Privacy Policy
PERSONAL DATA PROTECTION POLICY \ PROTECTION POLICY
Import
Welcome to the privacy policy of kassandrostours.gr.
The kassandrostours.gr respects your personal data and is committed to protecting all your personal data that will be registered in our database. The Privacy Policy will inform you about how we take care of your personal data when you visit our website and will inform you about your privacy rights and how the law protects you. Use the dictionary to find the meaning of some of the terms used in this privacy policy.
1. IMPORTANT INFORMATION AND WHO WE ARE
Purpose of the privacy policy
This Privacy Policy aims to provide you with information about how the kassandrostours.gr collects and processes your personal data through your use of this Website, including any data you may provide through this Website when registering, reviewing or making a purchase, participating in our promotions or contacting us on our website or via emails you may receive from us.
It is very important that you read this Privacy Policy together with any other privacy notice or processing notice that we may provide in specific cases when we collect or process your personal information, so that you are fully aware of how and why we use that data. This Privacy Policy supplements and contains other notices and is intended to replace them.
Personal data administrator
SISMANIDIS MICHAEL OF ALEXANDER – kassandrostours.gr , responsible for the processing of data and the management of such data SISMANIDIS MICHAEL TOU ALEXANDROU”, “we”, “us” or “our” in this Privacy Policy).
If you have any questions about this Privacy Policy, including any claims to exercise your legal rights, please contact us using the information below.
Contact information
Company name: SISMANIDIS MICHAEL TOU ALEXANDROU, VAT number: 143102230, BALANOU 31, THESSALONIKI, THESSALONIKI / THESSALONIKI, 54623.
Email: info@kassandratours.gr
You have the right to appeal at any time to the Personal Data Protection Commission (dpa.gr), which is the supervisory authority of Greece for all data protection issues.
However, we would like to address any problem you may have before you contact the dpa.gr authority. Therefore, please contact us first.
CHANGES TO THE PERSONAL DATA PROTECTION POLICY AND OUR OBLIGATION TO NOTIFY YOU OF CHANGES
The last version of the update was published in May 2025. This rule may change or be modified periodically. Please check the Privacy Policy periodically for changes.
It is important that the personal data we hold about you is accurate and up to date. Please let us know if your personal information changes during your relationship with us.
Third-party links
This website contains links to third-party websites, plugins, and applications. Clicking on or activating these links may allow third parties to collect or share your data. We do not control third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy policy of each website you visit.
2. DATA WE COLLECT FROM YOU
Personal data or personal information is any information relating to an individual from which that individual can be identified. It does not include data where the user's identity has been removed (anonymous browsing).
We may collect, use, store and transfer the types of personal data that we have categorized:
Identity information – includes first name, last name, user ID.
Contact information – includes delivery address, phone number and email address at registration, PayPal.
Financial information – Includes bank account details such as IBANs.
Technical data includes your IP address, login information, browser type and version, time zone settings and location, operating system and platform, and other device technologies you use to access this website.
Profile Data – includes your email address and password, your purchases or orders, your interests, preferences and comments.
Marketing and communication information – includes your desire or refusal to receive email notifications about important news, new offers and stores.
The kassandrostours.gr also collects, uses and shares aggregated data, such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data under the law, as this data does not directly or indirectly identify you. For example, we may summarize your identity to calculate the percentage of male users. However, if we combine or associate aggregated data with your personal data so that it directly or indirectly identifies you, we treat the combined data as personal data that will be used in accordance with this Privacy Policy.
Except in limited circumstances that will be specified, we do not collect special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information about your health and genetic and biometric data). We also do not collect information about criminal convictions and crimes. Please note that we will not knowingly collect information from anyone under the age of 18. If you are under the age of 18, you should not use this website or provide us with any personal information.
If you are unable to provide us with your personal data
If we are required to collect personal data by law or under the terms of a contract we have with you and you are unable to provide this information upon request, we may not be able to fulfill the contract we have or are trying to obtain with you. In this case, you will not be able to become a member of kassandrostours.gr.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods of collecting data from you, such as:
Direct interactions. You may provide us with your identity, contact information, transaction information or financial information by filling in forms or by communicating with us by post, email, telephone or otherwise. This includes personal data you provide when you:
Create an account on our website
Leave a comment
Automated technologies or interactions
When you interact with our website, we may automatically collect technical data about your equipment, actions, and browsing patterns. We collect this data using cookies, server logs, and other similar technologies.
We may also receive technical details about you if you visit other websites that use our cookies. For more details, please see our cookie policy.
Third-party links
Technical data, Transaction data, Identity and reliability data from the following:
Partner networks based both inside and outside the EU.
In order to improve the service we provide and the functionality of our website, we may receive personal data about you from various third parties as described below.
Technical data from analytics service providers, such as Google, based outside the EU.
Contact details and technical data when you enter our website as a result of third-party marketing activities.
4. HOW WE WILL USE YOUR PERSONAL INFORMATION
We will use your personal data in accordance with relevant rules or laws. We often use your personal information in the following cases:
When we need to fulfill the contract that we will sign or have already signed with you.
