PRIVACY POLICY
B&A e-Travel S.A. is the manager of the website www.banda.gr . B&A e-Travel S.A. operates and respects your privacy and is committed to complying with this Privacy Policy, which describes how B&A e-Travel S.A., as a travel and software company, collects and uses the personal data you provide to us. This Privacy Policy describes what personal data we collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding our use of your personal data. We also describe the measures we take to protect the security of your personal data and how to contact us.
This Privacy Policy provides mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing by B&A e-Travel S.A. when using this website.
We encourage you to carefully read this Privacy Policy and select the option “I agree” if you understand and agree with its terms.
This privacy policy should be read together with:
-
The cookie policy
Contents:
-
Object of our Services
-
Personal Data Processing
-
Who has access to your data
-
What information we collect from you
A. Βrowsing the website
B. Communication with B&A
C. Processing of our Visitors’ Data
D. Processing Data for advertising purposes
E. Links to other websites
F. Submitting an application – Curriculum vitae for a job
G. Partners – suppliers -
What are your rights
-
How can you exercise your rights
-
When do we respond to your requests
-
Where can you appeal if we violate the applicable law on the protection of Personal Data
-
Contact Details
1. Object of our Services
Our company is dedicated to offering B2B services. Through our www.banda.gr website we enable our visitors (tour operators / travel agents) to browse the software and travel services we offer and contact us for further enquiries. This Privacy Policy applies to the personal data collected for you or the data concerning our business partners.
2. Personal Data Processing
In the course of providing its services, B&A e-Travel S.A. collects personal data via email/ contact forms. Personal data is any information that can be used to identify you or that we can link to you. We receive the personal data in order to contact you, following up on your request for communication.
i. Purpose and legal basis of processing
Our visitors are the ones that provide us with the data via email/ contact forms and thus determine the purpose of the processing, through the use of our services.
ii.Where we store the information you have provided
The data we collect is stored in the European Economic Area.
iii.What information we collect
There are various ways through which data is shared with us:
In most cases, Personal Data is provided to us by users (travel agents – tour operators) in order to supply them with information on our software products and travel services. In other cases, we collect the information (for example when we use cookies to make browsing on the website easier and to understand how you use our website).
You can find the cases that involve processes of your personal data, their purpose and description listed below. Please remember, it is your responsibility to ensure that the data you provide is true and accurate.
A. Browsing the Website
When browsing our website, the following information is sent by your browser to our website automatically and without any action on your part:
-
Your device’s IP address that made the URL request on our website.
-
Date and time of access.
-
Name and URL of the file requested.
-
The referrer-URL.
-
The browser you use, the operating system of the computer with internet access as well as the access provider.
-
The geolocation of your browser, operating system or other settings of your terminal, if you have agreed to it.
All of the data listed above are temporarily stored in a log file.
Purpose and Basis for Processing
The purpose of everything listed above is to guarantee a proper connection establishment, an easy browsing of the website and the safety and stability of the system.
The lawful basis for processing is Article 6 par.1 section f GDPR, which allows us to process data when it is necessary for the purposes of our legitimate interests.
For how long we store the information
Data are stored temporarily for the duration of the session and then they are automatically deleted. When you stop using our website, geolocational information is deleted.
Who has access to your data
We generally exclude the transmission of this data to third parties.
B. Communication with B&A
Whenever you contact us for general enquiries about our company or our products and services, we keep the information you provide us with in order to respond to your requests.
Purpose and Lawful Basis for Processing
The legal basis for processing is Article 6 (1) (f) of GDPR, ie the legitimate interest of our company.
For how long we store the information
The information we keep regarding general enquiries about our company and its products is deleted six months following your last communication with us.
Who has access to your data
We generally exclude the transmission of this data to third parties.
C. Processing of our visitors’ data
The following data protection notes apply to you, if you contact us, if contract negotiations are taking place with us and / or contractual agreements exist with us and the personal data of subjects are processed in that sense.
To begin with, you personally submit the data to us.
The following are considered to be personal data: Personal information (e.g., name, surname, address and other contact information), data within the context of our business relationship (e.g., payment data, orders data), corporate data, as well as data similar to those mentioned above.
Purpose and legal basis of processing
The purposes of personal data processing arise from the execution of pre-contractual measures that precede a contractually regulated business relationship and the performance of the obligations of a contract (Article 6 (1) (b) of the GDPR).
For how long we store the data
Tax related information and documents will be retained by our company for a period of twelve (12) years for tax audit purposes.
Who can access your data
Your information, which is necessary for submitting tax and insurance data, as well as for making payments, is sent to our affiliated accountancy office. It is possible that the information necessary to claim compensation or to counteract your claims will be sent to our legal department.
