Privacy Policy
Last Updated: May 19th, 2025
This Privacy Policy informs you about the type, scope, and purpose of the collection and use of personal data when visiting or interacting with our website www.santimaris.com (hereinafter “Website”). Protection of your personal data is important to us, and we process your data exclusively in accordance with the applicable data protection regulations, particularly the General Data Protection Regulation (GDPR).
1. Name and Contact Details of the Data Controller
SANTOTERRA MANAGEMENT P.C.
Vlichada, 84703, Santorini, Cyclades, Greece
+30 699 536 1826
info@santimaris.com
ΤΙΝ: EL802617833
ELGEMI No.: 179655801000
2. Name and Contact Details of the Data Protection Officer
SANTOTERRA MANAGEMENT P.C.
Vlichada, 84703, Santorini, Cyclades, Greece
+30 699 536 1826
info@santimaris.com
ΤΙΝ: EL802617833
ELGEMI No.: 179655801000
3. Data Collection and Processing
We collect and process your data only to the extent necessary to ensure the functionality of this Website and to provide our services, particularly:
| Type of Data | Purpose of Processing | Legal Basis |
|---|---|---|
| Server Log Files and Cookies | Collection of technical data (IP address, browser type, access time) for website performance and security improvements. | Article 6(1)(f) GDPR (legitimate interest) |
| Boat Booking | Collection of personal details (name, contact info, booking date, selected boat) to process the reservation. | Article 6(1)(b) GDPR (performance of contract) |
| Payments | Payment processing through a secure third-party payment provider. We do not store your payment information. | Article 6(1)(b) GDPR (performance of contract) |
| Contact Form | Collection of name, email address, phone number, and message content to respond to your inquiries. | Article 6(1)(b) GDPR (pre-contractual obligations) |
| Google Maps Integration | Use of location data to display maps. This may involve data transfer to Google. | Article 6(1)(a) GDPR (consent) |
4. Use of Cookies
We use cookies to enhance the functionality and performance of the Website. You can control the use of cookies via your browser settings or through the cookie banner on our Website.
For more details, please refer to our Cookie Policy .
5. Data Retention
We retain personal data only for as long as necessary for the fulfillment of contractual and legal obligations, or as required by applicable retention laws.
Regarding the retention of log files, please note that for technical security reasons, particularly to defend against attempts to attack our web server, this data is stored.
At no time will this data be stored together with other personal data of the user, matched with other databases, or disclosed to third parties.
6. Recipients of Data
Personal data may be shared with:
- IT and hosting providers for website operation : Personal data is shared with our IT and website hosting provider, United On Line S.A., which is a company based in Greece, to ensure the secure and effective operation of our website. This includes website functionality, data storage, and technical support. As the hosting provider is located within the European Union, data is processed in accordance with the General Data Protection Regulation (GDPR). On more information on how United On Line processes personal data, please see here.
- Banks/payment providers for transaction handling: Personal data may be shared with banks or authorized payment providers to facilitate and process payment transactions. Please note that the bank acts as an independent data controller for the personal data it processes within its own systems, particularly in relation to payment handling. For detailed information on how your data is processed by the bank, please consult the bank’s own privacy policy, which can usually be found on its official website.
7. Social Media
We use social media platforms, (Instagram), to engage with our audience, share updates, and promote our services. Any information you choose to share with us through these platforms—such as by commenting, messaging, or interacting with our content—may be visible to the public depending on your privacy settings on those platforms. We encourage you to review the privacy policy of Instagram as we do not control how they collect, use, or share your data. Please note that interactions with us on social media are also subject to the terms and conditions and privacy policies of those platforms.
8. Transfer of Data to Third Countries
If personal data is transferred outside of the European Economic Area (EEA), we ensure that appropriate safeguards, such as Standard Contractual Clauses, are in place to protect your data, in accordance with the GDPR.
9. Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. For users in the European Union (EU) and the European Economic Area (EEA), this service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies and JavaScript code to collect and analyze pseudonymized usage data (such as page views, referral sources, browser and operating system details, IP address, and device identifiers), as well as demographic data (e.g. country, city, age, gender, interests) and user interactions on our website (e.g. clicks, scrolling, search terms, and form usage). This data helps us understand how visitors use our website and allows us to tailor our content and advertising to better meet user interests.
The data collected is used to generate aggregated statistics, which do not allow us to identify individual users. We use these insights to optimize our website and deliver targeted advertising campaigns, especially through Google’s advertising services.
Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR Your consent is voluntary and can be withdrawn at any time.
Data may be transferred to countries outside the EU/EEA, in particular the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. Where necessary, Standard Contractual Clauses and additional safeguards are used to ensure compliance with EU data protection standards.
For more information on how Google handles your data, please visit: https://policies.google.com/privacy?hl=en.
10. Your Rights under GDPR
You have the following rights regarding your personal data:
- The right to access your personal data processed by us in accordance with Article 15 of the GDPR. Specifically, you have the right to request information on the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of the right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if not collected from you, and the existence of automated decision-making, including profiling, and if applicable, meaningful information on the details.
- The right to rectification of inaccurate or incomplete personal data stored by us in accordance with Article 16 of the GDPR.
- The right to erasure of your personal data stored by us in accordance with Article 17 of the GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
- The right to restriction of processing of your personal data in accordance with Article 18 of the GDPR, if you dispute the accuracy of the data, the processing is unlawful but you oppose the erasure, we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or if you have objected to the processing pursuant to Article 21 of the GDPR.
- The right to data portability under Article 20 of the GDPR, to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller.
- The right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. Generally, you can contact the supervisory authority in the federal state of our registered office or, if applicable, the authority of your habitual residence or place of work.
- The right to withdraw consent given pursuant to Article 7(3) of the GDPR: You have the right to withdraw any consent previously given for the processing of data at any time, with effect for the future. In the case of withdrawal, we will immediately delete the affected data unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before the withdrawal.
Right to Object
If your personal data is processed by us based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data, provided that this is due to reasons arising from your particular situation. If the objection is directed against the processing of personal data for direct marketing purposes, you have an unconditional right to object without the need to provide a specific situation.
If you wish to exercise your right to withdraw or object, simply send an email to:
info@santimaris.com
11. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to, encryption, firewalls, and secure data storage protocols.
- Technical Measures: We employ advanced security technologies, such as Secure Sockets Layer (SSL) encryption, to ensure that personal data is securely transmitted over the internet. Additionally, we use encrypted databases and multi-factor authentication to protect personal data from unauthorized access.
- Organizational Measures: Access to your personal data is restricted to authorized personnel only. Employees, contractors, and service providers who need access to your personal data to perform their duties are required to comply with strict data protection policies and are trained to handle personal data securely. We conduct regular security audits to ensure that our systems meet the highest standards of data protection.
- Incident Response: In the unlikely event of a data breach, we have a dedicated response team in place to manage the situation. We will immediately inform you and the relevant supervisory authorities of any data breach that may compromise your personal data, as required by applicable data protection laws, including the General Data Protection Regulation (GDPR).
- Regular Reviews and Updates: We regularly review and update our data security policies to ensure that we maintain an optimal level of protection against emerging threats and vulnerabilities.
While we take all reasonable precautions to protect your personal data, please be aware that no method of electronic transmission or storage is completely secure. As such, we cannot guarantee absolute security, but we remain committed to minimizing risks and protecting your personal data to the best of our ability.
12. Automated Decision-Making and Profiling
We do not currently engage in automated decision-making or profiling that significantly affects your rights. If we implement such practices in the future, we will update this Privacy Policy and inform you accordingly.
13. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time in accordance with legal requirements. The most recent version is always available on our Website.
Book your Santorini boat rental today and get ready to live your private Aegean experience!