Where this is necessary for our legitimate interests (or those of third parties) and your interests and fundamental rights do not override those interests.
WHY WE USE YOUR PERSONAL DATA
In a table format, we have set out below all the ways in which we plan to use your personal information and the legal bases we rely on. We have also set out what our legitimate interests are where relevant.
What is legal interest?
Legitimate interest means our business's interest in conducting and managing our business to provide you with the best service and safest experience on our website.
We assure you that we will consider and balance any potential impact on you (positive and negative) and your rights before processing your personal data in relation to our legitimate interests.
We do not use your personal data for activities in which our interests are overridden by your influence (unless we have your consent or the law requires or permits us otherwise).
Implementation of the Agreement means processing your data when it is necessary for the performance of a contract to which you are a party. If you do not provide personal information required for the contract with you, we cannot enter into the contract with you for the provision of our services.
Activity / Purpose – Data Type – Legal Basis for Processing, including the basis for legitimate interests
1. Providing our service. This includes but is not limited to:
● Manage payments from your account at kassandrostours.gr, including sending payments through third parties, such as PayPal, ACS, Eurobank, General Post Office, Alpha Bank, Stripe.
● Identity information
● Contact information
● Financial data
Implementation of the contract with you
2. We respond to and process any requests or questions you may submit to us, such as:
● Submitting a question to us
● Escalation and formal complaints, including Ombudsman appeal or legal proceedings
● Identity Information
● Contact Information
It is necessary for our legal interests to provide the most efficient service to our members and for evidentiary purposes in the event of a dispute.
3. Using fraud prevention measures to protect the business from malicious activity and the resulting consequences.
● Identity Information
● Contact Information
● Financial Data
● Technical Data
Necessary for our legitimate interests in preventing fraud.
4. Managing the relationship between a client and us:
● We notify you of changes to our terms or privacy policies
● We provide you with updating your data in our system, validation of payment requests, etc.
● Identity Information
● Contact Information
● Account Details
● Marketing Data
● Technical Data
Necessary for our legal interests to inform with all the details and preferences of the customer
5. Promote website features, such as:
● Allowing you to participate in contests, promotions
● When we give personal examples of use in the media
● To investigate how users use the website's products and services, to update our records and to encourage loyalty to the region and to promote the company's physical stores.
● Identity Information
● Contact Information
● Account Details
● Marketing Data
● Technical Data
Necessary for our legitimate interests related to promoting our website and brand in the Greek and European Union market.
6. Conduct marketing campaigns to attract new users.
To do this, we use different channels for new users Campaigns to attract new users.
If you join our website as a result of a redirect from a third-party website, we may pay the referral commission. To this end, we share data with affiliate networks and tracking organizations to calculate and pay any commission due.
Pay per click
If you enter our website as a result of a click on our website from a search engine such as Google or Bing, it will be tracked by a third party. Your data will be shared between us and the third party tracking company to calculate how many new users have been added to the website and how much commission is due.
Social media marketing
We love to offer the Site to new or existing members. To ensure that our marketing is appropriate, we find ways to ensure that promotional offers are targeted to the right people. To do this, we may share our data with major social media pages to ensure that our marketing reaches the target audience.
● Contact Information
● Marketing Data
● Technical Data
Necessary for our legal interests to inform with all the details and preferences of the customer
7. To manage and protect our business and this website, such as:
● Troubleshooting
● Data analysis
● Tests
● System maintenance
● Customer service
● Reporting and data hosting
● The effective operation of the Website, the provision of administrative and IT services, network security and in the context of business reorganization or group restructuring
● Identity Information
● Contact Information
● Account Details
● Marketing Data
● Technical Data
Necessary for our legitimate security interests in the region
MARKETING
We strive to offer you a choice over certain personal data, especially when it comes to marketing and advertising. In your account, you can view and make certain decisions about the use of your personal data in connection with promotional emails.
PROMOTION OF OFFERS FROM US
We may use your identity, contact, technical information, usage and account data to determine what we think you may want or choose to be interested in. This way we can decide which products, services and offers may be important to you.
You will receive promotional messages from us if you registered on our website and have not opted out of receiving email notifications.
MARKETING BY PARTNERS
We will never sell your personal data to any company. As noted above, we may share your contact or identity information with certain third parties, e.g. sub-processors to make it easier for you and social media publishers to tailor emails to ensure that marketing is targeted and appropriate for your members. kassandrostours.gr.
DISCLAIMER FROM EMAIL JOURNALS
You can ask us to stop sending you promotional e-mails at any time by logging into your account on the Site and removing the check box for e-mail notifications or by following the links to unsubscribe from any e-mail sent to you or by sending us an e-mail and notifying us.
COOKIES
You can set your browser to reject all or some cookies or to notify you when websites place or access your cookies. If you disable or cancel cookies, please note that some parts of this website will become inaccessible or will not function properly. For more information about the cookies we use, please see our cookie policy.
