This Privacy Policy (hereafter referred to as the “Data Policy” or “PDPP”) concerns the Company under the name “MAMMAS GEORGE AND CO. OE.” and the distinctive title “Chios Yachting”, based in Chios, Chios-Karfa Avenue no. 62, in Greece (hereafter the “Company”), which maintains a website in order to promote the goals of the company, namely the rental of yachts, the sea cruise with yachts in the Aegean Sea. Through this website, the information of the interested parties is made, as well as reservations for cruises and yacht rentals.

Every company that handles personal data relating to living natural persons, within the EU, is obliged from 25th of May 2018 to fully comply with EU Regulation 679/2016, for the protection of personal data (Personal Data) . The validity of the Regulation is immediate in all EU Member States.

The Data Policy declares our compliance with the Regulation for the Protection of Personal Data, has been established in order to inform users and any third parties – visitors of the Company’s website for the management of their personal data collected by the Company, their rights and also our obligation for accountability and security. The security and protection of personal data are a priority for the Company, which undertakes the obligation to handle them responsibly.

The Company from time to time may modify this Policy, in whole or in part, at its sole discretion and post this modification on its website. Any modification will take effect as soon as the modified Policy is posted on the Website. In any case, as long as the user continues to use the Company’s website after the modifications, he will be deemed to accept these modifications unconditionally. Otherwise, the user will have to stop using the Company’s website.

This website may contain links to other websites, which are under the responsibility of third parties (natural or legal persons). Additional websites may be added in the future, for the terms of protection and management of personal data for which, in no case, is the Company’s website responsible.

The term “personal data” refers to information of individuals, such as name, postal address, e-mail address, contact telephone number, etc., which identify or may identify you, hereinafter referred to as “Personal Data”.





According to art. 4 of EU Regulation 2016/679, the following applies:

“Personal Data”: any information through which a natural person is identifiable or can be identified (“Data Subject”).

“Data Controller”: a natural or legal person, public authority, department or other body which, individually or jointly with others, determines the purposes and manner of processing personal data. When the purposes and the manner of processing personal data are determined by Union law or the law of a Member State, the data controller or the specific criteria for his designation may be laid down by Union law or the law of a Member State.

“Executor”: a natural or legal person, public authority, department or other body that processes personal data on behalf of the data controller.

“Recipient”:  the natural or legal person, public authority, service or other body to which personal data are disclosed, whether it’s about a third party or not. However, public authorities which may receive personal data in the context of a specific investigation under Union or Member State law shall not be considered as recipients; such data shall be processed by those public authorities in accordance with applicable data protection depending on the purposes of the processing.

“Personal Data Subject”: the natural persons for whom the data controller collects and processes personal data (in this Data Policy, Data Subjects are the users of the Company’s website, students, guardians, teachers, employees, graduates and other third parties – visitors of the website).



Our company collects only your absolutely necessary Data, which are appropriate and clear for the intended purpose. This Data includes the following:

  • Data when creating a user account on the Websites or Apps:
    – Mandatory: e-mail address, password (login password), name, surname, date of birth, TIN and number of Passport or other official document from which the Nationality is derived (eg Identity).
    – Optional: sheet, postal address, telephone number.
  • Details of your transactions with us, either through our physical store or through our website: We will request and use only the Data we have collected for:
    1. Process and serve your request for the provision of a tourist service.
    2. Provide you with personalized and up-to-date services and / or products,
    3. Contact you through Newsletters, according to your registration through the respective form, to inform you about new services or products that may interest you,
    4. Process the payment
    5. Answer possible questions you have asked us
    6. Implement the framework of this Privacy Policy.
  • Traffic information of our website or other websites that you have browsed before us.
  • Information collected from the use of cookies in your browser.
  • Copies of the documents you provide to prove your age or identity when required by law (such as a copy of a police or student ID). For example, these copies may include details of your full name, address, date of birth and picture of your face (photo). If you provide a passport, the details will also include your place of birth, gender and nationality.



The personal data collected from the website of the Data Controller and stored in the relevant database, are intended solely for reasons related to the fulfillment of the purpose of the Company’s activity, communication with Data Subjects, as well as for statistical purposes and improvement of the provided services – information and it’s not allowed to be used by any third party. We explicitly state that these data, in order to fulfill the purposes of the company (indicative: departure of vessel, compilation of passenger list, etc.), will be disclosed to the relevant competent authorities (eg Port Authority, Police, etc.).

The details of users who have contacted the Company are stored on the Company’s partner servers within the European Union.



The personal data of the users of the Company’s website are transmitted to our associates and / or contractors of the Company, but always under conditions that fully ensure that the personal data of the Data Subjects are not subject to any illegal processing, ie other than the purpose of the transfer, according to the above. These recipients are third parties providing technical services, such as hosting and technical support services on the Company’s website. The above categories of recipients are the performers of the processing and therefore they do not carry out any processing beyond the above purposes of transmission.

The Company’s employees who have access to the personal data of users of its website are specific, they are committed to maintaining confidentiality, prohibiting unauthorized access.

