Privacy Policy | Greek Island Buses
Skip to main content
Greek Island Buses LogoGreek Island Buses

Privacy Policy

Last updated: January 2026

1. Information We Collect

We collect information you provide directly (name, email, payment details) and automatically (usage data, device information, cookies).

2. How We Use Your Information

We use your information to process ticket purchases, send booking confirmations, improve our services, and communicate with you about your account.

3. Data Sharing

We share your information with bus operators to fulfil your booking, payment processors (Stripe) to process payments, and email providers to send confirmations.

4. Your Rights (GDPR)

You have the right to access, correct, delete, or export your personal data. You may also object to processing or request restriction. Contact us at privacy@greekislandbuses.com.

5. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations. Account data is deleted 30 days after account deletion request.

6. Cookies

Please refer to our Cookie Policy for information about how we use cookies.

7. Legal Basis for Processing (GDPR Art. 6)

We process your personal data under the following legal bases: (a) Performance of a contract (Art. 6(1)(b)) — when you purchase tickets or create an account; (b) Legitimate interests (Art. 6(1)(f)) — for fraud prevention, platform security, and service improvement; (c) Consent (Art. 6(1)(a)) — for marketing emails and optional analytics cookies, which you may withdraw at any time; (d) Legal obligation (Art. 6(1)(c)) — for tax records and regulatory compliance under Greek and EU law.

8. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). Where we transfer data outside the EEA (e.g., to cloud service providers), we ensure adequate protection through EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission, in accordance with GDPR Chapter V.

9. Data Protection Officer

Our Data Protection Officer can be contacted at dpo@greekislandbuses.com or by post at: Greek Island Buses, Data Protection Officer, Athens, Greece. The DPO oversees our compliance with GDPR and is available to address any concerns about how we handle your personal data.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr, or with the supervisory authority in your EU/EEA country of residence. You also have the right to seek judicial remedy.