Privacy Policy

This Privacy Policy explains how BLUE FREEDOM YACHTING N.E.P.A. (“we”, “us”, “our”) collects, uses, stores, and protects personal data in connection with yacht charter bookings and use of our website at bluefreedomyachting.com.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Greek and EU data protection law.

1. Data Controller

BLUE FREEDOM YACHTING N.E.P.A.
Kyprou 7, 85300 Kos, Greece
VAT: EL996644341
Email: bluefreedomyachting@gmail.com
Phone: +34 633 125 341

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity data: full name, date of birth, nationality, passport or ID number.
Contact data: email address, phone number, postal address.
Booking data: charter dates, yacht selected, embarkation and disembarkation ports, number of guests, itinerary, special requests.
Payment data: payment amounts, payment method, transaction references. We do not store full card details.
Health and safety data: health conditions, mobility limitations, allergies, or medical requirements disclosed voluntarily for safety purposes.
Travel document data: passport validity, visa information where relevant to the charter.
Communications: emails, messages, and correspondence related to your booking or enquiry.
Website usage data: IP address, browser type, pages visited, and cookies (see Section 9).

3. How We Collect Personal Data

We collect personal data:

directly from you when you make a booking enquiry, confirm a booking, or contact us;
through our website contact or booking forms;
through email or phone correspondence;
from third parties such as booking platforms or travel agents acting on your behalf.

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

To fulfil your charter booking: processing is necessary for the performance of a contract to which you are a party (Article 6(1)(b) GDPR).
To manage payments: processing is necessary for the performance of the contract and compliance with legal obligations (Article 6(1)(b) and 6(1)(c) GDPR).
To ensure safety on board: processing health or mobility data disclosed voluntarily is based on your explicit consent or is necessary to protect vital interests (Article 9(2)(a) and 9(2)(c) GDPR).
To comply with legal obligations: such as maritime regulations, tax requirements, or authority requests (Article 6(1)(c) GDPR).
To respond to enquiries and complaints: based on our legitimate interest in providing customer service (Article 6(1)(f) GDPR).
To send booking-related communications: confirmation emails, pre-departure information, invoices — necessary for contract performance.
To improve our website and services: based on our legitimate interest in maintaining and developing our services (Article 6(1)(f) GDPR).

5. Who We Share Your Data With

We may share your personal data with:

The captain and crew of the chartered yacht, for the purpose of delivering the charter safely.
Payment processors handling your transactions, who process data under their own privacy policies.
Port authorities, marina operators, and customs where required by law or for entry into ports.
Booking platforms or travel agents involved in arranging your booking.
Insurance providers where relevant to a claim or incident.
Legal or regulatory authorities where required by law or court order.

We do not sell your personal data to third parties. We do not share your data for marketing purposes without your consent.

6. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR requirements, such as standard contractual clauses or adequacy decisions.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, including:

Booking and payment records: retained for a minimum of 5 years following the charter date, in accordance with Greek tax and accounting requirements.
Correspondence and complaints: retained for up to 3 years after resolution.
Website usage data: retained in accordance with our cookie settings, typically up to 12 months.

After the applicable retention period, your data will be securely deleted or anonymised.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of access: you may request a copy of the personal data we hold about you.
Right to rectification: you may ask us to correct inaccurate or incomplete data.
Right to erasure: you may ask us to delete your data where it is no longer necessary, subject to legal retention obligations.
Right to restriction: you may ask us to restrict processing of your data in certain circumstances.
Right to data portability: you may request your data in a structured, commonly used format where processing is based on consent or contract.
Right to object: you may object to processing based on legitimate interests.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at bluefreedomyachting@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

9. Cookies

Our website uses cookies to ensure functionality, analyse traffic, and improve user experience. Cookies are small text files stored on your device.

We may use:

Essential cookies: required for the website to function correctly.
Analytics cookies: to understand how visitors use the site (e.g. page views, session duration).
Performance cookies: to improve loading speed and caching (e.g. LiteSpeed Cache).

You can manage or disable cookies through your browser settings. Disabling essential cookies may affect website functionality.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include secure server hosting, encrypted communications (HTTPS), and restricted access to personal data.

No method of transmission over the internet is completely secure. In the event of a data breach that affects your rights, we will notify you and the relevant authority as required by law.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and recommend that you read their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available on this page. We encourage you to review it periodically.

This policy was last updated on 20 May 2026.

13. Contact

For any privacy-related questions, data access requests, or complaints, please contact: