Reset Password

Your search results

iTRIP.GR PRIVACY POLICY

Last update: Aug 7, 2024

In itrip.gr we are committed to protecting the privacy of our customers and their guests, we assume with the utmost rigor our responsibility with respect to the security of the information of our clients and their guests. We will be clear and transparent about the information we are obtaining and about what we will do with that information.

This policy establishes the following:

  • What personal data we obtain and treat in relation to you as a client and your guests, your use of our website (www.itrip.gr) and our application for the management of passenger entry parts (www.itrip.gr) .
  • Where do we get that data?
  • What  we do with that data.
  • How we store them.
  • To whom we transfer / disclose that data.
  • How we manage your data protection rights.
  • And how we comply with the regulations on data protection.

All personal data is obtained and processed in accordance with the data protection laws of Greece and the EU.

Responsible for data processing

In this policy, «itrip.gr» (which in this document is mentioned as «we», «us», «our / as / s», «iTRIP.GR» ) refers mainly to iTRIP.GR, LIGHT AGE S.A , the company that owns and provides the itrip.gr service, for the management of passenger entry parts in tourist accommodation. 

What personal information do we obtain from our clients?

The term «Client» refers to any owner or manager of tourist accommodation used by iTRIP.GR for the management of their passenger entry parts, in compliance with their legal obligation regarding Books-Registration and Passenger Entry Parties. The term «Client» will apply both to those users subscribed to iTRIP.GR, and to those users who register for the free 1-month trial.

By «personal data» of our clients we understand any information related to you that allows us to identify both you and the accommodations that you register and configure in iTRIP.GR.

We will obtain your personal data and those of your accommodations in two ways. The first when you provide them during registration on the website iTRIP.GR(www.iTRIP.GR), either in the «1 month trial» mode or in the «subscription» mode. The second when you configure your accommodations in the iTRIP.GR application (www.iTRIP.GR), or when you modify your personal data in the iTRIP.GR application (www.iTRIP.GR).

Specifically, we can obtain the following categories of information:

  1. Contact information. Name, surname, tax identification number, email, telephone number, address for billing purposes.
  2. For each accommodation that you manage in iTRIP.GR. Type of accommodation, name of accommodation, municipality, address and province in which the accommodation is located, name of the police body to which the information of their guests will be sent, namely National Police, Civil Guard the access data to their applications of creation and communication of passenger parts or police files, category of accommodation, registration code in the register of accommodation of the Autonomous Community to which it belongs, current number of entry of traveler or record police of the accomodation, and file number of sending sequence.
  3. Communications. The communications you exchange with us or direct us by letter, email, chat service, calls and social networks.

What personal information we obtain from our clients’ guests?

With the term «Guest» or «Traveler» means any natural person lodging by a «Client» of iTRIP.GR , and whose part of entry of travelers and notification to the corresponding police body is made, or intends to perform, with the application iTRIP.GR(www.iTRIP.GR), within the framework of the fulfillment of the legal obligation of the client of iTRIP.GR in the matter of Books-Registration and Entry Parties of travelers.

By «personal data» of a guest we understand any information related to the guest that is necessary to cover the entry of travelers or police record, for your signature, and sometimes to communicate with him a priori to request the completion and signature of the data of the police card or entry part of travelers, or to send the contract or document of conditions of admission in the case in which it is generated.

We will obtain the personal data of the guest when they are introduced either by the owner or manager of the accommodation or by the guest itself in the forms of the application iTRIP.GR(www.iTRIP.GR).

