Filitatravel

Menu

PRIVACY POLICY

1. Who We Are

Filita Travel LLC is a luxury travel agent specialising in Greece and the wider Mediterranean.

Filita Travel LLC
4113 NE 77th St, Seattle, WA 98115
State of Washington, United States
Unified Business ID (UBI): 604200112
Washington State Seller of Travel: Active | Expires 31 December 2026
Contact: info@filitatravel.com

Filita Travel LLC is the data controller of the personal data collected through this website and in connection with its travel planning and booking services.

Filita Travel LLC works with an affiliated destination management company in Greece to execute local bookings and travel arrangements on behalf of clients. As related entities under common ownership, both companies may process your personal data jointly for the purpose of delivering your trip. This arrangement is governed by an inter-company data processing agreement. Full details are available on request by contacting info@filitatravel.com.

2. What This Policy Covers

This policy explains how we collect, use, store, and share your personal data when you:

  • Visit our website at filitatravel.com
  • Submit our travel questionnaire
  • Create an account or client profile
  • Use our travel planning and booking services
  • Subscribe to our newsletter
  • Save hotels or articles to your favourites
  • Communicate with us by email, phone, or WhatsApp


We are committed to protecting your privacy. The personal details you share with us, whether a simple email address or your passport number, are treated with the same care and discretion we bring to planning your trip.

A note on WhatsApp: WhatsApp is operated by Meta Platforms and is subject to Meta’s own privacy policy. We recommend using email rather than WhatsApp when sharing sensitive information such as passport details or payment information.

3. The Personal Data We Collect

When you submit our travel questionnaire

Our questionnaire is a lead form only. It does not create an account. We collect:

  • Your name, email address, phone number, and city
  • Where you would like to travel and what kind of trip you are looking for
  • Who you are travelling with, including the number of guests and their ages
  • Whether the trip is for a special occasion
  • Your accommodation preferences and travel dates
  • Your trip budget range
  • Whether you have visited the destination before and what you enjoyed
  • How you found us, and if by referral, who referred you
  • Any additional information you choose to share in the free-text fields


If you provide us with another person’s name, please make sure you have their permission to share their details with us.

 

When you create an account

For self-registration (to save favourite hotels and articles), we collect your name, email address, city, country, and a password. For paying clients, your account may also include information gathered during the planning process.

 

When you complete your client profile

You may choose to add the following to your profile at any time. All optional fields are clearly marked:

  • Date of birth and preferred contact method
  • Travel companion details: partner’s name and date of birth, children’s names and dates of birth, other frequent companions and their relationship to you
  • Passport details: full name as on passport, passport number, nationality, and expiry date (for you and your travel companions). We store this securely to assist with bookings. You can update or remove it at any time, and we will delete it within 30 days of your trip completing unless you ask us to retain it
  • Dietary requirements or allergies
  • Accessibility needs
  • Room preferences, interests, and accommodation style preferences
  • Any additional notes you would like us to know

 

When you use our booking and payment services

  • Trip details including destination, dates, hotels, and service tier
  • Booking status
  • Invoices, payment amounts, and payment status

 

When you browse our website

  • Hotels and articles you save to your favourites
  • Device and browser information and IP address
  • Data collected through cookies and similar technologies (see Section 9)

 

When you communicate with us

  • The content of your emails, phone conversations, and WhatsApp messages related to your travel arrangements

4. Why We Collect It and Our Legal Basis

We collect your personal data for the following purposes. Where our services are used by visitors from the European Economic Area, we have identified the applicable legal basis under the GDPR.

To respond to your travel enquiry
When you submit our questionnaire, we process your data to understand what you are looking for and to contact you about your trip.

Legal basis (GDPR): Pre-contractual steps at your request (Article 6(1)(b)) or legitimate interest in responding to enquiries (Article 6(1)(f)).

 

To provide our travel planning and booking services
Once you become a client, we use your data to recommend and arrange hotels, experiences, and other travel services on your behalf, manage your account, and process payments.

Legal basis (GDPR): Performance of our contract with you (Article 6(1)(b)).

 

To share your details with hotels and service providers
To facilitate bookings on your behalf, we share relevant information with the hotels, villas, transport providers, and experience providers involved in your trip.

Legal basis (GDPR): Performance of our contract with you (Article 6(1)(b)).

 

To process dietary, allergy, and accessibility information
If you choose to share dietary requirements, allergies, or accessibility needs, this information may reveal details about your health. We process it solely to ensure your comfort and safety during your trip.

