GS TRAVEL SA
Privacy Policy
The Scope of Our Company’s Activities
Our company is engaged in providing travel services and acts as a Data Controller as defined by the General Data Protection Regulation for all services it offers, determining the purpose and means of processing your personal data. At the same time, it acts as a Data Processor through partnerships with businesses, entities and organizations for the execution of specific actions.
All necessary information regarding how we may collect, use, share, and otherwise process your personal data as an employee of one of our corporate clients or other individual to whom we offer or provide our services – travel, meetings and events, and related products and services – via our websites, mobile applications, email communications or other online and offline means that is mentioned in this Privacy Policy in compliance with the General Data Protection Regulation (GDPR) 2016/679 of the EU and the applicable national legislation.
Our entire company, including our workforce, partners and Management, is committed to adhering to this privacy policy.
For any additional inquiries or requests to exercise your rights, our company has appointed a Data Protection Officer, Mrs. Zoe Skreki whom you can contact at 2103716300 or via email at persdata@gstravel.gr
What Services We Offer
GS Travel provides a wide range of services and products in the broader travel and tourism sector.
Where We Collect Your Data From
All the personal data we collect comes from the data subjects themselves, i.e. you. During our transactions, the provision of our services and the execution of our contract, the necessary personal data is collected, as described below.
It should be noted that we may also collect your personal data, specifically your name and phone number, from the company/organization/entity that designates you as a traveler. In this case, we can inform you of the source of the data at any time. The sole purpose of processing the data is to provide travel services.
Learn What Personal Data We Collect
For our operation and the provision of our services, we process the following personal data:
• When we want to hire an employee: we collect, record and store the full name, father’s name, mother’s name, ID number, tax ID number (AFM), tax office (DOY), social security numbers (AMIKA, AMKA), address, phone number, email, ethnic origin, bank account number, education level, years of experience, marital status, and number of children. This data is necessary for the hiring process in accordance with relevant legislation.
• During our employment relationship: we collect, record, and store any sick leaves and documents proving changes in the employee’s marital status that affect payroll.
• When you join our company as a client: we collect, record and store, depending on the services you request, your first name, last name, phone number, email. We may also require nationality, date of birth, passport details, frequent flyer program membership details. Finally, we may also collect special categories of information to provide accessibility, meal preferences or other requested services. We collect and store information from your account that goes into your traveler profile, which is where we store the information necessary to book your travel and provide you with our services.
• When you supply us with your products or services: we collect, record and store your company name, tax ID number (AFM), tax office (DOY), address, phone number, email and bank account number.
• When you visit our website: we collect and store your IP address, details of your entry time, and the name of your browser and general geographic location. We also collect information about how you use our websites and mobile applications. We collect some of this information using cookies and similar technologies.
• When you send us messages through our website: we additionally collect and store your full name, address, phone number and email.
The instances where we process special categories of personal data, specifically ethnic origin and health related data, are for the application of labor law, social security, and social protection law. In exceptional cases where we are informed about health issues for the provision of travel services, the processing aims to serve you better, occurs following your notification and explicit consent and such data is not retained after the completion of your travel.
Learn About the Principles We Adopt in Processing Your Data
Every personal data processing activity by our company adheres to the following principles, satisfying the requirements of the General Data Protection Regulation (GDPR) and the national legal framework for data protection. Therefore, your personal data:
• Is processed lawfully, fairly, and transparently (“lawfulness, fairness, and transparency”).
• Is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”).
• Is adequate, relevant, and limited to what is necessary for the purposes for which it is processed (“data minimization”).
• Is accurate and, where necessary, kept up to date. We take all reasonable steps to ensure that inaccurate personal data is promptly deleted or corrected, considering the purposes of the processing (“accuracy”).
• Is kept in a form that permits your identification only for as long as necessary for the purposes of processing, always applying appropriate technical and organizational measures to safeguard your rights and freedoms (“storage limitation”).
• Is processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
Understand the Purpose of Processing Your Personal Data
Provision of travel products and services: We use your information to book your travel, organize meetings and events, prepare itineraries and invoices, communicate with you about your travel or our products and services, provide customer service, and manage your account.
Provision of products and services to corporate clients: We use your information to comply with our agreements with your employer or travel sponsor, communicate about our products and services, help them ensure compliance with their policies and also to comply with our legal obligations, and to protect our legitimate interests.
Process payments: We use your information to process transactions and provide you with related customer service.
Operation of website and mobile applications: If you are a visitor to our website, the main purpose of retaining your data is to protect our website from malicious attacks and misuse, to monitor and improve the performance and content of our services, provide updates, analyze trends and usage in connection with our services.
If we wish to process your data for a different purpose than those mentioned above, we will inform you and proceed only with your explicit consent. A typical example is the retention of your personal data (name, phone number, email) to inform you about our company’s events and news. In any case, you have the right to withdraw your consent by contacting the Data Protection Officer at the email persdata@gstravel.gr.
Learn About Your Rights
We have provisions in place to optimally satisfy all your rights, such as:
• The right of access: to know which data we process, for what purpose and the recipients of this data.
