Privacy Policy

Last updated: December 2025

WindSailing (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, contact us, request a quote, or make a booking.

1) Who we are (Data Controller)

WindSailing is a trade/brand name used by the following legal entities (each owning/operating a specific yacht):

  • Kyknos MCPY — VAT: 998263078 — Address: Kapodistriou 38, Volos, Greece
  • Rigas MCPY — VAT: 996730403 — Address: Souliou 12, Volos, Greece

Which company controls your data?

The “Data Controller” is the relevant company stated on your Quote / Booking Confirmation and Charter Party for the yacht you book.

Contact: [email protected] | +30 697 242 9223 (Director: Vasileios Rigas)

2) What personal data we collect

Depending on how you interact with us, we may collect:

A) Data you provide to us

  • Contact details: name, email, phone number
  • Enquiry/quote details: preferred dates, itinerary/area, number of guests, experience level, requests/extras, budget range
  • Booking details: billing details, invoicing details (where applicable), communications with us
  • Passenger details (where required for charter/authorities): names, nationality, date of birth, ID/passport details (as required by law/port procedures)
  • Any information you include in messages to us

B) Data collected automatically (website)

  • Technical data: IP address, device/browser type, pages viewed, timestamps, approximate location (derived from IP), and basic diagnostic logs
  • Cookies/identifiers (see Cookies section below)

C) Data from third parties

  • If you book via a partner/platform or are introduced by an agent, we may receive your contact and booking details from them to fulfil your request.

3) Why we use your data (purposes)

We use personal data to:

  • Respond to enquiries and provide quotes
  • Confirm bookings, prepare charter documents, and deliver charter services
  • Communicate operational information (check-in details, crew list requests, itinerary/safety notes)
  • Comply with legal obligations (e.g., port/authority requirements, accounting/tax rules)
  • Protect our business (fraud prevention, security, dispute handling)
  • Improve our website and services (basic analytics, performance, debugging)

4) Legal bases (GDPR)

We process your personal data under one or more of the following legal bases:

  • Contract: to take steps at your request before entering a contract and to perform the charter/booking contract
  • Legal obligation: to comply with applicable laws and authority requirements
  • Legitimate interests: to operate and secure our business, prevent abuse, and improve our services (balanced against your rights)
  • Consent: where required (e.g., certain cookies; optional marketing communications if you explicitly opt in)

5) Who we share your data with

We do not sell your personal data.

We may share data only when necessary with:

  • Service providers (“processors”) such as website hosting, email services, IT support, security/anti-spam tools, and (if used) analytics tools
  • Charter-related parties such as marinas/port services, crew/skippers, and insurance/claims handlers (only what’s necessary)
  • Authorities when required (e.g., Port Authority / official passenger lists or incident reporting)
  • Professional advisors (legal/accounting) where needed for compliance or disputes

All providers are expected to handle data securely and only for the intended purpose.

6) International transfers

Our providers may process data in the EU/EEA or, in some cases, outside it. Where international transfers occur, we rely on appropriate safeguards required by GDPR (such as contractual protections).

7) Data retention (how long we keep it)

We keep personal data only as long as necessary:

  • Enquiries/quotes: typically kept for a reasonable period to handle follow-ups and requests
  • Bookings/charters: kept for operational needs and legal/accounting requirements
  • Authority/charter documents: kept as required by law and to manage disputes/claims
  • Website logs/security events: retained for a limited period for security and troubleshooting

When data is no longer needed, it is deleted or anonymised.

8) Cookies and similar technologies

Our website may use cookies and similar technologies for:

  • Essential site functionality
  • Security/anti-spam protection
  • Basic analytics (if enabled)

You can control cookies through your browser settings and (where implemented) our cookie consent banner.

Our use of cookies is explained in our Cookie Policy.

9) Your rights (GDPR)

You may have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion (where applicable)
  • Restrict or object to processing (in certain cases)
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)

To exercise rights, contact us at [email protected]. We may request verification to protect your data.

You also have the right to lodge a complaint with your supervisory authority (in Greece, the Hellenic Data Protection Authority).

10) Security

We apply appropriate technical and organisational measures to protect personal data. No method of transmission or storage is 100% secure, but we work to prevent unauthorised access, loss, misuse, or alteration.

11) Children’s privacy

Our services are not directed to children. If a minor is included as a guest, their data is provided by the responsible adult as part of the booking/charter process.

12) Third-party links

Our website may contain links to third-party sites (e.g., partners or platforms). We are not responsible for their privacy practices.

13) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with the updated date.

Related policies

Privacy questions or GDPR requests? Email [email protected] or call +30 697 242 9223.