We, Asteropi Georga (“GREtour”), take the protection of your personal data seriously and protect your privacy when processing them in accordance with the applicable data protection regulations.
2. Name and Contact Information of the Controller
The controller for the processing of data within the meaning of the General Data Protection Regulation (GDPR) is:
Asteropi Georga, Koskinou, 85100, Rhodes, Greece E-mail: firstname.lastname@example.org
You can find further information on GREtour in the Legal Notice.
3. Contact Information for the Data Protection Officer
Our data protection officer is:
George Pilarinos, Koskinou, Rhodes 85100 Greece
You can contact our data protection officer confidentially by mail to the above-mentioned address. Alternatively, you can contact our data protection officer and our data protection crew by e-mail at: email@example.com
4. Data Security
GREtour uses appropriate technical and organizational security measures to ensure a level of protection for personal data appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and the degree of risk. The transfer of personal data between your end device and GREtour is generally carried out in an encrypted form (TLS encryption). You can identify an encrypted connection for example by the lock symbol in the address line of your browser.
If you communicate with us by e-mail, access by third parties cannot be ruled out. In the case of confidential information, GREtour therefore recommends using the mail or encrypted e-mail communication (PGP). Please let us know if you would like to correspond with us by e-mail in an encrypted form so that we can give you information on the relevant addresses and public keys.
5. Provision of the websites
When visiting GREtour websites for information purposes, i.e. even without being registered, data is automatically collected regarding the usage through your browser (hereinafter “surf data”). This includes your IP address, the status code, the GREtour websites visited, date and time of the server request, browser type and browser version, referrer (website visited beforehand), files transferred and data volume. The surf data is stored by GREtour in so-called log files.
We inform you about the cookies and analysis services used by GREtour in section 6. Otherwise, your surf data will not be provided to third parties. The processing of surf data is mainly carried out to establish and maintain the technical connection when surfing the internet. This data is also used by GREtour in a pseudonymized or anonymized form in order to analyze the use of our websites, to design and improve the GREtour services to meet demand, to recognize and eliminate technical or process-related disruptions and problems and to prevent illegal use of the GREtour services (e.g. fraudulent booking, cyberattacks).
Stored log files are erased or anonymized, provided they are no longer required to ensure the general functionality of GREtour services. GREtour retains the log files only insofar as you have consented to this or if there are legal retention obligations.
The legal basis for the processing of personal data when providing websites is Art. 6 Paragraph 1 lit f GDPR (GREtour’s legitimate interest). Insofar as you, as a GREtour user or customer, have consented to an extended usage of your surf data, the legal basis is Art. 6 Paragraph 1 lit. a GDPR.
6. Cookies, pixels and similar technologies
When using GREtour services, cookies, pixels or similar methods may be used. This is common for most large websites.
Within the scope of your visit GREtour will set the necessary cookies which are technically necessary, to improve the functionality or make the use of GREtour services more user-friendly (e.g. language, login status). GREtour also uses its own cookies – pseudonymised or anonymised if possible – to analyse and improve the use of the GREtour services, to identify and eliminate malfunctions and problems of a technical or process-related nature and to prevent illegal use of the GREtour services (e.g. fraudulent booking, cyberattacks).
In addition, GREtour uses its own cookies, pixels or similar methods or those of advertising partners (e.g. search engine providers, advertising networks or distribution partners) to improve GREtour services or to measure, evaluate, design and improve advertising measures. In this respect GREtour uses various analysis tools. As far as possible, the evaluation is always pseudonymised or anonymised.
You can prevent the storage of cookies and delete existing cookies at any time in the settings of your browser. However, this may lead to the fact that individual functions of the GREtoure Services are not or only partially available. The storage period varies per cookie and can be viewed in your browser.
The legal basis for the processing of personal data when using cookies, pixels and similar procedures are Art. 6 para. 1 lit. a (your consent) and lit. f DSGVO (legitimate interest of Blacklane).
