1. What data we collect
Domestic Travel:
1.1. For each passenger ship, which departs from a Greek port and makes a voyage, in which the distance travelled from its departure point to the next arrival port exceeds 20 miles, the following information shall be recorded, under the responsibility of the competent recorder:
a) the surname of the persons boarding the ship, their forename, their gender, their nationality, their date of birth.
(b) if voluntarily provided by the passenger, information on special care or assistance which may be required in the event of an emergency.
(c) if voluntarily provided by the passenger, contact telephone number in case of emergency.
International Travel:
1.2. For each passenger travelling between Greece and Albania the following information is required:
a) the surname of the persons boarding the ship, their forename, their gender, their nationality, their place of birth, their date of birth, Passport/ID document number, document expiry date.
(b) if voluntarily provided by the passenger, information on special care or assistance which may be required in the event of an emergency.
(c) if voluntarily provided by the passenger, contact telephone number in case of emergency.
Each company shall ensure that information on passengers who have declared that they need special care or assistance in the event of an emergency is duly recorded and notified to the Governor before the departure of the passenger ship.
2. Purpose, Scope
Ionian Cruises shall use its best efforts in order to comply with the legislation related to Personal Data Protection in its market sector. The current policy lays down the key principles based on which Ionian Cruises processes the personal data of its customers, seamen, employees, suppliers, partners and other persons.
This Policy is also applied by Ionian Cruises in its subsidiaries whose head office is in Greece, and Ionian Cruises controls them directly or indirectly.
All seamen employees with contracts of indefinite duration or fixed-term contracts, as well as all subcontractors who work for Ionian Cruises are bound by the current Policy.
3. Key Definitions
The key definitions of the terms used in the current document follow, as they are laid down in Article 4 of the General Data Protection Regulation (GDPR) so that the data subject will become familiar with the Regulation’s terminology.
Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier, such as a name, identity card number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Special Categories of Personal Data: Personal data which, essentially, are especially sensitive with respect to fundamental rights and freedoms, require special protection, since the scope of their processing may create important dangers which will affect such fundamental rights and freedoms. Such data include personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the undisputed identification of a person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
Controller: A natural or legal person, a public authority, agency or other body which, alone or jointly with others, determines the purposes and the manner of personal data processing.
Processor: a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Processing: every act or series of acts realized with or without the use of automatized means on personal data or on aggregates of personal data, such as the collection, registration, organization, structure, storage, adaptation or modification, recovery, a search of information, use, disclosure by forwarding, dissemination or any other form of disposal, correlation or combination, limitation, erasure, or destruction.
4. How and why do we use your personal data?
4.1. To manage your travel reservations and provide our services
When you travel with us, we use the information required for the provision of our services, such as ticketing, completing check-ins, replacing tickets or refunding fares, managing your bookings and serving you as a customer individually or in groups.
4.2. To communicate with you and manage our relationship with you
We may need to contact you by e-mail or telephone for administrative purposes, such as confirming your bookings and payments, notifying you in regard to your itinerary, handling requests you have submitted for services not received, any material damage and, generally speaking, handling your complaints.
4.3. To improve our services and protect our business interests
The business purposes for which we will use your information help us improve the services we provide, meet your expectations and control transactions from our sales, so as to respond to any requests for contesting charges on your cards and manage the clearance of our sales.
4.4. To comply with legal obligations
When, for example, we collect information relating to passenger accidents, we handle ticket replacement or refund requests, passenger compensation & vehicle damage claims, keep an archive of complaints and passenger feedback.
4.5. To safeguard our legitimate interests and protect individuals and goods
When we use CCTV and security cameras in order to be able to monitor and protect the security of individuals, materials and facilities, including ships.
5. Key principles that concern Personal Data Processing
Ionian Cruises, as the controller, strictly abides by the principles of data protection which are defined in Article 5 of the General Data Protection Regulation (GDPR).
5.1. Lawfulness, Objectivity and Transparency
Ionian Cruises processes personal data lawfully, objectively, and transparently as far as the data subjects are concerned.
5.2. Purpose Restriction
Private data are collected only for special, explicit, and lawful purposes and they are not processed for any other purpose.
5.3. Data minimization
Ionian Cruises maintains accurate personal data of data subjects and ensures that their maintenance is limited to what is necessary for relation to data processing purposes. At the same time, it applies suitable technical means in order to achieve the above objectives.
