Privacy Policy



Our Company (“we” or “us”) is committed to protecting the information that you share online, using our Website. We treat the personal data you give to us with care and transparency, acting according to the European Regulation 2016/679 (GDPR) on the protection of personal data and on the free movement of such data and the Greek Legislation.


We encourage you to read this Privacy Policy carefully when using our website or services or transacting business with us. By reading this Privacy Policy, the user is hereby informed on how we collect, process, and protect personal data furnished through our website at


Please read this privacy policy carefully before you start using our website.


By accessing, browsing, and using our website, you confirm that you accept this Privacy Policy. If you do not want your data to be used as set out in this Privacy Policy, you should not use our website. Your use of our Sites, including any orders you place, is governed by our Terms and Conditions and our Cookie Policy. Please take the time to read these, as they include important terms which apply to you.


Who are we?


The data controller of our Site is Mitropoulos & co, G.P., under the Company name Leof. Dimokratias 73  85106 Paradisi – Rhodes. We are authorized by the Greek National Tourism Organization (EOT) with a registry Number ΜΗ.Τ.Ε: 1476E60000008300If you have any questions about how we treat your personal data, please contact  us via email to


This Policy (together with our Terms & Conditions and any other documents referred to in such terms and conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and applies to all of your personal data irrespective of the medium or method by which we obtained/received your personal data.

In this Policy, the term “personal data” means data relating to a living person who is or can be identified either from the data, or from the data in conjunction with other information, that is in, or is likely to come into, our possession, and includes personal data as described in data protection legislation (as defined below).


Please read this Policy carefully. Entering into this website and starting using our website in accordance with the terms of this policy indicates that the user (either “user” or “you”) has reviewed this policy and has agreed to be bound by it as well as our Terms of Use.


Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not own, operate or control the websites of those third parties and as a result, we do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, we encourage you to check their policies before submitting any personal information.


What kind of personal data do we collect and how do we use it?


We fully respect your privacy and we try to be transparent in our policies such as what information we will collect and how we will use your information. Also, we only collect and use individual user details where we are legally entitled to do so or/and when we have a legitimate right to do so, and/or when we operate a contract or when we have a pre-contractual relationship with you.


When you visit our website, we may collect:


  1. Information such as your computer’s IP address, browser type and version, and anonymous information collected from cookies when you are browsing our website. We collect this information to help us understand how to improve our services and our website and its content. We have a legitimate business interest in this processing: to ensure that our website is operating effectively and to provide you with great services and user experience;
  2. We may collect information such as your name, surname, and email address in case you choose to communicate with us using our website’s contact form.
  3. We may ask you for personal information such as your name, surname, passport details, email address, billing address, phone number, your credit card details (name surname of the cardholder, credit card number, CCV, expiry date) and accordingly the personal data of any accompanied persons (if needed) to make travel and other arrangements or dietary information for familiarisation cruises and excursions.

This information will be provided by you when:


– you require more information about our services, activities, or online content

– you want to proceed to a reservation with us in order to fulfill our contract obligations and we have to use this information in order to provide you with the requested services and/or proceed with the necessary arrangements.

– you need to complete and fulfill your purchase, for example, to process and complete your payments, communicate with you regarding your reservation, and provide you with related customer service


Reasons for data collection ( legal basis)


– To fulfill our contractual obligations (reservation, payments etc)

– We have a legitimate business interest to collect this information: to continue to improve the services we provide to you, for statistical purposes, for better user experience, and to answer your questions and requests.

– We have a legitimate business interest to collect images and video footage from the events we organize for you for advertising and marketing purposes.

When we use the legitimate interest as the legal ground for our data processing, we always secure this by performing a balancing assessment, that verifies and balances our interest to process the data versus the individual’s right to privacy.

If you submit any personal information about other people to us or to our service providers (e.g. business colleagues), you represent that you have the authority to do so and to permit us to use their personal information in accordance with this privacy policy.


Images and visual content

We may organize some events for you (i.e. weddings, conferences etc). Part of the terms of conditions of your acceptance to attend these events is your acceptance to be included in photographs, and in doing so you grant to our company the permission to use these photos for legitimate business purposes such as evidencing that the event took place, local or internal publicity or promoting similar events in the future.


How we collect personal data


We may collect personal information from a variety of sources, including:

  • Directly from you or someone acting on your behalf: We may collect the personal information you or someone acting on your behalf shares with us such as your name and your contact details.
  • Through our services: We may collect personal information about you when you use our services, for example, when you make a travel booking or an event reservation.
  • On-site: We may collect the personal information you provide directly to us on-site, such as when you attend one of our events.
  • We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. If you are under the age of 13 then we will need consent from your parent/guardian before you can use our services. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know as soon as possible and we will delete this information immediately.

