GDPR Privacy Notice
General Data Protection Regulation (GDPR)
Article 13 of Regulation EU 2016/679

1. Purpose of this notice
This Privacy Notice provides mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing. Definitions of certain terms within this notice are explained in the appendix.

2. The Data Controller for personal data
The Data Controller for the personal data processed by us is the Client Company of REMAIN GREEK IKE (the employer of the natural person whose data is collected, hereafter referred to as the Data Subject). The Data Controller will pass personal data of their employees to REMAIN GREEK IKE to manage cruise on behalf of those employees in connection with their business. REMAIN GREEK IKE, as Data Processor acting on the instructions of the Data Controller under a written contract with them, will subsequently use that personal data to facilitate cruise arrangements for the Data Subject. It is this contract which forms the ‘Legal Basis’ for the processing of personal data carried out by REMAIN GREEK IKE in these circumstances.

REMAIN GREEK IKE will also become a Data Controller if it collects additional personal data directly from a Data Subject. In these circumstances REMAIN GREEK IKE will be acting under a ‘Legitimate Interest’ to legally process the data for the management of cruises for the Data Subject and to fulfil the contractual requirements for its Client. REMAIN GREEK IKE also acts as a Data Controller for any personal data held regarding its own employees, and legally processes this data under its Contract of Employment with those Data Subjects.

3. Your Rights
As a Data Subject you have rights under the GDPR. These rights can be seen below. REMAIN GREEK IKE will always fully respect your rights regarding the processing of your personal data, and has provided below the details of the person to contact if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR.

4. Contact Details
The identity and contact detail for the Data Protection Officer within REMAIN GREEK IKE:

Mr. Papaioannou Evaggelos
REMAIN GREEK IKE
Arhipelagous 68Β, 165 62 Glyfada, Athens,
Tel.+30 210 96 40 340
This email address is being protected from spambots. You need JavaScript enabled to view it.

5. Data Protection Principles
REMAIN GREEK IKE has adopted the following principles to govern its collection and processing of Personal Data:

Personal Data shall be processed lawfully, fairly, and in a transparent manner.
The Personal Data collected will only be those specifically required to contact requirements. Such data may be collected directly from the Data Subject or provided to REMAIN GREEK IKE via his /her employer. Such data will only be processed for that purpose.
Personal Data shall only be retained for as long as it is required to fulfil contractual requirements, or to provide statistics to our Client Company.
Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date.
The Data Subject has the right to request from REMAIN GREEK IKE access to and rectification or erasure of their personal data, to object to or request restriction of processing concerning the data, or to the right to data portability. In each case such a request must be put in writing as in Section 3 above.
The Data Subject has the right to make a complaint directly to a supervisory authority within their own country. REMAIN GREEK IKE Data Protection compliance is supervised by:

Mr. Papaioannou Evaggelos
REMAIN GREEK IKE
Arhipelagous 68Β, 165 62 Glyfada, Athens,
Tel.+30 210 96 40 340
This email address is being protected from spambots. You need JavaScript enabled to view it.

Personal Data shall only be processed based on the legal basis explained in section 2 above, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject which will always take precedent. If the Data Subject has provided specific additional Consent to the processing, then such consent may be withdrawn at any time (but may then result in an inability to fulfil cruise requirements).
REMAIN GREEK IKE will not use personal data for any monitoring or profiling activity or process, and will not adopt any automated decision making processes.
6. Transfers to Third Parties
To fulfil the customers request for a Data Subject it will in some cases be necessary to process personal data via a third party. Personal Data shall only be transferred to, or processed by, third party companies where such companies are necessary for the fulfilment of the cruise arrangements.

Personal Data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless the transfer is made to a country or territory recognised by the EU as having an adequate level of Data Security, or is made with the consent of the Data Subject, or is made to satisfy the Legitimate Interest of REMAIN GREEK IKE in regard to its contractual arrangements with its clients.

All internal group transfers of Personal Data shall be subject to written agreements under the Company’s Intra Group Data Transfer Agreement (IGDTA) for internal Data transfers which are based on Standard Contractual Clauses recognised by the European Data Protection Authority.

Appendix – Definitions of certain terms referred to above:
Personal Data:
(Article 4 of the GDPR): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing:
(Article 4 of the GDPR): means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.

Legal Basis for Processing:
(Article 6 of the GDPR): At least one of these must apply whenever personal data is processed:

Consent: the individual has given clear consent for the processing of their personal data for a specific purpose.
Contract: the processing is necessary for compliance with a contract.
Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary to perform a task in the public interest, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for the legitimate interests of the Data Controller unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Data Controller:
(Article 4 of the GDPR): this means the person or company that determines the purposes and the means of processing personal data.

Data Processor:
(Article 4 of the GDPR): means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Data Subject Rights:
(Chapter 3 of the GDPR) each Data Subject has eight rights. These are:

The right to be informed; This means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
The right of access; this is your right to see what data is held about you by a Data Controller.
The right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way.
The right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.
The right to restrict processing; this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
The right to data portability; a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format.
The right to object; the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
Rights in relation to automated decision making and profiling; Data Subjects have the right not to be subject to a decision based solely on automated processing.

Cookies, Analytics and Traffic Data
Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our websites, applications and services better for you.

Our cookies may be session cookies (temporary cookies that identify and track users within our websites, applications or services which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our websites, applications or services to “remember” who you are and to remember your preferences within our websites, applications or services and which will stay on your computer or device after you close your browser or leave your session in the application or service).

We use the following different types of cookies:

Strictly necessary cookies

These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our website or to remember what you have put into your shopping basket.

Performance cookies and analytics technologies

These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don't collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, applications and services work.

Functionality cookies

These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Targeting or advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

Web beacons and parameter tracking

We also use cookies and similar software known as web beacons to count users who have visited our website after clicking through from one of our advertisements on another website or in emails and to collect details of any products or services purchased. These web beacons collect limited information which does not identify particular individuals. It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies.

IP Address and traffic data

We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our site. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
Find out more about the individual cookies and analytics technologies that we use.

How to disable cookies
You may be able to configure your browser or our website, application or service to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, applications or services. For more information about cookies and instructions on how to adjust your browser settings to accept, delete or reject cookies, see the www.allaboutcookies.org website.