Information concerning the Processing of Personal Data

Below you can find the privacy policy of PORFYROUSA MARITIME COMPANY, headquartered in Nafpaktos, Athinon 15 St., GR-30300, and AVLEMON MARITIME COMPANY, headquartered in Nafpaktos, Bousgou 1 St., GR-30300, both of which operate under the brand name “TRITON FERRIES”.

We respect your privacy and are committed to protecting your personal data. The present privacy policy informs you about the way we safeguard your personal data as a customer and it provides updates on your privacy rights and protection afforded by the law.

Our company is responsible for collecting, handling and processing your personal data. You are entitled to every right guaranteed by the 2016/679 EU regulations and all relevant European and national legislation. We will process your personal data strictly within the legal regulations. We will use your personal data when:

  • We have your explicit consent to do so.
  • In order to provide the service you assign to us and wish to receive from us and, consequently, the discharge of our contractual obligations in this context. 
  • It is dictated by our legal interests (or the legal interests of a third party) whenever your interests and fundamental rights do not override these interests.
  • We have to conform to legal or regulatory obligations.
  • It is dictated by public interest.

For any issues concerning the processing of personal data, please contact directly our Data Protection Officer (DPO) via e-mail: nn@olympiahellas.gr

1)   Reasons for processing your personal data:

We process any personal data you have willingly provided, for which we have secured your full consent, for the following reasons:

1a) To issue and manage your personal ticket, and in particular:

  • To communicate with you and manage our relationship with you. We may need to contact you by e-mail or telephone for administrative purposes, such as confirming your bookings and payments, notifying you in regard to your itinerary, handling requests you have submitted for services not received, any material damage and, generally speaking, handling your complaints.
  • To safeguard and protect both your and our legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras in order to be able to monitor and protect the security of individuals, materials, facilities, including ships.
  • To comply with obligations under law, such as refunding fares, managing your claims for compensation, discounting fares for special categories of passengers, and keeping an archive of complaints and passenger feedback. 
  • The explicit disclosure by the data subject and the processing necessary to protect the vital interests of the data subject or another natural person if the data subject is legally or physically incapable of consenting; these are the legitimate reasons why we process any information on health data provided. This is relevant when issuing tickets, reporting passenger accidents, servicing people with reduced mobility and transferring patients.

1b) To issue and manage the ticket for your vehicle, and in particular:

  • To safeguard and protect both your and our legitimate interests.  For this purpose, we use CCTV and security cameras in order to be able to monitor and protect the security of individuals, materials and facilities, including ships.

1c) For marketing purposes, and in particular:

  • To provide the services you assign to us and wish to receive from us and, consequently, the discharge of our contractual obligations in this context. This category includes the loyalty programme Triton Miles Club. The legitimate reason for processing your data is the execution of a contract in order to provide the service and benefits to the members of Triton Miles Club. In particular, all personal data disclosed during registration or for the management of your account, as well as the data from the trips you take that correspond to specific points, are processed as a whole or in part. 

2)  Categories of information collected:

We have the right to collect, process, store and forward various types of personal data that we have grouped as follows:

2a)  For the issuance and management of passenger tickets:

  • Identity data include full name, date of birth, gender (male/female), nationality, identity card number, passport number, type of vehicle and license plate number.
  • Contact data include telephone numbers (mobile, home landline, work phone, fax), home address, e-mail.
  • Ticket / booking data include the date and itinerary of your trip, the booking number, the transaction data with which you booked your ticket(s) and in particular the information of the card with which you paid or the details of the bank account from which you paid for the ticket(s).
  • Health data include information you will provide for a passenger who is in need of special care, or for the reporting of passenger accidents, as well as the transport of patients by ship.

2b) For the issuance of a ticket to transport your vehicle:

  • Identity data include full name, identity card number, passport number, type of vehicle and license plate number.
  • Contact data include telephone numbers (mobile, home landline, work phone, fax), home address, e-mail.
  • Ticket / booking data include the date and itinerary of your trip, the booking number, the transaction data with which you booked your ticket(s) and in particular the information of the card with which you paid or the details of the bank account from which you paid for the ticket(s).

