PROTECTION OF PERSONAL DATA
General
Privacy and Protection of Personal Data is a top priority for our Company, “MID EAST International Travel Services” (hereinafter referred to as MID EAST). The management and protection of personal data is subject to the following terms and conditions as well as to the provisions of national, European and international law on the protection of the individual and the processing of personal data, as applicable at any given time.
This Privacy Statement describes the personal data that MID EAST collects and processes about you in order to provide our services seamlessly, how we use and protect your personal data, the time we keep it, and what your rights are regarding the way we process this data.
Please read them carefully.
1. About us
Mid East International Tours LTD, with its registered office at Mideast Travel, located at Avenue 105-107 Vas. Sofias, P.O. Box 11521, Athens, collects and processes “personal data” at every point of contact or interaction with you only when you voluntarily provide it yourself when you visit our website or when you use our mobile applications, when you stay at our premises or when you use our call centre or when you use services from other companies that cooperate with us.
In this contractual relationship, in which you are the “Data Subject” of the Personal Data, our Company acts as the Data Controller of your Personal Data (Article 4 of Regulation (EU) 2016/679).
2. Type and method of collection of Personal Data:
In order to enable us to provide you with the services you request and in the context of providing our services to you, we may collect the following personal data.
2.1 Personal Data
Customer details: first and last name, personal email address, telephone numbers, ID number, passport number, date/time and place of departure/arrival.
Customer’s billing details: VAT number, home/company address, credit card, bank account details.
2.2 Special categories of data
Special customer data: racial or ethnic origin, date of birth, place of birth, eating habits, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, criminal prosecutions, and criminal convictions.
2.3 Health data
Customer medical data:
Physical condition, mental status, disabilities and handicaps, dietary or other related needs, patient’s medical history, medication administration, and other health data.
2.4 Cookies and other technical information
Data via Cookies:
When you visit www.mideast.gr, we send a” cookie” to your computer. Cookies are small files that are stored in your browser software (browser) and store information about your use of the website on your hard drive. This allows us to recognise your computer the next time you use our website or make a booking. Please note that all the information contained in the cookies is encrypted for security purposes. You can always choose to receive only the cookies necessary for the operation of the website and not to receive any promotional cookies from www.mideast.gr at all. When you transfer to other third-party websites, the privacy policy changes according to the policy of the respective provider.
2.5 Transaction policy with children
Mid East International Travel LTD does not engage in transactions with children. If we know that the user is under the age of 16, then the personal information sent to us will be used to inform them that parental consent is required to complete the purchase.
2.6 Contact by email or via a contact form
When you contact us by email or via a contact form, you provide us with data (your email address, probably your full name and telephone number), which we will store in order to process your request.
2.7 Information sheet
By subscribing to our newsletter, you give your consent, in accordance with Article 6, paragraph 1a of the GDPR, to receive our newsletter, which will inform you about our current offers.
By subscribing to our newsletter, we save registration and confirmation time. To subscribe to the newsletter, the only mandatory element required is your email address. The declaration of additional data with separate markings is optional, and this data will be used for personal communication with you.
In every email we send you, we give you the option to withdraw your consent to receive the newsletter.
2.8 Gift card
To purchase a gift card from our website, you must provide us with your full name, mobile phone number, and email address. You also provide us with your full billing address. The information will be sent to us in email format, and we may use your details to contact you regarding your purchase or to process your booking. If a purchase is made from our website by debit or credit card, you are always taken to a secure bank environment for your purchase. We never collect your bank card information, nor will we ever request information such as your card number, CCV, or card PIN while you remain on our website.
2.9 Competitions
When taking part in competitions, questionnaires and surveys, you fill in forms where it is required that you only provide us with your email address and, optionally, your full name, mailing address, and other information that may be requested.
2.10 When entering and remaining on our Company’s premises:
A closed-circuit television is used on our premises, which may record video (without sound ) for the purpose of protecting persons and travel documents. The processing is necessary for the purposes of legitimate interests pursued by us as the controller (Article 6(1)(f) GDPR).
For information and the processing of personal data via a video surveillance system maintained by our Company, you can visit our website https://mideast.gr/wp-content/uploads/2024/07/Notification-on-the-Processing-of-Personal-Data-via-Video-Surveillance-System.pdf.