7. Social Media / Social Networks
7.1 GREtour’s Social Media Presence
GREtour maintains pages in social networks such as Twitter, LinkedIn or Facebook. The respective provider of the social network provides detailed information about which personal data is processed and how. In addition, please see our notes on our pages on the respective platforms.
7.2 Facebook, Facebook Messenger and Facebook Connect
GREtour uses services of the social network, Facebook operated by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). The controller for the data processing in Europe for Facebook is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can access Facebook’s data protection information here: https://www.facebook.com/about/privacy/
You can contact us and exchange messages with GREtour via Facebook Messenger.
8. Data Processing During Registered Use of GREtour Services and Booking Rides
GREtour processes the following personal data provided by you when you register and use GREtoure Services or when you book rides (hereinafter “customer data”).
- Personal master data (form of address, title, first name, last name, company, address, zip code, place, country, password);
- Contact data (e.g. telephone number, cellphone number, e-mail address);
- Contract data (e.g. time and manner of registration, status)
- Ride-related data (e.g. pickup location, destination, times, flight number, special requests).
- Status (e.g. bonus program), customer history (e.g. previous rides);
- Contract invoicing (e.g. invoices, status, invoicing address) and payment data (e.g. last 4 digits of the credit card number).
The customer data will be used for GREtour services, i.e. for the personalized fulfillment of the framework agreement after registration, for the procurement of booked rides and for the fulfillment of the contract of carriage for the benefit of the customer with the limousine service provider. GREtour provides customer data to third parties, if necessary, in particular to the limousine service providers so that the customer can be transported in accordance with their booking and the transport can be processed.
The legal basis for the processing of personal data during the registered use of GREtour Services and during the booking of trips is Art. 6 para. 1 lit. b GDPR (contract performance). If the data subject provides additional, voluntary information (e.g. flight number, frequent flyer programme, special requests, rating), the legal basis is their consent according to Art. 6 Paragraph 1 lit a GDPR and our legitimate interest according to Art. 6 Paragraph 1 lit. f GDPR.
In addition, GREtour processes customer data in order to analyse the use of the GREtour Services, to design and improve them in a demand-oriented and personalised manner, to advertise the GREtour Services, to detect, limit and eliminate malfunctions and problems of a technical or process-related nature and to prevent illegal use of the GREtour Services (e.g. fraudulent booking, cyberattacks). In this respect, the legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest of GREtour). Data will not be passed on to recipients in this respect unless to GREtour’s data processors (see Art. 28 GDPR) or as far as otherwise permitted by law.
9. Payment & Fraud Prevention
All GREtour bookings can be paid by credit or debit card. The credit card information only has to be stored once upon the first booking and is protected against unauthorized access. For this purpose, a certified payment provider is used whose systems meet the applicable security standards, such as the PCI DSS standard (Payment Card Industry Data Security Standard). For recurring transactions, the card data is stored with our assigned PCI DSS-certified payment provider. In this respect, the legal basis for the processing is Art. 6(1)(b) GDPR (performance of contract).
GREtour itself does not store credit card data or only in abbreviated form for analysis purposes or to prevent fraud. The legal basis for this is Art. 6 Paragraph 1 lit f GDPR (GREtour’s legitimate interest)
In addition to card payment, you can pay for your bookings via PayPal in our mobile apps (Android / iOS). In this case, on the basis of Art. 6 (1) b) GDPR, personal data such as the e-mail address of your PayPal account and information about your mobile device (e.g. Device ID) will be transmitted by us to PayPal (Europe) S.à.r.l et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, for the purpose of fulfilling the contract. For more information on data processing by PayPal, please visit: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
9.2 Fraud Prevention
To ensure that a payment instrument is used by its rightful owner and to prevent fraud, IP addresses, e-mail addresses, payment data and card information may be transmitted to one or more external fraud prevention service providers. This transmission may also contain additional personal data. The external fraud prevention service providers process these personal data on behalf of GREtour. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR (legitimate interest of GREtour).
