PRIVACY POLICY AND GDPR
Our Approach to Privacy
Travel services are founded upon the collection and analysis of the information about people. At J. GRAPSAS S.A. (Nuova Travel) we recognize that when we handle information about any individual, we must do so responsibly, with due care to individual privacy, complying with laws on data privacy and confidentiality.
This Privacy Policy (“Policy”) describes the main types of personal data we process within our company, how that information is used and disclosed, and our commitments to the individuals whose information we handle. Moreover, in this Policy we explain in general terms how we comply with data privacy laws and regulations, including but not limited to the General Data Protection Regulation 679/2016 (“Regulation”), effective 25 May 2018.
- What are the personal data?
1.1. Personal data means any information relating to you which allows us to identify you, such as your name, contact details, booking reference number, payment details and information about your access to our website.
1.2.We may collect personal data from you when you do a reservation with us (either directly or indirectly through our trusted third party partners), use our website and other websites accessible through our website, or when you contact us.
- What Types of Personal Data Does Nuova Travel Process?
Generally, the type of personal data we collect about you is the information that is needed to facilitate your travel arrangements and bookings and to arrange travel related services and/or products on your behalf.
We therefore typically process the following types of personal data about you:
– contact information (such as name, home address, telephone number, email address);
– payment account information (credit/debit card details, including card type, card number, security number and expiry date);
– personal identity details, passport details, entry visa details, travel authorizations;
– loyalty program / frequent flyer details/ corporate memberships;
– medical conditions for passengers who have special medical requirements and/or dietary requirements
– other details relevant to your travel arrangements or required by the relevant travel service provider(s) (e.g. airlines and accommodation or tour providers)
– the communications you exchange with us or direct to us via letters, emails and calls,
– travel history, when you have previously used our services;
Personal details about your physical or mental health, alleged commission or conviction of criminal offences, or photographs of you in electronic version are considered special categories of personal data under applicable data protection law. We will process any such data only if you have given your explicit consent, or you requested special assistance, or you have deliberately made these information public.
2.1. Employee and Human Resource Data
Nuova Travel collects personal information from applicants seeking employment with the company, including private contact details, professional qualifications and previous employment history to inform employment decisions. Once employed, we collect information on staff for human resource, performance, payroll and tax purposes. We will collect and record employee level information in various company systems, consistent with standard business operations. We process similar information relating to consultants, contractors and other third parties engaged by the company to provide products or services to it.
2.2. Web Visitors – IP addresses – Cookies
Web Visitors in general: Nuova Travel may collect named information about visitors of our website, where this is voluntarily provided to meet a request from those individuals, for example when they fill the contact form and request any information on our services, or where someone wants to apply for a vacant position with the company. Through the use of cookie-based technologies, Nuova Travel may collect various data linked to virtual identities allocated to visitors when they access our website. This data is used for various purposes, including site analytics and first party marketing.
IP addresses: When you access our website or open electronic correspondence or communications from us, our servers may record data regarding your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.
We may use IP addresses for system administration, investigation of security issues and compiling anonymized data regarding usage of our website. We may also link IP addresses to other personal information we hold about you and use it for the purposes described above (e.g. to better tailor our marketing and advertising materials, provided you have opted in to receive electronic marketing).
Cookies: We may use third-party web analytics services on our website, such as Google Analytics. The analytics providers that administer these services use technologies such as cookies to help us analyze how visitors use our website.
A cookie is a data file that is placed by a website operator on the hard drive of a visitor to their site. Cookies with the following functions are enabled to the computers of visitors of our site: to allow the site to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the site or to allow the company to perform site analytics;. Your online relationship with Nuova Travel may be managed by using settings available on most internet browsers. For example, most browsers allow a visitor to choose which cookies can be placed on his/her computer or to delete or disable cookies. Please note that disabling cookies may prevent a visitor from using certain features on our website.
- How do we use your personal data?
3.1. We will only process your information, where:
– you have given your consent to such processing (which you may withdraw at any time, as detailed below);
– the processing is necessary to provide our contractual services to you;
– the processing is necessary for compliance with our legal obligations(e.g. for tax reasons or to prevent a threat to life, health or safety of a customer); and/or
– the processing is necessary for our legitimate interests (e.g. safety internet connection) or those of any third party recipients/partner of ours that receive your personal information .
3.2. More specifically, we may process your data at the following cases:
– arrange your travel details, book your flights, hotels etc, in execution of your directions and our contract
– filing and archiving your data at a filing system, for the proper execution of our services to you
– execute the payment of your services, according to you explicit authorization for the execution of our contract
– to facilitate your participation in loyalty programs and arrange your travel preferences;
– for research and analysis in relation to our business and services, including but not limited to trends and preferences in sales and travel destinations and use of our website;
– for internal accounting and tax reasons;
– to comply with any applicable customs/immigration legal requirements relating to your travel;
– for developing and improving our services
– for identification of fraud or error;
– for regulatory reporting and compliance with our legal obligations.
3.3. Finally, we may use your personal information to send you targeted marketing activities relating to our products and services (and those of third parties) that we think may interest you, in case you have explicitly requested and/ or consented to receiving such actions from us. These may include, but are not limited to, mail outs, electronic marketing and notifications and telephone calls. We will only use your personal information to send electronic marketing materials to you (including e-newsletters, email, SMS, MMS and iM) if you have opted-in to receive them.
