superfast_ferries_mini_logo blue_star_ferries_mini_logo hellenic_seaways_mini_logo anek_mini_logo
FAQ ΕΛ

Notification regarding the Processing of Personal Data for SEASMILES


PRIVACY NOTICE

Notification concerning the Processing of Personal Data


Introduction 

We would like to assure you that for ATTICA HOLDINGS S.A. ("Attica Group") the protection of our customers' personal data is of paramount importance. That is why we are taking appropriate measures to protect the personal data we process and to ensure that the processing of personal data is always carried out in with the obligations established by the legal framework, both by the company itself and by third parties processing personal data on behalf of the company. 


Data Controller – Data Protection Officer (DPO)

Attica Group, whose registered office is in Kallithea at the junction of 1-7 Lysikratous St. & Evripidou St., GR-17674, email: ir@attica-group.com, tel.:+30 210-8919500, would like to inform you that, for the purpose of carrying out its business activities, it processes the personal data of its customers in accordance with the applicable national legislation and Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter the “Regulation”) as in force. 

For any matter related to the processing of personal data, please contact the Data Protection Officer (DPO) directly by email at the email address DPO@attica-group.com or by letter to the aforementioned postal address of ATTICA HOLDINGS S.A. 


How and why do we use your personal data?


1. REGISTRATION FOR ATTICA GROUP'S SINGLE SIGN ON

To register as a user of Attica Group's integrated digital environment in order to connect and interact with all of our services as a registered user. In the future, you will have access to various pieces of information related to the use of the services we offer you, such as the history of your bookings and transactions, your scheduled trips –with the possibility to amend or cancel them–, the transactions you have made with  your Seasmiles card if you are a member of the loyalty and reward programme (such as ticket check-ins, purchases on board ships, Seasmiles redemption) and your current status in the programme (your tier and your Seasmiles balance), any requests you have submitted, their progress, and wider travel services we offer in partnership with third parties, as well as offers related to our services, whether general or tailored to your specific preferences, depending on your interests.

What personal data do we collect for the purpose of registration? 

Identification and contact details such as your name-surname, date of birth, email and mobile phone number.


2. PROMOTION OF PRODUCTS AND SERVICES

To inform know about our news and offers. If you have consented to this in accordance with the specific requirements of the legal framework, we will, as appropriate, send you promotional messages about our travel services, updates and offers from Attica Group, about offers from and/or routes covered by Attica Group companies (such as Blue Star Ferries, Superfast Ferries, Hellenic Seaways, Attica Blue Hospitality) and/or third party partner companies, such as local businesses on the islands, other transport services (e.g. taxis, car rentals, airlines), insurance products relating to your trip, and the network of partners in the Seasmiles programme, to improve your customer experience. More specifically, if you choose to receive personalised promotional measures, this includes using your personal data in the following ways:

  • User Profiling

We use algorithms and analytical tools to create categories or profiles, including but not limited to: (e.g. frequent travellers, travellers interested in specific destinations such as the Cyclades, customers who prefer special offers, families, young people, couples, pet owners, etc.) we also examine whether you have a vehicle, whether you make reservations well in advance, whether you primarily use websites or mobile apps, which communication channels you prefer, and your behaviour in general as shown by your interactions with us (bookings, visits to our websites, etc.) based on the personal data you provide to us directly or indirectly. The data we use includes but is not limited to your name, surname, email, phone number, date of birth, booking details (ports, dates, type of tickets, passengers, vehicles, seats, cabins), purchases made via the loyalty programme and general preferences for services offered during your entire trip, whether on board or at your destination, as well as your habits. In addition, we take into account your online behaviour on our websites and apps. Based on that, each user is placed in one or more dynamic categories which are created depending on your interactions with us.

  • Targeted marketing based on your user profile 

Various categories of user are created and these categories are then associated with specific marketing strategies such as special offers, new products and special preferences tailored to your profile. 

