We attach great importance to the security of your data and compliance with applicable data protection regulations. The collection, processing and use of personal data is subject to the provisions of the General Data Protection Regulation (GDPR).
Data Protection Officer
We have appointed a data protection officer. Our Data Protection Officer is:
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
What are the purposes for processing?
- Provision of the online offer, its contents and functions.
- Provision of contractual services, service and customer care.
- Answering contact enquiries and communication with users.
- Marketing and market research.
- Security measures.
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
- Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
- Contract – This is where we process your information to fulfil a contractual arrangement, we have made with you.
- Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
- Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and services in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
- Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Data Protection Principles
All personal data must be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes subject to appropriate safeguards, and provided that there is no risk of breaching the privacy of the data subject;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What are your rights?
You have the following rights with respect to us processing your personal data:
- Right of access
You have the right to obtain information about whether and which of your personal data is processed by us. In this case, we will also inform you about:
- the purpose of processing;
- the categories of data;
- the recipients of your personal data; and
- the planned storage period or the criteria for the planned storage period.
- Right to rectification
You have a right to rectification and/or completion if your personal data processed by us is inaccurate or incomplete.
- Right to restriction of processing
You have a right to restriction of processing, provided that:
- we verify the accuracy of your personal data processed by us;
- the processing of your personal data is unlawful;
- you need your personal data processed by us for legal prosecution after the purpose has ceased to exist; and
- you have objected to the processing of your personal data and we are reviewing this objection.
- Right to erasure
You have a right to erasure if:
- we no longer need your personal data for its original purpose;
- you withdraw your consent and there is no further legal basis for processing your personal data;
- you object to the processing of your personal data and - unless it is direct marketing - there are no overriding reasons for further processing;
- the processing of your personal data is unlawful;
- the erasure of your personal data is required by law; and
- your personal data was collected as a minor for Information Society services.
- Right to information
If you have exercised your right to rectification, erasure or restriction of processing, we will inform all recipients of your personal data, of this rectification, erasure of data or restriction of processing.
- Right to data portability
You have a right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, common and machine-readable format and to transfer it to another controller. If technically feasible, you have the right to have us transfer this data directly to another controller.
- Right to object
You have the right to object to the processing of your personal data in case of special reasons. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing. In case of processing of your personal data for direct marketing purposes, you have the right to object at any time.
- Right of withdrawal
You have the right to revoke any consent given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data by us violates the law.
Types of data processed
- Inventory data (e.g., personal master data, names).
- Contact data (e.g., e-mail).
- Content data (e.g., text input, photographs,).
- Usage data (e.g., web sites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (Hereafter, we also refer to the data subjects collectively as "users").
How we use information
The main reason we use your information is to provide and improve our services. We also use your information:
- to provide our services to you;
- to provide you with customer support and respond to your inquiries;
- to complete your transactions;
- to communicate with you about our services;
- to improve our services and develop new services;
- to conduct research and analysis of user behaviour to improve our services and content (e.g., we may decide to change the look and feel or even substantially modify a particular feature based on user behaviour);
- to develop new features and services;
- to prevent, detect and respond to fraud or other illegal or unauthorised activities;
- to address ongoing or perceived misconduct;
- to perform data analysis to better understand these activities and develop countermeasures;
- to retain data related to fraudulent activity to prevent recurrence;
- to ensure compliance with laws;
- to comply with legal requirements;
- to assist law enforcement; and
- to enforce or exercise our rights.
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
For security reasons and to protect the transmission of confidential content that you send to us as the provider, this online offer uses TLS encryption (Transport Layer Security), or better known as SSL (Secure Sockets Layer), which is now obsolete. You can recognise the secure, encrypted connection to this online offer by the identifier https:// of the entry in the URL line (address line) of the browser used and/or the green lock symbol. HTTPS stands for Hypertext Transfer Protocol Secure.
We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Cooperation with processors, joint controllers and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.
