Liknoss GDS

Personal Data Protection Policy

Welcome to

CRS LIKNOSS (hereinafter “the Company” or “LIKNOSS”) is committed to protecting the confidentiality of information entrusted to it and complies with the Personal Data and Privacy Framework. Our commitment to personal data protection is a natural extension of our commitment to maintaining the confidentiality of information of our clients, employees and all those who do business with us.

This Policy aims at providing information about all the information and personal data that we collect through this Website and how we use them.

We encourage you to carefully read this Policy, which sets out the context in which we process your personal data and informs you about your rights.

1. Introduction – Data Controller

The website found at, hereinafter referred to as the “Website” or “we”, is owned byCRS LIKNOSS Single Member S.A.”, with a registered address at 2-4 Ilioupoleos Ave. 17237 Imittos, Athens, Greece, hereinafter referred to as the “Company”.

Telephone number: 211 9558800


To provide its services but also to comply with its legal obligations the Company collects certain information about its visitors and members through the Website, which may lead to their direct or indirect identification.

According to the applicable legal framework regarding data protection, some of this information is “personal data”, while you, as visitors or members, are “data subjects” and we, the Company, are the “data controller” of your data.

If you have any questions about the way we process your data or you exercise your rights, please contact us.

2. Our key data processing principles
We are committed to ensuring that your personal data are processed in a fair and transparent way, in compliance with the applicable legal framework, in particular the General Data Protection Regulation (Regulation (EU) 2016/679), laws 4624/2019 and 3471/2006, other applicable legislation, as well as the regulatory acts and decisions of the Hellenic Data Protection Authority. 
 To put it simply, this means that:
– We process your data only for specified, explicit and legitimate purposes and we do not further process your data in a manner that is incompatible with those purposes (purpose limitation).
– We only process data which are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimization).
– We make every effort to ensure that your data are accurate and that you can ask for their correction or erasure where applicable (data accuracy).
– We keep your data in a form which permits your identification only for as long as it is necessary for the purposes for which the personal data are processed (storage limitation).
– We make every effort to ensure the security of your data, and to prevent, among others, any unauthorised or unlawful processing and against accidental loss, destruction or damage (integrity and confidentiality).

To protect your data we take all appropriate technical and organizational measures, we implement internal security policies and train our staff, which is bound by confidentiality and privacy clauses. In addition, we use technologies which ensure the security of your data (e.g. Secure Sockets Layer (SSL) certificate, encryption, certified hosting providers). Our Company integrates personal data protection principles in all aspects of the Company’s operation by design and by default, so as to protect the data subject’s rights.

In this context, we strictly follow the information security and data protection principles, we monitor the security measures on a regular basis and, if deemed necessary, aligning them with the new best practices.

3. What data do we process and under which conditions

In principle, the Company processes your data through the Website only when you provide it in an active manner to us (e.g. by contacting us submitting the Website’s contact form or when you register as a partner).

This does not fully apply to certain data which are collected with the help of cookies and similar technologies and other types of data which are collected automatically when you visit our Website (for more information please visit our Cookies Policy ).

A. Information we receive automatically

Due to the nature and function of the Internet, as soon as you visit our Website, your IP address and other information, such as the date and time of your visit and the website from which your visit originated is recorded in our server’s special log files. Although we are not able to identify you on our own based on this information, your IP address is considered to be personal data. The legal basis for collecting and storing data in our server’s special log files is our legitimate interests, since our goal is to ensure network, information, and services security, in case of accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data [e.g., avoiding “denial of service” (DoS) attacks], as well as to effectively resolve any technical issues.

This processing follows the applicable legal framework, as it does not entail serious risks for your rights and freedoms. Furthermore, it is necessary for the purposes of the legitimate interests pursued by us, according to the GDPR.

Β. Information provided to us by you

We process personal data provided by you in the following cases:

I. Contact us by submitting the Website’s contact form

Data we process


Legal basis

  • First name, surname
  • Email address
  • Phone number

Important note: We advise you to mention in your message only the necessary information regarding the issue you are interested in.

We process this data to be able to contact you in response to your message.

Submitting a contact form does not make you our “customer” and we will not include you in our database.

We process your data because we consider it as our Company’s legitimate interest (art. 6 (1) (f) GDPR) to reply to your questions, and also to maintain and improve the communication between you and our Company.

II. Submit a “ LIKNOSS Partner” form and become a part of the LIKNOSS network of travel agencies (or to update information of an existing partner).

