1.1. Welcome to the Privacy Statement of “DREAMS GIVE WINGS TRAVEL IKE – TIMOTHY’S FAMILY”

We respect your privacy and are committed to protecting your personal data. This privacy statement explains how we collect, use, and safeguard your data when you use our services—whether you are a traveler, a prospective traveler, or a visitor to our website www.timothysfamily.com

Our goal is to provide you with clear information about your rights and how we comply with the applicable legal framework (GDPR 2016/679) and Greek law.

 

1.2. Data Protection Officer

TIMOTHY’S FAMILY has appointed a Data Protection Officer (DPO), to whom you can address any questions or requests concerning this privacy statement or the exercise of your rights (e.g., access, correction, deletion).

  • DPO Name: Iason Veloudis
  • Email: corporatecomms@timothysfamily.com
  • Phone: +30 22940 20146
  • Address: 14 El. Venizelou St., 19005, Nea Makri, Attica

The DPO oversees our company’s compliance with the GDPR and serves as the point of contact for all matters related to the protection of your personal data.

1.3. Right to File Complaints & Joint Controllership

You have the right to lodge a complaint with the supervisory authority in your country regarding data protection issues. In Greece, the competent authority is the Hellenic Data Protection Authority (www.dpa.gr). However, we kindly ask that you first give us the opportunity to address and resolve any concerns you may have. You can contact our DPO directly using the details provided in section 1.2.

In certain cases (e.g., data exchange with airlines, hotels, museums, or other partners), TIMOTHY’S FAMILY and the partner businesses act jointly as data controllers. In such cases, responsibility for ensuring compliance with data protection principles is shared in a way that guarantees the continuous protection of your personal data.

 

 

 

  1. Statement Version and Updates

This privacy statement was last revised on August 1st, 2025. Any previous version is fully replaced by the present one. If you wish to obtain a copy of an earlier version, you may contact us at corporatecomms@timothysfamily.com.

We reserve the right to amend this statement at any time, and we may apply changes retroactively to data already collected, where required by law. In the event of substantial revisions, we will promptly notify you by publishing the new version on our website (www.timothysfamily.com).

It is important that your personal data remain accurate and up to date throughout our cooperation. Please inform us promptly of any changes to your address, email, telephone number, or other contact details to ensure the proper exercise of your rights and uninterrupted communication with us.

 

  1. Categories of Information we Collect

TIMOTHY’S FAMILY reserves the right to collect, process, store, and, where necessary, transfer various categories of your personal data, which are grouped as follows:

  • Identification Data
    • Full name
    • Father’s name
    • Chosen username or other unique identifier
    • Marital status
    • Title
    • Date of birth
    • Gender (when necessary for the proper provision of services)
  • Contact Data
    • Billing and delivery address
    • Contact email
    • Telephone numbers (landline, mobile)
  • Financial Data
    • Bank account details (e.g., IBAN)
    • Payment card details (e.g., number, expiration date)
  • Transaction Data
    • Details of payments to and from us
    • Information regarding products/services you have purchased or requested
  • Technical Data
    • IP address, browser type and version, plugins
    • Time zone, system language, operating system, and platform
    • Device details (type, model, identifier)
  • Profile Data
    • Purchase or booking history
    • Login details (username)
    • Special requests, comments, responses to surveys
  • Usage Data
    • Information about your receipt of newsletters and promotional messages
    • Communication preferences (channel, frequency, type of content)
  • Health & Special Needs Data
    • Information related to any disability, allergies, or specific accessibility requirements
    • Data that help us ensure safe and personalized service delivery

These data are used solely for your identification within the framework of concluding and performing our contracts, as well as for optimizing our service to you, in full compliance with the requirements of the GDPR.

 

  1. How We Collect Your Personal Data

We collect your personal data whenever you:

  • Use our services, whether provided directly by TIMOTHY’S FAMILY or through partner agents or third-party companies.
  • Travel under a booking made with us.
  • Browse or interact with our websites.
  1. Purposes for Which We Process Your Personal Data

TIMOTHY’S FAMILY processes your personal data solely when permitted by the applicable data protection and privacy legislation. Typically, such processing is based on one or more of the following legal bases:

  • To fulfill a contract: When processing is necessary for entering into or performing a contract you have requested (e.g., travel booking, provision of travel services, or customer support).
  • To comply with legal obligations: When required by applicable laws or regulations, such as maintaining accounting records or providing information to competent authorities.
  • For legitimate business interests: When processing is necessary to safeguard our legitimate business interests (such as improving our services or preventing fraud), provided that your rights and freedoms are not overridden.
  • Based on your consent: In certain cases—such as sending newsletters, promotional offers, or collecting special category data (e.g., specific travel requirements or health information)—we rely on your explicit consent.

Withdrawal of Consent

Where processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
To withdraw your consent, you can contact us using the contact details provided in Section 1.2 of this policy.

Note: As a rule, we do not rely on consent as a legal basis for processing except in cases related to marketing communications or the processing of sensitive personal data. In any case, you always have the right to object to or request the cessation of the use of your data for such purposes, either by unsubscribing directly or by contacting us.

 

 

 

 

 

 

  1. Change of Purpose for Data Use

Your personal data are used solely for the purposes for which they were originally collected, as specified in this Privacy Policy.
If it becomes necessary to process your data for a different purpose, we will assess whether the new purpose is compatible with the original one, in accordance with the relevant data protection legislation.

If we determine that the new purpose is unrelated or incompatible with the original one, we will inform you in advance and explain the legal basis that allows us to carry out such processing, or we will seek your consent where required.

If you would like more information or clarification regarding the processing of your data for a different purpose, you may contact us using the details provided in Section 1.2 of this policy.

