Privacy Policy
Last updated: 7/15/2026
1. Introduction
The protection of your personal data is important to us. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).
2. Data we collect
When you make a booking through our site, we collect the following data:
- Full name
- Phone number
- Route details (pickup, destination, date, time)
- Number of passengers and optional notes
3. Purpose of processing
We use your data exclusively for:
- Fulfilling the transportation service you requested
- Communicating with you to confirm your booking
- Informing you about changes or cancellations
4. Service providers (Data Processors)
For the operation of our site, we work with the following providers, all of which are fully GDPR compliant:
- Supabase - Booking data storage (EU servers - Frankfurt, Germany)
- Resend - Email notifications
- Vercel - Website hosting (EU servers)
5. Data retention period
Your data is retained for as long as necessary to provide the service and to comply with tax and accounting record-keeping obligations (up to 5 years), in accordance with applicable Greek legislation.
6. Your rights
According to GDPR, you have the following rights:
- Access to your data that we keep
- Correction of inaccurate data
- Deletion of your data ("right to be forgotten")
- Restriction of processing
- Submitting a complaint to the Hellenic Data Protection Authority (www.dpa.gr)
7. Security
We take all necessary technical and organizational measures to protect your data. Communications with the site are conducted through encrypted HTTPS connection.
8. Data Controller
Κωνσταντίνος Ανδρεαδάκης
Tax ID: [συμπληρώνεται]
Στέλιος Παντεχάκης
Tax ID: [συμπληρώνεται]
Headquarters: Heraklion, Crete
Email: info@creterides.gr
Phone: +30 690 000 0000