Privacy Policy

Seven Islands Cruises

Effective Date: 22nd November 2025

Seven Islands Cruises (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a lawful, transparent, and secure manner.

This Privacy Policy explains how we collect, use, store, and protect your information in compliance with:

Greek Law 4624/2019

EU General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679

International data protection principles (transparency, data security, user rights)

By using our website, booking a cruise, or interacting with us, you agree to the terms of this Privacy Policy.

---

1. Data Controller

Lefkas K&S Cruises NE

Seven Islands Cruises

Nydri, Lefkada, 311 00

997235383

[Insert Email Address]

+30 693 245 7017

Under Greek and EU law, Lefkas K&S Cruises NE (Seven Islands Cruises) is the Data Controller responsible for processing your personal data.

---

2. What Personal Data We Collect

We collect the following categories of data:

2.1 Information You Provide

Full name

Email address

Phone number

Booking details

Payment information (processed securely through third-party payment providers)

Communication history (emails, messages, inquiries)

Special requirements (e.g., accessibility or dietary requests)

2.2 Automatically Collected Data

IP address

Device type

Browser type

Cookies and tracking technologies

Website usage data (analytics, traffic data)

2.3 Onboard Photography & Media

During cruises, we may capture photos or videos that may include passengers. These may be used for:

Social media

Marketing

Website content

Advertising

If you do not wish to appear in photos or videos, you must inform the crew on the day of your cruise.

You may also request removal at any time (see Section 10).

---

3. Legal Basis for Processing (GDPR)

We process personal data based on:

3.1 Contractual Necessity (Art. 6(1)(b))

To complete your booking, process payments, and deliver services.

3.2 Legal Obligations (Art. 6(1)(c))

To comply with Greek maritime law, safety requirements, tax laws, and port authority regulations.

3.3 Legitimate Interests (Art. 6(1)(f))

For fraud prevention, customer service, and improving our website and services.

3.4 Consent (Art. 6(1)(a))

For marketing emails, newsletters, photography usage, and cookies (where required).

You can withdraw consent at any time.

---

4. How We Use Your Data

We use personal data for:

Processing bookings and payments

Providing customer support

Ensuring passenger safety

Sending booking confirmations and updates

Improving website functionality and customer experience

Marketing and promotional communication (with consent)

Complying with legal and regulatory obligations

---

5. Cookies & Tracking Technologies

Our website uses cookies to:

Provide essential site functionality

Enhance user experience

Analyse website traffic

Support advertising and remarketing

Where required by EU law, we obtain explicit cookie consent.

You may manage or disable cookies through your browser settings.

---

6. Sharing Your Data

We only share data when necessary and lawful:

6.1 Service Providers

Payment processors

Booking management software

Email service providers

Website hosting

IT & security providers

All providers operate under GDPR-compliant contracts.

6.2 Legal Authorities

We may share data with Port Police, Coast Guard, or other authorities where required by Greek law, safety protocols, or legal obligation.

6.3 No Selling of Data

We do not sell, rent, or trade your personal data to third parties.

---

7. International Data Transfers

If data is transferred outside the EU, we ensure:

Adequacy decisions (approved safe countries), or

Standard Contractual Clauses (SCCs), or

Equivalent GDPR-compliant safeguards

---

8. Data Retention

We retain data only as long as necessary:

Booking records: up to 7 years (legal requirement)

Emails & communications: up to 3 years

Marketing data: until consent is withdrawn

CCTV (if used): up to 30 days, unless required for investigations

Photographs & videos: until deleted upon request

After retention periods, data is securely deleted or anonymised.

---

9. Data Security

We apply industry-standard measures to protect your information:

Encrypted data storage

Secure payment gateways

SSL-secured website

Access controls & authentication

Regular security audits

Staff training and confidentiality obligations

No method of transmission is 100% secure, but we maintain the highest reasonable standards.

---

10. Your Rights (GDPR & Greek Law)

You have the following rights:

Right to access your personal data

Right to rectification of inaccurate data

Right to erasure (“right to be forgotten”)

Right to restrict processing

Right to data portability

Right to object to processing

Right to withdraw consent

Right to lodge a complaint with the Hellenic Data Protection Authority (DPA)

Hellenic DPA website: https://www.dpa.gr

To exercise your rights, contact:

[Insert Email]

---

11. Children’s Privacy

Our services are not intended for children under 16 years old.

If we learn that we collected data from a minor without parental consent, we will delete it immediately.

---

12. Links to Third-Party Websites

Our website may include links to external sites. We are not responsible for the privacy policies or practices of third-party websites.

---

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The “Effective Date” will always reflect the latest version.

Continued use of the website constitutes acceptance of the revised policy.

---

14. Contact Information

For questions, concerns, or data requests, please contact:

Lefkas K&S Cruises NE (Seven Islands Cruises) – Data Protection Officer- Sprios Ktenas

[Insert Email]

Address: Lefkas K&S Cruises NE (Seven Islands Cruises), Nydri, Lefkada, 311 00

hone: +30 693 245 7017