The protection of your personal data is very important to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit and use the website of our waterpark, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable national legislation.

The Data Controller is Pantheon Water Park with registered office at www.pantheonpark.gr , email: info@pantheonpark.gr

We have appointed a Data Protection Officer (DPO), whom you may contact for any matter relating to personal data protection at +30 698 459 0308 or via email at info@pantheonpark.gr.

By using our website and, where required, by providing your consent (e.g. via cookies), you agree to the practices described in this Privacy Policy.
 

We may collect, store, and process the following categories of personal data:\

• Technical data: IP address, geographic location, browser type and version, operating system.
• Usage data: information about your visits to and use of our website, including referral source, length of visit, page views, and navigation paths.
• Contact data: name, surname, email address, telephone number.
• Booking and purchase data: tickets purchased, date of visit, number of visitors, billing details.
• Payment data: payments are processed securely through crtified third-party payment providers. We do not store credit or debit card details.
• Account or subscription data: email address and preferences for newsletters or other communications.
• Communication data: information contained in any communications you send to us via email or contact forms.
• User-generated content: information you choose to submit for publication on our website.

If you provide us with personal data relating to another person (e.g. children or accompanying visitors), you confirm that you have obtained the required consent for such disclosure.
 

Our services are address primarily to families and may involve minors. Any personal data relating to children is processed only for booking, safety, and operational purposes and always under the responsibility and consent of a parent or legal guardian.

We do not knowingly collect personal data from minors without appropriate parental consent,

We process your personal data on one or more of the following legal bases:

• Performance of a contract (e.g. ticket purchases, bookings).
• Compliance with legal obligations.
• Your consent (e.g. newsletters, marketing cookies).
• Legitimate interests, such as website security, fraud prevention, and service improvement.
   

We may use your personal data for the following purposes:

• Operating, administering, and improving our website and services.
• Processing ticket purchases and reservations.
• Managing payments and issuing invoices or confirmations.
• Communicating with you regarding your visit, inquiries, or requests.
• Sending newsletters or marketing communications, where you have provided consent.
• Ensuring the safety and security of visitors, staff, and facilities.
• Preventing fraud and ensuring compliance with our terms and conditions.

We do not sell your personal data or share it with third parties for their own direct marketing purposes.
 

We may disclose your personal data only when necessary and only to:

• Authorized employees and collaborators.
• Service providers (e.g. IT, payment processing, analytics) acting under contractual obligations.
• Legal or regulatory authorities, where required by law.
• Third parties in connection with legal proceedings or the protection of our legal rights.

All third parties are required to process personal data in compliance with applicable data protection laws.

For reasons of safety, security, and protection of visitors and facilities, CCTV systems may operate in certain areas of the waterpark. CCTV data is processed lawfully, stored for a limited period, and accessed only by authorized personnel.

Your personal data may be stored or processed in countries outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, in accordance with GDPR requirements.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations.

Unless otherwise required by law, personal data is generally retained for up to 2 years.

We implement appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, or alteration.

However, you acknowledge that data transmission over the internet cannot be guaranteed to be completely secure.

Under GDPR, you have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request erasure of your data.
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time.
• Lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

You may exercise your rights by contacting us using the details above.
 

Our website uses cookies to ensure proper functionality, analyze usage, and improve user experience. Non-essential cookies (e.g. analytics or marketing cookies) are used only with your consent.

You can manage or withdraw your cookie preferences at any time through your browser settings or our cookie consent tool.

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites.

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and where appropriate, we will notify you.

If you have any questions about this Privacy Policy or the processing of your personal data, please contact us at info@pantheonpark.gr or our DPO at r.damelio@pantheonpark.gr.