Specifically, we can obtain the following categories of information:

  1. Email. The guest’s email can alos be obtained when the owner or manager of the accommodation enters it in the iTRIP.GR application for sending the link to the web form to the guest, in which the guest will enter the necessary personal data to complete the entry part of travelers or police record. In addition, the guest’s email will be obtained when the owner or manager of the accommodation, or the guest himself, enters it in the iTRIP.GR application for the delivery of a rental contract or admission document.
  2. Handwritten signature on touch screen. Since the entry parts of travelers or police files must be signed by the guest. iTRIP.GR  may request a handwritten signature on the touch screen of the electronic device in which the iTRIP.GR  application (www.iTRIP.GR) is being used, typically a mobile phone or a tablet. The graphic representation of the guest’s signature is entered in the passenger entry or police record section. The data referring to the X, Y coordinate, and to the temporary reference of the signature lines, are entered encrypted as metadata of the passenger entry or police file, to avoid reuse by third parties. Encryption consists of an encryption with the public key of a recognized or qualified electronic certificate issued to the controller (iTRIP.GR).
  3. Communications. The communications that the guests exchange with us or direct us by letter, email, chat service, calls and social networks.
  4. Photographs of ID cards or passports during in-person check-in. iTRIP.GR in-person check-in is the procedure for capturing guest data and signatures in their presence. With the fourfold objective of a) ensuring the accuracy of guest reports and which is the basis for the legitimacy of this processing), b) improving compliance with regulations, c) advancing digital transformation and d) saving guests time and providing them with a better service, our customers have the option of using the camera on their mobile device, or a desktop scanner or multifunction device, to obtain an image of the guest’s identification document and automatically complete the report, as opposed to slow manual data entry. iTRIP.GR will not store or distribute the images of these documents, but will simply use them to extract the guests’ personal data and comply with the registration obligations established in the regulations. Once this task is completed, which takes only a few seconds, iTRIP.gr will automatically delete these images.
    For iTRIP.GR customer to be able to use this automatic data capture functionality from an image of the ID card or passport, the guest must accept this privacy policy in the iTRIP.gr application by selecting the corresponding checkbox. If the guest refuses to have an image of their identification document taken, the iTRIP.gr customer must fill in the data form using the keyboard, based on the identification document shown by the guest.
  5. Photographs of ID cards or passports during online check-in. iTRIP.GR online check-in is a pre-registration or pre-check-in option that aims to offer guests a better service and streamline the registration process by capturing in advance the personal data of guests required by the regulations on guest registration. In online check-in, guests access a iTRIP.GR web form where they can enter their personal data and sign comfortably and in a few seconds. In the web form, iTRIP.gr shows them a direct link to this privacy policy, as well as a checkbox for the guest to accept it. If they do not accept it, iTRIP.GR will not store or communicate any of the data entered by the guest, it will simply be discarded.
    In order to comply with the obligation which is the basis for the legitimacy of this processing, and which establishes that the establishment shall be «responsible for the accuracy of the data recorded in them (referring to guest reports), so that they coincide with the documents or systems that accredit the identity of the persons, which must be shown or provided by the users of these services», iTRIP.GR customers can configure iTRIP.GR online check-in links so that iTRIP.gr asks the guest to attach photographs of their identification document during online check-in. In these cases, if guests do not wish to provide photographs of their identification documents, they must ask the establishment either for an online check-in link that does not require attaching such photographs, or indicate to the establishment that they prefer to check in in person upon arrival at the establishment.
    In the event that the guest provides such images of their documents, iTRIP.GRwill send the photographs to the email address of the iTRIP.gr customer who manages the accommodation, so that they can verify the identity of the guests and the accuracy of the data provided, and, in case the iTRIP.gr customer does not receive or accidentally deletes the images received by email, iTRIP.gr will store them on its servers for a maximum of 5 calendar days, so that they can be consulted by the establishment, and will ALWAYS delete them after this maximum period. If the customer deletes this data before the 5 days, or if the guest expresses their desire to delete it, iTRIP.gr will delete it without waiting for the 5-day period.