2c) For marketing purposes:

  • Identity data include full name, telephone numbers (mobile, home landline, work phone, fax), home address, e-mail.

3)   How do we collect your data?

We collect your personal data in digital or in print form every time you use our services, whether they are provided directly by us, or when you travel with our ships, when you use our website, our phone services or cellphone applications, and our company e-mail.

4)   For how long do we keep your personal data?

We will keep your personal data only for as long as is needed to fulfil the purpose for which they have been collected, including the fulfilment of any legal or accounting obligation, or mandatory mention.

To specify the length of time for keeping personal data, we examine the quantity, the nature and the sensitivity of personal data, the potential danger of harm by unauthorized use or disclosure of your personal data, the purpose for which we process your personal data and whether we are able to fulfil such purpose by other means, within the existing legislation. In particular:

4a) For the issuance of your personal ticket/ boarding pass: The passenger’s tax data are kept for a period of ten (10) years from the date of issue of each tax document, to be made available, as required, to the tax authorities within the time frame of valid tax demands. Any data pertinent to establishing, enforcing and supporting legal claims of the Company or a third party in the presence of any competent court of law or administrative authority are kept for a period starting at the time that the Company demands are generated and up to twenty (20) years or for a longer period up to the statute of limitations and the termination of possible bilateral litigations. The Company may keep the passenger’s personal data after fulfilling the purpose of collecting and processing them if such is our legal obligation as stipulated by any relevant legal provision.

4b)  For the issuance of a ticket to transport your vehicle: for tax purposes the data are kept for a period of ten (10) years from the date of issue of each tax document, to be made available, as required, to the tax authorities within the time frame of valid tax demands. Any data pertinent to establishing, enforcing and supporting legal claims of the Company or a third party in the presence of any competent court of law or administrative authority are kept for a period starting at the time that the Company demands are generated and up to twenty (20) years or for a longer period up to the statute of limitations and the termination of possible bilateral litigations. The Company may keep the passenger’s personal data after fulfilling the purpose of collecting and processing them if such is our legal obligation as stipulated by any relevant legal provision.

4c) For marketing purposes: the data collected for the specific purpose are kept for a period of three (3) years from the year the last ticket was issued for a passenger – member of our loyalty club.

In certain cases, you have the right to ask us to delete your data. For more information concerning the right of deletion please refer to the relevant section below. In certain cases, we reserve the right to anonymize your personal data (so as not to be linked to you) for statistical purposes or for marketing purposes, and in this case, we reserve the right to use this information for a period as specified above.

5)   Protection of your personal data:

We have taken all appropriate organizational and technical precautions to safeguard and protect your personal data from unintentional or fraudulent destruction, accidental loss, distortion, unlawful dissemination or access and any other kind of unauthorized processing.

6)   Who are the recipients of your data?

Our company guarantees that it will not forward, share, or relinquish etc. your data to others (except the ones mentioned in this document) for any reason or use unless this is dictated by the present legislation or stipulated by public/judicial bodies or authorities. Only the necessary minimum of Company personnel, all of whom are bound to confidentiality will have access to your personal data, which also applies to our partners who comply with our directives and are aligned with the provisions of the 2016/679 EU regulation and they process your data as joint data controllers or as data processors on our account and according to our directives.

Indicatively, recipients of your data are the ticket agencies that sell tickets and manage ticket reservations, as well as the accounting companies that handle our Company’s financial statements.

7)   How do we ensure that the processors and sub-processors respect your data?

The processors working on our account have agreed with the company and are contractually committed:

  1. to uphold confidentiality;
  2. not to forward your data to third parties without our Company’s permission;
  3. to take safety measures;
  4. to comply with the legal framework concerning personal data protection and particularly regulation 679/2016/EU (GDPR);
  5. to have been informed and observe all relevant laws and regulations towards the protection of personal data.

In the execution of their duties, the processors may at times employ other persons called sub-processors. In this case, the data controller will have authorized them to handle all or part of data processing. As a result, sub-processors have the same obligations and rights as the processors, as these are analyzed in the present policy and always within the framework of their delegated duties and bear full responsibility as would the processor.

