Privacy Policy

pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679

The Swan Hellenic website (hereafter called “website”) is used by consumers and retail partners of Swan Hellenic to collect and process information, including some personal information, about the customer themself. The personal data processing is carried out in accordance with the principles of the Regulation (EU) 2016/679 (the General Data Protection Regulation, hereafter “GDPR”).

Independent Data controllers

The personal data processing carried out on this website is mainly for the purpose of information about Swan Hellenic cruises and booking such cruises by the Travel Agencies and customers that may use the webiste for processing the personal data of customers.

All travel agencies and entities external to Swan Hellenic acting as business partners are independent data controllers of the data they process once they manage their clientele independently as well as their cruise preferences being able to choose from other cruise companies for example and are not in any way controlled by Swan Hellenic.

The website is centrally managed by Swan Hellenic Limited UK based in 60 Petty France, London, SW1H 9AJ

Personal data categories

The personal data managed through the Website includes common personal data (e.g.: name, surname, contact details) and financial data (card details, payment details) of the customers and of the business partners, that are collected for the purposes of booking cruises and obtaining information about the cruises offered by the Swan Hellenic and for linked third parties offering similar services. Customers may agree by ticking the box to give their consent to receive information about Swan Hellenic as well as from partners of Swan Hellenic and affiliates offering similar services (opt-in)

Legal basis of data processing

The personal data is collected and processed in accordance with the applicable privacy laws. For the purposes of receiving information about or booking a cruise, the consent of the data subject is not necessary, given that the processing is carried out:

• In order to take steps prior to entering into a contract, in accordance with article 6.1.b of the GDPR;
• For the performance of a contract and of the related obligations, in accordance with article 6.1.b of the GDPR;
• For the execution of obligations and duties (administrative, fiscal, financial, etc.) in accordance with the legal obligations of the respective Data Controller, in accordance with article 6.1.c of the GDPR.
• Providing the personal data for the above-mentioned purposes is not mandatory, however, in the absence of such data, the Data Controllers may not be able to perform the agreement.
• When consumer or business partners sign up to receive our Swan Hellenic newsletters, containing insights, tips, current promotions or travel agent information we firstly obtain their consent which is logged in our internal databases and can be revoked at any time.

Method of data processing

The data processing is carried out in such a way as to guarantee the security and privacy of the information

Furthermore, the data will be:

• Processed in a lawful and fair manner;
• Collected and registered for specific and lawful purposes, and used in other processing activities only to the extent that such activities are compatible with the initial purposes for which the data were collected;
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

Diffusion of personal data

The personal data processed on the website could be transmitted to third parties, in particular:

• Swan Hellenic Companies, duly appointed “data processors” in accordance with article 28 of the GDPR;
• Banks and insurance institutes that provide functional performance for the purpose above indicated, as autonomous data controller;
• Suppliers of goods/services, insofar as the data is strictly necessary for the performance of the requested business activity, duly appointed “data processors” in accordance with article 28 of the GDPR;
• Company consultants (duly appointed “data processors” in accordance with article 28 of the GDPR), where the communication of data is strictly necessary due to fiscal, administrative or contractual reasons;
• Authorities, institutions and/or subjects to whom the data needs to be communicated in accordance with applicable laws or orders from relevant authorities; such authorities, institutions and/or subjects operate as independent data controllers.

The personal data processed on the Website will not be object of diffusion.

Non-EU countries data transfer

The personal data are stored on a server located within the European Union In case data are transferred to a country outside the EU, an adequate level of protection will be ensured in accordance with the articles 46-49 of the GDPR.

Data retention period

The personal data will be stored on the website’s database for the period of time strictly necessary to fulfil the purposes for which they have been collected, as indicated above, and in accordance with the principles of limitation of storage and data minimisation contained in articles 5.1.c and 5.1.d. of the GDPR.

The Data Controllers may be required to store some data after the performance of the contract in order to fulfil regulatory, administrative or legal duties, in accordance with applicable laws. The data retained for such reasons will be processed in accordance with the principles of the GDPR and will be deleted, destroyed or anonymised as soon as possible after the above duties have been fulfilled. The maximum period of data retention in the website is one week, after which they will be deleted from the database.

Data subject rights

Swan Hellenic have appointed a Data Protection Officer (DPO) and appropriate means to process Data Subject Requests (DSRs), which can be reached in this link.

In accordance with articles 15-22 of the GDPR, the data subject has, at any time, the right to:

• Obtain access to his/her personal data;
• Request the rectification or deletion of personal data or the restriction of data processing;
• Oppose the treatment of personal data;
• Receive his/her personal data in a structured format of common use and readable by an automatic device;
• File a complaint with the relevant data protection authority (taking into account the place of residence of the data subject or the place of supplying of the services), in accordance with article 77 of GDPR, if he/she believes that the processing of personal data is in violation of the GDPR.

Notwithstanding the right of the data subject to oppose the processing of some or all of his/her personal data, the Data Controllers reserve the right to evaluate the request, which will not be accepted in case the legitimate reasons of the Data Controllers prevail over the rights and interests of the data subject.