Although in certain instances we may ask you to provide us with your personal information, for example, so as to enable you to purchase products or services (and we will make it clear to you at that time what we need from you), you can however visit many pages on our website without the need to supply any type of personal information.

That said, we may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our website, products and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
• Health Data provided by you to serve you better and meet your particular needs (for example, the provision of disability access).

We collect personal data about you whenever you use our services (whether services provided directly by us or by other companies or agents acting on our behalf), when you travel with us, when you use our website , or when you use our chat.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data only:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• When you have provided us with your explicit consent to do so.
• In case we rely on consent as a legal basis for processing your personal data, please note that you have the right to withdraw your consent at any time by contacting us using the contact details set out at paragraph 1 above.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or/and receive your explicit and clear consent.

Our website may contain links to websites operated and maintained by third parties over whom we have no control. The data protection policies of those websites are not covered by this privacy policy. Any information you provide to third-party websites or to websites recommended by us with respect to your travel reservations will be governed by the terms of each such website’s privacy policy. Please note that when you click on one of these links, you are entering another website, and we have no responsibility or liability whatsoever for the content, actions, or policies of such third-party websites. We encourage you to read the privacy policies of all third-party websites (on top of this privacy policy), since such privacy policies may be materially different from this privacy policy.

We would like to inform you that our website accepts the use of “cookies”, to determine how users reach our website and to track general usage patterns once a user is on our website. Cookies are messages that web servers pass to your web browser when you visit websites. Your browser stores each message in a small file, which will give us information about your last visit to our website. This information are collected and analysed in total in order to improve the functioning, the content and the overall appearance of our website. Most internet browsers accept the use of cookies automatically, but you can always choose not to accept a cookie by changing your computer settings, or by asking for your permission into accepting each cookie separately, but please note that this will limit the range of features available to you on the website.

1. Technical Cookies – These cookies relate strictly to the use of the website. They are necessary to ensure the effectiveness and security of the website possible.
2. Functionality cookies – These are strictly necessary to provide the services requested by the users on this website These cookies are used by the site.
3. Analytics cookies – The most helpful information we get for this reason comes from analytics cookies that anonymously define how users interact with and navigate into our pages. This helps us improve our services offering and the online experience, while securing also that our users find the information that they are requesting.
4. Social media cookies – We may embed content from social media sites to share social widgets or personalize your experience based on the information you’ve previously shared with your social accounts.
5. Advertising cookies – By accepting this cookie, which tracks your browsing habits on our site, you’ll receive personalized advertising content for products and services that you’re actually interested in.
6. Affiliated cookies – These cookies only allows us to track if you were brought to our website by one of our affiliates.

More specifically:

Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and facilitate an analysis of your use of the website. The information generated by the cookies regarding your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports regarding website activities for the website operators and provide other services related to website use and internet use. Google may also transfer this information to third parties, provided that this is legally permitted or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google.

By using this site, you agree to the processing of your data collected by Google in the way described above and for the aforementioned purpose.

You may deactivate Google Analytics cookies by selecting the appropriate settings on your browser, but we point out that in such case we will not be able to register your purchases.

When you use our website and provide information about yourself, we use this information to complete your booking, fulfil any customer service related requests and provide you with booking related information via email. We do not share this information with third parties with the exception of necessary sharing for the completion of your order and fulfilment of your travel arrangements. Such other parties may include, but are not limited to, ferry companies and other travel suppliers, credit card merchant services, reservation systems, etc.

These service providers will disclose information about your travelling profile to the ferry company and other travel suppliers, from whom you have purchased products / services. Although we attempt to carefully select our travel suppliers so as to be reputable and reliable companies and we endeavour to place contractual restrictions on our third party partners who receive your personal information in order to ensure that they use this information in accordance with this Privacy Policy and applicable data protection laws, we cannot guarantee that these third party suppliers are not using or disclosing your information without your permission. Therefore, we encourage you to review the data privacy practices of any travel suppliers whose products you purchase via our website. In addition, these travel suppliers may also contact you as necessary to obtain additional information about your confirmed reservation.

Although no personal information is collected, we monitor our users’ navigation to our website in order to better understand and serve our customers. We may provide anonymous statistical information based on this data to carefully selected third party partners for business administration purposes, customer support, marketing and quality assurance, operational and analytical purposes. To the extent that any third party has access to your personal information, their use of this information will be limited solely to providing those functions and for no other purpose. We may disclose your personal information to third parties, such as official bodies and our professional advisers, as long as it is deemed necessary (i) for compliance purposes with relevant laws, orders or regulations; (ii) so as to enforce our customer terms and conditions or other contractual agreements; and (iii) in order to protect the property and other rights of the Company, our customers and others (for example, in any way relating to protection against fraudulent activities).

When you make a booking or purchase products or services offered on our website, due to our security-protection and fraud-detection processes, we may pass certain personal information which you provide to us (for example, your name, credit card, billing address details) to third party credit reference agencies, payment processors, or other third parties for the specific purpose of verifying that information. If your personal information cannot be satisfactorily verified (for example, your stated billing address does not match your credit card details), we will contact you to notify you that your purchase request has not been confirmed and to request the correct details, if they can be provided, before we can process your order.

We have put in place appropriate security measures (including encryption, anonymization or/and pseudonymization procedures where required) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Please be aware that your information may be processed outside Greece, where our servers are located, and our central database is operated. Although the applicable data protection and other laws of the European Union are as comprehensive as those in Greece, please be assured that we will make every effort to ensure that your personal data is processed in accordance with the Greek data privacy legislation and any other relevant legislation in force from time to time.

Furthermore, in order to process your data as described in this privacy policy, we may need to send your information internationally including to countries outside the European Economic Area (EEA) for example. Despite the fact that these jurisdictions provide for similar protection in respect of personal information privacy, we will however take steps to ensure that your personal information is transferred, stored, and processed in accordance with appropriate security standards and in accordance with the terms of this Privacy Policy and applicable data protection laws.

Being the personal data subject, you have the right to access your personal data that are processed by the Company, whereas you also have the right to request an amendment or correction of any type of Personal Data we hold about you (article 15 of the Regulation (EU) 2016/679). Having in mind the processing purposes of the Company in the course of our contractual relationship with you, you may also request the addition of data, by virtue of an additional request from your side (article 16 of the Regulation (EU) 2016/679).

You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of our services.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Right of erasing your personal data: You have the right at any time to request from the Company (which acts as mentioned as Data Processor) to erase your data in light of the article 17 of the Regulation (EU) 2016/679.

Your personal data are stored for the period necessary for our Company to fully comply with its statutory obligations (article 23 of the Regulation (EU) 2016/679).

Any request regarding the modification, change and / or cancellation of your personal data processed by our Company can be emailed to us at gdpr@rhenia.gr

We are welcoming all your comments or questions.

If you have questions or comments about this privacy policy, or if you are concerned that we have not followed the principles set forth in this privacy policy, please send an email to us at gdpr@rhenia.gr.