 

For what, why and for how long we use the personal data of our clients

The data of our clients and guests can be used for the following purposes:

  1.  Provide the guest registration service according to the Greek law for which iTRIP.gr has been created, mainly the creation of passenger entry parts or police files in PDF format according to the standard format established by the competent authority, sending it to the e-mail to its custody as established by the regulations on book-registration and passenger entry parts, the sending of the required data to the passenger registration application of the corresponding police body, be it Civil Guard, National Police, as well as its storage in the iTRIP.gr database so that the manager or owner of tourist accommodation can obtain copies of the entry parts of travelers or police files if at any time he needs them.
  2. Contact our clients for the submission of guides or recommendations for use, information on new features of iTRIP.gr, information on resolution of incidents, sending invoices, or sending notifications relating to the use of the iTRIP.gr application, such as after completion of the information of the part of travelers on the part of a guest. These communications are not for commercial purposes.
  3. Contact with our clients to notify possible changes in the conditions of the service iTRIP.gr or sending of information related to the subscription. These communications may have commercial purposes.
  4. Administrative or legal purposes. We use the personal data of our clients to perform statistical and marketing analysis, check systems, conduct customer surveys, carry out maintenance and development operations, or to resolve a dispute or claim. Keep in mind that we can carry out the elaboration of data profiles based on the data that we have obtained from you with the purpose of developing statistical and marketing analysis. Any profiling activity will be carried out only with your prior consent and doing everything possible to ensure that all the data on which it is based are correct. By providing us with any personal information, you, as a customer, explicitly accept that we can use it to carry out activities of profiling in accordance with the provisions of this Privacy Policy.
  5. Communications with the customer service. We use our clients’ data to manage our relationship with them as our clients and to improve our services and their experience with us.
  6. Marketing. From time to time we will contact our customers through electronic communications to provide information regarding promotions to access the iTRIP.gr service or possible provision of new services or features of iTRIP.gr. In all electronic communications that we send you will have the opportunity to indicate that you no longer wish to continue receiving our direct marketing material.
  7. We will only treat the personal data of our clients when we have legal bases to do so. The legal bases will depend on the reasons why we have obtained them and why we need to use your personal data. In most cases we will need to process the personal data of our clients to be able to subscribe our contract with them, and to be able to fulfill the functions of iTRIP.gr, fundamentally the creation of entry parts of travelers, sending to the corresponding police body, and sending of the part in PDF format the email of our clients.

We can also treat the personal data of our clients for one or more of the following reasons:

  • To comply with a legal obligation that requires us.
  • Because the client has accepted that we use your personal data (for example, for purposes related to marketing).
  • To satisfy our legitimate interests in our operation as providers of the iTRIP.gr service, for example, for administrative purposes.

We will not keep the data of our clients for more time than strictly necessary to meet the purposes for which they are being treated. To determine the appropriate retention period, we will take into account the amount, nature and confidentiality of the personal data, the purposes for which we treat them and whether we can achieve those purposes through other means.

We must also take into account the periods during which it may be necessary to retain personal data to comply with our legal obligations or to resolve complaints or queries and protect our legal rights in case of a claim.

When we no longer need the personal data of our clients, we will eliminate or destroy them in a secure way. We will also consider if, over time, we can reduce the personal data we use and how we can do it, and if we can anonymize your personal data so that they can no longer associate with our customers or identify you, in which case we can use said information without prior notice.

For what, why and for how long we use the personal information of our clients’ guests

The data of the guests of our clients can be used for the following purposes:

  1. Provide the passenger entry parts management service for which iTRIP.gr has been created, mainly the creation of passenger entry parts or police files in PDF format, according to the standardized format established by the competent authority, sending it to the e-mail of the host or manager of the tourist accommodation, for its custody as established by the regulations on books-registration and passenger entry parts, the sending of the required data to the passenger registration application of the corresponding police body, either Civil Guard , National Police as well as its storage in the iTRIP.gr database so that the manager or owner of tourist accommodation can obtain copies if at any time he needs them.
  2. The email of the guests can be used to send an email with the link to the web form of completion and signature of the data required for the entry parts of travelers or police files. These communications may not have commercial purposes.
  3. The email of the guests can be used to send an email with the rental agreement, admission card or similar document, when established by the owner or manager of the tourist accommodation. These communications may not have commercial purposes.
  4. Administrative or legal purposes. We may use the personal data of our clients’ guests to perform statistical and marketing analyzes, check systems, carry out maintenance and development operations, or to resolve a dispute or claim. Keep in mind that we can carry out the elaboration of data profiles based on the data that we have obtained from you with the purpose of developing statistical and marketing analysis. Any profiling activity will be carried out only with your prior consent and doing everything possible to ensure that all the data on which it is based are correct. By providing us with any personal information, you, as the guest of our client, explicitly accept that we can use it to carry out activities of profiling in accordance with the provisions of this Privacy Policy.