• The right of rectification: to correct any inaccuracies or incomplete data.
• The right to erasure (“right to be forgotten”): to delete your personal data from our records, provided their processing is no longer necessary or their retention is not required for our compliance with legal obligations or for the defense of our legal interests before courts.
• The right to restrict processing: in case you dispute the accuracy of the data.
• The right to data portability: to receive your data in a structured and commonly used format.
• The right to object: if you do not want your data to be used for direct marketing purposes.
• The right to lodge a complaint with the Data Protection Authority (www.dpa.gr).
You can send your request to the Data Protection Officer at the email persdata@gstravel.gr or deliver it to our offices. In any case, we will facilitate the exercise of your rights unless we cannot verify your identity and always with the aim of protecting your personal data. We will respond to your request within one month, which may be extended by two additional months if necessary, considering the complexity of the request and the number of requests, informing you of the required extension and the reasons for the delay. Please note that we may need to retain certain information for recordkeeping; to complete any transactions you began before your request, or for other purposes as permitted by law.
How Long We Will Process Your Data
Our policy focuses on minimizing the retention period of your personal data. In other words, we make sure to delete your data once the purpose of processing has been fulfilled. However, existing legislation and our legitimate interests often require their retention. Specifically:
• If you send us your resume, we will keep it for 2 years and then either update your information or destroy it. If you want us to delete your resume from our records, before the 2-year period, you can submit your request at the email persdata@gstravel.gr.
• If you submit an inquiry through our website, we will delete it within 3 months and will not retain your data unless you give us explicit consent.
• If you are our client or supplier, we will retain your tax data for 10 years as required by tax legislation. Other data will remain stored in our database for as long as our cooperation continues.
• If you are our employee, we will retain your data until the expiration of the time during which any legal claims or disputes may be raised.
• If you are a visitor to our website, we will retain your data for 12 months and then delete it unless you give us explicit consent.
How We Share Your Personal Data
Your employer or travel sponsor – Our services to you may be provided under the terms of service agreements with your employer or travel sponsor. We share your information with them to allow them to manage their business travel needs and assure compliance with their company travel policies. At the request of your employer or travel sponsor, we may also share information with their vendors.
Travel suppliers and other travel service providers – We share information with travel suppliers (for example, airlines and hotels) and travel service providers (for example, ticket distribution systems and travel application providers), and the vendors for both, as necessary to book your travel and provide travel-related services to you and your employer. We do not sell information to third parties so that they can independently market their own products or services directly to you.
Vendors – We share information with vendors that perform functions on our behalf, such as other travel agencies, meeting and event planners, visa service providers, mobile application and software developers, and vendors who provide IT support, data hosting. These vendors access information only as necessary to perform their functions, as instructed in our contracts with them.
Business insights – We may combine data from many people to create aggregated statistics that do not identify you personally. We use this data to understand business trends and insights, and we may share them with third parties.
Business transfers – If we negotiate or complete a transaction involving all or part of the business (for example, a reorganization, merger, sale or acquisition), we may disclose information to third parties involved in the transaction to the extent permitted by law.
As required or permitted by law – We may disclose information to regulatory authorities, courts, and government agencies where we believe doing so would be permitted or required by law, regulation or legal process, or to defend the interests, rights or property of GS Travel SA or others.
We may also share personal information with other parties as directed by you or subject to your consent.
Please note that all our external partners are bound by confidentiality clauses, confidentiality obligations and the requirement to take appropriate technical and organizational measures.
How We Protect Your Data
We ensure the security of processing through appropriate technical and organizational measures, always following the latest technological advancements to protect your data from unauthorized access, misuse, alteration, unauthorized disclosure, loss or accidental/unlawful destruction and any other form of unlawful processing. Every software application used by our company is constantly updated with the latest upgrades, improving the security level.
We retain your information only as long as needed to provide our services and for legitimate business purposes, unless we are required by law or regulation or for litigation and regulatory investigations to keep it for longer periods of time.
International Transfers
We may transfer your information to jurisdictions outside of your home country for the purposes described here, including to countries that may not provide the same level of data protection as your home country. To protect the information, transfers will be made in accordance with appropriate data transfer agreements and other protections. Regardless of where we process your information, we protect it in the manner described in this Privacy Policy and in accordance with applicable law.
Changes
As we improve and expand our activities, we will ensure the prompt updating of this policy. If we make material changes to this Privacy Policy, we will post a notice on our website before the changes go into effect, and notify you as otherwise required by applicable law.
Questions
If you have questions or complaints about GS Travel SA and privacy, please contact us at:
2 Marathonomachon Str., Argyroupoli,164 52 Greece
Tel: 00 30 210 37 16 300
Fax: 00 30 210 32 49 700
Email: persdata@gstravel.gr
In most cases, we will ask that you put a complaint in writing. We will investigate your complaint and will generally respond to you in writing within 30 days of receipt. If we fail to respond or if you are otherwise dissatisfied with the response that you receive from us, you may have the right to make a complaint to your regulator.
Date of Update of This Privacy Policy
09/02/2024