2.11 Employment applications
If you choose to apply online for employment with our travel agency, we will collect the information submitted to you and will process the following personal data:
Your educational background, your employment history, your previous employers, your areas of expertise, professional and other work permits and certifications held, the educational institutions from which you graduated, your preferences for the type of work, verification of information regarding your references and previous employers, any other information you choose to submit through the resume submission process, any other data that may be provided to us during the resume submission process
3. Who do we share your personal information with
Mid East International Travel LTD does not publish, disclose or make available to third parties the personal data of visitors to its website and respects the confidentiality of your personal data and information. Personal data may be made accessible and processed by third parties, such as ferry companies, only if a service is purchased through our website. Data is only shared with third parties when it is required for the purchase of a service. The data disclosed are the minimum and relevant to the purchase of the service you have chosen unless disclosure is permitted by law or a court order. The privacy policy of these companies coincides with the privacy policy presented here. Your personal data may be transferred to third countries if you travel to them. Data controllers in third countries are required to comply with European data protection regulations and are contractually bound to provide appropriate safeguards in relation to the transfer of your data.
4. Protection and Security of Personal Data
The Company will not transmit or disclose personal data of the “Subject”, without his/her consent, to third parties not related to the Company, with the exception of compliance with court decisions and the application of relevant legal provisions and only to the competent authorities. The Company shall take all necessary security measures to protect the personal data of the “Subject” from unauthorised access, alteration, disclosure and destruction. Only authorised employees of the Company are allowed to have access to the personal data of the “Subject”.
For any questions, clarifications or comments regarding this privacy policy or to object to it and to exercise their legal rights, visitors/users of the website may contact the Company by sending an email to dpo@mideast.gr.
5. Right of Access, Processing and Deletion of Your Data
5.1 Right of access to your personal data processed by our Company and the right to request the correction of any inaccurate data concerning you (Article 15 of Regulation (EU) 2016/679).
With regard to the purposes of the processing carried out by our Company within the framework of the contractual relationship between us, you may also request the completion of incomplete personal data, including through a supplementary declaration to our Company (Art. 16 of Regulation (EU) 2016/679).
5.2 Right of rectification: You may exercise the right to rectify or amend your Personal Data by sending a letter to Mideast Travel, 105-107 Vas. Sofias, P.O.Box 115 21 Athens or by email to dpo@mideast.gr.
5.3 Right to erasure (“right to be forgotten”):
At any time and at your sole discretion, you have the right to request our Company, which acts as the Data Controller in the contractual relationship between us, to erase your personal data in accordance with the specific provisions of Art. 17 of Regulation (EU) 2016/679 unless the obligation to process personal data is required by law, in the public interest or for the exercise or defence of our legal claims or cannot be met as the case may be.
Any request related to the modification, change and/or cancellation of your personal data processed by our Company, you can send us an email at dpo@mideast.gr
5.4 Right to portability: You may exercise the right to portability of your Personal Data for transfer to another Controller or Processor by sending a letter to Mideast Travel, Vas. Sofias 105-107, T.K. 115 21 Athens or by email to dpo@mideast.gr.
5.5 Right to complain to the CPCS. You have the right to lodge a complaint with the Data Protection Authority (www.dpa.gr): telephone: +30 210 6475600, fax: +30 210 6475628, email: contact@dpa.gr
6. Transfer of personal data outside the EU
In the course of our professional activity in the context of providing our services to you alone, it may be necessary to transfer personal data outside the European Economic Area (EEA) to third countries or to international organisations. In this case, the transfer takes place with the consent of the “Data Subjects” of the data or if one or more conditions for the lawful transfer of personal data outside the European Union, as provided for in Chapter V of the GDPR, are met.
7. Storage and Retention Time of Personal Data
7.1 Your personal data sent via a contact form is retained for as long as necessary until your request for the service is completed unless applicable laws require or permit retention for a longer period. And it will be stored on a computer in our Company.
7.2 Upon completion of the purchase of a service, your data will be stored on a computer within our Company for as long as necessary in order for our Company to be in full compliance with government tax authorities.
7.3 Where processing is carried out on the basis of a contract, your personal data is stored for as long as necessary for the performance of the contract and for the establishment, exercise, and/or support of legal claims based on the contract.
In any case, this data is deleted at the end of the ten-year period.
Our server, which stores and protects your information, is located in Greece.
7.4 For the purposes of product and service marketing activities, your personal data is kept for up to three years. In any case, you can withdraw your consent. The revocation of consent does not affect the lawfulness of the processing based on the consent during the period prior to its revocation. To withdraw your consent, please contact the travel organisation’s Data Protection Officer (DPO).
7.5 We will destroy your personal information as soon as possible and in a manner that does not allow the information to be restored or reconstructed. Where it is printed on paper, the personal information will be destroyed in a secure manner, such as using a document shredder, and where it is stored in electronic format, the personal information will be destroyed by technical means to ensure that there is no possibility of the information being restored at a later date.
8. Changes to the Privacy Policy
We may update our privacy policy from time to time. We will post any new version of the privacy policy on our website without you being given notice. We may notify you by email of significant changes we make. You should check our website frequently to keep up to date with our current and applicable Privacy Statement.
