CLOSED FOR THE 2024 SEASON

Thank you for an amazing summer season—we were so happy to host you and grateful to be part of your summer holiday.

We look forward to seeing you in 2025 and helping you experience the luxury of summer!

the salt + sand team 

Privacy Policy

SCROLL

The protection of your personal data is important to us!

With this policy, the company "SALT & SAND MONOPROSOPI S.A." (hereinafter the "Company" or "we" or "us"), which is based in Metamorfosi, Attica (107 G. Papandreou, P.C. 14452), defines and communicates the terms under which, acting as a "Data Controller" as defined by law, it collects, stores, uses, and generally processes your personal data, which it collects when you visit, register, transact, or use the Company's website (hereinafter the "Website") as well as when you transact with its physical store.

This Privacy Policy also describes how your personal data is used, shared, and protected, the choices you have regarding your personal data, and how you can contact us. This Privacy Policy complies with the terms arising from European Regulation 679/2016 and any other relevant applicable legislation.

For any questions regarding this Privacy Policy, as well as any issue related to the processing of your data and the exercise of your rights, you can contact us at the email address [email protected]  

1. About the Company Website

The site www.saltandsand.gr is the Company's website, where the online store for the presentation and services of the Company is located. Through the website, you can rent or book speedboats online and get information about:

  • The technical specifications of the boats

  • The Company's exclusive accompanying services and tour packages

  • The possibility of subscribing to the Company's newsletter

  • Ways to contact the Company

  • The terms of use of the Company's services

2. What are Personal Data?

The term "personal data" refers to information of individuals, such as full name, postal address, email address, contact phone number, etc., which identify or can identify your identity, hereinafter "Personal Data or Data."

3. What is the Processing of Personal Data?

Any action or series of actions performed with or without the use of automated means, on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, information search, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Is the Provision of Your Personal Data Mandatory or Optional?

The provision of Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or optional. The mandatory or optional nature of the provision of Data is indicated with an asterisk (*) next to mandatory personal data. If you refuse to provide the mandatory information on the Website, it will be impossible to achieve the primary purpose for which the Data is collected, and it may, for example, be impossible for the Company to fulfill the contract or provide the services available on the Website. The provision of additional Data to the Company, beyond those marked as mandatory, is optional and does not have consequences related to the primary purposes of Data collection, as their provision exclusively serves to optimize the quality of the services provided by us.

5. What Personal Data Do We Collect?

We make sure to collect only the absolutely necessary Personal Data, which are appropriate and clear for the intended purpose. These Data include

a. Data you provide during your registration and the creation of a user account on the Company's Website, via the internet or your mobile, or through personal contact with our store or our employees/representatives, specifically data such as email address (mandatory) and password (mandatory), and name, surname, postal address, phone number (optional).

b. Data and information you provide through our transactions (reservations, etc.) and our communication (through our physical store, our online store, our employees, our representatives, telephone, email, or any other means). For example, we collect notes from our conversations with you, details about any complaints or comments you make, details about your reservations, and how and when you contact us.

c. Data and personal information you provide during the booking process and for its completion, specifically data such as full name, email address, phone number, and any information you provide in the notes of that process.

d. Data concerning the payment method for the transactions you make with us.

e. Data you provide when you subscribe to our newsletter.

f. Data on the services you usually prefer, in order to recommend services of interest to you and further improve your experience with us. Of course, you always have the option not to share such information with us.

g. Website traffic data. h. Information collected from the use of cookies in your browser. Learn more about how we use cookies here.

h. To offer the best possible website experience, we collect technical information about your internet connection and browser, as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the ads you click on, and any search terms.

i. The username of your social media if you interact with us through those channels, to help us respond to your comments, questions, or feedback.

