PRIVACY POLICY
Last revised: 18/02/2022
- INTRODUCTION
At Extenly (hereinafter referred to as “we” or the “Data Controller”) we respect your privacy and the security of the personal data that you share with us. For this purpose and in the context of the transparency obligation imposed by the applicable legislation, we have established this Privacy Policy (hereinafter the “Policy”), in which you will find all the necessary information about your personal data that we collect, the way we collect and process them, the purposes of their processing, as well as your rights in relation to your personal data.
For the purposes of this Policy, “personal data” means any information by which you can be directly or indirectly identified, including, but not limited to, your name, home address, e-mail address and telephone number, as well as any other information associated with you that falls under the definition of “personal data”, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), as well as any other applicable national, European or international law or regulation, as in force.
- DATA CONTROLLER
The Data Controller of your personal data, in accordance with the relevant definition of the GDPR, is the company under the name “Extenly Project Ltd”, with registered address at Themistokli Dervi 48, Nicosia 1066, Cyprus.
You can contact the Data Controller for any issues related to the processing of your personal data, at any time, by sending an e-mail to: info@extenly.com.
- MINORS
Our website is not intended for use by minors. For minors that wish to make a reservation for a cruise, the relevant terms of our Terms & Conditions shall apply. Therefore, under no circumstances we knowingly collect personal data of minors under the age of 15 without the consent of their parent or guardian. If you are a parent or guardian of a child younger than 15 years old and you are concerned that your child may have provided us with his/her personal data without your consent, please contact us at: info@extenly.com.
- PERSONAL DATA THAT WE COLLECT
The main categories of your personal data that we collect when you browse on the website, make a reservation for one of our cruises, contact us for any issue relevant to your reservation, as well as during your embarkation and your stay at the vessel, are the following:
- Personal identifiers, such as your name, email address, mailing address, phone number, date of birth or similar identifiers;
- Customer records,such as your identification documents and payment information (credit or debit card or other financial information);
- Commercial information,such as your travel history, account data, participation, or information about the services purchased or considered;
- Health or medical information,such as health monitoring information, accessibility information, COVID – 19 related information, medications, allergies or other medical accommodation needs;
- Photos and video recordings, which may be taken during an event on the vessel, subject to your respective consent;
- Internet, network and device informationfrom the browser or device you use to access our website, which could include your IP address, device ID, cookie identifiers, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and or clickstream data;
- Geolocation dataincluding precise geolocation data from your browser or device or inferred based on your IP address.
- HOW WE COLLECT YOUR PERSONAL DATA
In most of the cases you will provide us with your personal data yourself. For example, when you want to book a ticket for one of our cruises, you will be asked to provide certain necessary information, such as your name, age, communication information, as well as credit or debit card information.
If you communicate with us in order to make a request or ask for information, we will collect your personal identifiers, commercial information, and any other personal information you choose to provide in the content of your message, including health or medical information that may be part of your request.
Similarly, before or during your stay at the vessel and in order to be able to provide you with our services, protect our interests and ensure compliance with applicable laws and regulations, we may collect and process certain categories of your personal data, including your personal identifiers, identification documents, as well as health and medical information.
In addition to the above cases, where you provide us with your personal data yourselves, we collect certain internet and device information and geolocation data through the use of “cookies” and other similar technologies. For more information about cookies, please see below.
- PURPOSES OF PROCESSING
We process your personal data for the following, indicatively mentioned, purposes:
- To receive, process and confirm your bookings;
- To communicate with you about issues related to your reservation;
- To process your payments;
- To ensure the security of transactions carried out when you buy a ticket;
- To receive and handle any requests or complaints you may have;
- To provide you with our services during the cruise;
- To offer you the best possible experience when attending our cruise events;
- To send you commercial communication regarding upcoming events (newsletters);
- To satisfy your rights regarding your personal data;
- To understand and analyze the results of our advertisements and promotional activities;
- To protect our website from illegal actions;
- To protect our rights and assets, as well as those of our guests, our business partners and other third parties;
- To protect the life, health and vital interests of our guests;
- To comply with our legal obligations.
