+30 22420 29900 info@exas.gr
       

Privacy Policy

Effective Date: 29/03/2025

At EXAS Travel, your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable laws. This policy applies to all users of our services, including visitors of our website (exas.gr), booking systems, and other platforms operated by us.

1. Data Controller
The data controller for your personal data is:

EXAS Travel Service
10 Vas. Georgiou Str, 85300 Kos, Greece
Email: info@exas.gr
Tel: +30 22420 29900

2. What Data We Collect
We may collect and process the following categories of personal data:

  • Identification Data: Full name, gender, nationality, date of birth, passport or ID number

  • Contact Information: Email address, phone number, mailing address

  • Travel Details: Booking references, travel itinerary, accommodation details, seat preferences

  • Passenger Information: Names and ages of accompanying minors

  • Payment Data: Partial credit/debit card information (via Stripe), transaction ID, billing details

  • Account Data: If you create an account with us, login credentials and booking history

  • Communication Records: Emails, messages, phone call logs, complaints, inquiries

  • Marketing Preferences: Newsletter subscriptions and opt-in/out records

  • Technical Data: IP address, browser type, device information, cookies (see our Cookie Policy)

3. How We Collect Your Data
We collect your data:

  • Directly from you during the booking or inquiry process

  • Through our website and online platforms when you fill out forms

  • Automatically through cookies and similar technologies (see Cookie Policy)

  • From third-party travel agents or platforms with whom you have made bookings

4. Legal Basis for Processing
We process your personal data based on:

  • Contractual Necessity: To process bookings, issue tickets, and provide customer support

  • Legal Obligation: For tax, accounting, and compliance purposes (e.g. storing invoices)

  • Consent: For marketing communications and certain optional services (e.g. newsletters)

  • Legitimate Interests: To improve our services, prevent fraud, or communicate with you

5. How We Use Your Data
Your data is used for the following purposes:

  • To complete and manage your bookings and ferry ticket issuance

  • To provide customer service and respond to your inquiries

  • To send confirmations, updates, and reminders related to your bookings

  • To improve our website, services, and user experience

  • To manage and verify payment processing via Stripe

  • To send promotional emails and newsletters (only with your consent)

6. Sharing Your Data
We may share your data with:

  • Ferry and travel service providers for ticket issuance and excursion bookings

  • Payment processors (e.g. Stripe) for secure transaction processing

  • Hosting and IT service providers that support our digital infrastructure

  • Government authorities (e.g. port police, customs) when required by law

  • Affiliates, partners, or subcontractors involved in providing the services you’ve requested

All third parties are contractually bound to safeguard your data under GDPR.

7. International Data Transfers
Where data is transferred outside the EU (e.g. via Stripe or other providers), we ensure appropriate safeguards are in place such as:

  • Standard Contractual Clauses (SCCs)

  • Provider certification under frameworks deemed adequate by the EU Commission

8. Data Retention
We retain personal data only for as long as necessary:

  • Bookings & transactions: 6 years (for tax/audit/legal purposes)

  • Communications & inquiries: 3 years

  • Marketing consent records: until revoked

  • Account data: until deletion by the user or after 2 years of inactivity

9. Your Rights Under GDPR
You have the right to:

  • Access your personal data

  • Correct inaccurate or outdated data

  • Request erasure of your data ("right to be forgotten")

  • Restrict or object to processing

  • Port your data to another provider

  • Withdraw your consent at any time (for marketing or optional processing)

  • Lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr)

10. Data Security
We implement technical and organisational measures to protect your data, including:

  • Secure servers with SSL encryption

  • Firewalls and intrusion detection systems

  • Access restrictions and authentication protocols

  • Staff training and internal policies on data handling

11. Marketing Communications
You can choose whether to receive marketing communications from us. You may opt out at any time by:

  • Clicking the "unsubscribe" link in any promotional email

  • Contacting us at: online@exas.gr

12. Cookies and Tracking
Our website uses cookies to:

  • Ensure proper website functionality

  • Remember user preferences

  • Analyse usage for improvements

You can manage or disable cookies via your browser settings. For more information, see our [Cookie Policy].

13. Updates to This Policy
We may revise this Privacy Policy from time to time. Any updates will be posted on this page with the new effective date.

14. Contact Us
For any questions regarding this Privacy Policy or your personal data, contact:

Privacy Contact Person - Email: online@exas.gr
Tel: +30 22420 29900

This policy was last updated on 29/03/2025.

EXAS Help
Need help with your booking? Talk to our operators on Facebook Messenger.

Click Here