- Is personal information disclosed to third parties?
4.1. We do not and will not sell, rent out or trade your personal information. We may only disclose (share, send, or otherwise make available or accessible) your personal information to third parties in the ways set out in this Notice.
4.2. Your personal information may be disclosed to the following types of third parties:
– Google, mainly for the provision of Google Analytics service
– your employer, where you are an employee of one of our corporate, business or government clients and you are participating in an event or travelling for work purposes;
– external business advisers (such as lawyers, accountants, auditors and recruitment consultants);
– our partners, such as tour operators, airlines, hotels, car rental companies, transfer handlers and other related service providers;
– our contractors, suppliers and service providers, including suppliers of IT based solutions that assist us in providing products and services to you (such as any external data hosting providers we may use);
– financial institutions and credit card providers, according to your explicit authorization for the execution of our contract
– mailing houses, freight services, courier services;
– publishers, printers and distributors of marketing material;
– event and expo organizers;
– marketing, market research analysis and communications agencies;
– any third party to whom we assign or novate any of our rights or obligations;
– a person making your travel booking on your behalf, (for example, a family member, friend or work colleague);
– as required or authorised by applicable law, and to comply with our legal obligations;
– customs and immigration to comply with our legal obligations and any applicable customs/immigration requirements relating to your travel;
– government agencies and public authorities, regulatory bodies and enforcement agencies, to comply with a valid and authorised request, including a court order or other valid legal process, to protect against fraud and for related security purposes
4.3. In any case, our employees that have access and process your personal data are perfectly trained regarding the appropriate manner for this processing and process only on a need-to-know basis, to meet stated legitimate business purposes.
- Is personal information transferred outside of EU and EEA?
We may disclose your personal information to certain overseas recipients. We will ensure that any such international transfers, which are lawfully enforced or are necessary for the performance of our contract, are made subject to appropriate contractual and technical safeguards, as required by GDPR and any other applicable law. We will provide you with copies of the relevant safeguard documents upon request.
- Security of information
6.1. We are committed to safeguarding and protecting your personal information. We implement and maintain appropriate technical and organizational measures to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information collected, stored or otherwise processed.
6.2. Nuova Travel has implemented various physical, electronic and managerial security procedures in order to protect the personal information we hold. We regularly review security technologies and will strive to protect your personal information as fully as we protect our own confidential information. We are not responsible for any third party’s actions or their security controls with respect to information that third parties may collect or process via their websites, services or otherwise. We will destroy or de-identify personal information once we no longer require it for our business purposes, or as required by law.
6.3. Filing and Storage: Some of your personal information will be stored in the database of this site or of our company’s systems (ERP & CRM). We have implemented scaled access and authorizations to your data, on a need-to-know basis.
6.4. File transfer: All web traffic (file transfer) between this site and your browser is encrypted and transferred via the 128-bit SSL protocol. Essentially, encryption is a way of encoding the information until it reaches its intended recipient, which will be able to decode it using the appropriate key.
6.5. Email: The data sent to us via email is protected through the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by a TLS security protocol (aka SSL), meaning that email is encrypted using 256-bit SHA-2 encryption before being sent over the Internet. The content of the email is decrypted by our local computers and devices.
- Data retention period
7.1. We will not retain data longer than necessary to fulfil the purposes for which it was collected or as required by applicable laws and regulations.
7.2. The information you provide to us may be archived or stored periodically by us, according to backup processes and will only be retained for as long as is it required for the purposes for which it was collected, unless the law requires us to hold your personal information for a longer period, or delete it sooner, or unless you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.
7.3. Namely, according to Direction no 1/2011 of the National Data Protection Authority, data logs of the security cameras system shall be stored for a specified time, according to the purpose for which they are processed. Unless otherwise provided by law, or unless it is necessary for the investigation of a security breach incident, such files should be destroyed every 15 working days.
- Children’s Online Privacy Protection
We do not collect information through our website from individuals who are known to be under the age of 13, and no part of our online presence is directed to anyone less than 13 years.
- Your Rights
Nuova Travel ensures that you can exercise all relevant informational rights in relation to your personal data that we hold and process, such as the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, prevent direct marketing and request transmission of personal data in a common digital format (e.g., pdf) to themselves or another organization.
Namely, upon your request we will
- allow access to copies of personal information within a reasonable timeframe;
- correct personal information where inaccurate;
- withdraw a previously provided consent to processing of personal information, e.t.c.
- Inquiries, Complaints and Requests to Exercise Rights
Communications, queries or requests to exercise informational rights (e.g., access to data) or complaints can be addressed to company address, 13 Agiou Konstantinou street, 18532 Piraeus Greece, to the attention of Mr Athanasios Grapsas or emailed to quality@nuova.gr
Under the Regulation, Nuova Travel is the data controller for data protection purposes and shall be primarily responsible for data protection matters.
Within the EU, individuals have the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
- Policy Changes
From time to time we may need to change this Policy. We invite you to regularly check in before you use our services at: www.nuova.gr/privacy-policy