- LEGAL BASES FOR PROCESSING
Any processing of your personal data by our company will be always based on any of the following legal bases for processing (Article 6 of the GDPR):
- Processing is necessary for the performance of a contract that has been or will be concluded between us;
- Processing is necessary to comply with a legal obligation;
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- Processing is necessary for the purposes and in the context of pursuing our legitimate interests;
- Processing is necessary for the performance of a task carried out in the public interest;
- You have explicitly consented to the processing of your personal data for one or more specific purposes.
- RECIPIENTS OF YOUR PERSONAL DATA
We may share some of your personal data with third parties, such as:
- Cruise lines, travel agents and excursion partners;
- Web hosting, analytics and other website – related service providers;
- Marketing, advertising and e-commerce service providers;
- Providers of electronic payment services;
- Technical, financial and legal advisors;
- Fiscal authorities, law enforcement and other government authorities, as required;
In addition to that and to the extent permissible under Article 9 of the GDPR, we may share your personal data, including special categories of personal data, with third parties or individuals, if we reasonably believe in good faith that such action is necessary to protect the personal safety or health of our guests, crew, family members or other individuals. For example, we may disclose your personal identifiers and medical information if you require medical assistance or if we believe that such disclosure is reasonably necessary to inform health care and we may disclose similar information to your family members and emergency contacts, insurance providers, medical providers and family assistance companies in the event of health or safety incident. We may also disclose personal identifiers and health or medical information to our personnel and contractors, port agents and authorities, government officials, health agencies or any other individual or institution as reasonably needed to support public health initiatives, comply with our legal or regulatory obligations, attend to your medical and safety needs, facilitate investigations and remedies, track and mitigate risks of communicable illness including COVID-19, and to protect the rights, health and safety of our guests, crew, and others.
In all the above cases, where those third-party recipients act either as data processors on our behalf, as joint controllers, or as independent data controllers, we will ensure, to the extent possible and within the limits of our responsibility as data controller, that they will respect the confidentiality of your personal data that we share with them, take all the appropriate security measures for their protection, will not further disclose such personal data and will generally comply with the applicable legal framework. Under no circumstances do we assume any responsibility for any unlawful use or processing of your personal data by the above third parties, which exceeds the limits of our liability, as provided for by the applicable laws.
- INTERNATIONAL TRANSFERS
Generally, we do not disclose your personal data to third parties outside the European Economic Area (EEA). However, in the event that such a transfer of data will need to take place, we will ensure that appropriate safeguards exist and are taken, such as:
- the recipient of the personal information is located within a country that benefits from an “adequacy” decision of the European Commission;
- the recipient has signed a contract based on the standard contractual clauses approved by the European Commission, obliging them to protect your personal information;
- or in the absence of the above appropriate safeguards, we will ask you for your explicit consent for the cross-border transfer of your personal data or take any other measures that are recognized as providing a sufficient level of protection for your personal data.
- NEWLETTERS
We provide you with the opportunity, if you wish to, to receive commercial communication regarding our products and offers (newsletters). Prior to sending any such communication you will be asked to provide us with your explicit consent. In any case, you reserve the right, at any time, to request from us to refrain from such communication, by pressing the “unsubscribe” button located at the end of each newsletter or by contacting us at the following e-mail address: info@extenly.com.
- DATA RETENTION PERIOD
We will store your personal data for as long as necessary, in order to fulfill the purpose for which we have collected such data. We may, however, retain some of your personal data for a longer period of time, to the extent necessary for us in order to exercise our legal rights, or to the extent and for the period required by applicable laws (for example, tax laws).
- COOKIES
Cookies are small text files that are used by websites to improve user experience. As long as you use the same terminal device and browser, cookies will remember your preferences, know how you use the website and customize the content they display to you to be more relevant to your personal interests and needs. In this way, cookies help us to provide, protect and improve our products and services to you.
The cookies that we use on our website belong to one of the following categories:
- Strictly necessary cookies. These cookies are absolutely necessary for the functionality of our website and cannot be disabled. These cookies usually act in response to actions you make when you are browsing on our website, such as going from one page of our website to another.
- Functionality cookies. Functionality cookies allow our website to provide improved functionality and personalization. They may be placed either by us or by third-party service providers whose services we have added to our website. If you reject these cookies, then some or all of the services available on our website may not function properly.