Transfers to third countries
Our main operations are based in the EU and your personal information is generally processed, stored and used in the EU. We take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the EU and the EEA. Where we need to transfer your data outside the EU and the EEA, we will use one of the following safeguards:
- The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.
Deletion of data
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
Transfer of personal data
LiveTrips will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.
LiveTrip is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for LiveTrip pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by LiveTrip process your data exclusively in accordance with our instructions. LiveTrip remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil LiveTrip' legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required.
As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Data processing by the operator of the social media platform
The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.
Please be aware: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media platform.
Data processing in relation to our website and app
In principle, it is possible to use the LiveTrip website without providing personal data. When, however, a page of our website is accessed and each time a file is retrieved, access data about this method is stored in a log file. The corresponding log file contains Your IP address, the page from which the file was requested, the name of the file, the date and time of the request, the amount of data transferred, the access status (file transferred, file not found, etc.), a description of the type of operating system and web browser used. The stored data does not allow any conclusions to be drawn about your identity and is evaluated exclusively for statistical purposes.
The collection and processing of this data is carried out in order to enable the use of the website at all, on the basis of our legitimate interest, whereby our legitimate interest is the provision of our website. Incidentally, we store this aforementioned data, including the IP addresses, only in anonymised form and use it only in this anonymised form to analyse the use of the offer and the further development and optimisation of our website in your interest. Our legitimate interest is the ongoing improvement of our online offer in order to provide you with the greatest possible user comfort.
General app accesses
As with every server request, information such as IP address, user agent etc. is transmitted and stored anonymously in the server log for 30 days. The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data could result in you not being able to use our app or not being able to use it to its full extent. The legal basis for this data processing is consent.
The legal basis for this data processing is a contract. Your data will be treated confidentially by us and deleted if you revoke the rights to use it or it is no longer required to provide the services and there is no legal obligation to retain it. The provision of personal data is necessary if you wish to make full use of our app. However, failure to provide this data could result in you not being able to use our app or not being able to use it to its full extent.
Authorisations and Access
We may request access or permission to certain functions from your mobile device (Location, Photos, Gallery, Camera, Storage and Push notifications). The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can your permissions at any time via Settings (iOS) or Settings Menu (Android).
If you contact us and send us general enquiries the contact details you provide, will be stored and used by us to fulfil the purpose associated with the transmission, e.g., to process your enquiry or in the event of follow-up questions.
The basis for this storage and use of your personal data is your consent which you give us by sending the contact form. Insofar as you provide us with your personal data for the purpose of responding to your questions, the entry of personal data is required as without this information, we cannot process your request.
You have the right to revoke your consent to the data processing described above at any time with effect for the future. In this case, we will no longer process your data. Your personal data will be deleted even without your revocation in any case if we have processed your request or if the storage is inadmissible for other legal reasons.
You cannot be personally identified from any of the information we collect. The use of the cookies we use is necessary in order to be able to provide the online offer of LiveTrip at all and, moreover, to be able to optimise it on an ongoing basis. The data processing in this context is therefore based on our legitimate interest. Our legitimate interest is to provide visitors to our website with a functioning online service and to make visiting and using the website as pleasant and efficient as possible.
Creating an account
Personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening an account. Which data collected can be seen from the respective input forms. Deletion of your account is possible at any time and can be done either from our mobile app or from the site https://livetrips.gr. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to statutory retention periods, if any, and deleted after expiry of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data has been reserved on our part.
As a registered user, you have the opportunity to create a user profile with just a few clicks and details only through the app. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.
In order to provide you with regular information about our company and offers, we offer to send you an e-mail newsletter. In order to prevent misuse, we will send you an e-mail after your registration in which we ask you to confirm your registration (double opt-in procedure). In order to be able to prove the registration process in a legally compliant manner, your registration is logged. This concerns the time of registration and confirmation as well as your IP address.
The legal basis for sending the newsletter is your consent. The data processing in connection with the sending of the confirmation email for your registration and the associated data logging is carried out in our legitimate interest in proving your proper registration.