Data Disclosure

Your personal data may be disclosed to:

  •  public authorities under a legal obligation;
  • our authorized service providers and suppliers who provide services to us such as event planning and organization, website hosting, data analysis, payment processing, order fulfillment, customer service, email delivery, credit card processing, auditing, consulting, and other similar services.
  • Our advisors, which include our accountants, auditors, lawyers, other professional advisors, and business contacts for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;

Our company does not share or sell your personal information with non-affiliated third parties without your knowledge and explicit consent for their own marketing or commercial use.


International transfer of personal data


Your personal data will not be transferred to countries outside the EU.


In case we may need for some reason to transfer such data,  we will only transfer such data in countries that satisfy the adequate or comparable levels of protection in order to protect personal data held in that jurisdiction, and (where we are required to do so) with your consent.


In case personal data is transferred from the EU to outside the EU, we use Model Clauses, ensuring that such data transfers are compliant with applicable privacy legislation.


Linked services, third-party sites, and content


Our website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Policy. We do not accept any responsibility or liability for other sites’ privacy policies. If you access other websites using the links provided, please check their policies before submitting any personal information.


Your rights


As a data subject, you have a number of rights. You can:

  1. a) access your personal data stored at any time. You can also ask for a free copy of this information. Furthermore, the data subject can have access to the following information:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
  1. b) require us to rectify, inaccurate, incorrect or incomplete data; (right to rectification)
  2. c) obtain from us the erasure or the limitation of the data processing, for example where the data is no longer necessary for the purposes of the processing; (right to be forgotten and the right to restriction of processing)
  3. d) receive your Personal Information, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another entity without limitation. (right to data portability)
  4. e) object to the processing of your data where we are relying on our legitimate interests as the legal ground for the processing. (right to object)
  5. f) If you believe that the organization has not complied with your data protection rights, you can file a complaint to the Greek Data Protection Authority (,15048&_dad=portal&_schema=PORTAL)
If you would like to exercise any of these rights, please contact  us at

We are entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular, because of its repetitive character (in this case, if we decide to provide you with the personal data requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to data protection legislation.


To access what personal data is held, identification will be required (see below).

How we protect your personal data

Our company is designed to provide reasonable and appropriate organizational, technical, and administrative measures to protect your personal data against unauthorized or unlawful access, alteration, disclosure, or destruction. We use a secure online transmission procedure, the so-called “Secure Socket Layer” (SSL) transmission, to protect the personal data of our users. You can see this from the fact that an “s” (https://) is added to the address component http://. The SSL encryption guarantees that your data is transmitted in an encrypted and complete way.


We do our best to protect the data, systems, networks, and services. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by contacting us at


For your protection, we will only implement requests with respect to personal information about you (not anyone else), and we may need to verify your identity before implementing your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law. We will try to respond to your requests within 30 working days.

We may need to retain certain information for recordkeeping purposes, as required under applicable legal obligations, and/or to complete any transactions that you began prior to requesting such change or deletion. Some of your information may remain within our systems and other records, in compliance with applicable law.


Data retention period

We will maintain Personal Information for as long as it is necessary to comply with any applicable law(s), or for as long as necessary for the purpose(s) set out in this Privacy Notice or while there is a legitimate business reason for doing so. We will delete Personal Information when it is no longer needed and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject) and, in any case, upon expiration of the maximum storage term set forth by applicable law. In general, your personal data will be retained by us for two years from the last date of contact or transaction.


Cookie Policy


Our website uses cookies. A “cookie” is a small file of letters and numbers that is sent to your computer by a website and automatically saved on your computer by your web browser (e.g. “Internet Explorer”). Each time you request a page from the website, your web browser sends this cookie back to the website server.

You are not obliged to accept cookies. If you wish, you can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to refuse to receive or send all cookies. The website  contains step-by-step guidance on how cookies can be switched off by users.

For more information about our cookie policy visit cookie policy page.


Special categories of personal data


We do not collect sensitive personal data unless you provide us with them along with explicit consent for every related purpose of processing.


Social media login


Our websites and apps provide plug-ins to social media websites, including Facebook, Youtube, and Instagram.

If you make use of, or log in to, the social media features on our websites or apps, we may (depending on your privacy settings) access, use, and store information about you, including, but not limited to: your name, e-mail address, gender, location, profile, picture, contacts, and any other information you have chosen to make available.

To find out more about the reasons and extent to which social media sites collect and process your data, or to change your privacy settings, please refer to your social media provider’s privacy policy.


Updates to this Privacy Policy


We may change this Privacy Policy from time to time. Any changes to this privacy policy will become effective when we post the revised Privacy Policy on our website. Your use of our website services following these changes means that you accept the revised Privacy Policy. We encourage you to periodically review this privacy policy to stay informed about how we collect, use, and share personal information.




If you would like to get in touch with us, please contact:


Rhodian Tours | DMC

Leof. Dimokratias 73, 85106, Paradisi, Rhodes, GREECE

MHTE: 1476E60000008300

Tel. Number: GR +30 2241 122627

UK +44 20 33932052
Mail us: