, their security in the environment of the website is subject to reasons beyond the sphere of influence of the business, as well as reasons due to technical or other weakness of the network not con-trolled by the company or reasons of force majeure or accidental events.
Our business will never sell, rent, distribute, or disclose in any way, your personal data.
If you are under 15 years old, then you must have your parents’ consent before using the services of the website. In case you are under 15 years old and you do not have the consent of your parents, do not use or provide any information to our business, do not register as a member, do not make any purchases through the website and do not give any information about yourself, including your name, address, or contact details (phone, email, etc.).
Our company does not knowingly collect any information from any person under the age of 15yeras old. If it is found that our business has collected or received personal data from a person under the age of 15, then we will delete it immediately, unless parental or guardian consent has been given.

3.2. Type of Data collected by our Company

1. Our Company collects directly from you the following personal data


(a) When booking a seat in the activities organized by the company, μyou must provide us with your name, e-mail, contact phone, your country of origin and payment details (credit/debit card, etc.).


(b) When contacting our business, την we collect your personal information that you provide to us on a case-by-case basis.

2. Our Company collects by automated means the following data and information about you:


a) Data about the devices through which you visit the website. For example, your Internet Protocol (IP) address, login details, browser type and version, operating system and platform, and any other technol-ogy on the devices you use to access the website.

b) Using cookies and other similar technologies, our company collects and creates data regarding your preferences.

We may also receive your personal data from the person who acted on your behalf, for example made a booking on your behalf.

3.3. Purposes of processing personal data

Our company uses your above personal data for the following legitimate purposes:

a) To receive your reservations, process them and secure your transaction

b) To manage, process and process your payments including the security of the financial transaction.

c) To process your requests, such as the cancellation of your reservation.

d) To analyze your behavior, understand your preferences in order to personalize your experience on our website.

e) To protect your rights regarding your personal data.

f) For business analysis and improvements, such as to optimize your experience and our service through the website.

g) For other purposes for which our company will notify you or will be specified on each case before collecting information about you.

h) We will not use your data for advertising / promotional purposes, unless you have given your prior explicit and free consent. However, for existing customers, we may use the email address we have received from you in the context of our existing customer relationship, for advertising/promotional purposes, and by automated means without human intervention, of products or services related to similar products or services previously received from us. You can, however, object to this use at the time of collection and each time a message is sent. To stop receiving marketing emails, follow the instructions in the email you receive.

3.4. Legal bases for processing personal data

The legal bases for processing your personal data may be the following:

a) The conclusion and execution of the contract to which you are a party, pursuant to Article 6 (1) (b) of the General Data Protection Regulation.

The company has the right to process your personal data (indicatively: your name, address, card de-tails, contact details) for the fulfillment of its obligations, as they derive from the lease contract of riding horses you conclude with the company (duration and days of rental, etc.).

b) Compliance with a legal obligation pursuant to Article 6 (1) (c) of the General Data Protec-tion Regulation.

In the context of its activity, our company is obliged to process your personal data in order to comply with its obligations under the law (indicatively: keeping financial data for tax purposes).

c) The safeguarding and protection of the vital interest of our business and its users, over which the interests you have for the protection of personal data do not prevail, pursuant to Article 6 (1) (d) of the General Data Protection Regulation.

Indicatively, our company may process your personal data, such as your e-mail in order to secure your transactions, or your e-mail or your telephone number to communicate with you in case that arise a problem with your reservation. Similarly, indicatively, the company may process data from the dates and frequency of your reservations for the development of our business activity, the optimization of commercial and tech-nical systems, statistical analysis to improve the provision of its services, the optimal service of users, etc.

d) Your consent, pursuant to Article 6 (1) (a) of the General Data Protection Regulation.

Your free and informed consent will be inquired before the requested processing of your personal da-ta (for example, use of cookies, storage of payment methods and card details). You have the right to with-draw your consent, where obtaining consent is the basis for processing. The withdrawal of consent acts for the future.