  1. Third-Party Links

Our website may contain links to third-party websites, embedded features (such as microsites), plugins, or applications provided by third parties. If you choose to interact with any of these, such third parties may collect or share data about you.

Please note that we do not control these third-party websites or their privacy practices and we bear no responsibility for their content, data processing, or privacy policies.
In cases where third parties provide services directly through our systems, we may act as data processors on their behalf, under a specific contractual arrangement.

For your own safety, we recommend that each time you leave our website or interact with a third-party provider, you carefully review the applicable privacy statement of that environment.

 

  1. Cookies, Web Beacons, and Related Technologies

Our website uses cookies, web beacons, and other similar technologies to enhance your browsing experience and to better understand how you interact with our services.

Cookies allow us to distinguish between visitors, record your IP address, identify the referring website, and analyze how our website is used. This information is used both to fulfill obligations toward our partners and to improve our functions, website design, and services or offers.
We do not track your behavior on websites other than our own.

Cookies are small files stored on your device. They are categorized as session cookies, which are deleted once you close your browser, and persistent cookies, which remain stored for a longer period to recognize you upon future visits to our website.

Web beacons are small graphic elements or snippets of code that work in conjunction with cookies and allow us to monitor actions performed within our website, such as page views, time and duration of visits, page descriptions, and information about products or services you may be interested in.

Depending on the consent settings you have chosen, we may use cookies to recognize you when you return, retain your preferences, provide personalized content, or track your interaction with the website.

You have the ability to manage or disable cookies at any time through the settings available on our website or via your browser’s configuration options.

 

  1. Who May Have Access to Your Personal Data

To ensure optimal service and proper delivery of our offerings, we may share your personal data with selected partners and external service providers who act on behalf of TIMOTHY’S FAMILY.
These third parties are contractually obligated to use your data solely for the purposes defined by us and to maintain appropriate protection and security measures.

For example, your data may be shared with partners who support us in operational matters, providers of technical or consulting services, hosting and system development providers, communication and marketing service providers, as well as legal or financial advisors.

Additionally, it may be necessary to transfer your data to third parties when required for the execution of services you have selected or requested — for instance, to local or international authorities, regulatory bodies, or immigration services.

In the event of a business restructuring, merger, division, or sale of part of our business, your data may be transferred to the new owners or successors, provided that they continue to observe the same data protection terms described in this policy.

Finally, we may disclose personal data when legally required to do so, or when you explicitly request such disclosure.

 

 

 

  1. Security of Your Personal Data

We take all necessary technical and organizational measures to ensure the protection of your personal data against accidental or unlawful loss, alteration, unauthorized access, disclosure, or any other form of processing that does not comply with data protection legislation.

These measures include, where appropriate, techniques such as encryption, pseudonymization, or anonymization of data.

Access to your personal data is strictly limited to individuals (such as employees, external partners, or service providers) who need to process such data as part of their professional duties and only in accordance with our instructions. All such individuals are bound by confidentiality obligations and comply with our established security policies.

We have also adopted procedures for detecting, assessing, and responding to any data security breaches. In the event of a breach that may affect your rights, we will notify you promptly, as well as the relevant supervisory authority, where required by law.

  1. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes for which they were collected and/or to meet our legal, accounting, or regulatory obligations.

When determining the appropriate retention period, we consider factors such as:

  • The type and sensitivity of the data
  • The purpose for which it is processed
  • The potential risk of unauthorized use or disclosure
  • Whether we can achieve the intended purposes through other means
  • The applicable legal requirements

More detailed information on specific retention periods for each category of data is available in our Data Retention Policy, which you may request by contacting us.

In certain cases, you have the right to request the deletion of your personal data. Once the retention period has expired, your data will be either deleted or anonymized. In the case of anonymization, we reserve the right to use the resulting information for research or statistical purposes without further notice to you.

  1. Your Rights Regarding Your Personal Data

In accordance with applicable data protection legislation, you have the following rights:

  • Right of Access: You may request a copy of the personal data we hold about you and confirm that we are processing it lawfully.
  • Right to Rectification: If you find that any of your data is inaccurate or incomplete, you may ask us to correct it. We may request verification of the accuracy of the new information you provide.
  • Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data when there is no longer a reason for us to retain it, or if you have successfully objected to its processing. In certain cases, immediate deletion may not be possible due to legal obligations — in such instances, we will inform you accordingly.
  • Right to Object: You may object to the processing of your data when it is based on our legitimate interests or carried out for direct marketing purposes.
  • Right to Restrict Processing: You have the right to request the temporary restriction of processing your data in cases such as:
    • When you want us to verify the accuracy of the data.
    • When you believe the use of your data is unlawful but do not wish to have it deleted.
    • When you need the data for the establishment, exercise, or defense of legal claims.
    • When you have already objected to processing and we are assessing whether our legitimate grounds override yours.
  • Right to Data Portability: You may request that your personal data be transferred to you or to a third party in a structured, commonly used, and machine-readable format. This right applies only to data processed automatically and based on your consent or a contract with you.
  • Right to Withdraw Consent: If the processing of your data is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal, but it may limit the provision of certain services. In such cases, we will inform you accordingly.

 

  1. What We May Need from You

We may need to request certain information from you to verify your identity when you submit a request concerning your personal data. This is a security measure to ensure that personal data are not disclosed to anyone who has no right to access them.

We may also contact you to ask for additional information to clarify or expedite your request and ensure efficient processing.

  1. Response Time to Requests

Our goal is to respond to all legitimate requests within one (1) month. If your request is particularly complex or if we have received a large number of requests, we may need up to three (3) months in total. In all cases, we will inform you in advance of any delay and the reasons for it.