The Company will not make available for sale or otherwise transmit or disclose personal data of visitors / users of its website to third parties, other than those mentioned above, without the consent of the visitor / user, with the exception of the application of relevant legal dictates to competent authorities only.

The kept personal data may be disclosed to the competent judicial, police and other administrative authorities, upon their legal request and in accordance with the applicable legal provisions. In addition, in case of a legal order, service order or official preliminary examination, the Company has the right to make the relevant data available to the respective service.

We do not allow unauthorized entities to access your information without your consent. For all the above, your consent is a necessary condition, as mentioned below.



By using any service of the Company, users agree with this Privacy Policy and in particular:

Transfer in case of legal provision / Transfer to services in the absence of legal provision: The Data Subject has been informed and consents to the possible transfer of his personal data to law enforcement and supervisory authorities in case of illegal or unconventional use of the Company’s website, as well as when deemed necessary to protect against risks related to state and public security, as well as for the prosecution of criminal acts.

In order to give or withdraw your consent for your information, at any time, contact us at ………..dpo @ or use the links you will find in our emails.



The transfer of personal Data Subjects data is done via email and the data is transferred encrypted.

The personal data that we collect (or process) in the context of our Websites and Apps will be stored in Greece. However, some of the recipients of the Data with whom the Company shares the Personal Data of the Subjects may be located in countries other than the one where the initial collection of the Personal Data of the Subjects took place. Legislation in those countries may not provide the same level of data protection as the country that originally provided your Personal Data. However, when we transfer Subscribers’ Personal Data to recipients in other countries, including the US, we are committed to protect their Personal Data as described herein and in accordance with applicable law.




The Company satisfies and facilitates the satisfaction of the following provided rights of the Data Subjects:


a) Right of access

The Data Entity has the right to receive, at any time, confirmation from the Data Controller as to whether and to what extent his personal data is being processed and, in this case, he should be given access to it without undue delay.


b) Right of correction

The Data Subject has the right to request, without undue delay from the Controller, the correction of inaccurate or out-of-date personal data concerning him. It also has the right to request the completion of incomplete personal data, through a supplementary declaration. Furthermore, the Company undertakes the obligation to announce any correction of personal data to each recipient, to whom the personal data were disclosed, unless this proves impossible or if it entails a disproportionate effort. The Company undertakes the obligation to inform the Data Subject regarding the said recipients, if requested.


c) Right of deletion

The Data Subjector has the right to request from the Data Controller to delete any personal data concerning him.


d) Right to restrict processing

The Data Subject is entitled to request from the Data Controller the restriction of the processing of the personal data that concern him. If the processing of personal data is restricted, such personal data, other than storage, will only be processed if certain exceptions apply.


e) Right to data portability

The Data Subject has the right to receive the personal data concerning it and which it has provided to a Data Controller in a structured, commonly used and machine-readable format.


f) Right of objection

The Data Subject is entitled to object at any time and for reasons related to its particular situation to the processing of personal data concerning it, when it is necessary for the performance of a duty performed in the public interest or in the exercise of public authority which has been assigned to the Data Controller or when the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller. Once the right of objection has been exercised, personal data should no longer be processed, unless there is evidence of lawful and compelling reasons for the processing, which outweigh the interests, rights and freedoms of the Data Subject or the establishment, exercising or supporting legal claims. The Company guarantees that, if the Data Subject objects to the processing of data concerning it, it no longer submits such data to processing, unless it proves that there are compelling and legal reasons for the processing, which outweigh the interests and rights of the Data Subject.


g) Automated individual decision making, including profiling.

The Data Entity has the right to object to a decision taken solely on the basis of automated processing, including profiling, when that decision produces legal effects that significantly affect it. The Company does not make automated individual decisions at this time. However, if in the future the Company decides to proceed with automated individual decision-making, it will satisfy this right.


Overall, the Company ensures that:

There are procedures that allow the easy exercise of the rights of Data Subjects, so that all necessary actions are taken immediately.

The Data Controller is obliged to respond to a request submitted by the Data Subject without undue delay and in any case not later than thirty (30) calendar days. In case a right exercised by the Data Subject cannot be satisfied, there must be a specific, sufficient and complete justification for this.

Except in exceptional circumstances, all actions relating to the satisfaction of the data Subjects’ rights will be free of charge for the Subjects.



The Company’s liabilities include:

The Principle of Accountability, regarding the 6 principles governing the processing of Personal Data (legality, objectivity and transparency, limitation of purpose, minimization of Personal Data, accuracy of Personal Data, limitation of storage period, security, integrity).

Any processing of Personal Data is legal only if one of the following 6 conditions applies:

  1. The data subject has consented to the processing of Personal Data,
  2. The processing of Personal Data is necessary for the execution of a contract, where the subject is a party,
  3. Processing is necessary to comply with the legal obligation of the data controller,
  4. Processing is necessary to safeguard the vital interest of the person,
  5. Processing is necessary for the fulfillment of a duty in the public interest or in the exercise of public authority entrusted to the data controller,
  6. The processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, unless the interest or fundamental rights and freedoms of the natural person prevail.



