Privacy Policy

 

Effective Date: February 1, 2026

Welcome to Travel in Crete. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website and services.

1. Who We Are

Data Controller:

Travel in Crete
N. Grammatikaki
Malia, 7007
Crete, Greece

Contact Us:

Email: info@travelincrete.com
Phone: +30 289 703 1024

If you have any questions about this privacy policy or how we handle your data, please contact us using the details above.

2. What Information We Collect

We collect different types of information depending on how you interact with our website:

2.1 Information You Provide Directly

When you create an account:

First name and last name
Email address
Password (encrypted)

When you make a booking:

Full name of all travellers
Email address and phone number
Age categories of travellers
Pickup location or hotel information (if applicable)
Special requests or requirements (optional)
Payment information (processed by our secure payment provider)

When you save traveler profiles:

  • Full names
  • Date of birth
  • Passport number (optional, if needed for specific tours)
  • Nationality (optional)

When you write a review:

  • Your name (or display name)
  • Rating and review text
  • Date of your tour experience

2.2 Information We Collect Automatically

Cookies and Similar Technologies:

Essential Cookies: Session ID, security tokens (necessary for the website to function)
Functional Cookies: Recent searches, recently viewed tours (only if you consent)
Analytics Cookies: Not currently in use
Marketing Cookies: Not currently in use

You can control cookie preferences through our Cookie Settings.

Automatically Logged Information:

  • IP address
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Pages you visit and links you click
  • Date and time of your visit

2.3 Information from Third Parties

Social Media Login: 

If you choose to log in using Google, Facebook, LinkedIn, or Apple, we receive basic profile information (name, email address) from these services with your permission.

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 To Provide Our Services

  • Process and confirm your tour bookings
  • Send booking confirmations and e-tickets
  • Communicate with tour vendors about your bookings
  • Provide customer support
  • Save your favorite tours for easy access
  • Remember your search preferences

Legal Basis: Performance of contract, legitimate interests

3.2 To Improve Your Experience

  • Show you recently viewed tours
  • Remember your recent searches
  • Personalize content and recommendations
  • Save traveler information for faster future bookings

Legal Basis: Consent (functional cookies), legitimate interests

3.3 To Communicate With You 

  • Send booking confirmations and reminders
  • Request reviews after your tour experience
  • Respond to your inquiries
  • Send important service updates
  • Recover abandoned bookings (with your consent)

Legal Basis: Performance of contract, consent, legitimate interests

3.4 For Legal and Safety Reasons 

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Enforce our terms and conditions
  • Protect the rights and safety of our users

Legal Basis: Legal obligation, legitimate interests

4. Who We Share Your Information With

We do not sell your personal data. We only share your information with the following parties when necessary:

4.1 Tour Vendors 

When you book a tour, we share necessary information (your name, contact details, number of travelers, pickup location) with the tour vendor to fulfill your booking.

4.2 Service Providers 

  • Payment Processors: To process your payments securely
  • Email Service: To send booking confirmations and notifications
  • CDN Provider (BunnyCDN): To deliver images and media content quickly
  • Hosting Provider: To host our website and database

All service providers are contractually required to protect your data and use it only for the purposes we specify.

4.3 Digital Wallet Providers 

If you choose to add your tickets to Google Wallet, we share ticket information with Google to generate your digital ticket.

4.4 Legal Requirements 

We may disclose your information if required by law, court order, or government regulation, or if necessary to protect our legal rights.

5. International Data Transfers

Your data is primarily stored on servers located in the European Union. Some of our service providers may be located outside the EU. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as: 

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Privacy Shield certification (where applicable)

6. How Long We Keep Your Information

We retain your personal data only as long as necessary for the purposes outlined in this policy:

           
 

Data TypeRetention Period
Account InformationUntil you delete your account, or 3 years of inactivity
Booking Records7 years (tax and legal requirements)
ReviewsIndefinitely (unless you request deletion)
Cookie Consent1 year
Functional Cookies30 days
Server Logs90 days

 

7. Your Rights Under GDPR

As a user in the European Union, you have the following rights regarding your personal data:

7.1 Right to Access 

You can request a copy of all personal data we hold about you. 

How to exercise: Contact us at info@travelincrete.com

7.2 Right to Rectification

You can update or correct inaccurate information in your account settings or by contacting us.

How to exercise: Log in to your account and edit your profile, or contact us

7.3 Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data, subject to legal retention requirements.