6. How Do We Use Your Personal Data?

We use your Data as needed:

  • To complete service orders: The Company processes your Data to fulfill its contractual relationship, process the service order, provide customer service, comply with legal obligations, counteract, raise, or exercise legal claims. If we do not collect your Data when completing the order (through our physical stores, in-person, or telephone service by our employees, or our online store), we will not be able to process your order and comply with our legal obligations. Note that your Data may need to be transferred to third parties for the delivery of the service you have ordered (For information on how we share personal data with third parties, see terms 9, 10, 11, and 12 below).

  • To Create a User Account: The Company processes your Data to provide account functionalities and facilitate the purchase of services.

  • For Communication: The Company uses your Data to respond to your requests/inquiries, refund requests, or any complaints. The information you share with us allows us to manage your requests and respond to you in the best possible way. We may also keep a record of your inquiries/requests to us to respond better to any future communication. We do this based on our contractual obligations to you, our legal obligations, and our legitimate interests to provide you with the best possible service and improve our services based on your personal experience.

  • To send newsletters/offers: With your consent, we will use your Personal Data, preferences, and transaction details to inform you via email, internet, telephone, or social media about relevant products and services, including personalized offers, etc. You can revoke this consent at any time.

  • To develop and improve the services we provide to you. We do this based on our legitimate business interests.

  • Because we want to offer you special offers and suggestions that are more relevant to your interests and needs.

  • To ensure that you always see the most interesting content on our website, we will use the Data you have provided with your consent to receive notifications about our website – your consent for placing cookies on your device. For example, we may show a list of services you have recently viewed or offer recommendations based on your purchase history and any other Data you have shared with us.

  • To send you research and evaluation requests to improve our services. These messages will not include promotional content and do not require prior consent when sent by email or text message (SMS). We have a legitimate interest in doing this as it helps make our services more relevant to you. Naturally, you are free to refuse these requests from us at any time by informing us of your preferences.

  • To protect your account from fraud and other illegal activities: This includes using your Data to maintain, update, and protect your account. We also monitor browsing activity to quickly identify and resolve any issues and protect the integrity of our website. All the above are part of our legitimate interest.

  • To process payments and prevent fraudulent transactions: We do this based on our legitimate business interests. This also helps protect our customers from fraud.

  • To comply with our contractual obligations to you or in accordance with legal provisions or court decisions.

  • To send communications required by law or necessary to inform you about changes to the services we provide. For example, updates on privacy notices, service recall notices. These service messages will not include promotional content and do not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.

7. Where is your data processing conducted?

We inform you that your Data is processed either by specially authorized Company personnel, or through IT and electronic devices by the Company, and exceptionally by third parties, who are contractually bound to maintain confidentiality and protect your Data, conducting tasks necessary to achieve purposes strictly related to the use of our Website and its services. Information on this can be found below in terms 9 and 10 "Who are the recipients of your Data? How is your Data shared?"

8. What is the Legal Basis for Processing Your Data by the Company?

  • The data protection legislation that sets various reasons why a company can collect and process your personal data, including the terms of our contractual relationship.

  • Your consent, where required. For example, when you choose to receive newsletters. When collecting your personal data, we will always inform you which data is necessary in relation to a specific service.

  • The Company’s obligations under the law (e.g., tax legislation, e-commerce legislation, etc.).

  • The legitimate interest of our Company. In certain cases, we collect your Data in a way that is reasonably expected as part of our business operations and that does not materially affect your rights, freedom, or interests.

9. Who Are the Recipients of Your Data?

Access to your Data is granted to the absolutely necessary Company personnel, who are committed to confidentiality, and to partner businesses or third-party service providers, who process your Data as Data Processors on our behalf and according to our instructions.

10. How Is Your Data Shared?

Data Sharing by Our Company

The Company may share your Data with:

  • Third-party service providers who process personal data on behalf of the Company, for example (indicatively mentioned) for processing credit cards and payments, transfers and deliveries, hosting, managing, and maintaining our data, email distribution, research and analysis, managing promotional activities, as well as managing certain services and features. When we use third-party service providers, we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.

