PRIVACY POLICY FIGAME.COM

This Privacy Policy explains how FIGAME processes personal data concerning individuals, employees, owners, or representatives acting on behalf of our (existing, former, or potential)Corporate Clients using app.figame.com
In this document, FIGAME may be referred to as ‘we’, ‘us’, ‘our’, or ‘FIGAME’. Individuals, employees, owners or representatives acting on behalf of our Corporate Clients may be referred to together or separately as ‘you’, ‘your’ or ‘Corporate Clients”.
For more information about how FIGAME uses cookies on dedicated Corporate Clients websites and apps, please refer to our Cookie Policy.
Please read the following Policy and if you do not agree with all of its terms please do not proceed to use the website and our services.
CAUTION The website is dedicated to provision of corporate travel management services. As such its services are not to be used by underaged (under 18 years old) individuals. If you are under 18 years old please do not use the website or the services. The only way that FIGAME will process personal data of a minor is if these are provided by a parent or legal guardian and are required for the booking of travel of the underage individual.

Terms we use in this Privacy Policy
Corporate Client You, the client of FIGAME with which FIGAME maintains or wish to enter (or in certain instances has ended) a contractual relation, that wishes to procure FIGAME services for your corporate travel business purposes.

FIGAME The travel company named «FIGAME.COM LTD. TRAVEL ORGANIZATION LIMITED and located at ‘132 LEOFOROS KYMIS, 151 23, MAROUSI, GREECE’ is the administrator and owner of the website app.figame.com
Travel Manager Is the manager of the account of the Corporate Client which has extensive administrative capabilities. Travel Manager is declared by the Corporate Client, may register, edit, archive Travelers of the Client under its account and proceed (including confirm) bookings. Travel Manager has access to the history of all bookings made from the account. Travel Manager is an authorized member of the staff or executive or owner of the Corporate Client. A Travel Manager can also be a Traveler in the sense that Travel Manager can use FIGAME services to pick and book his/her travel for corporate purposes
Traveler Is registered under a Travel Manager and thus under a Corporate Client account. I.e. is a sub-account holder allowing the traveler to view/search/browse potential choices for booking, choose and preferred option which then is shared with Travel Manager for approval and final booking. Traveler is a member of the staff or collaborator or service provider or executive or shareholder or owner or other third party affiliated with the Corporate Client.
Terms used in GDPR such as Data Controller, Data Processor, data subject, personal data, international data transfers, all such terms have the same meaning as the one awarded to them with EU Regulation 679/2016 (GDPR)
User Is any user of the website and FIGAME services either browser (meaning someone who is looking for information on potential travel/bookings) or booker
Website means app.figame.com.

Roles
To the extent that FIGAME processes personal data under the capacity of a Computerised Reservation System provider according to the provisions of Regulation 80/2009 (for airline tickets etc) then FIGAME acts as Data Controller for said data in relation to the bookings according to article 11 of Regulation 80/2009.

Apart from that FIGAME acts as a data processor to Corporate Clients which are the data controllers of the personal data of their respective Travelers that are processed by FIGAME for the provision by the latter of travel management services to said Corporate Clients and their travelers (handling of bookings) . In such cases Corporate Client is the Data Controller of Travelers personal data. FIGAME offers to its Corporate Clients a Data Processing Agreement. Contact us for more information
FIGAME acts as Data Controller when processing personal data that concern administration of the website, the improvement of its services and website, the verification process of Clients and compliance purposes and for the protection of its own legitimate interests.

Data collection
The personal data FIGAME collects in regards to Corporate Clients and their travelers depends on the context of the business relationship and their interaction with FIGAME, the choices made by the Corporate Clients and the products, services and features they use.
Please note that the data items in the sections below are only considered ‘personal data’ when concerning a natural person (meaning, an individual human being). These data items are not considered ‘personal data’ when concerning a legal person or entity.
Personal data of Travelers may be collected via the Corporate Client (Travel Manager of Corporate Client inputs said personal data) or directly via the Travelers (Travelers themselves input data)
Corporate Client, its Travel Manager and its Travelers must provide FIGAME with adequate, precise, true and up to date information at all times. Should any of your details change please inform FIGAME immediately in writing accordingly.
Since these FIGAME services are provide solely for corporate travel purposes the contact details provided to FIGAME should be business details (e.g. business contact details phone, mobile, email) unless otherwise indicated or required.
The personal data FIGAME collects about our Corporate Clients (incl their travelers) can include the following:

Personal data you give to us
Verification details
FIGAME can ask (representatives of) Corporate Clients to provide a copy of company registration documents, their ID card or passport, or other relevant information of the legal representative or the travel manager of the Corporate Client to verify the authenticity of the Corporate Client. This may also include proof-of-licenses or tax information.