Legal basis (GDPR): Your explicit consent (Article 9(2)(a)). You can withdraw this consent at any time by updating your profile or contacting us. Withdrawing consent will not affect any processing already carried out.

 

To send you marketing communications
If you opt in to receive travel inspiration and updates from us, we will send you our newsletter and other marketing communications.

Legal basis (GDPR): Your consent (Article 6(1)(a)). You can unsubscribe at any time using the link in any email or by contacting us. Withdrawing marketing consent does not affect your account or any active bookings.

 

To operate and improve our website
We use cookies and similar technologies to understand how visitors use our site, maintain its functionality, and improve the experience.

Legal basis (GDPR): Legitimate interest for strictly necessary cookies (Article 6(1)(f)). Consent for analytics and marketing cookies (Article 6(1)(a)). See our Cookie Policy for details.

 

To maintain your favourites
When you save hotels or articles, we store these preferences in your account.

Legal basis (GDPR): Legitimate interest in providing a functional account experience (Article 6(1)(f)).

 

To comply with legal and tax obligations
We retain financial records as required by US federal, state, and applicable Greek tax law.

Legal basis (GDPR): Legal obligation (Article 6(1)(c)).

5. Who We Share Your Data With

We share your personal data only where necessary and only with the following categories of recipients:

Our affiliated Greek destination management company. As described in Section 1, we share relevant client data with our affiliated Greek entity to execute local bookings and arrangements on your behalf. Both entities are bound by an inter-company data processing agreement.

Hotels, resorts, and villa owners or managers. We share your name, dates, room preferences, dietary requirements, accessibility needs, and where required for check-in, passport details with the properties where you are booked to stay.

Transport providers. We share your name and travel dates with ground transport, ferry, and domestic flight providers as needed to arrange your transfers.

Experience and activity providers. Where your trip includes activities or experiences we have helped arrange, we share relevant details with the providers delivering those services.

Collaborating travel agents. If your trip is arranged in collaboration with another travel advisor or referring agent, relevant details may be shared with them. You will be informed if this applies to your booking.

Payment processors. We use third-party payment processors to handle transactions securely. We do not store your full payment card details.

Technology providers. Our website hosting, email marketing platform, analytics tools, and CRM/booking management system are provided by third parties who process data on our behalf under appropriate contractual safeguards.

Professional advisors. Our accountants and legal advisors may have access to your data where necessary.

Tax authorities. We disclose financial records to US and Greek tax authorities as required by law.

We do not sell your personal data. We never have and we never will.

6. International Data Transfers

We are based in the United States. When you use our services, your data may be transferred to and processed in countries outside your own, including:

Greece and other European countries. We share your data with hotels and service providers in Greece, Italy, and other destinations where your trip takes place. This is necessary to fulfil your booking.

Türkiye. Where your trip involves Turkish hotels or service providers, we share relevant data to fulfil your booking.

Morocco. Where your trip involves Moroccan hotels or service providers, we share relevant data to fulfil your booking.

For visitors from the European Economic Area: where we transfer your data outside the EEA, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission. We also participate in the EU-U.S. Data Privacy Framework (DPF) where applicable. However, as the DPF is currently subject to legal challenge, we maintain SCCs as a parallel safeguard for all EU-to-US transfers regardless of the DPF’s status. For transfers to Türkiye and Morocco, we rely on SCCs or the fact that the transfer is necessary for the performance of a contract in your interest (Article 49(1)(b) GDPR).

If you would like more information about the safeguards we use for international transfers, please contact us at info@filitatravel.com.

7. How Long We Keep Your Data

We keep your data only for as long as we need it:

Questionnaire submissions (if you do not become a client): Retained for up to 2 years to allow for follow-up, then deleted.

Active client accounts: Retained for the duration of our relationship and for 7 years after your last booking in line with US federal tax requirements. Records held by our affiliated Greek entity may be retained for up to 10 years in line with Greek tax law.

Financial and payment records: Retained for 7 years under US federal tax requirements. Records held by our affiliated Greek entity are retained for up to 10 years under Greek tax obligations.

Passport details: Deleted within 30 days of your trip completing unless you ask us to retain them for future bookings. You can request deletion of your passport details at any time before or after your trip by contacting info@filitatravel.com or updating your profile directly.

Marketing consent records: Retained until you withdraw consent. We keep a record of the withdrawal for our compliance records.

Website analytics data: Retained for up to 26 months.

Favourites (saved hotels and articles): Retained until you remove them or delete your account.

8. Your Rights

You have rights over your personal data. The specific rights available to you depend on your location.

Access. You can ask for a copy of the personal data we hold about you.

Correction. You can ask us to correct any data that is inaccurate or incomplete. You can also update your information directly in your account profile.

Deletion. You can ask us to delete your personal data, subject to any legal obligations we have to retain it such as tax records.

Passport data deletion. You can request deletion of your passport details at any time — before, during, or after your trip — by contacting info@filitatravel.com or removing them directly from your profile. We will delete them within 30 days of your request.

Opt out of marketing. You can unsubscribe from marketing communications at any time using the link in any email or by contacting us.

Withdraw consent. Where we rely on your consent for marketing or for processing dietary, health, or accessibility data, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.

Automated decision-making. We do not use automated decision-making or profiling that produces legal effects concerning you.

To exercise any of these rights, contact us at info@filitatravel.com. We will respond within 30 days. Additional rights for US residents are in Section 11. Additional rights for EEA visitors are in Section 12.

9. Cookies and Similar Technologies

We use cookies and similar technologies on our website. For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy [link].

We require your consent before placing any non-essential cookies on your device. Strictly necessary cookies required for the website to function do not require consent but are explained in our Cookie Policy. The minimum age for providing consent to cookies on this website is 15 years for users in Greece and 16 years for users in other EEA member states, in accordance with applicable national law.

10. Children's Privacy

Our services are not directed at children under 15. However, we understand that family travel often involves children, and you may provide us with your children’s names, ages, and dates of birth as part of the travel planning process.

We process children’s data solely for the purpose of arranging your family’s travel. We do not knowingly collect personal data from children under 15 without verifiable parental consent. If you believe we hold data about a child that should not have been collected, please contact us at info@filitatravel.com and we will delete it promptly.

This website is not intended for use by individuals under the age of 18 for the purpose of making independent travel bookings.

11. Information for US Residents

If you are a resident of California or another US state with consumer privacy legislation, you may have additional rights.

What we collect. The categories of personal information we collect are described in Section 3. These include identifiers (name, email, phone), commercial information (booking and payment history), internet activity (cookies, browsing data), geolocation (city, country), and sensitive personal information (passport details, dietary and health information provided voluntarily).

We do not sell your personal information. We do not sell, and have never sold, personal information to third parties. We do not share your personal information for cross-context behavioural advertising.

Depending on your state of residence, you may have the right to:

  • Know what personal information we collect, use, and share
  • Request deletion of your personal information
  • Request correction of inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not engage in either practice)
  • Limit the use of sensitive personal information (we only use it for the purposes described in this policy)
  • Not be discriminated against for exercising your privacy rights


To exercise these rights, contact us at info@filitatravel.com with the subject line “US Privacy Request.” We will verify your identity before processing your request and respond within 45 days as required by law.

If you have concerns about our data practices that we have not resolved to your satisfaction, you may contact your state Attorney General’s office or the US Federal Trade Commission at ftc.gov.

12. Information for Visitors from the European Economic Area

If you are visiting our website from the European Economic Area (EEA), the General Data Protection Regulation (GDPR) applies to your personal data. Under the GDPR, you have additional rights:

Restriction. You can ask us to restrict how we process your data in certain circumstances.

Portability. You can ask to receive your data in a structured, commonly used, machine-readable format.

Objection. You can object to processing based on our legitimate interests. We will stop unless we have compelling legitimate grounds that override your rights.

Supervisory authority. You have the right to lodge a complaint with a data protection authority in your country of residence. If your complaint relates to data processed in connection with travel services in Greece, the relevant authority is the Hellenic Data Protection Authority (www.dpa.gr). For EU-to-US data transfer concerns, you may also contact your national supervisory authority.

EU representative. For matters relating to the processing of EEA resident data in connection with travel services in Greece, our affiliated Greek entity acts as our EU-side point of contact for data protection matters. Please contact us at info@filitatravel.com and we will direct your query accordingly.

The legal bases for our processing activities are set out in Section 4 above.

13. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, services, or applicable law. When we make significant changes, we will notify you by email if you have an account, or by placing a prominent notice on our website. The “Last Updated” date at the top of this page will always show the most recent revision.

14. How to Contact Us

If you have any questions about this policy or how we handle your personal data, please contact us:

Email: info@filitatravel.com
Post: Filita Travel LLC, 4113 NE 77th St, Seattle, WA 98115, United States
Website: filitatravel.com