How to exercise: Contact us at info@travelincrete.com

Note: Booking records may be retained for 7 years to comply with tax laws.

7.4 Right to Data Portability 

You can request a copy of your data in a machine-readable format. 

How to exercise: Contact us at info@travelincrete.com 

Note: We're working on an automated export feature (coming soon)

7.5 Right to Restrict Processing 

You can ask us to limit how we use your data in certain circumstances. 

How to exercise: Contact us at info@travelincrete.com

7.6 Right to Object 

You can object to processing based on legitimate interests or for direct marketing purposes. 

How to exercise: Contact us at info@travelincrete.com or use unsubscribe links in emails

7.7 Right to Withdraw Consent

Where we process data based on consent, you can withdraw it at any time.

How to exercise: Use our Cookie Settings or contact us

7.8 Right to Lodge a Complaint 

You can file a complaint with your local data protection authority if you believe we've mishandled your data. 

Greek Data Protection Authority:

Website: www.dpa.gr

Email: contact@dpa.gr

Response Time: We will respond to your requests within 30 days.

8. How We Protect Your Information

We implement appropriate technical and organizational measures to protect your personal data:

8.1 Technical Measures 

  • Encryption: All data transmission uses SSL/TLS encryption (HTTPS)
  • Password Protection: Passwords are encrypted using industry-standard hashing
  • Secure Servers: Data stored on secure servers with firewall protection
  • Regular Backups: Encrypted backups to prevent data loss
  • Access Controls: Limited employee access on a need-to-know basis

8.2 Organizational Measures 

  • Regular security training for staff
  • Data protection impact assessments
  • Vendor security audits
  • Incident response procedures

8.3 Data Breach Notification 

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.

9. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Note: Travelers of any age can be included in bookings, but the person making the booking must be 18 or older.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience. For detailed information about the cookies we use, please see our Cookie Settings.

Types of Cookies We Use:

Essential Cookies (Always Active) 

These cookies are necessary for the website to function: 

  • CraftSessionId: Maintains your login session
  • CRAFT_CSRF_TOKEN: Protects against security attacks
  • cookie_consent: Remembers your cookie preferences

Functional Cookies (Requires Your Consent) 

These cookies enhance your experience: 

  • tours_recent_searches: Shows your recent searches (30 days)
  • tours_search_history: Improves search recommendations (30 days)
  • recently_viewed_tours: Remembers tours you've viewed (30 days)

Analytics Cookies (Not Currently Used) 

Reserved for future website analytics. We will ask for your consent before implementing.

Marketing Cookies (Not Currently Used) 

Reserved for future advertising purposes. We will ask for your consent before implementing.

Managing Cookies: You can change your cookie preferences at any time through our Cookie Settings or in your browser settings.

11. Third-Party Links

Our website may contain links to third-party websites (tour vendor sites, social media, payment processors). We are not responsible for the privacy practices of these sites. Please review their privacy policies before providing personal information.

12. Social Media Features

Our website includes social media sharing buttons and login options. These features may collect your IP address and set cookies. Your interactions with these features are governed by the privacy policies of the respective companies: 

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Some automated processes we use for convenience: 

  • Search results ranking (based on relevance, not personal profiling)
  • Tour recommendations (based on categories, not individual profiling)
  • Abandoned cart recovery emails (based on incomplete bookings)

These processes do not make decisions about you; they simply help you find relevant tours more easily.

14. Marketing Communications

We may send you marketing communications if: 

  • You have opted in to receive them
  • You have made a booking (we may send related offers)
  • We have a legitimate interest (you can opt out anytime)

Unsubscribe: Every marketing email contains an unsubscribe link. You can also manage preferences in your account settings or contact us.

Transactional Emails: Booking confirmations and important service updates cannot be unsubscribed from (required for service delivery).

15. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by: 

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the "Last Updated" date at the top

Continued use of our services after changes indicates acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: info@travelincrete.com

Phone: +30 289 703 1024

Address:

Travel in Crete

N. Grammatikaki

Malia, 70007

Crete, Greece

 

Data Protection Officer: 

Maria Aggeli

Travel in Crete

N. Grammatikaki

Malia, 70007

Crete, Greece

Response Time: We aim to respond to all inquiries within 48 hours (30 days for formal GDPR requests).

This privacy policy is compliant with the General Data Protection Regulation (GDPR) and other applicable data protection laws. It was last reviewed on February 1, 2026.


 

 

Last updated: February 14, 2026

← Back to Home