  • Other third parties, as required for the following purposes: (i) compliance with a request from a Greek state authority, court order, or applicable law, (ii) prevention of illegal use of our Website or violations of the Terms of Use of our Website and our policies, (iii) our protection against third-party claims, and (iv) assisting in the prevention or investigation of cases of fraud (e.g., counterfeiting).

  • Other third parties to whom you have given your consent.

Disclosure of Data by You

When you use certain social media features on our Website, you can create a public profile that includes information such as your username, profile picture, and city, etc. You can also share content with your friends or the public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage sharing on the Company's social media to control the information you make available through the Company's social media features.

11. What is Our Policy with Third-Party Data Processors as Described Above?

  • We provide only the information necessary to perform their specific services.

  • They can use your Data only for the exact purposes we specify in our contract with them.

  • We work closely with them to ensure your privacy is respected and protected at all times.

  • If we stop using their services, any of your data they hold will be deleted or anonymized.

To improve your customer experience on our Website, we use the following companies, which will process your Personal Data as part of their contracts with us:

  • Facebook

  • Google

  • YouTube

  • Instagram

  • Twitter

If you wish to receive more information about sharing your Data with third parties, please contact us via email at [email protected]

12. How Do We Ensure Data Processors Respect Your Data?

The Data Processors acting on our behalf have agreed and contractually committed to the Company:

  • To maintain confidentiality

  • Not to send your Data to third parties without the Company's permission,

  • To take appropriate security measures

  • To follow and comply with the rules and instructions of the data controller

  • To comply with the legal framework for the protection of personal data, especially Regulation 679/2016/EU (otherwise GDPR).

13. Data Transfer

The personal data we collect (or process) through our Website will be stored within the European Union. However, some of the Data recipients with whom the Company shares your Personal Data may be located in countries other than the one in which your Personal Data was originally collected. The laws in these countries may not provide the same level of data protection as the country that initially provided your Personal Data. Nevertheless, when we transfer your Personal Data to recipients in other countries, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law and the General Data Protection Regulation.

For the transfer of personal data outside the European Union, a necessary regulatory framework will be applied, ensuring the protection of personal data either in a country with an adequate level of protection as defined by GDPR, under the standard contractual clauses (SCCs) proposed by the European Commission, or any other appropriate safeguards deemed suitable as defined in Article 46 of GDPR.

For the transfer of personal data to the United States of America, after the adequacy decision of the European Commission on July 10, 2023, which found that the USA provides a level of personal data protection essentially equivalent to that of the EU, organizations subject to GDPR are now allowed to transfer personal data to certified organizations. In this context, these organizations are not required to implement a transfer tool under Article 46 of GDPR nor to use a derogation under Article 49 of GDPR.

We take measures to comply with applicable legal requirements for transferring personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries enjoy adequate protection according to data protection rules. These include signing Standard Contractual Clauses, certifying that the recipient has adopted European binding rules, or adhering to the EU-US and Swiss-US Privacy Shield.

14. How Long Do We Retain Your Data?

We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy (unless a longer retention period is required by applicable law). Generally, this means we will retain your Personal Data for as long as you have an account with our Company. Regarding your Personal Data related to service provision, we retain these data for a longer period to comply with our legal obligations (such as tax and commercial laws and for warranty purposes where applicable). At the end of this retention period, your data will be completely deleted or anonymized, for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Some examples of retention periods for customer data:

  • Reservations:

When you place an order, we will retain the personal data you provided for five years to comply with our legal and contractual obligations.

  • Warranties:

If your booking included a warranty, the relevant Personal Data will be retained until the end of the warranty period.

  • Newsletter:

Your consent for sending a newsletter is retained for as long as you receive newsletters from the Company and in any case, not more than six months from the termination of newsletter sending.

15. Are Your Data Safe?

We are committed to safeguarding your Personal Data. Recognizing the importance of security for your Personal Data, we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security.

The website www.saltandsand.gr uses TLS protocol for secure online commercial transactions. This way, all Data you provide, including your credit/debit card number, name, and address, is encrypted so that it cannot be decrypted or altered during transfer over the Internet.

Additionally, the details used to identify you as a user are two: the Login Code (Username) and the Personal Secret Security Code (Password). Every time you enter your details, you are granted access to your personal account. This process is securely achieved through encryption during their transfer over the Internet and the Company's servers. Similarly, you can change your Personal Secret Security Code (Password) as often as you wish. Once you enter the desired code, the new code is encrypted and stored in the Company's systems. Therefore, only you know your code, and you are solely responsible for maintaining the confidentiality of the code from third parties.

These measures are reviewed and modified when deemed necessary.

16. What Are Your Rights?

You have the right to access your Personal Data.

This means that you have the right to be informed by us if we process your Data. If we process your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, to whom we give it, how long we store it, if automated decision-making occurs, and other rights, such as correction, deletion of data, restriction of processing, and filing a complaint with the Data Protection Authority.

You have the right to correct inaccurate personal data.

If you find an error in your Data, you can submit a request for us to correct it (e.g., correction of name or update of address).

You have the right to erasure/right to be forgotten.

You can request us to delete your data if it is no longer necessary for the above-mentioned processing purposes or if you wish to withdraw your consent, where this is the only legal basis.

You have the right to data portability.

You can request us to receive your Data in a readable format or ask us to transfer it to another data controller.

You have the right to restrict processing.

You can request us to restrict the processing of your Data while your objections to the processing are pending.

You have the right to object and withdraw consent to the processing of your Data.

You can object to the processing of your Data, and we will stop processing your Data unless there are other compelling and legitimate reasons that override your right. If you have given your consent for the collection, processing, and use of your personal data, you can withdraw your consent at any time with future effect:

  • By opting out of Marketing Communications

You can opt out of marketing communications by contacting us using the contact details provided in term 17 below.

If we rely on our legitimate interest: In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so unless we believe we have legitimate compelling reasons to continue processing your Personal Data.

17. How Can You Exercise Your Rights?

To exercise your rights, you can submit a relevant request to the email address [email protected] with the title "Exercise of Rights," and we will review and respond to it as soon as possible.

Exceptionally:

  • If you wish to correct your Data in your user account, you can log in and make any corrections/changes without submitting a Request

  • If you wish to withdraw your consent for sending a newsletter, you can do so by selecting the "Unsubscribe from the newsletter" link at the bottom of each newsletter

  • If you wish not to receive web push notifications from the Company, you can disable the option from your browser settings

Identity Verification

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you submit based on this Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.

18. When Do We Respond to Your Requests?

We respond to your Requests free of charge without delay, and in any case, within one (1) month from the time we receive your request. However, if your Request is complex or there is a large number of your Requests, we will inform you within the month if we need to take a further two (2) months extension within which we will respond to you.

19. What Is the Applicable Law When We Process Your Data?

Applicable Law is Greek Law, as shaped in accordance with the General Data Protection Regulation 2016/679/EU, and generally the current national and European legislative and regulatory framework for personal data protection. Any dispute arising from or related to the protection of your Personal Data is subject to the jurisdiction of the courts of Athens.

20. Where can you file a complaint if we violate the applicable data protection law?

You have the right to file a complaint with the Data Protection Authority (postal address: Kifisias 1-3, P.O. Box 115 23, Athens, phone: +30 210 6475600, email: [email protected]) if you believe that the processing of your Personal Data violates the applicable national and regulatory data protection framework.

21. How will you be informed of any modifications to this Policy?

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post the updated version on our website before the changes take effect and will notify you in any appropriate way. We encourage you to read this Policy periodically to stay informed about how your Data is protected. This privacy policy was last modified on June 12, 2024.

Copyright © 2024 Salt + Sand