Privacy Policy

Privacy Policy

Last updated: January 2026

This Privacy Policy explains how personal data is collected, used, stored, and protected when you visit www.meteoraoffroad.com or make a booking for activities offered under the brand Meteora Offroad Adventures.

Data Controllers

Visit Meteora Ι.Κ.Ε.
Acts as the primary Data Controller for:

  • Online bookings
  • Payments
  • Customer communications
  • Marketing and sales activities

Meteora Offroad Adventures Ι.Κ.Ε.
Acts as joint data controller where personal data is required for the operation and delivery of booked activities.

The two entities cooperate in accordance with GDPR Article 26 to ensure lawful and secure data processing.

Personal Data We Collect

Depending on how you interact with the website and the nature of the booked activity, we may collect:

  • Full name
  • Email address
  • Phone number
  • Billing details (processed securely via payment providers)
  • Booking and activity details
  • Driving licence details (including licence number, issuing country, and validity) where required for vehicle-based activities
  • Communication content (emails, messages)
  • Technical data (IP address, browser type, device data)

Driving licence data is collected only when strictly necessary for the lawful and safe execution of an activity.

Payment card details are never stored on our servers.

How We Collect Data

Personal data is collected when you:

  • Use the website
  • Complete an online booking
  • Contact us by email or contact forms
  • Subscribe to newsletters or marketing communications
  • Interact with cookies or similar technologies

Purpose & Legal Basis of Processing

We process personal data only when there is a lawful basis, including:

  • Contractual necessity – to process bookings and deliver services
  • Legal obligation – for accounting and tax compliance
  • Legitimate interest – customer support, service improvement, fraud prevention
  • Consent – marketing communications and optional cookies

Personal data is never processed for purposes incompatible with the above.

Data Sharing & Third Parties

Personal data is shared only when necessary and strictly for the purposes described in this Privacy Policy.

Data may be shared with trusted third parties, including:

  • Payment service providers
  • Booking and reservation systems (e.g. Ventrata)
  • Third-party operators, guides, or vehicle providers involved in the execution of a specific trip or tour
  • Accounting and legal advisors
  • IT, hosting, and technical service providers

In particular, driving licence details and relevant booking information may be forwarded to third-party operators when required for:

  • Vehicle rental or allocation
  • Insurance validation
  • Legal or regulatory compliance
  • Safe execution of the activity

All third parties act either as data processors or independent controllers, are contractually bound to confidentiality, and process data in compliance with the GDPR.

Data Retention

Personal data is retained only for as long as necessary:

  • Booking and accounting data: as required by Greek tax law
  • Communication data: up to 24 months
  • Marketing data: until consent is withdrawn

Data is securely deleted or anonymised once no longer required.

Cookies & Tracking Technologies

The website uses cookies to:

  • Ensure proper website functionality
  • Analyse traffic and improve user experience
  • Support marketing activities (where consent is provided)

Users can manage cookie preferences via browser settings or cookie banners.

Data Security

Appropriate technical and organisational measures are implemented to protect personal data, including:

  • Secure servers and encrypted connections (SSL)
  • Access controls and internal data minimisation
  • Secure payment processing (PCI-DSS compliant providers)

Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Requests can be submitted via email and will be handled within the legally required timeframe.

International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), appropriate safeguards are applied in accordance with GDPR.

Changes to This Policy

This Privacy Policy may be updated from time to time. The latest version will always be published on this website and becomes effective upon publication.

Contact Information

For any questions regarding this Privacy Policy or your personal data, please contact:

Visit Meteora Ι.Κ.Ε.
Email: info@visitmeteora.travel
Website: www.visitmeteora.travel

By using this website, you acknowledge that you have read and understood this Privacy Policy.

Table of Contents