  • Analysis of marketing data

We use your information to better understand how you browse and use our platforms, what products you are interested in, and what features you prefer. This helps us improve the quality of our services and ensure that your overall experience is functional and satisfying. This analysis improves marketing communication and personalizes your experience across all our channels, including customer satisfaction surveys.

  • Data analysis and data improvement

By analysing your data and your profile, we create models that help us analyse and predict trends. This allows us to provide accurate, relevant services based on your needs and preferences.  


What personal data do we collect for this purpose?

A. Personal Data you provide directly to us

  • Identification and contact details such as your name-surname, gender, date of birth, email and mobile phone number provided when you register on our portal, our corporate websites and our mobile applications.
  • Demographic data such as country, city, area (postcode) and language preference based on the registration form on the Seasmiles website, individual brand websites and our mobile applications.  
  • Data provided by you when making bookings either on the websites of our Group's brands or on our mobile applications such as data about each booking, booking number, date of purchase, number of tickets, booking line-up (such as the number of children, infants, pets) or data about each ticket, the ports of arrival and departure, the date and time of departure and arrival, the name of the vessel, the passenger (s) details, the type of seat, the type of cabin, the type of passenger, the type of vehicle, the type of discount, the ticket number, the ticket fare, whether the Seasmiles card was used, the unique ID for permanent residents of the islands. Moreover, data related to your consumption on board which is provided when purchasing products from the on-board shops (such as wifi access purchases). Information such as your booking history, future scheduled trips, the Seasmiles tier you have been placed at and your specific Seasmiles status, your preferences for specific special offers, destinations and special offers from our partners will be used to tailor our special offers accordingly to suit your preferences.


B. Personal Data we automatically collect about you

  • When you visit our website and use our applications, certain information is collected via cookies, pixels, SDKs and/or javascript code, such as information about bookings not completed, the pages and number of pages you visited before making a purchase, the time you spent browsing each page, and the browsing device (desktop, mobile), the words you searched for, destinations of interest, the succession of certain events such as the option to create an account, the option to pay when browsing, the sequence of pages you visited and on which page you ended your browsing session, the searches about a trip that you saved, and the completed booking process steps and the point at which you dropped out of the process. For more information about how cookies are collected and used, see our Cookies Policy. In all events, we identify the types of cookies before they are used and only activate them if you provide us with your consent for this in accordance with the applicable law.


3. REGISTRATION FOR THE SEASMILES LOYALTY PROGRAMME

ATTICA GROUP processes personal data in the context of the Seasmiles customer loyalty programme, such as the data provided during registration, and the data generated by the use of the membership card during participation in the programme (ticket purchase data and data arising from onboard purchases and/or consumption upon presentation of  the membership card, which correspond to certain miles, and then classify the members in similar tiers in accordance with the terms and conditions of the programme):

1) to implement the terms of the Seasmiles loyalty programme and to provide the services and privileges associated with membership. 

2) to comply with our legal obligations, such as when the relevant data is requested by the tax authorities in connection with  audits or to comply with our obligations and protect our legitimate interests, such as in cases before regulatory, administrative or judicial authorities, and to ensure that the member is an adult natural person and the terms and conditions for the provision of the service they accepted are met.

It is noted  that providing personal data to register for the Seasmiles loyalty programme is a requirement for entering into the relevant contract.


4. ADDITIONAL PROCESSING PURPOSES OF ATTICA GROUP

  • We also process personal data to communicate with you and manage our relationship with you 
  • We may need to contact you by email or telephone for administrative purposes, such as via the contact form on the www.attica-group.com website, to respond to a question or comment you may have.
  • We also process personal data to comply with our legal obligations 

or example, when we collect information to brief shareholders and potential investors, when we publish accounting statements, financial results and other published transactions of our company in the General Commercial Register, and when we fulfil tax or other corporate obligations arising from the fact that ATTICA HOLDINGS S.A. is listed on the Athens Exchange Group .