Data we process


Legal basis

  • First name, last name/business name
  • Agent’s CRS code (for existing partners)
  • VAT number, tax office
  • Address
  • Phone number
  • Email address
  • Data included in legal documents of the Company (special trademark of the agent, statute if the agent is a S.A., L.L.C., G.P./L.P., P.C.) HATTA, IATA or other partnership (if there is one)

Important note: This data is considered personal only to the extent that they concern natural persons and not legal entities.

When you fill out the relevant form on our Website, you are expressing your interest in cooperating with us and joining the network of our travel agencies.

We will process your information at your request to enter a contract with the Company and become our new partner, or in the context of our contract so that you can update your details as an existing partner.

We process this data provided by you in order to take appropriate measures before entering into a contract with you as well as to execute our contractual obligations (article 6 (1)(b) GDPR).

III. Newsletter

Data we process


Legal basis

Email address

We process this data to send you updates on news, offers and other issues that we consider to be of interest to you.

We process this data provided by you based on your consent (article 6 (1) (a) GDPR), which you can withdraw at any time and request the erasure of your data.

The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

IV. CV submission form

Data we process


Legal basis

  • First name, last name
  • Email address
  • Phone number
  • Personal data included in your CV

Important note: Please note that you should not include in your CV submitted to our Company data of special categories, such as health or trade union membership, and/or personal data of third parties without their explicit consent.

We process this data to take appropriate measures before entering into a possible contract between the Company and the person interested.

We process this data provided by you to take appropriate measures at your request before entering into a contract (article 6 (1)(b) GDPR). For more information, please visit our “Job Applications and Data Protection Policy[”.

Contact data of LIKNOSS customers

We consider it our legitimate interest to contact you for business purposes by phone, mail, email, SMS, or any other appropriate means, using your contact details (obtained in a lawful way), within the context of an existing business relationship with you (article 11, paragraph 3 Greek Act 3471/2006) and as long as you do not exercise your right to opt-out from such communication. This communication may contain customized information and special offers regarding our services, promotional activities organized by our Company or in collaboration with other companies (without transferring your data to those companies), contests and research conducted with the aim of improving our products and services. This communication may continue after the end of the provision of services/cooperation, as long as you do not exercise your right to opt-out.

Important note: The responsibility for the accuracy of the submitted information belongs to the person submitting it. You may find out how you can rectify your data in the section of this Policy regarding your rights as a data subject.

4. Who are the recipients of your data

Access to your data is permitted only to authorized members of our staff, who process your data in a strictly confidential manner, only to the extent and in the context of the purposes for which you have already been informed about.

Furthermore, to be able to provide our services to you, the Company shares some of your data with certain partners. These partners (data processors) process your data only for the above mentioned purposes and on behalf of the Company, with the exception of any legal obligations imposed by the applicable legislation. When transferring your data, the Company takes all appropriate technical and organizational measures to ensure the highest possible level of security.

One of the key criteria when choosing our partners is the respect for the rules regarding the security of processing. In addition, our partners are contractually bound to provide the necessary safeguards and to take all appropriate technical and organizational measures to ensure the lawful processing and protection of your data and rights. We will not disclose your data to any third parties to use them directly for their own commercial purposes (marketing).

These partners provide us with services that are necessary for the operation of our Website, e.g. hosting, support, communication or other services.

5. Where and for how long we store your data

Your data is stored in the Website’s server, which is located at a datacenter located in Greece, while any security copies are kept in servers within the European Union. In any case, the Company always implements the appropriate technical and organizational measures in order to avoid data breaches. In the event that we need to transfer personal data to a third country, the Company will take appropriate measures (guarantees), such as ensuring that the transfer takes place in a country with an adequacy decision or applying standard contractual clauses to ensure the adequate level of protection and the lawfulness of processing.

Your data is stored strictly for a period of time which is considered necessary for our processing purposes.

6. What are you rights and how you can exercise them

According to the applicable legal framework, you have a set of rights regarding the processing of your data through the Website by our Company.

In particular, you have the right:

1. To submit a request to the Website to be informed whether we process your data and, if so, what types of data (right of access).

2. To have inaccurate personal data rectified, or completed if it is incomplete (right to rectification).

3. To request, under conditions, the erasure of the data (right to erasure).

4. To request, under conditions, the restriction of the data processing (right to restriction of processing).

5. To object, under conditions, to the processing of your data by us (right to object), especially with respect to the processing relating to marketing purposes (e.g. newsletter).

6. To request the data that you have provided to us in a structured, commonly used and machine-readable format (right to data portability), as long as it is technically feasible.

7. To request at any time that we shall not process your communication data for marketing purposes within the framework of a previous transaction between us.

