PRIVACY POLICY & GDPR

PRIVACY POLICY & PERSONAL DATA PROTECTION (GDPR)

Last Updated: 19 March 2026

This Privacy Policy explains how our company collects, uses, stores, and protects your personal data in accordance with Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, and all applicable data protection legislation.

1. Data Controller

Company Name: COAST TO COAST IKE (BOAT RENTAL SERVICES WITHOUT CREW)
VAT Number: 801102030
Tax Authority: E’ Thessaloniki
GEMI Registration Number: 149134606000
Registered Office: 1 Fragkon Street, Thessaloniki City Centre, Greece
Telephone: +30 6939846661
Email: coast2coastrb@gmail.com
Website: www.coast2coast.gr

Due to the size and nature of our business, we are not required to appoint a Data Protection Officer (DPO). However, for any questions regarding your personal data, you may contact us at the email address above.

2. What Data We Collect & Why

2.1 Booking Data

Legal Basis: Performance of a Contract

During the booking process, we collect:

  • Full name — for identification and invoicing

  • Email address — for booking confirmation and communication

  • Phone number — for communication on the rental day

  • Billing address — for tax purposes (if an invoice is required)

2.2 Boat Collection Data

Legal Basis: Legal Obligation

Upon collection of the vessel, we collect:

  • ID card or passport number — required under maritime regulations

  • Boating license number (where applicable)

  • Date of birth — for age verification

  • Nationality — for maritime registry purposes

2.3 Payment Data

Legal Basis: Performance of a Contract

Card payment details (card number, expiry date, CVV) are processed exclusively by Stripe Inc. via a secure encrypted connection. Our company does not access, store, or process full card details.

We only retain:

  • Card type

  • Last four digits of the card

  • Payment confirmation

2.4 Browsing Data

Legal Basis: Consent or Legitimate Interest

When you browse our website, we automatically collect:

  • IP address — for security and analytics

  • Browser type and operating system — for website optimization

  • Pages visited and time spent — for user experience improvement

  • Cookies — as described in our Cookie Policy

3. Data Sharing with Third Parties

We never sell your personal data. Data is shared only with the following trusted service providers:

  • Stripe Inc. (USA) — payment processing. Stripe is PCI DSS Level 1 certified and GDPR-compliant via Standard Contractual Clauses (SCCs). Privacy Policy: stripe.com/privacy

  • WooCommerce / Automattic Inc. — e-commerce platform. Data is stored on servers within the EU or with appropriate GDPR safeguards

  • Google LLC — analytics (Google Analytics), only with your consent. Google complies with GDPR via SCCs

  • Public Authorities (e.g. Coast Guard, Tax Authorities) — only where required by law

  • Insurance Company — only in case of accident or damage

Where data is transferred outside the EU/EEA (e.g. Stripe, Google), we ensure appropriate safeguards in accordance with Chapter V of the GDPR.

4. Data Retention Period

We retain your data for the following periods:

  • Booking & payment data: 5 years (tax/legal obligation)

  • Identification data (ID, license): 2 years from rental (maritime regulations)

  • Account data (if applicable): Until account deletion

  • Analytics cookies: Up to 2 years (see Cookie Policy)

  • Communication records (emails): 1 year

After these periods, data is securely deleted or anonymized.

5. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15) — request a copy of your data

  • Right to Rectification (Art. 16) — correct inaccurate or incomplete data

  • Right to Erasure / “Right to be Forgotten” (Art. 17) — request deletion where no legal obligation exists

  • Right to Restriction (Art. 18) — request limitation of processing under certain conditions

  • Right to Data Portability (Art. 20) — receive your data in a structured format

  • Right to Object (Art. 21) — object to processing for direct marketing

  • Right to Withdraw Consent — at any time, without affecting prior lawful processing

To exercise your rights, please send a written request to info@coast2coast.gr with the subject “GDPR Request”. We respond within 30 days.

If you are not satisfied, you have the right to lodge a complaint with the Hellenic Data Protection Authority:
www.dpa.gr | Tel: +30 210 6475600

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • SSL/TLS encryption for all website communications

  • Access to data restricted to authorized personnel only

  • Regular encrypted backups

  • Use of trusted service providers with security certifications

In the event of a data breach affecting your rights, we will notify you without undue delay, where required by GDPR.

7. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

8. Children’s Data

Our website is intended exclusively for adults (18+). We do not knowingly collect data from minors. If we become aware that such data has been collected without parental consent, it will be deleted immediately.

9. Policy Updates

We reserve the right to amend this Privacy Policy at any time. Any material changes will be announced on our website and, where applicable, via email if you have an account.

By continuing to use our services after such updates, you accept the revised Policy.

CHECK AVAILABILITY