D. Processing Data for Advertisement Purposes
Google Analytics
When you visit our website, we use Google Analytics to collect log files and details concerning your browsing on our website.
Data sent are:
-
IP address of the device that has access to the Internet and made the URL request.
-
Date and time of access.
-
Name and URL of the file requested.
-
The referrer-URL.
-
The browser you use, operating system of your computer with Internet access, as well as the access provider are all stored in a log file.
-
The operating system of your portable device, if you are visiting the website through a portable device.
-
The type of the portable device and its settings.
-
Serial number of the portable device.
-
The redirecting website (the website that directed you to ours).
-
Actions regarding the way you are using our website, like the sections you visit.
Our website might collect information about the exact location of your portable device using geographical location and technologies like GPS, Wi-Fi, Bluetooth or Cell tower proximity. The majority of portable devices and browsers give you the ability to revoke the consent you gave us for the collection of the aforementioned data, using your device settings or browser settings. If you have questions regarding how you can block information about your geographical location, we encourage you to contact your provider or the manufacturer of the device or your software or browser provider. All of the aforementioned information is processed anonymously.
Data are stored for 12 months for marketing and statistical purposes and then are automatically deleted. When you stop using our website, your geolocational data are deleted.
Cookies
You can read more about cookies we use here
You can stop the installation of cookies recording all of the aforementioned information regarding browsing in our website through your browser settings. However, if you do so, you might not be able to use the full range of services of our website.
You can also block the analysis of data created by the website’s cookies regarding its usage (including the IP address) as well as the process of these data by Google if you load and install the relevant browser app.
An opt-out cookie which blocks future analysis of your data when visiting this website is thus created. The opt-out cookie concerns only this browser and only our website and is stored only in your device. If you delete cookies from this browser you must save the opt-out cookie again.
Purpose and lawful basis for processing
The purpose of collecting visitors; data is to analyze online behaviour with regard to our online presence. The evaluation of the usage behavior includes in particular the domains of the website you visit and which links you activate there.
The lawful basis for processing is the legitimate interest of the company based on Article 6 par.1 section f GDPR. If you have given your consent (for example for the receipt of e-newsletters), lawful basis for processing your consent based on Article 6 par.1 section a GDPR. Data processing of clients for marketing purposes is considered as a legitimate interest of our company.
For how long we store the data
The data are deleted if you revoke your permission from the email distributors or if you revoke your consent to individual advertising media or object to certain advertising mediums. In addition, if you exercise the right of objection, your electronic contact address will be excluded from any advertisement data processing, within a reasonable time period.
Who has access to your data
The information generated by the cookie is transmitted to a Google transmitter in the US and stored there. Under no circumstances will your IP address be merged with other data from Google. This information may also be passed on to third parties if required to do so by law or if such data is processed by authorization.
E. Links to other websites
You may find links to partner websites, advertisement and other third parties that are not covered in this document on our website. We encourage you to read first the privacy policy of the websites you visit, before disclosing any personal information on them.
F. Submitting an application - Curriculum vitae for a job
Purpose and lawful basis for processing
We collect information to evaluate whether you are suited for the job opening.
The lawful basis for processing is Article 6, par.1 section b GDPR concerning the necessary processing to conclude a contract, or to take action at your request before concluding a contract.
Why we need this information
We will use the information provided by you to evaluate your job application. We will not give the information to third parties for commercial purposes.
We will use the information to contact you. We will use the rest of the information to evaluate whether you are suited for the job opening.
We request no additional information from what we need and do not keep them for more than is necessary.
The information requested is relevant to the specific job opening.
-
Application process
During this process, we need personal information like your name and contact information. In addition, we need prior experience and studies.
-
Selection process
Our human resources personnel will evaluate your application and will call you to schedule an interview so they will select the right person for the job. At no point in the selection process will the candidates be evaluated based on a public social media profile.
-
Job offer – job acceptance
Should you accept the job offer, we will request additional information in order to proceed with the hiring process.
The information will be what is required to register you in the ERGANI system of the Ministry of Labour and Social Affairs. Meaning, your name, surname, parents’ names, date of birth, ID number, VAT number, Tax Office, Social Security Number, home address, email address, marital status, bank account number, amount of pay. In addition, depending on the job responsibilities, we might request a copy of your ID or passport, and certifications of studies and foreign languages, from which however we do not keep a copy.
For how long we store the data
Applications, resumes, and information sent and immediately rejected will be deleted – destroyed within a month after the position is filled.
Applications, resumes, and information sent and evaluated will be deleted – destroyed within six months after the position is filled.
If an employee is hired, all the data concerning him/her, including remunerations and reasons for terminating the contract will be deleted twenty (20) years after the termination of the contract.
Supporting documents regarding maternity leaves and sick leaves will be deleted five (5) years after the time they were received.