In the course of the authentication of the cardholder, it may also be necessary for individual transactions that GREtour requires a copy of an additional identification document (e.g. identity card, passport, drivers’ licence) or a copy of the credit card. GREtour will ask you to black out any data that is not required (e.g. the credit card number except the last four digits). In this respect, the legal basis is Art. 6 para. 1 lit. b GDPR (fulfilment of contract), your consent (Art. 6 para. 1 lit. a GDPR) and our legitimate interest (Art. 6 para. 1 lit. f GDPR).
10. Communication with GREtour
If you contact GREtour (e.g. by phone, contact form, feedback form, chat, messenger, e-mail or social media (Facebook, Instagram, Twitter)), the data you provide will be processed to handle your request and to answer your inquiry. The legal basis is Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (fulfilment of contract and initiation of contract).
Contact data is also used by GREtour – pseudonymised or anonymised if possible – to design and improve GREtour services according to your needs, to identify and eliminate malfunctions and problems of a technical or process-related nature and to prevent illegal use of GREtour services (e.g. fraudulent booking, cyberattacks). In this respect, the legal basis for the processing of personal data is Art. 6 para. 1 letter f GDPR (legitimate interest of GREtour).
GREtour also uses external services and tools, e.g. messenger services or chat support tools, to communicate with the customer. The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest of Blacklane). Agreements on commissioned data processing exist with the respective providers – where necessary.
11. E-mail Advertising, Newsletter
If you have agreed to receiving advertising or if GREtour otherwise has the right, we will use your customer data to send you personalized advertising or general newsletters. The following data is mainly affected: Form of address, name, e-mail address. The purpose of the data processing is for GREtour to inform you regarding current offers and to draw attention to features of GREtour services.
E-mail advertising and newsletters may contain pixels. In this case, a graphic file is inserted into the e-mail sent in HTML format, based on which a statistical evaluation may be carried out. By using pixels, GREtour can detect whether and when e-mails have been opened and links contained therein clicked.
GREtour has the right, in context of legal permission to use the e-mail address, which you have provided regarding a chargeable booking, to directly advertise its own, similar products or services. If you do not wish to receive advertising from GREtour for similar products or services, you may at any time revoke the corresponding use of your e-mail address without incurring any costs other than the transmission costs in accordance with the base tariffs. To this end, you can use the unsubscribe link contained in any mail or you can write an e-mail to us using the above-mentioned e-mail addresses.
12. Involvement of Data Processors by GREtour
As far as GREtour involves third parties in its data processing, e.g. technical service providers or other GREtour subsidiaries, this is always done on behalf of GREtour and only if these processors offer sufficient guarantees that suitable technical and organisational measures are carried out in such a way that the processing is in accordance with the data protection requirements, in particular Art. 28 GDPR, and guarantees the protection of the rights of the data subject. If processors are located in third countries, the data protection requirements for the transfer pursuant to Art. 44 et seq. GDPR are complied with in each case. As a rule, the appropriate guarantees in third countries are established by means of an adequacy decision (Art. 45 para. 3 GDPR) or the agreement of standard contractual clauses (see Art. 46 para. 2 c) GDPR in conjunction with Art. 93 para. 2 GDPR).
13 Rights of Data Subjects
If your personal data is processed by GREtour, you are the data subject (Art. 4 No. 1 GDPR). As the data subject, you have the following rights in relation to the personal data affecting you:
13.1 Right to information (Art. 15 GDPR)
The data subject has the right to obtain a confirmation from the controller as to whether personal data is processed; if this is the case, they have a right of information about this personal data and further information on the data processing.
13.2 Right to rectification (Art. 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the rectification or completion of inaccurate personal data.