We can also treat the personal data of our clients’ guests for one or more of the following reasons:

  • To comply with a legal obligation that requires us.
  • To satisfy our legitimate interests in our operation as providers of the iTRIP.gr service, for example, for administrative purposes.

We will not keep the data of the guests of our clients for more than 3 years, which is the term of custody of the entry parts of travelers established by the regulations on book-registration and entry parts of travelers.

When we no longer need the personal information of our clients’ guests, we will delete or destroy them in a secure way. We will also take into account if, over time, we can reduce the personal data we use and how we can do it, and if we can anonymize your personal data so that they can no longer associate with our clients’ guests or identify you, in which In case we can use this information without prior notice.

Security of the personal data of our clients and their guests

We follow strict security procedures when storing and disclosing your personal data, as well as to protect them from accidental loss, damage or destruction. The data you provide us is protected with SSL (Secure Socket Layer) technology. SSL is the industry standard method for data encryption so that they can be transferred securely over the Internet.

Subscription payments to the iTRIP.gr service are made either with the payment platform Stripe (www.stripe.com) iTRIP.gr does not collect any data related to the payment, since both the collection of the payment data and the charge is done by the payment platforms. Stripe and Redsys are one of the most widely used secure payment gateways in Greece and all over the world, and employ the highest security standards, both in the transmission and storage of information, of course in compliance with PCI DSS data security standards. Both payment platforms are certified as a «PCI Service Provider Level 1«, the highest certification level in the payment industry.

We may disclose your information to trusted third parties for the purposes set forth in this Privacy Policy. We demand that all third parties have the appropriate technical and operational security measures in place to protect your personal data, in accordance with the data protection laws of Greece and the EU.

International data transfer

iTRIP.gr exercises its activity only in Greece.

How the personal data of our clients and their guests are shared

We may share the personal data of our clients or their guests with the following third parties for the purposes described in this Privacy Policy:

  1. Security forces and bodies for the remission of the data required by virtue of current legislation on registry books and passenger entry parts.
  2. Trusted service providers that we use to carry out our activity, such as legal advisors and other professional advisors, and cloud service providers and email marketing services that help provide the service to our clients.

Social networks: You may access the accounts of iTRIP.gr in social networks of third parties. When you register in the account of these social networks, we will obtain that personal information you decide to share with us through these social network services in accordance with your privacy settings, in order to improve and personalize your use of our website. We can also use social network plug-ins on our website. Consequently, your data will be shared with the corresponding providers of your social networks and it is possible that they appear in your profile, having access to other users with whom you share these networks. If you want more information about these practices, consult the privacy policy of these third party social network providers.

Cookies policy

We use cookies in various situations on our website.

Cookies are small identifiers that a server stores in the terminal with which you access our website or our services. Cookies contain information that can be read automatically when accessing our services and that allows us to make a more efficient and better use of our services.

What kind of cookies do we use?

Session cookies. They are temporary cookies that allow you to keep track of your movements within the pages, and they are deleted when you leave the website. These cookies are used to avoid having to request information that you have already provided, and to avoid asking you to authenticate each time you browse our website.

Permanent cookies They are those that are registered and read each time you make a new visit to our website. The permanent cookies will remain in the terminal until you delete them, but, in any case, less than 60 days. These cookies help us remember your information and settings when you visit our website and, thus, you can get faster and easier access by not having to log in again.

Third party cookies. They are those that come from third parties other than iTRIP.gr. Our web pages only use Google Analytics cookies, as a mechanism for collecting statistics on our website, for example, on the number of visitors we receive. At no time, however, the cookies in your terminal identify the user itself, but only the device used. There is therefore no link between the information stored through cookies and your personal data that could be stored in our systems. You can configure your browser to notify you before installing cookies or simply block the use of cookies. In this case, some of the functions of our website will no longer be available to you. For more information you can consult the Google Analytics Cookie Usage on Websites document.