CHANGING THE GOAL
We will use your personal data only for the purposes for which we collected it, unless we reasonably believe that we need to use it for any other reason and that reason is compatible with the original purpose. If you would like to receive an explanation of how the processing for the new purpose is compatible with the original, please contact us at info@kassandratours.gr.
If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in accordance with the rules above, where required or permitted by law.
5. DISCLOSURE OF YOUR PERSONAL INFORMATION
We may need to share your personal data with the parties listed below for the purposes set out in the table in paragraph 4 above.
External third-party companies, as referred to in the glossary.
Third-party companies to which we may choose to sell, transfer or merge parts of our business or assets. Another possibility is to try to acquire or merge other companies. If our business changes, the new owners may use your personal information in the same way as set out in this privacy policy.
We require all external partners to respect the security of your personal data and handle it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and allow them to process your personal data only for specific purposes and in accordance with our instructions.
6. INTERNATIONAL DATA TRANSFERS
Some external third parties are located outside the European Economic Area (EEA), therefore the processing of their personal data involves the transfer of data outside the EEA.
Whenever we transfer your personal data outside the EEA, we ensure that a similar level of protection is provided by ensuring that at least one of the following safeguards is applied:
We will only transfer your personal data to countries that are considered to provide an adequate level of personal data protection by the European Commission.
When we use certain service providers, we may use specific contracts approved by the European Commission, which give personal data the same protection as in Europe.
When we use providers based in the U.S., we may transfer data to them if they are part of a privacy protection that requires them to provide similar protection for personal data shared between Europe and the United States.
7. DATA SECURITY
We have implemented appropriate security measures to prevent accidental loss, unauthorized use or access to your personal data, alteration or disclosure. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis. They will only process your personal data in accordance with our instructions and are subject to an obligation of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach when we are legally required to do so.
8. DATA RETENTION PERIOD
How long will we keep your personal data stored?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including to comply with legal obligations, accounting requirements or reporting obligations. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means and applicable legal requirements. Details of the retention periods for various aspects of your personal data are available in our retention policy, which you can request from us by contacting us at info@kassandratours.gr.
In some cases, you can ask us to delete your data. In some cases, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
In some cases, you have rights under data protection laws.
Your rights are:
Request access to your personal data (commonly referred to as a “data access request”). This enables you to obtain a copy of the personal data we hold about you and to verify that we are lawfully processing it.
Request correction of personal data we hold about you. This allows you to correct any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of new data you provide to us.
Request Deletion of your personal data. This allows you to ask us to delete or remove your personal data where there is no good reason for us to continue processing it. In addition, you have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your data unlawfully or where we are required to delete personal data in order to comply with local laws. Please note, however, that we may not always be able to comply with your request for deletion for specific legal reasons which will be communicated to you, where possible, upon your request.
Object to the processing of your personal data where we are pursuing a legitimate interest (or those of a third party) and there is something about your particular situation that makes you object to the processing on that ground and you believe it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This allows you to ask us to stop processing your personal data in the following scenarios: (a) if you want us to determine the accuracy of the data, (b) when the use of your data is unlawful, but you do not want us to delete it from our database, (c) when we need to store the data, even if you no longer need it, as you need to determine it, (d) You have objected to the use of your data, but we need to check whether we have a legitimate reason for using it.
You want to hand over your data to third party providers. We or our external partners will provide you with the personal data we have chosen in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information where you have initially given your consent for us to use the information to enter into a contract with you.
Withdraw consent at any time where we rely on consent to process your personal data. However, this will not affect the lawfulness of any processing that took place before you withdrew your consent. If you withdraw your consent, we may not be able to offer certain products or services to you. We will advise you if this happens when you withdraw your consent.
You can exercise the above rights by sending a signed, dated written request to our email address or postal address, indicating whether you want this information sent to a specific email address or via a mailing service.
NO FEES REQUIRED
You will not pay any fees to access your information (or to request any other rights). However, you may be charged a reasonable fee if your request is clearly unfounded, repetitive or excessive. There is a possibility that we may refuse to comply with your request under these circumstances.
WHAT MAY BE REQUIRED OF YOU
We may need to ask you for certain information to help us verify your identity and guarantee your right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who is not entitled to receive it. We may also contact you to request additional information about your request in order to expedite our response.
RESPONSE TIME
We try to respond to all legal requests within one month. Sometimes it may take us longer than a month if your request is particularly complex or you have submitted multiple requests. In this case, we will let you know.
10. GLOSSARY
External third parties
Service providers that provide IT and systems management services.
Different partner networks that record purchases from our website.
Regulatory bodies and other entities based in Greece that may require reporting on processing activities under certain circumstances.
Various payment providers available on the website.
Depending on your marketing preferences, we may engage email providers as an external service.
Social networking media.
Various tracking agencies through which you have registered on our website as a result of a third-party referral.
Affiliate Networks is a network that acts as an intermediary between our website that promotes products and services and the stores that sell those products and services.
11. Cancellation of tours due to minimum number of participants
The agency reserves the right to cancel any tour or excursion in the event that the minimum required number of participants is not reached. In such a case, customers will be informed in a timely manner.
