Privacy & Data Protection Policy

Last Updated: May 2026

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you visit our website and book travel services through our online platform, in full compliance with the EU General Data Protection Regulation (GDPR) and Greek Data Protection Law 4624/2019.


1. Data Controller

For the purposes of data protection laws, the Data Controller is:

  • Company Name: ODEA E-service
  • Registered Address: Neohoropoulo, 45500 Ioannina, Greece
  • Contact Email: info@odea.gr

2. The Data We Collect About You

Because we arrange travel services, we must collect specific information to fulfill your bookings. This includes:

  • Identity Data: First name, last name, date of birth, gender, passport or ID number, and nationality (required by airlines and border authorities).
  • Contact Data: Email address, telephone number, and billing address.
  • Financial Data: Payment card details (processed securely via our encrypted third-party payment gateway; we do not store raw card details on our servers).
  • Transaction Data: Details about payments to and from you and other details of travel services you have purchased from us.
  • Special Categories of Data: In rare cases, you may provide information regarding dietary requirements (which may imply religious beliefs) or medical/mobility assistance needs (health data) required for your safe transit. We process this data strictly based on your explicit consent to fulfill your travel requirements.

3. How and Why We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we use it for:

  • Performance of a Contract: To process and manage your booking, issue your tickets, and send you itinerary updates.
  • Legal Obligation: To comply with tax laws, financial reporting, and mandatory security checks by aviation/port authorities.
  • Legitimate Interests: To improve our website functionality, prevent fraud, and provide customer support.

4. Data Sharing and Third-Party Disclosures

To successfully book your trip, we must share your data with external travel providers. Your information will be disclosed to:

  • Airlines, Hotels, and Transport Operators: To secure your reservations.
  • Global Distribution Systems (GDS): Digital networks that process international travel bookings.
  • Payment Gateways: To securely authorize your transactions.
  • International Transfers: If you book a trip outside the European Economic Area (EEA), your data will be transferred to local service providers in your destination country to finalize your booking, as permitted under Article 49(1)(b) of the GDPR for the performance of a contract.

5. Data Security

We have put in place advanced security measures to prevent your personal data from being accidentally lost, altered, disclosed, or accessed in an unauthorized way. This includes SSL/TLS encryption for all data transmissions and restricted access control for our staff.


6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or statutory reporting requirements (typically 5 to 10 years for Greek tax and business auditing purposes).


7. Your Legal Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate data.
  • Right to Erasure (“Right to be Forgotten”): You can ask us to delete your data, provided we do not have a overriding legal or tax obligation to retain it.
  • Right to Restrict or Object to Processing: You can object to us processing your data for direct marketing.
  • Right to Data Portability: You can request the transfer of your data to another organization.

To exercise any of these rights, please contact us at info@odea.gr. If you believe your data has been mishandled, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).