Registration details
In order to create an account the following personal data are required
For travel managers Gender, Name, Surname, E-Mail (business email),Telephone (mobile or otherwise should be business telephone nr, only if a business telephone mobile or other respectively nr is not available may a user input a personal tel number), Address, Profession/ Name of Legal Entity (Employer or other legal entity i.e. the Corporate Client for which the travel manager is registering), username, password. The Address, Tax Identification Nr and Public Fiscal Office of the Corporate Client are also required but said information concern the Corporate Client and not a data subject
For travelers Gender, Name, Surname,E-Mail (business email),username, password
Since travelers are registered under a travel manager/ Corporate Client FIGAME is aware of the existence of affiliation between the traveler and the respective Corporate Client and Travel Manager.

Travel booking details
In order to proceed to booking of tickets (airplane , boat) , car rental or hotels all or some of the following personal data will be required depending on the situation.

For airplane tickets
• Gender
• Name
• Surname
• Date of Birth
• Telephone
• Email
• Identification Document (ID / passport) number & date of expiry (may be required, depending on the trip route)
• Miles Card (provided at the discretion of the user)

For hotel bookings

• Gender
• Name
• Surname
• Date of Birth
• Telephone
• Email

For car rental

• Gender
• Name
• Surname
• Date of Birth
• Telephone
• Email
• Address (home)

For boat tickets

• Gender
• Name
• Surname
• License plate of vehicle (only in cases that the Traveler wants to transfer a vehicle)
• Date of Birth (may be required depending on the boat company and on the itinerary)
• Identification Document (ID/Passport) nr & date of expiry (may be required depending on the boat company and on the itinerary)
• Nationality (may be required depending on the boat company and on the itinerary)
• Email

Required information will be indicated using red in the website if not filled in properly in order to alert the user. If required information is not provided each time FIGAME might not be able to provide You with requested services.
Since the website provides corporate travel services users should fill in their business contact details (email and telephone (incl mobile) nr) and only if such is not available can they use their personal contact details.

Information we collect automatically
Depending on the business relationship, FIGAME may also collect information automatically – some of which may be personal data. This data is collected when a user uses FIGAME online services (incl. visiting the webpage) .
The data collected may include:
• Language settings
• IP address
• Location
• Device operating system
• Time of usage
• URL requested
• User agent (information about the browser version)
• Result (viewer or booker)
Such information may be used so that we may able to provide to You our services via the website or in order to improve our website and services.
For more information please check our Cookies policy.

Travel History
Please keep in mind that travel history (concluded bookings) is available.
Travel Manager can see the travel history, i.e. all concluded bookings, for the duration of the collaboration between Corporate Client and FIGAME. ,meaning of all Travelers of the Corporate Client. The activity of Travelers (bookings and requests for booking) are visible to the Travel Manager.
Travelers can see from their sub-accounts only their saved options for bookings already confirmed (incl. for already completed trips) or to be confirmed by Travel Managers.

Payments
Based on the agreement between FIGAME and Corporate Client though, a Corporate Client may pay for concluded bookings by being transferred off site to a third party provider for the processing of its payment and more specifically ECOMMPAYBX.
FIGAME provides to each transaction (booking) performed using FIGAME services a unique random nr (random transaction nr). Said number must be used for the performance of the respective payment. At the payment gateway the user must fill in the card (debit or credit) details , including the name and surname of card holder.
ECOMMBX informs FIGAME of the status of the transaction (success or fail) based on the transaction nr. Furthermore ECOMMBX shares with FIGAME the name and surname of the card holder as well as the last four digits of the card used for the transaction (masked PAN nr)
Payments should at all times be performed by Corporate Client’s account or Corporate Client’s cards (debit or credit) and NOT personal accounts or personal credit/debit cards of users.

Health
If a Traveler has a health condition which may impact the travel, i.e.if the Traveler shall require assistance during the travel OR if health information is required for the performance of a trip (e.g. Covid-19 measures) the respective information should OR must be shared with FIGAME respectively so that FIGAME may arrange necessary actions or simply in order for the travel to be performed according to the regulations imposed in each instance.

Communications
Via the website Travel Manager or Traveler may send messages / notes to FIGAME. There they may include personal data. Users are not to share via messages personal data.If they ever do that, said data should only be the absolutely necessary for the provision of the requested services / resolution of request. Users must not provide FIGAME unsolicited (not requested and not required) data.

Marketing / Promotions
E-Mails provided by you can be used according to article 11 par of L 3471/2006 for the promotion by FIGAME of similar products/services esp since the right and possibility to object, unsubscribe is provided via such promotional/ commercial messages to be shared with such emails.
In any case FIGAME may request your consent for the dispatch of promotional, marketing materials to you via email or phone (including viber) by filing in respective fields in the website.

Personal data you give to us about others
By sharing other individuals’ personal data for business purposes – such as data belonging to your travelers (staff members or others) – you (Corporate Client and Travel Manager) confirm that these individuals have been informed about the use of their personal data by FIGAME in accordance with this Privacy Policy. You (Corporate Client and Travel Manager) also confirm that you have obtained all necessary consent, as required by the laws and regulations applicable to you prior to sharing any such personal data with FIGAME. Corporate Clients (their travel managers included) must abide with this obligation at all times.

Processing purposes
FIGAME uses the previously described Corporate Client information, as relevant, for the following purposes:
* administration of the website including registration and provision of user accounts
* FIGAME to fulfill its contractual obligations and provide services to its Corporate Clients and their respective travelers (users)
*Corporate Client (including traveler) support : contacting users about the services as described, contacting users about complaints and questions the user might have
* sending website users marketing related updates or informing them of promotions that the user consented to receive
* optimizing the services of FIGAME or the website
* fulfillment of the obligations of FIGAME provided by law
* compliance with orders of public or judicial authorities
* protection of the legal interests of FIGAME
*prevention or detection of fraud, money laundering or phishing, risk management and compliance

Legal bases
FIGAME relies on the legal basis that the processing of the personal data is necessary for the conclusion (pre-contractual phase) and/or performance of the agreement between the Corporate Client and FIGAME. If the required information is not provided, FIGAME cannot process bookings or otherwise work with a Corporate Client, nor can we provide customer service.
For the provision of marketing or promotional materials or communications FIGAME relies on the legal basis of the consent provided to FIGAME by the user for the receipt of such.
FIGAME may process data also based on its legitimate interest to provide its services or obtain services, to prevent fraud and to improve its services or defend itself or claim its rights. When using personal data to serve FIGAME’s or a third party’s legitimate interest, we will always balance the impacted individual’s rights and the protection of their information against FIGAME’s and/or the third party’s rights and interests.
For purposes of safety (crime prevention and detection) and compliance, including with orders from public or judicial authorities, FIGAME also relies, where applicable, on compliance with legal obligations (such as lawful law-enforcement requests).

Data sharing
FIGAME undertakes not to sell, rent or otherwise publish and / or disclose users’ personal data to any third party for commercial, promotional or other purposes. FIGAME may only disclose / transmit personal data of users to third party natural or legal persons only if:
– The disclosure of personal data to natural and legal persons providing services to FIGAME becomes necessary for the fulfillment of users’ wishes in the context of providing services to them. Said Legal and natural persons who provide services to FIGAME and process the personal data that users submit to FIGAME and do so as data processors, do so solely at the request of Figame and within the limits set by it (affiliates providing IT support services and/or frontend and backend support services, incl hosting, for the Company’s website, as well as payment processing services for bookings performed using the website). For more detailed information, you can make a request at privacy@figamegroup.com.
-Disclosure of data to third parties is necessary to fulfill FIGAME’s contractual obligations and provide services to the Corporate Client and its Travelers. FIGAME may disclose data to other providers of booking services for tickets, travel or accommodation, airlines, hotel units or rooms to rent, car or motorbike rental companies, in order to fulfill the wishes of its Clients and their Travelers, and thus its contractual obligations. Said third parties do not act as data processors for FIGAME but are independent data controllers processing the data for their own purposes. For more information on the list of said third parties per instance contact us at : privacy@figamegroup.com
– Disclosure of information to employees, executives and in general FIGAME’s corporate structure is reasonably necessary for the purpose of providing the services requested by users.
– Disclosure of information is required for compliance with the provisions of the Law and with the competent authorities only.
– Disclosure of information is ordered by a police, administrative or judicial authority
– Disclosure of Information is necessary to defend FIGAME’s legal rights and legitimate interests
FIGAME shall take the necessary measures to ensure that only the data necessary for its intended purpose are disclosed at any time, namely the provision of FIGAME’s services to users, as well as the legality of their processing.

International data transfers
FIGAME hosts data collected from the website within the European Union.
There may be cases thought were it is in Your interest or required for the provision of the requested by the Client services that data are transferred/processed outside EU/EEA
Where required by European law, we will put appropriate safeguards in place to ensure that such transfers comply with European privacy law.
In particular, when personal data is transferred to third-party that may process information outside EU/EEA, we establish and implement appropriate contractual, organisational and technical measures. Such transfers of personal data are performed under Standard Contractual Clauses as approved by the European Commission or where available under an adequacy decision or with the use of other appropriate safeguards as provided by Law.
For more detailed information please contact us at any time.