If you give us your consent, we also evaluate in the newsletters whether you have opened the newsletter as well as the scrolling and clicking behaviour in the newsletter. This is done for the purpose of optimally adapting our newsletter to your interests and improving the content of our newsletter. The legal basis for the analysis of the newsletter is your consent.
Installation of our app
Our app can be downloaded from the app stores "Google Playstore" and "Apple App Store". Downloading our app may require prior registration with the respective app store and installation of the app store software.
App installation via the Google Playstore
You can use the Google service "Google Play" of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, to install our app.
As far as we are aware, Google collects and processes the following data;
- Licence check,
- network access,
- network connection,
- WLAN connections,
App installation via the Apple App Store
You can use the Apple service "App Store" a service of Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, to install our app.
As far as we are aware, Apple collects and processes the following data;
- device identifiers,
- IP addresses,
- location information,
The legal basis for Push messages is our legitimate interest. A push service is used to provide you with useful tips and information directly on your mobile device or similar devices. When we send a push message, we send the message with the corresponding IDs or tokens to the Push Notification Service. This then ensures that the push message is sent to the devices that wish to receive such a notification. Our legitimate interest is to be able to present current information to you directly. The personal data will only be processed as long as this is necessary for the provision of the function. You have the right to object. You can prevent your data from being processed further by deactivating the push service in the respective system settings of the operating system of your device.
The App uses the Firebase tool, which is part of the Firebase platform of Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to obtain statistics on how the App is used, in particular active user numbers, session length, stability rating and storage time. Answers logs the use of the app, and we evaluate user behaviour and user activity in general, i.e., not on a personal basis.
For this purpose, the following data is transferred to the Analytics Engine: name and AppStore ID, build version, individual device installation key (e.g. IDFA [iOS], Advertising ID, and Android ID), timestamp, device model, device name, device operating system name and version numbers, the language and country settings of the device (iOS), the number of CPU cores on the device (iOS), whether a device has the status "jailbreak" (iOS) or "root " (Android), app lifecycle events (iOS) and app activities (Android);
The legal basis for this data processing is our legitimate interest. The data collected via Google will be deleted after 6 months at the latest. You can select in the settings under data services whether or not you want to send data to Google. This setting also applies to the use of Crashlytics.
The app uses the tool Crashlytics, which is part of the platform Firebase of Google Inc., 1600
Amphitheatre Parkway Mountain View, CA 94043, USA, to log crashes of the app. No personal data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent, which is intended to simplify maintenance and improve the resulting stability of the app.
The legal basis for data processing is our legitimate interest. In the settings under data services, you can select whether you want to send crash reports or not. This setting also applies to the use of Google.
Icon links to social networks
We use small icons that refer to third-party platforms (e.g., Facebook, Instagram, Twitter). These are hyperlinks in each case, so no data is transferred from you automatically, but only when you click on the icons and a new tab opens in your browser with the third-party website. When you visit one of our pages equipped with a Facebook, Instagram, Twitter plugin, a connection to the Facebook, Instagram, or Twitter server is established. This tells the Facebook, Instagram or Twitter server which of our pages you have visited. If you are logged into your Facebook, Instagram, Twitter, account, you enable Facebook, Instagram, Twitter to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Facebook, Instagram, Twitter account. Facebook, Instagram, Twitter is used in the interest of an appealing presentation of our online offers.
You can stop the collection of information by our app by uninstalling it using the standard uninstall procedure for your device. When you uninstall the app from your mobile device, the unique identifier associated with your device will still be stored. If you reinstall our app on the same mobile device, we may again associate that identifier with your previous transactions and activities.
Miscellaneous and Closing
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Our website and app contain links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Obligation to provide personal data
You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact our data protection officer at firstname.lastname@example.org.
Exercising your rights
If you would like to exercise any of our rights as set out above in the” What are your rights?” section above or have a complaint, please contact our data protection officer at email@example.com. Any such request will be responded to within one month and we might require proof of identity to verify and process your request. For more information about these rights, please contact our data protection officer at firstname.lastname@example.org.