What are the legitimate grounds for processing your personal data?

The personal data you provide to us with will only be processed ifwe have legitimate reasons to do so. 


Legitimate grounds for processing your personal data are: 

(a) providing you with the services you have requested and wish to receive from us and consequently we process personal data to discharge our obligations in this context, and to provide information when you submit questions or comments via the form on the www.attica-group.com website

(b)the  consent provided by you under the specific conditions established by the legal framework, in order to receive updates/notifications (which may also be personalized) if you have chosen to do so through our various communication channels, on the products, services and special offers of  Attica Group, or about the special offers and/or routes of companies of Attica Group (Blue Star Ferries, Superfast Ferries, Hellenic Seaways, Attica Blue Hospitality) or third party partner companies; 

(c) safeguarding and protecting our legitimate interests in analyzing marketing data, consolidating information about you as a user, carrying out statistical analyses about bookings, and drawing conclusions about the quality of our services on the basis of customer satisfaction surveys.

(d) implementing the contract to provide services and privileges to members of the Seasmiles customer loyalty programme who are rewarded with miles and privileges based on the purchases made.

(e) complying with a legal obligation, such as tax obligations in the context of the Seasmiles programme or when we collect information to inform shareholders and potential investors by publishing accounting statements, financial results and other published transactions of our company in the General Commercial Register, and when we discharge tax or other corporate obligations arising from the fact that ATTICA Group is listed on the Athens Exchange Group.

 Users of Attica Group's integrated digital environment and members of the Seasmiles programme may choose the communication channels used by Attica Group through which they wish to receive updates and/or request online to be removed from marketing communications be terminated by sending an email to the email address dpo@attica-group.com from the email address associated with their account. Moreover, members may opt- out of receiving commercial communications by clicking the "Unsubscribe" option at the end of each electronic communication they receive.

 In addition, we would like to inform you that in connection with these processing activities, no personal data is transferred to third countries outside the EEA.


Where we transfer personal data?

Attica Group transfers personal data to third parties with whom it collaborates or to whom it assigns the processing of personal data on its behalf as appropriate, such as: consulting companies that undertake the task of defining strategies and customer data usage metrics, analytics companies specialised in analysing large quantities of data, technical support companies or project implementation companies for the purpose of managing and using data, cloud data storage companies, advertising companies/platforms or social media providers so we can send our customers personalised updates. 


For the data necessary to fulfil each of the above mentioned processing purposes related to the Seasmiles loyalty programme and within the scope of each recipient’s duties, the recipients of the member's data may be:

  • tax, audit, judicial, regulatory, or other authorities in the case of an audit: ATTICA GROUP may share members' information with relevant agencies, law enforcement agencies, public authorities and other third parties, where it is permitted to do so by law, for the purpose of preventing or detecting criminal offences, to provide customer account details, etc.
  • An external partner, if and when necessary, who provides technical support for the proper operation of the management platform used in-house for the loyalty programme.

In the context of Attica Group's additional processing purposes (see point 4 above), Attica Group would like to inform you that it discloses your personal data to public authorities and law enforcement agencies when this is necessary to fulfil the company's tax and corporate obligations, in accordance with the above (e.g. the obligation to disclose information when an inspection/audit is being carried out by Hellenic Capital Market Commission).

In such cases, Attica Group remains responsible for the processing of your personal data and specifies the details of the processing, and will enter into a specific contract with the partners in charge of carrying out the processing activities, in order to ensure that the processing is carried out in accordance with the legal framework in force and that every natural person can freely and without hindrance exercise the rights conferred on them by the legal framework 


Personal Data Retention Period 

The length of the personal data retention period will be determined on the basis of the following specific criteria, as appropriate:

When processing is required as an obligation under provisions of the applicable legal, your personal data will be retained for as the period required by the relevant provisions.

When processing is based on a contract, your personal data will be kept for as long as is necessary for the performance of the contract and for the establishment, exercise, and/or support of legal claims under the contract. 

The period for which your personal data will be stored in connection with the provision of the Seasmiles programme for as long as the programme is provided to you, until the member requests to  be removed from the programme, or for as long as may be necessary to establish, exercise and/or defend our legal claims under a contract.

For purposes of promoting products and services (marketing activities), your personal data will be retained until your consent is withdrawn. You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent during the period prior its withdrawal. 

To withdraw your consent, please contact Attica Group's Data Protection Officer (DPO) by email at: DPO@attica-group.com. You may also use the "Unsubscribe" option by clicking on the relevant link in all electronic communications from us.


What are your rights with respect to your personal data?

Any natural person whose data is being processed by Attica Group enjoys the following rights: 


Right of access: 

You have the right to know and verify the lawfulness of the processing. Thus, you have the right to access the personal data and obtain additional information concerning its processing. 


Right to rectification: 

You are entitled to examine, correct, update or amend your personal data by contacting the Data Protection Officer (DPO) at the above contact details. 


Right to erasure:

You have the right to request the erasure of your personal data when we process it on the basis of your consent or in order to protect our legitimate interests. In all other cases (for example, where there is a contract, a legal obligation to process personal data, public interest), this right is subject to specific restrictions or does not exist, as the case may be.


Right to restrict  processing:

You have the right to request a restriction of the processing of your personal data in the following cases: (a) if you dispute the accuracy of the personal data and until verification takes place; (b) when you object to the erasure of personal data and request the restriction of their use instead of erasure; (c) when the personal data are not necessary for processing purposes but are necessary for the establishment, exercise and support of legal claims; and (d) when you object to the processing and it is verified that there are legitimate reasons that concern us and override the reasons for which you object to the processing.


Right to object to processing: 

You have the right to object at any time to the processing of your personal data in cases where, as described above, it is necessary for the purposes of the legitimate interests we seek to pursue as controllers. The controller may no longer process the personal data unless they demonstrate a compelling legitimate interest for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

You also have the right to object at any time to the processing of personal data for the purposes of direct marketing and consumer profiling.

 

Right to withdraw consent:

When processing is based on your consent, you have the right to withdraw it freely, without affecting the lawfulness of processing based on you consent prior to its withdrawal. 

 In order to exercise any of the above rights, please contact us by e-mail at DPO@attica-group.com or via letter sent to the above postal address.


Right to portability:

You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them through commonly used editing methods. You also have the right to ask us, if technically feasible, to transfer the data directly to a different controller. Your right to do so applies to the data that you have provided to us and that is being processed by automated means based on your consent or performance of a relevant contract.

To exercise any of these rights you can contact the Data Protection Officer by sending an email to the email address DPO@attica-group.com or a letter to the aforementioned postal address of ATTICA HOLDINGS S.A.


Right to lodge a complaint with the HDPA

You have the right to file a complaint with the Hellenic Data Protection Authority ( HDPA) (www.dpa.gr) via its portal https://eservices.dpa.gr/by filling out the appropriate online form depending on the type of complaint.


Personal Data Security

ATTICA GROUP applies appropriate technical and organisational measures to secure the processing of personal data and to prevent the accidental loss or destruction and unauthorised and/or unlawful access to, use, modification or disclosure of personal data. In any event, the manner in which the Internet functions and the fact that it is freely accessible by anyone cannot guarantee that unauthorised third parties will never be able to violate the technical and organisational measures applied, gaining access and potentially using personal data for unauthorised and/or unlawful purposes.  

This Privacy Notice was updated in December 2024. We reserve the right to update this Privacy Notice whenever that is considered necessary in order to reflect any change in the way we process your personal data or any change in the legal framework. In the event of such an update, we will post the most recent version of the Privacy Notice on this page. Changes will be effective upon posting.