Privacy Policy

Privacy Policy

The growing need for financial and scientific co-operation, as well as the mutual requirement for data processing services, have resulted in the exchange of personal information, a trend now underlined by the ever-increasing use of contemporary communication tools.

CHARALAMBOS THOMOPOULOS personal enterprise, called in short “ARCHIPELAGO”, with Tourist Business Registration No. 1172Κ112Κ0490200, VAT No. 099752536, 1st Piraeus Revenue Office (hereinafter referred to in short the “Enterprise“) states that compliance with the principles governing the protection of data and their processing is included in its scope, as the enterprise is committed to respect the rights of individuals and their private life. The Enterprise shall handle personal data with particular care, always according to EU Regulation 2016/679, the National Law enforcing it and the applicable laws.

The Enterprise commits to fully apply the applicable laws and the European regulations, taking the necessary technical and administrative steps to protect personal data.

For the purposes of this Policy, the following definitions shall apply:

Data Subject: any natural personal, whose personal data may be processed by or on account of the Enterprise
Personal Data: any information in relation to an identified or identifiable natural person that concerns his or her physical, physiological, psychological, emotional or financial state or his or her cultural or social identity.
Processing: the processing of personal data (“processing”), any activity or series of activities involving personal data, including but not limited to their collection, registration, storage, modification, analysis, use, association, retention (locking), deletion or destruction.

1. Legitimacy criteria

Personal data may be processed if at least one of the following applies:

  • the subject has given his or her consent
  • their processing is necessary for the performance of a contract to which the subject is a contracting party
  • their processing is necessary to comply with a legal obligation.

2. Principles applied during processing

The Enterprise warrants and represents that it will make every possible effort to safeguard the personal nature of your information. Therefore, it cannot transfer them to any (natural or legal) third party for any reason except in the cases provided for by law and exclusively to the competent authorities.

Minor visitors have access to our services only with the consent of their parents or guardians, while in case of submission of personal information by minors, the Enterprise will immediately delete all relevant information.

We are authorised to process your personal data in order to provide personalised services by the European legislation (Article 6(1b) of Regulation (EU) 2016/679) and the relevant National Law enforcing it. Your personal data will not be used for purposes other than those described in this Policy, unless we have your prior permission, or unless this is required or permitted by law.

Personal data must be processed in a way that is compatible with the purpose for which they were collected.

The principle of proportionality applies when processing personal data. Among other things, this establishes the obligation not to collect personal data without good reason.

The personal data used must be accurate and up-to-date.

Any personal data used that are no longer accurate and complete should be corrected or deleted.

Notwithstanding any obligation by the law to keep them for a longer period of time, personal data should not be kept for a period longer than what is necessary for the purposes for which they were collected or processed.

The processing of personal data should respect the principles of good faith. This means that data subjects must be confident that the processors will show due care in all matters of data processing.

Individuals whose personal data have been processed should be informed accordingly if they request it. Specifically, they have the right to be informed about the purposes for which their data is processed, the type of data involved, as well as the identity of the recipients of the data. Where deemed necessary, data subjects also have the right to request the correction, non-transmission or deletion of their data.

These rights may be limited only if this limitation is provided for by law. This applies, in particular, when conducting scientific research.

In particular, personal data are protected against unauthorised disclosure and any illegal processing. The steps put in place should ensure a level of security proportionate to the nature of the data that must be protected and the risks that their processing may entail.

The Enterprise is responsible for the implementation and its compliance with EU Regulation 2016/679 and the relevant National Law enforcing it.

Any employees of the Enterprise that handle personal data must be informed accordingly. The procedures for the processing of personal data by third parties based on a relevant agreement must be defined in writing. The enterprise shall ensure that any third contracting parties process personal data appropriately, in compliance with the principles set forth in this Policy. In the event that the third party is deemed unable to ensure a satisfactory level of personal data security, the Enterprise shall terminate that cooperation.