- Performance cookies. Performance cookies allow us to measure visits and their origin so that we can measure, analyze and improve the performance of our website. These cookies help us understand how our website is used, such as which pages are the most and which are less popular. The information collected by these cookies is aggregated, which means that your relevant personal data is anonymized. Disabling these cookies will prevent us from monitoring the performance of our website.
- Targeting cookies. Targeting cookies may be added to our website by our advertising partners. They can be used by these partners to create a profile of your interests and show you relevant ads on other websites. These cookies do not directly store personal information, but are based on the unique identification of your internet browser and device. If you disable these cookies, you will experience less targeted advertisements.
- Web Beacons. A web beacon is a piece of software code on a website or in an e-mail message that is used to track pages viewed or messages that are opened. Web beacons provide the web server with information related to the visitor’s computer, such as the IP address and the type of browser used. Web beacons may be placed in online advertisements that redirect visitors to our website as well as to different pages of our website. Our web beacons provide information about how many times a page is opened and what information visitors read.
The first time you visit our website (and each time you visit it using a new device), you will be asked to provide your consent for the use of all or some of the above cookies, with the exception of the strictly necessary cookies, for which your consent is not required. In addition, most internet browsers allow you to change your cookie settings at any time, accept or reject all or some of them, as well as modify your choices in case you change your mind.
- THIRD – PARTY WEBSITES
Our website may contain links to other websites. This Policy does not apply when you access and browse on the above third-party websites. Please refer to the respective privacy policies of these websites for more information on how the above third parties handle your personal data. Under no circumstances we will be liable for any unlawful use of your personal data which is linked to your access to and browsing on such websites of third parties, for the operation and security of which the respective data controllers are responsible. Access to the above websites via the hyperlinks embedded in our website takes place at your sole risk.
- YOUR PRIVACY RIGHTS
Depending on the purpose and the legal basis for processing your personal data, you may have all or some of the following rights:
- The right to request access to your personal data;
- The right to request from us to correct any of your personal data that is inaccurate or incomplete;
- The right to request a copy of your personal data in electronic form so that you can transmit that data to third parties or ask us to directly transmit your personal data to one or more third parties;
- The right to object to the processing of your personal data;
- The right to ask us to delete your personal data, when their retention is no longer required for the purposes for which they were collected;
- The right to ask us restrict the processing of your personal data, where it is not possible to delete them;
- The right to withdraw your consent at any time, where applicable and provided that there is no other legitimate reason for the continuation of the relevant processing.
To exercise any of the above rights or to request further information about them, please contact us at: info@extenly.com. Normally, your request will be processed and satisfied within one (1) month after its receipt. In case there is any legal reason, in accordance with the applicable laws, that renders impossible the satisfaction of your request, we will inform you thoroughly about the reasons of such rejection.
If you are not satisfied with our response to any of your requests, or if you believe, in general, that our processing of your personal data does not comply with the applicable laws, you have the right to lodge a complaint with the competent supervisory authority in Greece, Cyprus or your place of residence, as per Article 77 of the GDPR.
For Greece:
Hellenic Data Protection Authority (HDPA)
Kifisias 1-3 Av., 115 23, Athens, Greece
+30 210 6475600
For Cyprus:
Office of the Commissioner for Personal Data Protection
Iasonos 1, 1082 Nicosia, Cyprus
+357 22818456
commissioner@dataprotection.gov.cy
- SEVERABILITY
In the event that any provision of this Policy is found to be illegal, invalid or unenforceable, that provision shall be enforceable to the fullest extent permitted by applicable law, and the invalid part thereof shall be deemed not to be part of this Policy. This characterization will not affect the validity and enforceability of the remaining provisions hereof.
- APPLICABLE LAW AND JURISDICTION
This Policy is governed by the GDPR and applicable legislative and regulatory framework for the protection of personal data in Cyprus, without regards to its conflict of laws provisions. Any disputes that may arise from it will be resolved by the competent courts of Nicosia, Cyprus.
- AMENDMENTS
We reserve the right to revise this Policy at any time. For this reason, we invite you to periodically visit this page in order to stay up to date. The date on which this Policy was last revised is displayed at the top of this page.