YACHTING COMPANY
GDPR Policy
Definitions (In accordance with Article 4 of the Regulation (EU) 2016/679 ): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) ‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her, ‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question, ‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data, ‘Data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status. Purpose of data processing / legal basis.
The personal data are data referring to individuals. By interacting with you and fielding your customer query we may collect and process the information you provide to us, such as personal details (Name, Surname), Email address etc. Euneos yachting as the controller ensures that only those personal data of yours are processed which are necessary for each specific purpose following your prior notification and consent.
Data Collection: To complete the booking and comply with the requirements of the Port Authorities, we collect the following information: Name, Identity/Passport Number and contact details.
Data Transmission: This information is transmitted exclusively to the vessel’s Ownership Company and the competent Port Authorities. It is not disclosed to third parties for advertising purposes without your consent.
Security: We are committed to the safekeeping of your documents (e.g. ID photos) until the completion of the charter, at which time they are deleted from our files, unless otherwise specified by law.
Data Sharing
In order to operate the cruises and process payments as described in our Terms & Conditions, personal data collected during the booking process (including but not limited to Name, Surname, contact details, booking specifics, and payment
information) will be shared with the respective operating and payment processing entities.
Your Rights as “Data Objects”
1. Besides the right to revoke the consent you have given us, you have the following further rights if the respective legal requirements are met:
• The Right of access by the data subject
• The Right to request rectification of incorrect data or completion of incomplete data
• The Right to erasure (“right to be forgotten”) (you may request deletion of your personal data)
• The Right to restriction of processing of your data
• The Right to data portability
• The Right to object to the processing of your personal data
2. The right to obtain access to your personal data (i.e. the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, where that is the case, access to the personal data).
This information can include in particular:
The purposes for which the personal data are processed;
The categories of personal data that are processed;
The recipients or the categories of recipients to whom the personal data concerned have been disclosed or are still being disclosed;
The duration of storage of the personal data concerning you or, if specific details of this are not possible, criteria for the specification of the retention period;
The existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the data controller or of a right to object to such processing;
The existence of a right of appeal to a supervisory authority; All available information about the origin of the data, if the personal data was not collected from the person concerned; The existence of an automated decision-making process, including profiling. In these cases, at the least, receiving meaningful information about the logic involved as well as the scope and desired impact of such processing for the person concerned. If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards in relation to that transfer.
3. Right to rectification
You have the right to seek the immediate rectification by us of inaccuracies in your personal data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data and add newly available supplementary information.
4. Right to deletion
You have the right to request from us that personal data concerning yourself is immediately deleted, if one of the following grounds applies: The personal data are no longer necessary for the purposes for which they have been collected or have been processed in any other way, You revoke your consent, which supported the processing originally, and there is no other legal basis for processing, You object to the processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes, Your personal data has been unlawfully processed, The deletion of the personal data is necessary for the fulfilment of a legal obligation, The personal data has been collected in relation to services offered by information society services as referred to in Article 8 paragraph 1 GDPR Where we have made the personal data public and are obliged to erase it, we will take appropriate measures taking into account the available technology and the costs of implementation, in order to inform the third parties who are processing your data that you also request from them that they erase all links to the personal data and copies or replications of those personal data.
5. Right to restriction of processing
You have the right to obtain from us a restriction of the processing, if one of the following requirements exist: The accuracy of the personal data is contested by you. The processing is unlawful and you oppose the erasure of your personal data and
request the restriction of their use instead. The controller no longer requires the personal data for the purposes of the processing, but the person concerned requires them in order to establish, exercise or defend legal claims or You have raised an objection to the processing, pending the verification whether the legitimate grounds of the controller override those of you as the “data subject”.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without delay, where: The processing is based on consent or on a contract and The processing is carried out by automated means. When exercising your right to data portability, you have the right to ensure that the personal data is transferred directly by us to another data controller, insofar as this is technically feasible.
7. Right to object (Article 21 of Regulation (EU) 2016/679)
In certain circumstances, you may object to data processing for reasons arising from your particular situation. The above general right of objection applies to all processing purposes described in the data protection regulation, which are processed on the basis of legitimate interests. Unlike the special right to object towards data processing for advertising
purposes, we are only obliged by the Regulation (EU) 2016/679 to implement such a general objection, if you give us reasons of paramount importance for this, e.g. a possible risk to life or health. Furthermore, there is the possibility to contact Hellenic Data Protection Authority (1-3 Kifisias Avenue, 11523 Athens, Greece, Tel: +30 2106475600, Email: contact@dpa.gr) or our Company.
How Long We Will Keep Your Personal Data
Euneos Yachting will store documents as long as required for fulfilling the legitimate purpose on which those data were given to us taking under consideration the time limit specifications of the European and National legislation.
How we keep your information secure
We use a range of measures to keep your information safe and secure which may include encryption, firewalls, back-ups and other forms of security. We constantly improve those measures in order to ensure the protection of your personal data.