whats app
messenger
Privacy Policy

Privacy Policy

Privacy policy
(Effective date: 30.05.2025)

1. Controller

The controller responsible for data processing on this website is: Cretantour – Ioannis Trachanas Address: Papoura, Heraklion, Crete, Greece E-Mail: info@cretantour.com Phone: +30694 009 2952 Website: www.cretantour.com

2. General Information on Data Processing

We process your personal data exclusively within the scope of applicable legal provisions, especially the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as applicable. Personal data means any information relating to an identified or identifiable natural person (e.g., name, e-mail address, IP address).

3. Hosting and Website Operation

Our website is hosted on the platform Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel. Wix stores your data on secure servers within the EU, Israel, and possibly the USA. Israel is considered a safe third country according to the EU Commission’s decision under the GDPR. Wix acts as a data processor and processes data only within the framework of a data processing agreement (Art. 28 GDPR). Wix may have access to usage data but only uses it to provide the website. More information about Wix’s privacy policy: https://de.wix.com/about/privacy

4. Collection and Purpose of Data Processing

We process personal data for the following purposes and on the basis of the following legal grounds:

Purpose:

Contact and communication (e.g., contact form, e-mail, telephone)

Contract fulfillment and bookings

Website usage and statistics

Security measures (e.g., SSL)

Data Examples:

Name, e-mail, phone number, message content

Name, e-mail, phone number,travel data

IP address, browser type,

access time

IP address, connection data

Legal Basis:

Art. 6 (1) (f) (legitimate interest) with consent for tracking Art. 6 (1) (c) (legal obligation)

Art. 6 (1) (a) (consent) or (b) (contract performance) or (f) (legitimate interest)

Contract fulfillment and bookings

Art. 6 (1) (b) (contract)

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve user experience and analyze usage. Technically necessary cookies: Required for website operation (e.g., login status, shopping cart) and set without consent. Functional cookies: For example, to save language settings, possibly also without consent. Analytics and marketing cookies: These track user behavior, e.g., Google Analytics, Meta

Pixel. These cookies are set only after explicit consent via a cookie banner (opt-in). Consent can be revoked at any time. A consent management system ensures that tracking cookies are activated only after consent.

6. Third-Party Services on This Website

To improve our services, we use the following external services that may receive personal data:

  • Google Analytics (statistics & analysis)
  • Facebook/Meta Pixel (marketing &retargeting)
  • YouTube / Vimeo (video embedding)
  • Google Maps (location display)

These providers may process your IP address and cookies. Data transfers to the USA are based on standard contractual clauses (Art. 46 GDPR) and additional safeguards according to the Schrems II ruling (ECJ 2020). Further information is available on the providers’ privacy pages:

7. Bookings and Payment Processing

When you book a tour, we process your data to fulfill the contract (Art. 6 (1) (b) GDPR). For payment processing, we may share data with the following payment service providers, who have their own privacy policies:

8. Contact Form & Communication

When you use the contact form or contact us by e-mail, we store your data to process your inquiry and for follow-up communication. Without your data, we cannot process your request. The legal basis is Art. 6 (1) (a) (consent) or (f) (legitimate interest).

9. Storage Duration

We store personal data only as long as necessary to fulfill the respective purposes or as required by law. For example, booking data are retained for up to 10 years according to commercial and tax law retention obligations and then deleted.

10. Your Rights (Data Subject Rights)

You have the following rights under the GDPR:

  • Right of access to stored personal data (Art. 15 GDPR)
  • Right to rectification of incorrect data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent at any time (Art. 7 (3) GDPR) without affecting the legality of prior processing
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent data protection authority in Greece: Hellenic Data Protection Authority (HDPA) www.dpa.gr

11. SSL or TLS Encryption

This website uses SSL/TLS encryption for security reasons. This ensures that data you transmit to us is encrypted.

12. Liability for Content and Links

Our website contains links to external websites. We assume no liability for their content. At the time of linking, no legal violations were apparent. If we become aware of violations, we will remove such links immediately.

13. Copyright

All content on this website (texts, images, graphics) is protected by copyright. Any use beyond the legal limits requires our written consent.

14. Changes to This Privacy Policy

We reserve the right to update this privacy policy due to legal changes or technical adjustments. The current version is always available on our website.

Last updated: 30.05.2025

Cookie Policy

This website uses cookies and similar technologies (collectively referred to as "cookies") to ensure essential functions, enhance your browsing experience, personalize content, and support analytics and advertising activities.

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They store information that enables your browser to be recognized and helps deliver specific features or services.

2. Types of Cookies We Use

  • Strictly Necessary Cookies These cookies are essential for the website to operate correctly (e.g., for navigation, language preferences, and security features). They are always active and do not require your consent.
  • Functional Cookies These cookies store your preferences and enable enhanced website features. Some may require your consent to be activated.
  • Analytics and Performance Cookies These help us understand how visitors interact with our website (e.g., through tools like Google Analytics or Wix Analytics) so we can improve its functionality and content.
  • Marketing Cookies

These cookies are used to display relevant advertisements based on your browsing behavior, via platforms such as Facebook Pixel or Google Ads.

3. Cookie Consent

When you first visit our website, a cookie banner will appear allowing you to choose which non-essential cookies you wish to accept. Your consent is stored in accordance with Art. 6 (1) (a) GDPR and can be changed or withdrawn at any time through your cookie settings.

4. Third-Party Cookies

Our website may use third-party services that also set cookies, including:

  • Google Analytics
  • Meta (Facebook Pixel)
  • YouTube or Vimeo (for embedded videos)
  • Google Maps

These third parties may transfer data to countries outside the EU, such as the USA. In such cases, transfers are protected by Standard Contractual Clauses under Art. 46 GDPR.

5. Cookie Duration

Cookies may remain on your device for varying periods:

  • Session cookies are deleted when you close your browser.
  • Persistent cookies stay on your device for a longer period (e.g., months or years), depending on their purpose.

6. Managing Cookies

You can manage or delete cookies at any time via your browser settings. Please note that disabling certain cookies may impact the functionality of the website.