13.3 Right to erasure (Art. 17 GDPR)
The data subject has the right to demand from the controller the erasure of personal data without undue delay and the controller is obliged to erase personal data without undue delay, provided the data is no longer required, the data subject revokes their consent or lodges an objection to the processing, the personal data was processed unlawfully or there is otherwise a ground for erasure within the meaning of Art. 17 GDPR and the controller does not have the right to object to erasure.
13.4 Right to the restriction of data processing (Art. 18 GDPR)
The data subject has the right to demand from the controller the restriction of processing when one of the conditions mentioned in Art. 18 GDPR applies, namely the accuracy of the personal data is contested by the data subject or the processing is unlawful and the data subject opposes the erasure of the personal data.
13.5 Right to objection (Art. 21 GDPR)
Insofar as the data processing is based on a legitimate interest from our side (Art. 6 Paragraph 1 lit. f GDPR) or is direct advertising, the data subject has at any time the right to lodge an objection to the processing of personal data affecting them for the reasons mentioned in Art. 21 GDPR. The controller will then no longer process the personal data, unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defense of legal claims.
13.6 Right to data portability (Art. 20 GDPR)
The data subject has the right within the meaning of Art. 20 GDPR to receive the personal data, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided.
13.7 Right to lodge a complaint (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR.
13.8 Revocation of consent (Art. 7 para. 4 GDPR)
If the data processing is based on the consent of a data subject, the data subject has the right to revoke his or her consent at any time. You can do this by sending an e-mail to: firstname.lastname@example.org The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
14. Automated decisions
In the case of GREtour, you are only subject to an automated decision process (see Art. 22 GDPR) in exceptional cases if you re-enter a payment method via which a payment has already previously failed or when current indications justify the suspicion that it is a fraudulent booking. In these cases, your request to book a ride with GREtour will be refused. Such an automatic decision is required to conclude the contract (Art. 22 Paragraph 2 lit a GDPR). The data subject has the option of contacting us using the mentioned contact data in order to have an explanation or an intervention by a person or to express their point of view.
15. Data Erasure and Storage Duration
We will erase your personal data as soon as the legal basis for its processing lapses. However, legal bases may also exist in parallel or a new one may intervene with the lapsing of a legal basis, such as for example the duty to store determined data to fulfill a legal retention obligation (e.g. according to commercial or tax law).
Issued: December 3, 2020.
Cookies may be distinguished according to their operating life between session cookies, which are deleted automatically after ending the browser session or permanent cookies, which are stored beyond the individual browser session and enable subsequent recognition of the end device. A distinction is also made between GREtour’s own cookies and those of third parties.
You may prevent the storage of cookies at any time using your browser settings or delete any cookies present. However, this may mean that some functions of GREtour services may not be available or available only to a limited extent. The storage duration is different depending on the cookie and can be inspected in your browser.
The legal basis for the processing of personal data when using cookies, pixels and similar technologies is Art. 6 Paragraph 1 lit a (consent) and lit f GDPR (GREtour’s legitimate interest).
In the context of your visit, GREtour will set the required cookies, which are technically necessary, to improve functionality or make the use of GREtour services more user-friendly. This concerns, for example,
- Your identification and authentication,
- Storage and user preferences and settings (e.g. language settings), which you have made,
- the inclusion of information already provided so that repeated input of information is not necessary,
- security-related cookies or
- cookies for using multimedia players
GREtour also uses its own cookies in order to analyze and improve the usage of GREtour services, to detect and remedy interruptions and problems of a technical or process-related nature and to prevent illegal usage of GREtour services (e.g. fraudulent booking, cyberattacks). Evaluations by GREtour take place in pseudonymized or anonymized form as far as is possible.
Additionally, GREtour uses its own cookies, pixels or similar technologies or those originating from advertising partners (e.g. search engine providers, advertising networks or distribution partners) in order to improve GREtour services or to measure, evaluate, design and improve advertising measures. GREtour uses different analysis tools in this regard. In this respect, an evaluation by GREtour takes place in pseudonymized or anonymized form as far as is possible.
