Information concerning the Processing of Personal Data
We would like to assure you that for BLUE STAR FERRIES the protection of the personal data of our customers, as well as the persons with whom we have any business relationship (such as for example our partners and suppliers) is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by third parties processing personal data on account of the company.
Controller – Data Protection Officer (DPO)
BLUE STAR FERRIES, member of Attica Group, headquartered in Kallithea at the junction of 1-7, Lysikratous Street & Evripidou Street, GR-17674, e-mail: firstname.lastname@example.org, Tel. No: +302108919000, informs you that, for the purposes of its business activities, it processes personal data of its customers, as well as of the persons with whom it has any business relationship in accordance with the applicable national law and European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data (General Regulation Data Protection Law, hereinafter "Regulation") as in force. For any matter concerning the processing of personal data, please contact us via e-mail at email@example.com or by post at the above postal address of BLUE STAR FERRIES.
What are the legitimate reasons for processing your personal data?
We only process the personal data you provide us [such as your name, contact details, e-mail address, telephone number, details of financial transactions (e.g. invoices of our partners), information on your travel itinerary, such as your reservation code, health information relating to the issue of tickets, or the reporting of passenger accidents, as well as the transfer of patients by ship] when we have a legitimate reason for doing so.
We inform you that BLUE STAR FERRIES does not keep or store credit/debit card details which are required for the completion of your purchases. These details are directly registered in a secure environment -where you are redirected- of the cooperating bank or the electronic service of e-payments acceptance, competent each time for the confirmation and management of the financial transaction.
Legitimate reasons for processing your personal data are:
(a) the provision of the services you assign to us and you wish to receive from us and, consequently, the discharge of our contractual obligations in this context;
(b) the safeguarding and protection of both yours and our legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras in order to be able to monitor and protect the security of individuals, materials, facilities, including ships;
(c) the smooth cooperation with our agents, suppliers and other partners, in the context of the execution of a contract that we have concluded, for example the issuance of tickets on behalf of our company.
(d) compliance with obligations under law, such as refunding fares, managing your claims for compensation, discounting fares for special categories of passengers, etc.;
(e) your consent under the specific conditions set out in the legal framework so that you may receive information regarding services, offers that are sometimes tailored to your personal preferences both by BLUE STAR FERRIES and/or third party affiliates operating on behalf of BLUE STAR FERRIES that process your personal data in accordance with the framework in force at any given time;
(f) the explicit disclosure by the data subject and the processing necessary to protect the vital interests of the data subject or another natural person if the data subject is legally or physically incapable of consenting; these are the legitimate reasons why we process any information on health data provided. This is relevant when issuing tickets, reporting passenger accidents, servicing people with reduced mobility and transferring patients.
It is noted that the provision of certain personal data is a requirement for the conclusion of the contract.
How and why do we use your personal data?
- To manage your travel reservations and provide our services. When you travel with us, we use the information required for the provision of our services, such as ticketing, completing check-ins, replacing tickets or refunding fares, managing your bookings and serving you as a customer individually or in groups.
- To communicate with you and manage our relationship with you. We may need to contact you by e-mail or telephone for administrative purposes, such as confirming your bookings and payments, notifying you in regard to your itinerary, handling requests you have submitted for services not received, any material damage and, generally speaking, handling your complaints.
- For the proper fulfillment of our contractual commitments and the smooth maintenance of our cooperation. From the contractual relationship between us (whether it is an existing agency contract, supply contract, service contract, etc., or we are in the pre-contractual stage of our transaction), we obtain and use the information required for the smooth development and optimization of our cooperation, such as the processing and disclosure of financial data and sales data of our agents, for which we inform the contractual party, for the purpose of the optimal organization and development of our sales.
- To let you know about our news and offers. Once you have consented to this, in accordance with the requirements of the legislative framework we will send you promotional messages about our travel services, updates and the offers of BLUE STAR FERRIES, sometimes tailored to your preferences and interests, if you have chosen to do so, so that we may improve your customer experience.
- To improve our services and protect our business interests. The business purposes for which we will use your information help us improve the services we provide, meet your expectations and control transactions from our sales, so as to respond to any requests for contesting charges on your cards and manage the clearance of our sales.
- To comply with legal obligations. When, for example, we collect information relating to passenger accidents, we handle ticket replacement or refund requests, passenger compensation & vehicle damage claims, keep an archive of complaints and passenger feedback. Also, when processing financial information of associates (agents, suppliers etc.) to meet our tax obligations.
