Privacy Policy
At VIP Santorini, your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, and safeguard your personal data in compliance with Greek and EU data-protection regulations, including the GDPR. We encourage you to read it carefully.
→ View our Cancellation Policy & Terms
Information We Collect
We collect and process personal data through our website vacationintopremium.com for the following purposes:
- Responding to your inquiries or information requests
- Managing your registration on our website or newsletter
- Delivering the services offered via our website
While you may browse our website without disclosing personal data, engaging with our services or making a request will require sharing certain information. Protecting this information is a priority, and we adhere to applicable data-protection laws.
What is personal data?
Personal data refers to any information that can identify you, such as your name, contact details, IP address, and browsing activities.
Data we may collect
- Newsletter signup — email address.
- Career applications — name, email address, and any information provided in your CV or cover letter.
- Website usage — data regarding how you interact with our website (pages visited, time spent, browser type, IP address).
- Communication records — emails, phone calls, letters, or social-media interactions with our team.
- Booking information — name, contact details, travel dates, special requests, and payment information for service bookings.
How We Use Your Data
We process your personal data for specific, legitimate purposes, including:
1. Marketing communications
- Sending occasional emails about our services and special offers — only if you actively tick the optional "keep me updated" box on our quote or contact form. This box is never pre-ticked, and submitting a booking or enquiry without ticking it does not sign you up for marketing.
- We keep a dated record of that opt-in (your email, name and the time you consented) as proof of consent, and you can withdraw it at any time.
- Providing a working unsubscribe link in every marketing email.
- Audience matching for advertising. Where you have consented, we may securely share a hashed (scrambled) version of your email address with Google to show you, or people similar to you, our adverts through Google Ads "Customer Match". Google cannot read the original email, and you can opt out at any time (see Analytics & Advertising).
2. Career applications
- Evaluating your suitability for current or future roles
- Retaining your data for up to three years for follow-up opportunities (with your consent)
3. Customer relationship management
- Managing inquiries and service requests
- Processing bookings and payments
- Providing customer support and follow-up
- Storing and processing data securely to improve our offerings
Data-sharing policy
We only share data internally within our customer-relations, marketing, and communications teams or with trusted data processors for hosting and maintenance. Personal data is shared with third parties only with your explicit consent or as required by law.
Your Data-Protection Rights
Under the GDPR and applicable data-protection laws, you have the following rights:
How to exercise your rights
To exercise any of these rights or for questions about this policy, contact us at hello@vacationintopremium.com. If you unsubscribe from marketing communications, please allow up to 10 business days to process your request.
File a complaint
You may also lodge a complaint with the Hellenic Data Protection Authority at www.dpa.gr.
Data Retention
Your personal data is stored securely on encrypted servers, accessible only by authorized personnel.
- Without a contract — data is stored for five (5) years from the date of collection.
- With a contract — data is retained for the duration of the contract and any applicable warranty or statutory limitation period thereafter.
- Marketing opt-in records — kept until you unsubscribe or withdraw consent, after which we retain only a minimal record of the withdrawal as proof we honoured it.
Once your data is deleted from our systems, we cannot guarantee you won't be contacted again if your information is publicly available elsewhere or if you provide it to us again through our website.
Security Measures
We implement robust technical and organizational measures to safeguard your personal data against unauthorized access, loss, or misuse:
- End-to-end SSL encryption — all data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.
- Server and application firewalls — multi-layered firewall protection prevents unauthorized access to our systems and databases.
- Strict access controls — only authorized personnel with a legitimate business need can access personal data, and all access is logged and monitored.
- Regular security audits — we conduct periodic security assessments and updates to maintain the highest level of data protection.
Cookies & Consent
When you browse our website, we may store small files called "cookies" on your device. These cookies enhance your browsing experience and help us analyze website usage.
Your consent choice
When you first visit, a banner lets you Accept or Reject non-essential cookies. We use Google's Consent Mode so that analytics and advertising cookies are blocked by default and are only ever set after you click "Accept". If you click "Reject", no analytics or advertising cookies are placed — we keep only a small technical record of your choice so we don't ask you again. You can change your mind at any time by clearing this site's data in your browser, which makes the banner reappear.
Types of cookies we use
- Essential cookies — ensure the website functions correctly (e.g. maintaining your session, remembering your preferences). Cannot be disabled.
- Functional cookies — customize display settings such as language preferences and layout options. Can be disabled, but may affect your experience.
- Analytical cookies — collect data for improving website performance (e.g. Google Analytics 4). Loaded only after you click "Accept". See Analytics & Advertising.
- Social-media cookies — facilitate interactions with social platforms (e.g. sharing on Facebook, Instagram). Can be disabled, but social features won't work.
- Retargeting / marketing cookies — used by Google Ads to deliver relevant advertising and measure conversions. Loaded only after you click "Accept"; you can opt out of personalised ads at any time.