Here are some links that explain how to disable these cookies in different browsers:

Official websites:

Firefox

Chrome

Explorer

Safari

Opera

Your data protection rights

Under certain circumstances, by law you have the right to:

Request information about whether we have personal information about you and, if so, what information is being processed and why we have it or are we using it.

Request access to your personal data (application commonly known as «request for access of the interested party»). This allows you to receive a copy of the personal information we have about you and verify that we are treating them legally.

Request correction of personal information we have about you. This allows you to correct any incomplete or incorrect information we have about you.

Request the deletion of your personal data. This allows you to ask us to delete or delete your personal data when no other legitimate reasons prevail to continue treating them. You also have the right to ask us to delete or delete your personal information when you have exercised your right to object to the treatment (see next section).

Oppose the treatment of your personal data when that treatment is based on our legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to oppose the treatment on that basis. You also have the right to object when we are treating your personal data for direct marketing purposes.

Oppose automated decision-making, including profiling, that is, not being the subject of any automated decision-making on our part using your personal data or developing a profile about you.

Request the limitation of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data; for example, if you want us to determine your accuracy or the reason for treating them.

Request the transfer to you or a third party of your personal data in an electronic and structured format (commonly known as the right to «data portability»). This allows you to take the data we have about you in an electronic format of common use and to transfer your data to a third party in an electronic format of common use.

Withdraw their consent. In the limited circumstances in which you have given your consent for obtaining, processing and transferring your personal data for a specific purpose, you have the right at any time to withdraw your consent for that specific treatment. Once we have received notification that you have withdrawn your consent, we will no longer continue to process your data for the purpose or purposes you originally accepted, unless we have another legitimate basis to continue to do so in accordance with the law.

If you want to exercise any of these rights, please contact us at the email itripbnb@gmail.com or by postal mail at the address present in the section «Responsible for data processing» of this document.

You will not have to pay any fee to access your personal data (or to exercise any other of your rights). However, we may charge you a reasonable fee if your access request is unfounded or excessive. If not, in these circumstances, we may also refuse to satisfy your request.

We may need to request specific information to help us confirm your identity and guarantee your right to access the information (or exercise any other of your rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it.

Changes in the Privacy Policy

Our Privacy Policy is subject to changes periodically and any changes will be communicated to you by means of an email or a notice on our website.

Annex – I: Specific information for guests who are checking in online

If you are a guest who is filling a check-in online with iTRIP.gr and are asked to attach photographs of your identification document, please read this section carefully.

1) Why are you asking me for these photographs?

As indicated in the section «What personal information we obtain from our clients’ guests?«, the managers of the accommodation to which you are traveling are responsible for complying with current regulations on guest registration, which obliges the accommodation to collect your personal information and makes them responsible for the accuracy of the data that you are going to provide. The accommodation requests these photographs to be able to verify, and if necessary correct, errors in the data that you are going to provide, and thus be able to comply with its obligations. You have more information in this privacy policy.

2) How does iTRIP.gr process these photographs?

As detailed throughout this privacy policy, iTRIP.gr simply sends these photographs by email to the accommodation so that they can review the accuracy of the data, and stores them for a maximum of 5 days on its servers, so that the accommodation has a more convenient alternative to review your data. After this period of 5 days, iTRIP.gr will permanently delete these photographs.

3) What if I do not agree with this processing?

If you do not agree with this processing and do not wish to provide photographs of your identification documents, you are fully within your rights. As this information is not mandatory simply fill the form with your personal data without providing photos of your identification documents. Upon arrival at the accommodation you must show your identification document so that the accommodation can verify your identity and the accuracy of your data.

4) Your data protection rights

In the section «Your data protection rights» you can find detailed information about your rights with regard to your personal data, and in particular to the request for correction or deletion.