Privacy Policy
Effective Date: September 2018 | Last Updated: January 2026
At VIP Santorini, your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, and safeguard your personal data in compliance with Greek and EU data protection regulations, including GDPR. We encourage you to read it carefully.
Quick Navigation:
Information We Collect
We collect and process personal data through our website www.viptransferssantorini.com for the following purposes:
- Responding to your inquiries or information requests
- Managing your registration on our website or newsletter
- Delivering the services offered via our website
Note: While you may browse our website without disclosing personal data, engaging with our services or making a request will require sharing certain information. Protecting this information is a priority, and we adhere to applicable data protection laws.
What is Personal Data?
Personal data refers to any information that can identify you, such as your name, contact details, IP address, and browsing activities.
Data We May Collect
Newsletter Signup
Email address
Career Applications
Name, email address, and any information provided in your CV or cover letter
Website Usage
Data regarding how you interact with our website (pages visited, time spent, browser type, IP address)
Communication Records
Emails, phone calls, letters, or social media interactions with our team
Booking Information
Name, contact details, travel dates, special requests, and payment information for service bookings
How We Use Your Data
We process your personal data for specific, legitimate purposes, including:
1. Marketing Communications
- Sending occasional emails about our services and special offers
- Allowing you to opt in or out when you fill out a contact form
- Providing an unsubscribe option in every marketing email
2. Career Applications
- Evaluating your suitability for current or future roles
- Retaining your data for up to three years for follow-up opportunities (with your consent)
3. Customer Relationship Management
- Managing inquiries and service requests
- Processing bookings and payments
- Providing customer support and follow-up
- Storing and processing data securely to improve our offerings
Data Sharing Policy
We only share data internally within our customer relations, marketing, and communications teams or with trusted data processors for hosting and maintenance. Personal data is shared with third parties only with your explicit consent or as required by law.
Your Data Protection Rights
Under GDPR and applicable data protection laws, you have the following rights:
✓ Right to Access
Request details about the data we hold about you
✓ Right to Rectification
Correct inaccurate or incomplete information
✓ Right to Erasure
Ask us to delete your data where it is no longer required or legally necessary
✓ Right to Restriction
Limit how we process your data under certain circumstances
✓ Right to Object
Opt out of data processing for direct marketing or other purposes
✓ Right to Data Portability
Request your data in a structured electronic format for transfer to another party
✓ Right to Withdraw Consent
Revoke any previously granted consent for data processing at any time
How to Exercise Your Rights
To exercise any of these rights or for questions about this policy, contact us at: operations@vipsantorini.gr
Processing Time: If you unsubscribe from marketing communications, please allow up to 10 business days to process your request.
File a Complaint
You may also lodge a complaint with the Hellenic Data Protection Authority at www.dpa.gr
Data Retention
Your personal data is stored securely on encrypted servers, accessible only by authorized personnel.
Retention Periods
Without a Contract
Data is stored for five (5) years from the date of collection.
With a Contract
Data is retained for the duration of the contract and any applicable warranty or statutory limitation period thereafter.
Important Note: Once your data is deleted from our systems, we cannot guarantee you won't be contacted again if your information is publicly available elsewhere or if you provide it to us again through our website.
Security Measures
We implement robust technical and organizational measures to safeguard your personal data against unauthorized access, loss, or misuse:
End-to-End SSL Encryption
All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
Server and Application Firewalls
Multi-layered firewall protection prevents unauthorized access to our systems and databases.
Strict Access Controls
Only authorized personnel with legitimate business needs can access personal data, and all access is logged and monitored.
Regular Security Audits
We conduct periodic security assessments and updates to maintain the highest level of data protection.
Updates to This Policy
This Privacy Policy is effective as of September 2018 and was last updated in January 2026. We may update it periodically to reflect changes in legal requirements, services, or business practices. Any updates will be posted on this page with a revised "Last Updated" date.