Our Company maintains the Personal Data of the Subjects for the necessary period of time in order to fulfill the purposes defined herein, unless a longer retention period is required by applicable law). Generally this means that we keep the personal data of the Subjects for as long as they have an account in our Company. Regarding the Personal Data of the Subjects related to the purpose and the business activity of the Company, we keep this data for a longer period in order to comply with our legal obligations (such as tax and commercial legislation and for any criminal liability from accidents, etc.) At the end of this retention period, the Subjects’ data will be deleted completely or anonymously, for example by aggregation with other data, so that they can be used in an unrecognizable manner for statistical analysis and business planning.

Specifically for the Newsletter:

Your statement of consent for sending a newsletter is kept for as long as a newsletter is sent to you by the Company and in any case not more than six months from the cessation of sending it.

On the Company’s website, the user can adjust the Cookies’ settings according to his needs and preferences, by activating the Google Analytics Cookies function, a function which is by default disabled and requires positive action from the user.




  1. Generally

The Company’s website uses Cookies. Cookies are small text files, which are installed on the computer or on the user’s electronic device, through the browser, when he visits the Company’s website. Cookies help to collect information necessary to measure the effectiveness of the website, to improve and upgrade its content, to adapt it to the demand and needs of users as well as to measure the effectiveness of the website’s presentation and promotion on third party websites. None of the Cookie files used on the Company’s website collect information that identifies users personally and is not aware of any document or file from users’ computers.

The information collected by the Cookies may include the type of browser used by the user, the type of computer, its operating system, the ISPs and other such information. In addition, the website information system automatically collects information about the sites the user visits and the links to third party websites that may be located on the Company’s website.

  1. Cookies’ types

On the Company’s website are used the following categories of Cookies:

Temporary and persistent cookies

The “temporary” Cookies are stored on the computer or on the electronic device during a visit of a user to the Company’s website and are deleted when he exits from it.

The “persistent” Cookies remain on the user’s computer or electronic device for a longer period of time until they are deleted by him.

Necessary, functional and performance cookies

Necessary cookies

These are Cookies that are necessary for a user to visit the Company’s website (eg browsing the various sections of the website or filling out forms). If the user rejects the Cookies, certain sections of the Website may not work properly.

Functional cookies

Functional Cookies provide users with a personalized browsing experience, storing their own preferences and favorite settings.

Performance cookies

For performance monitoring purposes, the Company uses Cookies to collect information about the use of its website by visitors in order, on the one hand, to satisfy more needs of visitors – users and on the other hand to improve the content of its website and facilitate its use by visitors.

Third party cookies and embedded content

The Company allows Google and other Third Party Companies, with whom it works, to install the Cookies it uses. In case that, through the Company’s website the user enters third party websites or connects with social networking agencies (eg twitter, facebook, youtube), he should be aware that these third party websites or organizations may install Cookies, immediately as soon as he goes to the relevant link. These Cookies are outside the control of the Company and are governed by the Cookies policy of each third party who installs them. In order for the user to know how to manage them, he should read the respective site policies.

The following table lists the Cookies used on the Company’s website, the duration, the purpose and the origin of each:

Browser type: e.g. Mozilla Firefox

Cookie domain: Duration Provider


  1. How to manage and delete Cookies

The menus of most browsers provide options on how to manage Cookies. Depending on the options given to the users by the browser, the user can enable the installation of Cookies, disable / delete the existing Cookies or be notified every time he receives Cookies. Instructions for managing and deleting Cookies are usually found in the “Help”, “Tools” or “Edit” menu of each browser.

The user must take into account that, in case he rejects or deactivates the Cookies of the Company’s website, the functionality of the website may be partially lost. Also, disabling a Cookie or a Cookies category does not delete the Cookie from the browser. Such a move should be made by the user, by changing the internal functions of the browser he uses.

  1. Changes in the use of Cookies by the Company

The Company from time to time may modify this Policy, in whole or in part, at its sole discretion. Any modification herein will take effect as soon as the modified Policy is posted on the Company’s website. In any case, as long as the user continues to use the website and its services, after modifications have been made in accordance with the above, the user will be deemed to accept these modifications. If the user does not agree with the terms of this Data Policy, as it may be modified, in whole or in part, the user should terminate the use of the Company’s website.



Competent supervisory authority for the protection of personal data for the Company is the Personal Data Protection Authority, Offices: 1-3 Kifissias Av., PC 115 23, Athens, Call Center: + 30-210 6475600, Fax: + 30-210 6475628, e-mail:

According to the Authority’s website, the submission of a complaint should be made after the submission of a complaint to the Data Protection Officer appointed by the Company, that is Maroussa Mamma daughter of Andreas, to the following e-mail address:


Applicable Law is the Greek Law, as formulated according to the General Regulation for the Protection of Personal Data 2016/679/EU, and generally the current national and European legislative and regulatory framework for the protection of personal data.


For any question regarding this Policy, users can contact the Company at

This policy will be updated from time to time in accordance with applicable national and European legislation.