Analytically:


3.4.1. RECEIVING, MANAGING AND EXECUTING YOUR BOOKING THROUGH THE WEBSITE

1. Purpose of processing:

a) submission of a reservation by the user, b) transmission of the reservation, c) confirmation of the reservation by our company, d) management of payments, fees and charges, e) transmission of card data to the electronic payment provider, f) transmission of requests to our business and to the electronic payment provider for cancellation of the reservation.

2. Data we process:

a) full name, b) e-mail, c) mobile phone, d) payment and card details, e) transaction data.

3. Legal basis:

a) the execution of the user’s contract with our business

b) compliance with the Company’s legal obligation (indicatively: compliance with tax provisions, pro-cessing of transaction, financial, identity and communication data for the fulfillment of the legal right to cancel the reservation, withdraw, etc.)

c) our legitimate and vital interest (indicatively: user identification, troubleshooting during electronic payment and completion of the reservation, etc.)

d) your consent (indicatively: storage of payment method and/or card, etc.)

To make the booking process even easier for you, we recommend saving your preferred payment method. This means you don’t need to enter your payment details the next time you make a reservation. The storage of this data requires your prior consent. You can save your payment data by clicking on the consent field. You have the ability to withdraw your consent for the future at any time by deleting your preferred payment methods.

3.4.2. USER SERVICE BY OUR COMPANY

1. Purpose of processing:

a) communication by the user in the means of communication of our business on issues related to our business, our Website and our services, b) communication by the company at the request of the user to the details provided by the user on issues related to the business, the Website, our services and his reservation, c) Complaints or clarifications, d) Exercise of rights, e) Management and optimization of user experience and service, f) Processing of financial data and bank account details.

2. Data we process:

a) the absolutely necessary data you provide to us when submitting your request, i.e. identity and contact data, financial data, transaction data, as well as any relevant information provided to us.
b) data developed by us in the context of our interaction with each other and for its purposes.

3. Legal basis:

a) the execution of a contract, if you contact us regarding your booking;

b) compliance with the legal obligation of our company in the context of concluding a contract with us, to respond to your questions related to the exercise of your rights, to refund any money paid to us for cancelled bookings

c) the legitimate interest of our company to respond to the requests of users of its services, to pro-vide users with the ability to communicate with it, to optimize the service and management services of its users, as well as to manage any of their cases in the best possible way, taking into account their needs,

d) the user’s consent, which results from his request to contact our company.


3.4.3. TRAFFIC MONITORING

This Website uses Google Analytics (GA) to track users’ activity. In particular, we use the absolutely necessary data in order to determine the number of people who use our Website and to trace their progress within them.

Although GA records data such as your geographic location, device, internet browser, and operating system, none of this information makes you personally known to us.

GA also records your computer’s IP address, which could be used to identify you, however Google does not provide us with access to this data.

We consider Google to be a third-party data processor, which is compatible with the requirements of European legislation.

3.4.4. CONTACT FORMS AND EMAIL LINKS

In case you contact us using a contact form or an email link, none of the data you provide will be stored by this website or transferred or processed by any third-party data processor. Instead, this data will be sent to us in an e-mail message via the SMTP protocol (Simple Mail Transfer Protocol). Our SMTP servers are protected by TLS security protocol (sometimes known as SSL), which means that email content is en-crypted before being sent over the internet. The content of the email is decrypted by our local computers and devices.

3.5. Cookies in particular

Our company uses cookies on the website in order to improve the experience of using them for you.

The term “cookie” refers to a small data file consisting solely of a series of information in text form, which the website transfers to the web browser located on your computer’s hard drive, either temporarily throughout your visit, or sometimes for longer periods, depending on the type of cookie. Cookies perform various functions (for example, distinguish you from other visitors to the same website or remember certain things about you, such as your preferences) and are used by most websites to improve your user experience. Each cookie is unique to your browser and contains some anonymous information. A cookie usually contains the name of the field from which the cookie originated, the “lifetime” of the cookie as well as a value (usual-ly in the form of a randomly generated unique number).

