top of page

Privacy policy

(Effective date: 30.05.2025)

​

1. Controller
The controller responsible for data processing on this website is:
Cretantour – Ioannis Trachanas
Address: Papoura, Heraklion, Crete, Greece
E-Mail: info@cretantour.com
Phone: +30694 009 2952
Website: www.cretantour.com


2. General Information on Data Processing
We process your personal data exclusively within the scope of applicable legal provisions,
especially the General Data Protection Regulation (GDPR) and the German Federal Data
Protection Act (BDSG), as applicable. Personal data means any information relating to an
identified or identifiable natural person (e.g., name, e-mail address, IP address).


3. Hosting and Website Operation
Our website is hosted on the platform Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel. Wix
stores your data on secure servers within the EU, Israel, and possibly the USA. Israel is
considered a safe third country according to the EU Commission’s decision under the GDPR.
Wix acts as a data processor and processes data only within the framework of a data processing
agreement (Art. 28 GDPR). Wix may have access to usage data but only uses it to provide the
website.
More information about Wix’s privacy policy:
https://de.wix.com/about/privacy

​

4. Collection and Purpose of Data Processing
We process personal data for the following purposes and on the basis of the following legal
grounds:


Purpose: 
Contact and communication
(e.g., contact form, e-mail,
telephone)

Contract fulfillment and bookings

Website usage and statistics

Security measures (e.g., SSL)

​

Data Examples:

Name, e-mail, phone number,
message content

Name, e-mail, phone number,travel data

IP address, browser type,

access time

IP address, connection data

 

Legal Basis:

Art. 6 (1) (f) (legitimate interest)
with consent for tracking
Art. 6 (1) (c) (legal obligation)

Art. 6 (1) (a) (consent) or (b)
(contract performance) or (f)
(legitimate interest)

Contract fulfillment and
bookings

Art. 6 (1) (b) (contract)

​

5. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to improve user experience and analyze usage.
Technically necessary cookies: Required for website operation (e.g., login status, shopping
cart) and set without consent.
Functional cookies: For example, to save language settings, possibly also without consent.
Analytics and marketing cookies: These track user behavior, e.g., Google Analytics, Meta

Pixel. These cookies are set only after explicit consent via a cookie banner (opt-in). Consent
can be revoked at any time.
A consent management system ensures that tracking cookies are activated only after consent.


6. Third-Party Services on This Website
To improve our services, we use the following external services that may receive personal data:

  • Google Analytics (statistics & analysis)

  • Facebook/Meta Pixel (marketing &retargeting)

  • YouTube / Vimeo (video embedding)

  • Google Maps (location display)

  • Wix Analytics (visitor statistics)

These providers may process your IP address and cookies. Data transfers to the USA are based
on standard contractual clauses (Art. 46 GDPR) and additional safeguards according to the
Schrems II ruling (ECJ 2020).
Further information is available on the providers’ privacy pages:

​

7. Bookings and Payment Processing
When you book a tour, we process your data to fulfill the contract (Art. 6 (1) (b) GDPR).
For payment processing, we may share data with the following payment service providers, who
have their own privacy policies:

​

8. Contact Form & Communication
When you use the contact form or contact us by e-mail, we store your data to process your inquiry
and for follow-up communication. Without your data, we cannot process your request. The legal
basis is Art. 6 (1) (a) (consent) or (f) (legitimate interest).


9. Storage Duration
We store personal data only as long as necessary to fulfill the respective purposes or as required
by law. For example, booking data are retained for up to 10 years according to commercial and tax
law retention obligations and then deleted.

​

10. Your Rights (Data Subject Rights)
You have the following rights under the GDPR:

  • Right of access to stored personal data (Art. 15 GDPR)

  • Right to rectification of incorrect data (Art. 16 GDPR)

  • Right to erasure of your data (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to object to processing (Art. 21 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent at any time (Art. 7 (3) GDPR) without affecting the legality of prior processing

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent data protection authority in Greece:
Hellenic Data Protection Authority (HDPA)
www.dpa.gr


11. SSL or TLS Encryption
This website uses SSL/TLS encryption for security reasons. This ensures that data you transmit to
us is encrypted.


12. Liability for Content and Links
Our website contains links to external websites. We assume no liability for their content. At the time
of linking, no legal violations were apparent. If we become aware of violations, we will remove such
links immediately.


13. Copyright
All content on this website (texts, images, graphics) is protected by copyright. Any use beyond the
legal limits requires our written consent.


14. Changes to This Privacy Policy
We reserve the right to update this privacy policy due to legal changes or technical adjustments.
The current version is always available on our website.


Last updated: 30.05.2025

​

​

​

Cookie Policy

​

This website uses cookies and similar technologies (collectively referred to as "cookies") to ensure essential functions, enhance your browsing experience, personalize content, and support analytics and advertising activities.

​

1. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They store information that enables your browser to be recognized and helps deliver specific features or services.

2. Types of Cookies We Use

  • Strictly Necessary Cookies
    These cookies are essential for the website to operate correctly (e.g., for navigation, language preferences, and security features). They are always active and do not require your consent.

  • Functional Cookies
    These cookies store your preferences and enable enhanced website features. Some may require your consent to be activated.

  • Analytics and Performance Cookies
    These help us understand how visitors interact with our website (e.g., through tools like Google Analytics or Wix Analytics) so we can improve its functionality and content.

  • Marketing Cookies
    These cookies are used to display relevant advertisements based on your browsing behavior, via platforms such as Facebook Pixel or Google Ads.

3. Cookie Consent

When you first visit our website, a cookie banner will appear allowing you to choose which non-essential cookies you wish to accept.
Your consent is stored in accordance with Art. 6 (1) (a) GDPR and can be changed or withdrawn at any time through your cookie settings.

4. Third-Party Cookies

Our website may use third-party services that also set cookies, including:

  • Google Analytics

  • Meta (Facebook Pixel)

  • YouTube or Vimeo (for embedded videos)

  • Google Maps

These third parties may transfer data to countries outside the EU, such as the USA. In such cases, transfers are protected by Standard Contractual Clauses under Art. 46 GDPR.

5. Cookie Duration

Cookies may remain on your device for varying periods:

  • Session cookies are deleted when you close your browser.

  • Persistent cookies stay on your device for a longer period (e.g., months or years), depending on their purpose.

6. Managing Cookies

You can manage or delete cookies at any time via your browser settings. Please note that disabling certain cookies may impact the functionality of the website.

​

bottom of page