Pursuant to EU Regulation 2016/679 GDPR
DATA CONTROLLER
Meravigliose Isole Greche
Koritsas n. 1 – 85300 Kos, Dodecanese, Greece
VAT Number: EL 159399905
Email: info@meraviglioseisolegreche.com
USER RIGHTS
Users can exercise certain rights regarding their Data processed by the Data Controller. In particular, the User has the right to:
Withdraw consent at any time. The User can withdraw consent to the processing of their Personal Data previously given.
Object to the processing of their Data when it is carried out on a legal basis other than consent.
Access their Data, obtaining information about the processing and a copy of the processed Data.
Verify and request rectification of their Data if it is inaccurate or incomplete.
Restrict processing of their Data under certain conditions, meaning the Data will only be used for its storage.
Request the deletion of their Personal Data under specific circumstances.
Receive their Data in a structured, commonly used, machine-readable format and, where technically feasible, have it transferred to another controller.
Lodge a complaint with the competent data protection authority or take legal action.
To exercise these rights, the User can contact the Data Controller at the contact details provided.
DETAILS ABOUT THE RIGHT TO OBJECT
When Personal Data is processed for public interest, in the exercise of official authority, or for the legitimate interests pursued by the Data Controller, the User may object to such processing based on grounds related to their particular situation.
If the Data is processed for direct marketing purposes, the User can object without providing any justification. To find out whether the Data Controller processes data for marketing purposes, Users can refer to this privacy notice.
HOW TO EXERCISE RIGHTS
Users can exercise their rights by sending a request to the Data Controller’s contact details. Requests are processed free of charge and as quickly as possible, within a maximum of one month.
PROCESSING METHODS
The Data Controller processes Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of the Data.
Processing is carried out using IT and telematic tools, with organizational methods strictly related to the purposes indicated. In addition to the Data Controller, in some cases, other parties (such as administrative, marketing, legal, or IT personnel) or external service providers may have access to the Data and may be appointed as Data Processors if necessary.
TYPES OF DATA COLLECTED
The Personal Data collected includes: name, surname, mobile phone number, email. All requested Data is mandatory unless otherwise specified. If the User refuses to provide it, the Service may not be available.
PURPOSE OF PROCESSING
User Data is collected to allow the Data Controller to provide its services, specifically for:
Processing reservations or responding to requests for additional information about travel proposals.
Operational management of website navigation and maintenance.
HOSTING AND INFRASTRUCTURE
Hosting services are responsible for data distribution and ensuring the functionality of the website. The servers are located within the European Community.
RETENTION PERIOD
Data is processed and stored for the time necessary to achieve the purposes for which it was collected:
Data related to reservations: stored for 1 year.
Data for responding to information requests: deleted immediately after processing.
Data for promotional newsletter subscription: stored for 1 year.
At the end of the retention period, if the User’s consent is not renewed, Personal Data will be deleted. After this period, the right to access, deletion, rectification, and data portability can no longer be exercised.
Last modification: 13/10/2024