The basic types of cookies are as follows:

a) Session cookies:

These are temporary cookies that remain in the cookie file of your device’s browser only during your visit and are deleted when you close the browser.

b) Persistent cookies:

These remain in the cookie file of your device’s browser even after the browser is closed, sometimes for a year or more (the exact length of stay depends on the lifetime of each cookie). Persistent cookies are used when the website administrator may need to know who you are for more than one visit (e.g. to remember your website configuration preferences).

c) First-party cookies:

These are cookies that are installed on your browser and/or hard drive by the website you are visiting. This includes assigning a unique identifier to you for the purpose of tracking your navigation on the website. Website operators often use first-party cookies to manage visits and for identification purposes.

d) Third-party cookies:

These are cookies used by third parties, such as social networks, to track your visits to the various websites on which they are advertised. The website operator has no control over these third-party cookies. For your part, you can configure your browser to be informed about cookie settings and decide individually to accept or deviate from them for specific cases or in general. Not accepting cookies may limit the function-ality of our website.

In this case, the legal basis for the processing of your data is, on the one hand, your consent, pur-suant to Article 6 (1a) of the General Data Protection Regulation, and, on the other hand, the legitimate interest of our business pursuant to Article 6 (1f) of the General Data Protection Regulation, which is related to improving the user experience of the website.

3.6. Period of storage of personal data:

Our business will retain your personal data for as long as you continue to interact with us. After ful-filling the purpose for which your data has been collected, our company will proceed to delete them.

Also, before the above deletion takes place, our company retains your personal data until you ask us to delete them, or what we maintain and process in the context of your consent, until you withdraw it, or until you object to their processing, which we rely on our legitimate interest.

Our company will continue to retain your data, as long as it has the right to do so, in accordance with Article 17 (3) of the General Data Protection Regulation. This applies in particular if our business needs your personal data for the establishment, exercise or defense of legal claims and for the period during which such a claim could arise in accordance with the applicable law.

Our company may retain your financial data in the context of a legal obligation to fulfill its tax obli-gations and for as long as they are required in compliance with by the relevant tax provisions.

Therefore, despite your request to delete your data, our company may store some of the data due to its obligation under legal provisions or for reasons of our legal protection. In this case, however, we will re-strict your data from further processing.

Our company reserves the right in some cases to anonymize your data for statistical purposes, so your data will no longer combined with an identifiable person. Therefore, we reserve the right to use this infor-mation for an indefinite period.

4. RECIPIENTS OF DATA

In the context of the operation of our website and the proper performance of its contractual obliga-tions, our company reserves the right to cooperate with third-party companies -service providers, which pro-vide support to us. These third-party companies gain access only to your data that is absolutely necessary for the service provided by them.

These third-party service providers are obliged not to use your information in any way other than the purpose of the service provided by them.

More specifically, our company cooperates:

a) With a third party, which hosts and manages our website.

b) With credit institutions and financial institutions in general to collect the purchase price of your ticket.

d) With technology service providers.

e) With data analytics companies.

f) With our consultants, lawyers and tax advisors who receive your information from us on a contrac-tual basis and process this data for legal reasons or to defend our legitimate interests.

Also, in case of transfer of all or part of our business or in case of merger or acquisition or other change in our business, it has the right to disclose your personal data to the new owner(s), shareholders, managers, etc. However, the new owner(s), shareholders, managers, etc. They will be required to process your personal data in the same way as set out in this Privacy Policy.

Furthermore, our company may be obliged to transmit your personal data to the competent judicial, police and other administrative authorities upon their lawful request and in accordance with the law. Similar-ly, in case of any illegal behavior (action or omission) on the part of our users or service providers, our com-pany is entitled to transmit the absolutely necessary and relevant personal data to the competent judicial, po-lice or other administrative authorities.