The following cookies, pixels and similar technologies may be used in the context of GREtour’s services:
Google Ads (former Google AdWords Conversion Tracker)
GREtour uses the online advertising program “Google AdWords” and as part of Google AdWords, the conversion tracking of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We use the Google AdWords service to bring attention to our services with the help of adverts (so-called Google AdWords) on external websites. The cookie for conversion tracking is placed when a user clicks on an AdWords advert placed by Google. Cookies are small text files which are stored on your computer system. These cookies generally become invalid after 30 days and do not allow personal identification. If you visited a certain site and if the cookie has not yet expired, we and Google can recognize that you have clicked on the advert and were taken to this site. Every Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The collected information by use of the conversion cookie serves to generate conversion statistics for AdWords customers who have opted for conversion tracking. The customers find out the total number of users who have clicked on their advert and were taken to a page provided with a conversion tracking tag. However, they do not receive any information by means of which users can be personally identified. The data collected will be stored and processed in the USA.
If you would not like to participate in tracking, you may block its usage by deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.
GREtour uses Google Analytics, a web analysis service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
If you do not agree with the use of Google Analytics, the cookie settings in your browser can be adapted accordingly or the functions deactivated via https://tools.google.com/dlpage/gaoptout.
Google Dynamic Remarketing
GREtour uses the service, Google Dynamic Remarketing from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
When you visit our website, an ID in the form of a cookie will be stored on your device, which allows you to be recognized when you access a website which belongs to the Google advertising network. Ad banners may be displayed to you on these websites which relate to previously viewed content. Google does not collect personal data during this process. The data collected will be stored and processed in the USA.
If you do not agree with Remarketing, you can adapt the settings for cookies in your browser or deactivate the function at https://adssettings.google.com/.
In order to display fonts, GREtour uses Web Fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
When you access a website, you browser loads the required web fonts in your browser to correctly display the text and fonts. To this end, your browser connects to Google whereby Google finds out that our websites were accessed via your IP address.
Google Fonts are used in the interest of consistent and appealing display of the GREtour websites. If your browser does not support Google Fonts or Web Fonts, a standard font will be used by your end device.
GREtour uses the service, Google reCAPTCHA from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google reCAPTCHA serves to determine, during the booking process of a ride, whether the booking was made by a human or whether the supposed customer is an improperly used computer (“Bot”). Google makes this distinction using a small test, so-called reCAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). In order to confirm a booking, you must for example check a box or sort images according to a certain rule. It can then be discerned whether the visitor is a computer or a human, Google uses data such as IP address, browser, screen resolution, click behavior and, if necessary, other required data (e.g. cookies). The collected data is transferred to a Google server in the US for processing.
If you do not agree with the storage of cookies, you can adapt the cookie settings in your browser accordingly.
Google Tag Manager and Conversion Link
GREtour uses Google Tag Manager, a tool from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to manage website tags via an interface.
The Google Tag Manager implements tags or markers. The Google Tag Manager triggers other tags, which in turn may collect data.
The tag “conversion link” is used to store click data in own cookies which are linked to Blacklane domains. Conversions, i.e. planned behaviour, can be recorded by this function. Further information can be found here: https://support.google.com/tagmanager/answer/7549390?hl=de
In order to send e-mails, GREtour uses the e-mail service MailChimp provided by The Rocket Science Group LLC, 675 Ponce de Leon Avenue NE, Suite 5000, Atlanta, GA 30308, USA (“MailChimp”).
If you register for our newsletter or provide us with your e-mail address as part of registration, the data required for such purpose (e-mail address, language, country) will be transmitted to MailChimp in the USA and stored there. In addition to simply sending e-mails, MailChimp provides different analysis options to inform us of whether, when and where the distributed emails are opened, used or rejected. To this end, MailChimp uses, amongst other things, cookies and similar technologies.
Issued: December 3, 2020.