Introduction

At Santoriginal Tours we prioritize your privacy. We collect personal data (PD) based on your consent either directly or through third parties and process these PDs in line with GDPR regulations.

Data Collection

When you book a journey with our agency, we collect only the necessary information to ensure your travel arrangements are seamless. This includes your name, contact details, passport information, and payment details. We use cookies to improve our website’s performance and your browsing experience. They help us understand how you interact with our site, enabling us to provide tailored offers and services that suit your interests. There's always an option to disable cookies, should you choose that route.

We do not sell, trade, or otherwise transfer your personal information to outside parties. Our use of your data is solely for the purpose of fulfilling your travel arrangements and providing you with exceptional customer service. 

Processing Purposes

PDs are processed to provide you with our hospitality and leisure services, inform you about our services and offers (with your consent), and notify you about policy changes. The legal basis for processing includes our company's legal interest, compliance with legal obligations, contract execution and your consent.

Data Security

We follow strict guidelines to ensure your data is secure. Your personal details, like your name, contact information, and payment details, are stored securely in our systems. We never share these with third parties without your consent. We prioritize your Personal Data (PD) security using advanced technologies and procedures against unauthorized access. We firmly prohibit third parties from using your PD for their own benefits. Despite our utmost efforts to protect your data, we cannot guarantee total safety during PD transmission, thus its transfer is at your own risk. We, however, remain committed to continually enhance our security policies and measures. Once we receive PD, we enforce necessary security measures to prevent unauthorized access.

Data Retention

We retain your PDs based on Greek legislation and our company’s legal interests. The retention period depends on the contract duration and legal circumstances.

Data Transfer

Your PDs are kept within our company and only shared with third parties upon your consent or when they act as processors on our behalf.

Your Rights

We are committed to transparency, so if you ever want to know what data we have of yours, or if you want it updated or deleted, just reach out to us. We're more than happy to assist.

You have the right to access, correct, restrict, object to processing, transfer, and delete your PDs, as well as file a complaint. However, we may refuse your requests if they conflict with our legal rights or obligations.

E-mails

To halt receiving promotional material from us, click the unsubscribe link in our emails or indicate in the registration form that you don't wish to receive such communications. Opting out of marketing messages doesn't affect service-related updates, like future reservation confirmations. confirmations.

Data Controller 

Data Controller is our company as it is legally represented, with which you can contact for GDPR issues at our e-mail address.

Policy Changes

We reserve the right to update this policy based on legislative changes and our discretion. Any changes will be posted here for your review.