5. USER RIGHTS

Regarding the processing of your personal data, you may exercise the following rights, as provided by the provisions of the General Data Protection Regulation (GDPR) of the European Union:

5.1. Right of access:

You have the right to obtain information from us according to which kind of your data we retain and process, the reason for processing them, as well as any other relevant information.


5.2. Right to rectification:

You have the right to ask us to correct, amend and supplement your personal data.


5.3. Right to erasure, otherwise, right to be forgotten:

You have the right to request the deletion of your personal data when they are processed after your consent.

In case the processing is based on another legal basis (indicatively: our legal obligation, the protection of the legitimate interests of the business or the performance of a contract), your right may be limited or may not exist.

5.4. Right to restriction of processing:

In case you do not want to delete your data, but at the same time you do not wish us to process it further, or in case there is no right to delete your data as mentioned in section 5.3 hereof, you can ask us to restrict the processing of your personal data.

In this case, we will archive your data and reintegrate it into our operating systems only if you wish so. During this period, however, you will not be able to use our services.

5.5. Right to object to processing:

To the extent that we undertake the processing of data on the basis of a vital interest, as stated in this privacy policy, you have the right to object to such processing at any time, on grounds arising from your per-sonal situation.

In that case, we will discontinue processing your data, unless we prove, in accordance with applicable law, reasons for mandatory further processing, which override your interests, rights and freedoms, or if fur-ther processing is required for the assertion, exercise or defense of legal claims.

You also have the right to request the restriction of the processing of personal data in the following cases: a) when they are no longer necessary for the purposes of processing for which the company collected them, but they are necessary for the establishment, exercise or support of legal claims by you, b) when you have objections to the processing of personal data and until it is verified that there are legitimate grounds for such processing by the company.


5.6. Right to data portability:

You have the right to request and receive the personal data you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to transmit this data to another controller when:

a) the processing is based on your consent or a contract; and

b) processing is performed by automated means.

Similarly, you have the right to request the direct transmission of your personal data from our compa-ny to another controller under the above terms and under the condition that it is technically feasible.


5.7. Right of revocation:

In case that you have given us your consent to process your data, you can revoke your consent at any time in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

To exercise your above rights, please confirm that you can be fully identified.

6. MODIFICATIONS

This Data Protection Policy is governed by the provisions of the General Data Protection Regulation (Regu-lation 2016/679) of the European Union, as well as Law 4624/2019 concerning the protection of individuals with regard to the processing of personal data.

Any future alteration of the above legislative framework will be the subject of this Privacy Policy and we reserve all our rights to modify this Privacy Policy in the spirit and letter of the law. We also reserve the right to modify or replace all or part of this Data Policy at our sole discretion.

Any information or clarification provided to you, upon your request, for any changes to this Data Policy, in no case constitutes a replacement, substitution or any modification thereof. Please note the current valid version of our Privacy Policy.

7. UNCONDITIONAL ACCEPTANCE

Your navigation on our company’s website or the use of our Services and/or the purchase of a ticket through the website, automatically signifies that you unreservedly accept the terms of this Privacy Policy, as applicable each time.

In case you do not agree with the provisions hereof, as applicable, you must abstain from any action or use of the website, from purchasing a ticket through it and from providing your personal data (or data of third parties on whose behalf you act). Moreover, you reserve the right to request the deletion of your data, under the conditions of the law and this Privacy Policy.

8. RIGHT TO COMPLAIN TO THE COMPETENT SUPERVISORY AUTHORITY

You have the right to file a complaint regarding issues concerning the processing of your personal da-ta with the following competent supervisory authority:

Personal Data Protection Authority (www.dpa.gr)

Offices: Kifisias 1-3, P.C. 115 23, Athens

Call Center: +30 210 6475600

Fax: +30 210 6475628

Email: contact@dpa.gr