- To safeguard our legitimate interests and protect individuals and goods. When we use CCTV and security cameras in order to be able to monitor and protect the security of individuals, materials and facilities, including ships.
Where are your data shared?
BLUE STAR FERRIES communicates your personal data to the following categories of recipients:
- State Authorities, Law Enforcement Agencies. When this is necessary for the execution of an itinerary and in accordance with the procedures laid down, and when it is necessary to provide more information in relation to the list of passengers and vehicles on specific itineraries.
- Associates of our company (company supporting booking systems, agencies, call center, advertising firms, companies of software production, supply and support etc.). BLUE STAR FERRIES works with associates to whom the company assigns the processing of personal data on its account (e.g. indicatively, ticketing agencies). In such cases, BLUE STAR FERRIES shall remain responsible for the processing of your personal data and shall specify the details of the processing, signing a specific contract with the associates tasked with processing activities, in order to ensure that the processing is carried out in accordance with the legal framework in force and that every natural person may exercise the rights conferred on them by the legal framework freely and without hindrance.
Furthermore, BLUE STAR FERRIES may transfer to third-party affiliates for the purpose of sending promotional material and information about products and services, provided that consent has been given by any natural person as mentioned above and that the foregoing concerning the written assignment of processing applies.
Regarding ticket reservations, the reservation system is used by the Group companies.
Data Storage Period
The length of the data storage period is decided on the basis of the following specific criteria, as appropriate:
When processing is required as an obligation under provisions of the legal framework in force, your personal data will be stored for as long as required by the relevant provisions.
When processing is done on a contractual basis, your personal data will be stored for as long as is necessary for the performance of the contract and for the foundation, exercise, and/or support of legal claims under the contract.
For purposes of promoting products and services (marketing activities), your personal data is retained until your consent is withdrawn. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent during the period prior its withdrawal.
What are your rights with respect to your personal data?
Any natural person whose data are being processed by BLUE STAR FERRIES enjoys the following rights:
- Right to access: You have the right to be made aware and verify the legitimacy of the processing. Thus, you have the right to access the data and receive additional information concerning its processing.
- Right to rectification: You have the right to study, rectify, update or modify your personal data by sending an e-mail to firstname.lastname@example.org or a letter to the postal address of BLUE STAR FERRIES.
- Right to erasure: You have the right to request the erasure of your personal data when we process it on the basis of your consent or in order to protect our legitimate interests. In all other cases (for example, where there is a contract, an obligation to process personal data required by law, public interest), this right is subject to specific restrictions or does not exist, as the case may be.
- Right to restriction of processing: You have the right to request a restriction on the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data and until verification takes place; (b) when you oppose the erasure of personal data and request the restriction of their use instead of erasure; (c) when the personal data are not needed for processing purposes but are necessary for the foundation, exercise and support of legal claims; and (d) when you object to the processing and it is verified that there are legitimate reasons that concern us and supersede the reasons for which you oppose the processing.
- Right to object: You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for the purposes of the legitimate interests we pursue as controllers, as well as for processing for direct marketing and consumer profiling purposes.
- Right to portability: You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them through commonly used editing methods. You also have the right to ask us, if technically feasible, to transfer the data directly to a different controller. Your right to do so applies to the data that you have provided to us and that is being processed by automated means based on your consent or performance of a relevant contract.
- Right to withdraw consent: When processing is based on your consent, you have the right to withdraw it freely, without affecting the lawfulness of processing based on you consent before its withdrawal.
In order to exercise any of the above rights, please contact us via e-mail at email@example.com or via letter sent to the above postal address of BLUE STAR FERRIES.
Right to complain to the HDPA
You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) through the following link: https://eservices.dpa.gr/ and the completion of the appropriate electronic form depending on the kind of complaint.
Personal Data Security
BLUE STAR FERRIES applies appropriate technical and organizational measures to secure the processing of personal data and to prevent the accidental loss or destruction and unauthorized and/or unlawful access to, use, modification or disclosure of personal data. In any event, the manner in which the Internet functions and the fact that it is freely accessible by anyone cannot guarantee that unauthorized third parties will never be able to violate the technical and organizational measures applied, gaining access and potentially using personal data for unauthorized and/or illicit purposes.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's personal preferences, interests or movements.
Please be advised that profiling takes place for marketing purposes when you consent to receive updates about our services and offers that have been tailored to your personal preferences and interests. Additionally, profiling takes place for the provision of the 'SeaSmiles' Loyalty service, as set out in the detailed notification provided in a specific section of the website (www.seasmiles.com). Finally, profiling may take place through social networking media that BLUE STAR FERRIES uses for marketing its products.