5.4. Precision
The personal data maintained by Ionian Cruises are accurate and updated. Measures are taken to ensure that personal data which are inaccurate with respect to the purpose for which they are processed are erased or corrected within a reasonable time.
5.5. Storage Time Limitation
Personal data are maintained for a time period not greater than necessary for the purpose for which Ionian Cruises processes them.
5.6. Integrity and Confidentiality
Taking into account the technological level and other available safety measures, the cost of application, as well as the probability and gravity of dangers concerning the personal data, Ionian Cruises uses suitable technical or organizational means for personal data processing, in a way that guarantees the proper safety of the personal data and their protection from accidental destruction, loss, damage, and unauthorized or illegal processing.
5.7. Accountability
Ionian Cruises is responsible to prove and can prove its compliance with the General Data Protection Regulation to the competent Authority of Personal Data Protection.
6. Privacy Notice, Consent and Rights of Data Subjects
6.1. Notification of Data Subjects
Before the collection of personal data, or during their collection for any processing activity undertaken by Ionian Cruises, including among other things the sale of products, services, or marketing activities, Ionian Cruises is responsible to provide the necessary information to the data subjects and, specifically, information concerning the types of personal data collected, the processing purposes, the processing methods, the rights of the data subjects concerning their personal data, the period of registration, possible international data transfers, if the personal data are given to third parties within the scope of cooperation with them, as well as the security measures taken by Ionian Cruises to protect the personal data. This information is provided by the Privacy Notice.
6.2. Consent
When the legal base of personal data collection is the consent of the data subject, Ionian Cruises is responsible to ensure that data subjects grant their consent freely, with positive energy, explicitly, with full awareness of the content of the text to which they consent. Ionian Cruises offers the data subjects the opportunity to withdraw their consent at any time.
Whenever a collection of personal data of children less than 16 years old occurs, Ionian Cruises ensures that the Parent has granted his consent before the data collection.
Personal data processing must take place only for the purpose for which the data were initially collected. In case that Ionian Cruises wishes to process collected personal data for a different purpose, it must request the consent of the data subjects explicitly, by a specific written statement. Any such request must contain the initial purpose for which the data were collected, as well as the new or additional purpose/purposes.
6.3. Collection
Ionian Cruises shall use its best efforts to ensure that the number of personal data collected is limited to a minimum. If the personal data are collected by a third party, Ionian Cruises ensures that those data are lawfully collected.
6.4. Relation of Ionian Cruises with Third Parties
In case that Ionian Cruises uses a third party, a supplier or commercial associate to which it assigns the processing of personal data on its behalf, it ensures that the processor will provide all suitable means of safety and protection of personal data in order to cope with all probable relevant dangers.
Ionian Cruises shall use its best efforts in order to ensure that its suppliers or commercial associates process personal data only to accomplish their conventional obligations to Ionian Cruises and for no other reason, and always according to its instructions.
6.5. Rights of Access of Data Subjects
Ionian Cruises, as the Controller, is responsible to provide to the data subjects a mechanism of access to their personal data that will allow them to revise, correct, erase, or transfer such data.
Data subjects’ request for access, correction, deletion, processing, limitation, portability and objection to personal data processing can be made by contacting us at info@ionian-cruises.com or in writing to Ionian Cruises, Ethn. Antistaseos 4, New Port, Corfu, 49100, Greece.
6.6. Data Portability
Data Subjects have the right to receive, at their own request, a copy of the data which they have submitted to Ionian Cruises in a structured form and transfer those data to another controller. Ionian Cruises is responsible to ensure that those applications are dealt with within a month, provided that such demands are not clearly unfounded. During the exercise of his right to data portability, the data subject has the right to request the direct transmission of personal data by one controller to another, if this is technically feasible
6.7. Right to Erasure
At their own request, Data Subjects have the right to ask Ionian Cruises to erase their personal data. Ionian Cruises will immediately proceed with the required actions (including technical operations) to satisfy the request and will ensure the same behaviour from third parties which may use or process personal data on its behalf.
7. Response to Personal Data Breaches
When Ionian Cruises discovers a potential or actual personal data breach, it will immediately carry out an internal audit and it will take the necessary rectification measures within a reasonable time, according to the Policy of Personal Data Breach. If the rights and liberties of data subjects are threatened, Ionian Cruises must report the breach to the authorities without delay and, in any case, within the next 72 hours.
8. Communication
If you have any queries, or any clarification is required concerning your personal data processing by Ionian Cruises, please send your message to the e-mail address info@ionian-cruises.com and Ionian Cruises will be happy to be of service immediately.