8. In case of data breach, which is likely to pose a high risk to your rights and freedoms and as long as it does not fall under any of the exceptions provided in the GDPR, the Company has the obligation to communicate the breach to you without undue delay.

Compliance with the legal framework on the processing of personal data and the exercise of your rights guaranteed by that framework, are our top priority. Therefore, we have the right to request additional information necessary for your identification before you can exercise the rights described above.

In principle, the Company has the obligation to respond to your request promptly and, at the latest, within one month. If deemed necessary, taking into account the complexity of the request and the number of the requests, that period maybe extended by two further months. In any event, we will inform you as soon as possible, and always within one month after the submission of your request, concerning the progress made and the reason for any possible delay.

In case your requests are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either i) charge a reasonable fee taking into account the administrative costs for providing the information or making a communication or performing the action requested, or ii) refuse to act on the request.

If you consider that we do not comply with the personal data protection laws, you have the right to lodge a complaint to the Hellenic Data Protection Authority (Kifissias 1-3, PC 115 23, Athens, Greece, phone number: +30-210 6475600, you can lodge your complaint by filling the special DPA’s electronic form in its online portal at

7. Hyperlinks to third party websites

Within our Website you can find hyperlinks which allow you to access third party websites. These links have the sole purpose of facilitating your browsing on the Web and they do not imply, in any way, our endorsement or approval of the content of other websites.

Accessing these websites via hyperlinks in our Website is solely your responsibility and we strongly urge you to read each website’s privacy policy carefully.

8. Social media

Facebook page

The Website has an official Facebook page (

You may contact us via our Facebook page in order to get more information about our services using the “send message” function.

In order to respond to your queries, we process your Facebook username and other information which is publicly available through your profile (e.g. your email address). By sending a message for the purposes of communication between us you provide us with your consent to the above mentioned processing of your data. Access to and use of our Facebook Page is subject to the terms of this Privacy Policy.

By clicking the “LIKE” button on our Facebook Page you provide us with your consent to process your data so that you are able to see our news and promotional activities (via your newsfeed). If you do not wish to receive such updates, you can click “UNLIKE” at any time and withdraw your consent.

Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) is responsible for Facebook’s operations in the European Union. You can be informed about the process of your personal data following the above links:


Our Website has an official Linkedin account ( ).

You can follow the Website’s account on Linkedin and comment on its posts, thus providing data to be processed on the platform.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is responsible for Linkedin’s operations in the European Union. Linkedin has its own cookies and data protection policies, over which we exercise no control and are not in a position to influence.

Access to Linkedin is at your own risk and we encourage you to read its data protection policy carefully since using its services means you agree with it.

General information regarding social media

The Company takes all appropriate technical and organizational measures to ensure the security of data processing via social networking platforms, including, but not limited to, applying restrictions to the number of persons with administrator-level access to each page.

The Company is responsible only for the means it processes your data for its own purposes (communication, provision of services and promotion) and to the extent that it exercises control over your data. On the other hand, it bears no responsibility for the way any social networking platform processes your data.

We urge you to be extremely careful about the content you post on our social media pages, especially when you provide your own or any third party’s personal information. In case you choose to communicate with us, please make sure that the page you are contacting is indeed our official page.

Comments on Social Media

In an effort to improve our services, we encourage users to comment on posts and/or on our pages on social media in a way that promotes public debate and pluralism.

We make every effort to provide a safe online environment, however we do not have a general obligation to review the content that is submitted by users on these platforms.

We reserve the right to remove any kind of content found to be in violation of our terms of use, such as content that is abusive, vulgar, pornographic, threatening, or constitutes advertising, infringes intellectual property rights or contains a false statement about the user and at the same time we reserve the right to block users who submit such material.

In case you think that there is content in our Company’s social media pages, which affects you in a negative way or otherwise violates our terms of use, please contact the administrators directly.

9. Minors

The Company offers its services exclusively to individuals over 18 years of age. When a request is submitted to the Company, the user/visitor is presumed to be over 18 years of age, or if they are under 18 years old, that they have received the necessary permission from their legal guardians and that they will provide their details, if requested by the Company.

Since it is not technically feasible to effectively control the age of the users/visitors of the Website, in case a minor submits personal data in violation of our terms, we will delete all relevant information. We will not delete this information if it is deemed necessary to establish, exercise or defend legal claims or fulfill a legal obligation.

10. Changes in policy and updates

This policy may be changed at any time and without prior notice. Guided by the principle of transparency, we will inform you on any major changes in our policy. However, we strongly advise you to regularly review our policy, since using the Website’s services means you approve it.