8)   Your Rights: You have the right to:

8a) request access to your personal data (“subject access request”). This provides you with a copy of your personal data as kept by us and it allows you to ensure that we process them according to the provisions of the law.

8b) request the correction of your personal data kept by the company. You may correct incomplete or faulty data or add to the data we have for you, though we have the right to ask you for verification of the new data provided.

8c) request that your personal data be deleted subject to time period limitations as stipulated in paragraph 4. Still, as you probably know, we may not always be able to comply with your deletion request for specific legal reasons for which you will be notified, if necessary, on submission of your request.

8d) oppose the processing your personal data when you deem that your fundamental rights and freedoms have been violated. You also have the right to oppose the processing your personal data for marketing / promotional purposes.

8e) request the restriction of processing your personal data. This allows you to ask us to suspend processing your personal data in the following cases: i) if you wish to verify the accuracy of the data, ii) when the company’s use of the data is not desired, but you do not wish us to delete your data, iii) when you wish for us to keep your data even if we do not ask for it, in case it is needed for you in order to confirm, exercise or defend legal claims, or, iv) if you have objected to our using your data, but you have to verify whether we have compelling legal reasons to do so.

8f) request personal data transmission to you or to a third party. We will provide you or the third party you have specified with your personal data in a structured, readable form. This specific right pertains only to information we have received with your consent during signing the contract or later, up to the time the request has been submitted.

8g) withdraw your consent in case you realize and can prove that it has stopped being lawful. Nevertheless, this cannot influence legitimate processing that took place before you withdrew your consent. If you withdraw your consent, it may not be possible for us to offer you certain products or services.

In case you wish to exercise any of the rights mentioned above, please contact us.

9)   How you may exercise your rights?

For any clarification concerning the present privacy policy, including any request to exercise your legitimate rights, you can email us at: nn@olympiahellas.gr

You can always submit your complaints concerning the processing of your personal data to the supervising authority. In Greece, this authority is the Hellenic Data Protection Authority (HDPA) and you can access it and find relevant details via the following link: www.dpa.gr. Be that as it may, it would be appreciated if you were to contact us first concerning your queries before approaching the Data Protection Authority. Therefore, we kindly ask you to get in touch with us first, using the contact information provided above.

10)   Usually no fee is required. 

You will not be asked to pay in order to access your personal data (or to exercise any one of your other rights). Nevertheless, we reserve the right to ask for a reasonable fee if your request is clearly unfounded, repetitive or abusive.

11)   What information we may request from you:

We have the right to ask you for specific information in order to verify your identity and safeguard your right to access your personal data (or exercise any one of your other rights). It is a protective measure, which ensures that your personal data will not be accessed by unauthorized persons. We also have the right to contact you and ask for further information concerning your request, in order to speed up our response time.

12)   Response Time:

We try to reply to all legitimate requests within one month. It may take longer than a month to reply if the request is particularly complex or if you have submitted a series of requests. In such case, you will be notified accordingly.

13)   How will you be informed in case there are any amendments to this Policy?

We reserve the right to modify the present policy and effect any changes in the information provided previously, within the constraints of the law. 

14)   Information concerning the “Pre-boarding Health Declaration Questionnaire”

Following the instructions of the Greek Authorities for dealing with the spread of COVID-19, all passengers travelling by ship (for trips taking more than 30 minutes) have to fill in the “Pre boarding health declaration questionnaire” and submit it to the vessel’s Chief Purser along with their ticket, when boarding, prior to the vessel’s departure. This questionnaire contains personal data. The processing of personal data is carried out for reasons of public interest for the protection of public health and the treatment of the consequences of coronavirus COVID-19 and is governed by the provisions of the General Regulation for the Data Protection and Law 4624/2019 (Government Gazette 137/Α’/2019). We are jointly responsible for the processing with the Ministry of Shipping and Island Policy. The filled in forms are kept on board the ship for a period of two (2) months from the date received and are not shared with third parties, unless required by law or by a guideline from the Greek Government requesting us to keep them for a longer period of time and/or give them to the responsible Authorities.

Detailed information can be found at the Ministry of Shipping and Island Policy website, at https://www.ynanp.gr/el/ in the section: Instructions and Passenger Questionnaires.