The enterprise maintains records of users’ personal information exclusively for financial, tax and communication purposes. In the context of the continuous improvement of its services, the enterprise may process, under strict conditions of confidentiality and anonymity, part or all of the data you have sent yourself for statistical and financial reasons.

The personal data we collect – Messages via contact form

You can submit your message to the Enterprise through the online reservation system on its website.

By submitting your message through any contact form to the Enterprise, you accept the present terms regarding the use of your personal data (name and e-mail) by the Enterprise.

The Enterprise warrants and represents that it will not use these data for commercial promotion purposes or transfer them to third parties.

3. Access to personal data and Rights – Browsing our website

You can browse our website without providing any personal information.

The Enterprise collects personal information of its visitors/users only when they provide it voluntarily.

If the visitor/user disagrees with this policy, he or she must stop and refrain from browsing the website further.

If you wish, you can ask for information about your personal data kept by the Enterprise, their recipients, the purpose of their retention and processing, as well as about their modification, correction or deletion, by sending a relevant email to contact@archipelago-sifnos.gr from the email address you have provided, attaching a copy of your police ID. You also have the right to review the personal data we hold and to exercise in general any right stipulated by the laws on data protection.

The personal data that you communicate to the Enterprise by sending an email or by visiting our Enterprise in person, either during your registration or at a later stage, are collected, used and processed in accordance with the currently applicable provisions on data protection, specifically, in accordance with the provisions of Law 2472/1997 and Law 3471/2006, as applicable, as well as the new European General Data Protection Regulation (EU) 2016/679.

In particular, you reserve the following rights:

Right to information about your personal data: upon your request, we will provide you with information about the personal data we keep about you.

Right to correct and complete your personal data: at your relevant request, we will correct any inaccurate personal data concerning you. We will fill in incomplete information if you notify us, provided that this information is necessary for the purposes of processing your data.

Right to freeze your personal data: in certain cases provided by law, we will freeze your data at your relevant request. Further processing of such data will take place only to a very limited extent.

Right to withdraw your consent: you can at any time withdraw your consent to the processing of your personal data in the future. The lawfulness of the processing of your data remains unaffected by this action, until the moment your consent is withdrawn.

Your right to object to the processing of your data: you can at any time object to the processing of your personal data in the future if we process your data on the basis of one of the legal justifications provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no legitimate grounds for further processing. Processing your data for advertising purposes does not constitute a legitimate reason.

Under the terms above, you can object to the use of your personal data in the future at any time and without a charge, ask their complete deletion or ask for information about the data we store for your or their correction.

You can send us an e-mail with your request at contact@archipelago-sifnos.gr or use the general contact form on our website.

4. Data Safety

The Enterprise acknowledges the major importance of the issue of the safety of data and transactions; to that effect, it takes all necessary precautions and safety measures and it applies the most appropriate technical processes to protect the content, with a view to provide an interface as safe as possible for users pursuant to the respective law provisions.

The Enterprise applies specific technical and organisational security procedures to protect the personal data and information against loss, misuse, alteration or destruction. Our associates that support the function of this website also comply with these provisions.

Assisted by designers and web developers, the enterprise will make every possible effort to develop, update and improve the services provided and the website in general.

However, there is always the possibility that errors/malfunctions/outages may occur in the content of the website and/or that viruses or other harmful software (malware) may appear either on the website or on its server.

5. Policy Updates and Revisions

The Enterprise reserves the right to amend/update individual sections of this Policy, without a prior notice. In case of changes, the Enterprise will record the date of the amendment to or the update of this Policy and the updated Policy will apply to you from that date on.

Please always read the Privacy Protection Policy before you use our website, ensuring that you are always informed of its most current version, in case of amendments or updates thereto. This is a Statement of Compliance under the provisions of EU Regulation 2016/679 and the National Law enforcing it.

Privacy and data protection policy last updated: September 2022