Security
We have procedures in place to prevent unauthorised access to and misuse of personal data.
We use appropriate business systems and procedures to protect and safeguard information, including personal data. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work.

Data retention
We will retain personal data for as long as necessary to manage the business relationship with a Corporate Client, to provide FIGAME services to a Corporate Client and to comply with applicable laws (including those regarding document retention, including for tax reasons), resolve disputes or claims with any parties, and as otherwise necessary to allow us to conduct our business.
Data are retained for the duration of the contract between FIGAME and Corporate Client and as described above after that (after termination) necessary data may be maintained only for as long as reasonably required in order for FIGAME to comply with its legal obligations and protect its legitimate interests.
Data may be processed prior to the conclusion of a contract such as verification data in the pre-contractual phase so as to allow the negotiation and conclusion of contract process to continue.
Automatically collected information are retained for 2 months after collection. For more information please check also our Cookies Policy.

Data Subject Rights
The data subject has the following rights in relation to the processing of its personal data: right of information , access, limiting of processing, objecting , portability regarding its personal data, requesting correction / completion or deletion of that, as well as the right to withdraw its consent in cases where consent is used as legal basis for processing as required by law.
Right of information & access: Data subject has the right to access its data and get further information about how it is processed. Data subject have the right to be informed of its recipients.
Right of correction: Data subject has the right to request that its data be corrected, modified, supplemented and updated.
Right of deletion: Data subject has the right to request the deletion of its personal data when we process it with its consent or in order to protect our legitimate interests. In other cases (such as where there is a contract, an obligation to process personal data required by law, the public interest), this right is subject to specific restrictions or does not exist as the case may be.
Right to limit processing: Data subject has the right to request the restriction of processing of its personal data when: the accuracy of the personal data is questioned and until verification is made, the processing is illegal and it requests the restriction of the use of its personal data for this purpose; personal data are no longer required for the purposes of processing by the Data Controller, data subject has objections regarding automated processing.
Right to object to personal data processing: Data subject has the right at any time to object to the processing of its personal data due its specific condition when this processing is based on the fact that the processing is necessary for the fulfillment of duty that is performed in favor of public interest or during the exercise of public authority that has been granted to the Data Controller or to the fact that this processing is necessary for the legitimate interests of the Data Controller or a third party, except if data subjects interests or rights and freedoms for the protection of its personal data, including the creation of a profile, prevail over those of the Data Controller’s or third party’s
Right to portability: Data subject has the right to receive its personal data free of charge in a form that allows it to access, use and process it, and to request us, where technically feasible, to forward its data directly to another party. This right applies to the data that it has provided to us and is processed by automated means with its consent or under a contract.
Right to withdraw consent: Data subject has the right to revoke its consent, to the extent that the basis for said processing was consent, at any time.
The data subject can exercise its rights or request more information by sending an email to privacy@figamegroup.com. Where FIGAME acts as Data Processor, FIGAME will forward data subject’s request to the respective Data Controller and await for Data Controller’s instructions in order to provide a reply to the data subject.The data subject must receive a reply in writing within one (1) month.
In your request, please indicate to us what action you would like us to take and for what purpose. For example, if you wish we don’t contact you for promotional purposes but wish to maintain a user account.

DPO/ Contact
Data protection officer of Figame is mr Ian Loizos. You can contact the Data Protection Officer by calling 210 6399108 (# 30) or by E-Mail at privacy@figamegroup.com
If you have questions, requests or concerns about how we process your personal data, or would like to exercise any of the rights you have under this Privacy Policy, please contact our data protection officer at privacy@figamegroup.com . You can also contact your local data protection authority.
We address privacy specific questions, requests and concerns that are reported to us using internal policies and procedures based on applicable privacy laws, regulations and guidance. We revisit and enhance these policies and procedures regularly, also taking into account user feedback.

Changes to this Privacy Policy
Figame reserves the right, without notice and at its sole discretion, to modify its Privacy Policy by posting the modified text at app.figame.com. If you continue to use the website and services after the change becomes effective You are accepting said change
Users should regularly check this page to make sure they agree with any changes to the Policy.

Dispute Resolution
This Policy is governed by and supplemented by Greek law, European Union law and relevant international treaties. Any provision of the foregoing shall be deemed or deemed to be contrary to the law, shall cease to be effective, without prejudice to the validity of the other terms of this Policy.
Any dispute based on or in relation with this Privacy Policy shall be settled by the competent courts of Athens, Greece