Managing cookies
You can manage or block cookies through your browser settings. Disabling certain cookies may affect website functionality and your experience.
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Analytics, Advertising & Google Services
Subject to your consent (see Cookies & Consent), we use the following Google services to understand how our website is used and to promote our services. These tools only run after you click "Accept" on our cookie banner.
- Google Tag Manager — a tool that loads the tags below. It does not itself store personal data, but it governs when the other tools run, in line with your consent choice.
- Google Analytics 4 — measures how visitors use our website (pages viewed, time on site, approximate location, device and browser type, and a randomised identifier). We use this to improve the site. IP addresses are handled by Google in a shortened/anonymised form.
- Google Ads — conversion tracking — when you arrive from one of our adverts and then make a booking or enquiry, this records that the advert led to a result, so we can measure which campaigns work. It may process your advertising identifiers and the value of your booking.
- Google Ads — remarketing & Customer Match — lets us show our adverts to people who have visited our site, or (where you opted in) to a hashed version of your email address and to audiences who resemble our customers. You can stop seeing personalised Google ads at any time via myadcenter.google.com.
- Google Search Console — shows us, in aggregate, the search terms people use to find us. It does not identify individual visitors.
Legal basis
We rely on your consent for all analytics and advertising cookies and for Customer Match (Articles 6(1)(a) GDPR and the ePrivacy rules). You can withdraw this consent at any time without affecting any booking you have already made.
International data transfers
Google is a US-based provider, so using these services may involve transferring some data outside the European Economic Area. Google states that such transfers are protected by the EU–US Data Privacy Framework and the European Commission's Standard Contractual Clauses.
More information from Google
See Google's Privacy Policy and how Google uses data from sites that use its services.
Affiliate Links & Third-Party Bookings
Some tours, activities and experiences featured on this website are offered in partnership with third-party booking platforms, including Viator (a TripAdvisor company). When you click certain links or booking buttons, you may be taken to one of these partner websites to complete your booking and payment directly with them. In these cases, the booking contract is between you and the third-party provider, their terms and cancellation policies apply, and we may earn a commission from the platform — at no additional cost to you. This does not influence the price you pay.
Other services — including our private transfers and tours booked and paid for directly on this website — are provided and fulfilled by VIP Santorini (Vacation Into Premium), and our own booking, payment and cancellation terms apply to those.
We only recommend tours and experiences we believe offer genuine value to our customers. If you are unsure whether a particular booking is made with us directly or via a partner platform, please contact us at hello@vacationintopremium.com before booking.
Mobile App & Driver Location Data
VIP Santorini operates a companion mobile application ("VIP Driver Chat") used by our professional drivers, dispatch operators, partner hotels and affiliate partners to coordinate transfer services. Accounts are created and issued by VIP Santorini — the app offers no public sign-up, and this section applies only to those invited users.
Data the app collects
- Account information — name, username, professional role (driver, operator, hotel, affiliate) and a per-user access key issued by us.
- Precise location, including in the background (drivers only). While a driver is on duty and signed in, the app reports the vehicle's GPS position to our dispatch system. This is used to coordinate pickups, calculate live arrival-time estimates, show the vehicle's position to dispatch and — only during an active transfer — to the partner hotel that booked it, and to update the status of a service automatically (e.g. "waiting at pickup", "in progress"). Location is requested through the standard iOS/Android permission prompts; a driver may revoke it at any time in the device Settings, and no location is collected after signing out.
- Messages exchanged in the app's dispatch and hotel-coordination chats.
- Photos and documents a user chooses to upload (e.g. receipts, invoices, expense documents), and camera access if the user chooses to scan a login QR code — images are used only for the purpose the user uploads them for.
- Push-notification tokens, so we can deliver work notifications to the device.
- Booking/task details needed to perform the service (pickup, drop-off, time, passenger name and contact details supplied at booking).
How it is used and shared
App data is used exclusively to operate and dispatch our transfer services. Location coordinates are sent to Google Maps Platform (Google Ireland Ltd.) solely to compute routes, driving times and map display; push notifications are delivered via Apple/Google notification services and the Expo notification service. We do not sell app data, we do not use it for advertising or cross-app tracking, and hotels can see a driver's live position only while that driver is carrying out a transfer for that hotel.
Retention
Driver GPS history is kept only for the limited period needed for operational review and dispute resolution, driver chat messages in hotel-coordination threads are deleted automatically at the end of each service day, and uploaded accounting documents are retained as required by Greek tax law. All other app data follows the retention rules described above, and the data-protection rights listed in this policy apply equally to app users — contact us at hello@vacationintopremium.com to exercise them.
Updates to This Policy
This Privacy Policy is effective as of September 2018 and was last updated in July 2026. We may update it periodically to reflect changes in legal requirements, services, or business practices. Any updates will be posted on this page with a revised "Last Updated" date.
Questions or concerns?
If you have any questions about this Privacy Policy or how we handle your data, please contact us at hello@vacationintopremium.com.