MEMPHIS TRAVEL SA is a tourism agency operating in the sector of providing tourist and related services and based in Thessaloniki, 3 Aristotelous Str. 54624 Greece.
In the exercise of its business activities, it processes personal data in full compliance with its obligations and requirements under the General Data Protection Regulation (EU) 2016/679 (GDPR) which establishes the conditions for lawful processing of personal data and enshrines the rights of natural persons in the processing of their data.
The Company processes data of natural persons (Data subjects) that are in any way involved with the Company, including, but not limited to, personal data of clients, suppliers and partners or their representatives in the case of legal persons as well as personal data of its staff, members of the Board, other executives of the Company and its external partners.
The Company processes only such personal data as is strictly necessary to achieve the legitimate purposes for which it collects the data and which the data subjects themselves provide in the context of their contractual relationship with the Company. Among these data may be, but are not limited to, the identity and contact details of the data subjects, data necessary to provide the requested services and their payment, data necessary for the improvement of the services provided by the Company, personal data of the personnel and the executives in the context of the employment contract as well as data that the Company is obliged to process in order to fulfill its obligations according to the tax, employment, commercial or other legislation applicable in each case. These data are only kept for as long as necessary to achieve the purposes of the processing or for as long as it is necessary by the law.
The Company processes the above personal data for the purposes of performing its contractual obligations with regard to data subjects to comply with its statutory obligations or to preserve and protect its legitimate interests in the exercise of its activities and the law.
The Company undertakes that it has fulfilled its obligations under the GDPR and that it has taken all necessary technical and organizational measures for the secure processing of such data.
Access to and processing of data is restricted to specially authorized persons or external partners of the Company who are contractually bound to respect the confidentiality of the personal data they process or have access to in the course of their duties even after their departure or termination of their cooperation with the Company.
In the context of the Company’s activities, data may be passed on to partners or other affiliated companies and only when it is strictly necessary for the performance of those activities, for the provision of its services to its clients and for the general performance of its contractual obligations towards the data subjects. In this case, under the GDPR provisions, partners and affiliates commit to the lawful processing of personal data processed by a confidentiality agreement.
Furthermore, data are not passed on to third parties except for the competent public authorities where required by law, banking institutions for the purpose of making payments or legal advisors of the Company for the purpose of supporting or opposing legal claims.
As part of the provision of the requested services, it may be necessary to transmit personal data outside the European Union. In this case, the transmission is done with the consent of the data subjects or if one or more conditions for the legitimate transfer of personal data outside the European Union are met as provided for in Chapter V of the GDPR.
Data subjects have the right to access their data, as well as the right to rectification, erasure, limitation of processing, portability and objection, provided the more specific conditions set out in Chapter III of the GDPR are met.
For the exercise of these rights and for any other information or questions concerning the processing of your personal data, please contact us.
If you believe that you have not been satisfied after exercising your rights, you may have recourse to the Hellenic Data Protection Authority.