Athens Card - Privacy Policy
Athens Card – Privacy Policy (GDPR Compliant)
Effective date: 25 june 2026
Welcome to athenscard.com (“Website”). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Website or purchase Athens Card services.
We are committed to ensuring compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Greek data protection laws.
By using this Website or purchasing our services, you acknowledge and agree to this Privacy Policy.
1. Data Controller
The data controller responsible for your personal data is:
Athens Card
Athens, Greece
Contact: info(at)athenscard.com
2. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identification data (full name)
- Contact data (email address, telephone number)
- Transaction data (booking and payment information)
- Billing information (where applicable)
- Communication data (messages sent to us via email or forms)
- Technical data (IP address, browser type, device information, cookies)
We collect only data that is necessary for the purposes described in this Policy.
3. Legal Basis for Processing
We process your personal data under one or more of the following legal bases:
- Performance of a contract (to process bookings and deliver services)
- Legal obligation (tax, accounting, or regulatory requirements)
- Legitimate interests (service improvement, fraud prevention, customer support)
- Consent (where required, such as marketing communications or cookies)
Where processing is based on consent, you may withdraw your consent at any time.
4. How We Use Your Data
Your personal data may be used for the following purposes:
- Processing bookings and payments
- Delivering Athens Card services and benefits
- Providing customer support and responding to enquiries
- Sending service-related communications (e.g. booking confirmations)
- Improving our Website, services, and customer experience
- Complying with legal and regulatory obligations
- Preventing fraud, misuse, or security incidents
We do not sell or rent your personal data.
5. Data Sharing and Third Parties
We may share your personal data only when necessary and in accordance with GDPR, including with:
- Payment processors, banks, and financial service providers
- Service providers involved in fulfilling your booking
- IT, hosting, and technical service providers
- Legal or regulatory authorities when required by law
All third-party processors are required to handle your data securely and in compliance with applicable data protection laws.
We do not authorise third parties to use your personal data for their own independent purposes.
6. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Other lawful transfer mechanisms under GDPR
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
- Contractual and service obligations
- Legal, tax, and accounting requirements
- Dispute resolution and enforcement of agreements
After this period, data is securely deleted or anonymised.
8. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
To exercise any of these rights, please contact us at info(at)athenscard.com
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).
9. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Ensure website functionality
- Improve user experience
- Analyse traffic and performance
- Support security and fraud prevention
Where required by law, we request your consent before placing non-essential cookies.
You may manage or disable cookies in your browser settings at any time.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption of sensitive data where applicable
- Access control and authentication mechanisms
- Regular security monitoring and audits
However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Marketing Communications
We will only send marketing communications where you have explicitly opted in. You may withdraw your consent at any time by clicking the unsubscribe link or contacting us directly.
12. Limitation of Liability
While we take reasonable measures to protect your data, we are not liable for damages arising from:
- Unauthorised access beyond our reasonable control
- Technical failures or system errors
- Actions of third-party service providers
This does not limit any rights you may have under applicable law.
13. External Links
Our Website may contain links to external websites. We are not responsible for the content or privacy practices of those websites. We recommend reviewing their privacy policies before providing any personal data.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated “Effective Date”. Continued use of the Website constitutes acceptance of the updated Policy.