Who has access to your data
In our company the department that manages the human resources has the right of access to the data provided by you.
Your information, which is necessary for the submission of tax and insurance data, as well as for your payments, is sent to the accounting office that cooperates with us and possibly to our legal department.
In addition, we work with banks in order to make the payment of your salaries.
G. Partners - Suppliers
The following data protection warnings apply to you if you contact us, if contract negotiations are taking place with us and / or if there are contractual agreements with us and in this sense the personal data is being processed.
Which data is processed specifically depends on the services provided and your legal relationship with us. Therefore, this information may not apply to you in its entirety.
Personal data may be: Personal information (eg first name, surname, address and other contact details, date and place of birth and nationality), certification and identification data (eg commercial register excerpts, identity details), data in the context of our business relationship (eg payment data, order data), as well as other data of similar categories to the above.
Purpose and legal basis of processing
- For the fulfilment of contractual obligations (Article 6 par. 1 section b GDPR)
The purpose of the data processing concerns the execution of pre-contractual measures prior to the contract, as well as for the execution of the obligations of a concluded contract.
- For the fulfilment of a legal obligation (Article 6 par. 1 section c GDPR)
The purpose of the processing of personal data in some cases is derived from legislation. These legal obligations include the fulfilment of compliance and identification, the tax obligations of audit and declaration and the processing of data in the context of requests from services-authorities.
- For the fulfilment of a legal interest (Article 6 par. 1 section f GDPR)
Additional processing of the personal data you provided for the execution of the contract itself may be mandatory. The legal interest in this case is the selection of the appropriate business partner, the entry into force of legal claims, the safeguarding of claims for damages and the coverage of damages that may arise from the business relationship.
For how long we store the data
Personal data are kept for as long as it is required to fulfil the above mentioned purposes. The legal obligations arising from the relevant national legislation in force are also important at this point.
Who has access to your data
In our company the departments that need this data for the execution of contractual or legal obligations or for the fulfilment of a legal interest have the right of access to the data provided by you. Under contractual relationships, we also hire processors or service providers who may have access to your personal data. Compliance with data protection legislation is ensured in this case through a contract.
5. What are your rights?
You have the right to access your personal data. This means you have the right to be informed by us if we process your data. If we process your data, you can ask for information about the purpose of the processing, the type of data we keep, who we give it to, how long we store it, whether automated decision making is applied, but also your additional rights, such as correction and deletion of your data, limiting the processing and submitting a complaint to the Data Protection Authority.
You have the right to correct inaccurate personal data. If you find that your data is wrong, you can submit us an application apply to correct it (e.g. name correction).
You have the right to delete / the right to be forgotten. You may ask us to delete your data if it is no longer necessary for the above-mentioned processing purposes.
However, it may not be possible to fulfill this right if:
-
There is a pending dispute or litigation with our company or one of customers – travel agents.
-
The purchase you have made for the provision of a service has not yet taken place.
-
You have debts to one of customers – travel agents and/ or us.
-
If your data concerns tax information, which we have to keep for twelve (12) years.
-
You have the right to transfer your data. Under certain conditions, you may ask us to receive in a readable form the data you have provided or ask us to forward it to another processor.
You have the right to restrict the processing. You can ask us to restrict the processing of your data for as long as your processing objection is pending.
You have a right to oppose processing your data. You may oppose the processing of your data or remove your consent and we will stop processing your data unless there are other compelling and legitimate reasons that prevail over your right.
6. How can you exercise your rights?
In order to exercise your rights, you can send us a request, describing the right you wish to exercise either on the postal address of the company (26 Vouliagmenis Avenue, 11743 Athens) or at gdpr@banda.gr, with a description of your request and we will make sure to examine your request and respond to you as soon as possible.
7. When do we respond to your requests?
We will respond to your requests free of charge, without delay, and in any case within (1) one month from the day we receive your request. However, if your request is complicated or there are a large number of your requests, we will inform you within one month if we need to take another two (2) months extension within which we will respond to you.
If your claims are manifestly unfounded or excessive due in particular to their recurrence, our company may charge a reasonable fee, taking into account the administrative costs of providing the information or executing the requested action or refusing to follow up request.
8. Where can you appeal if we violate the applicable law on the protection of Personal Data?
You have the right to file a complaint with the Personal Data Protection Authority (1-3 Kifissias Avenue, Athens / www.dpa.gr), if you believe that processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.
10. Contact details
Τhe company B&A e-Travel S.A. with GEMI (General Commercial Registry) 4112401000 seated in 26 Vouliagmenis Avenue, Athens, Greece and legally represented, is the controller of the personal data collected by you or on your behalf.
For general information, you may contact us by email info@banda.gr or by calling us on +30 210 9240780 or by sending a letter to the above mentioned address.