PRIVACY POLICY & VISITOR POLICY – THE WORLD OF OUZO
PRIVACY POLICY & VISITOR POLICY – THE WORLD OF OUZO

Privacy Policy & Visitor Policy – The World of Ouzo

Visitor Policy – The World of Ouzo

Plomari Distillery Isidoros Arvanitis S.A.

  • Visitors are kindly requested to arrive at the Museum premises at least 15 minutes prior to their scheduled booking time.
  • Minors must be accompanied by an adult at all times.
  • Online bookings close 10 minutes before the start of each scheduled tour.
  • Bookings cannot be cancelled or modified.
  • In the event that a tour is cancelled due to the Company’s responsibility or extreme weather conditions, we will contact you to arrange a new date or a refund.
  • For refunds, you are required to send an email to museum.lesvos@ouzoplomari.gr in order to receive further instructions.

Payment Methods

Ticket purchases are completed exclusively online through the secure Nexi XPay payment gateway. The following card types are accepted:

  • Credit cards (Visa, Mastercard)
  • Debit cards (Visa, Mastercard)
  • Prepaid cards (Visa, Mastercard)

Card data is processed exclusively by Nexi and is never stored on our servers. All transactions are protected by 3D Secure 2 authentication.

Privacy & Cookies Policy

1. Introduction

This Privacy Policy describes the manner in which the Company collects, uses, and protects users’ personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Law 4624/2019.

2. Data Controller

The Data Controller, pursuant to Article 4(7) of the General Data Protection Regulation (GDPR), is:
Plomari Distillery Isidoros Arvanitis S.A. (hereinafter the “Company”).

Andreas Metaxa 6, Kato Kifisia
Email: museum.lesvos@ouzoplomari.gr

For the purpose of contacting us or making a reservation for a visit to our museum “The World of Ouzo”, we collect and store personal data provided by you, including: Full Name, Telephone Number, Email Address, Nationality, and Source of Communication/Referral. Such data are used exclusively for the successful completion of the reservation process, ticket issuance, and the improvement of visitors’ experience. Processing is based on the necessity of performing the requested service.

3. Categories of Data

The Company may collect identification data, contact information, technical data (such as IP address and browser), as well as website usage data.

4. Purposes of Processing

  • Website operation and security
  • User service
  • Reservation management and ticket issuance for the museum “The World of Ouzo”
  • Statistical analysis
  • Marketing activities (subject to user consent)

5. Legal Basis

Processing is based on legitimate interest, consent, performance of a contract, and compliance with legal obligations.

6. Cookies

The website uses cookies for functional, analytical, and advertising purposes.

Category Cookie Name Source Purpose Duration
Essential wordpress_test_cookie WordPress Verifies that cookies work in visitor’s browser Session
Essential wp_woocommerce_session_* WooCommerce Maintains booking and order data during purchase 2 days
Functional pll_language Polylang Stores the visitor’s chosen language 1 year
Analytics _ga Google Analytics 4 Distinguishes unique visitors (anonymous ID) 2 years
Analytics _ga_* Google Analytics 4 Maintains session state for the GA4 property 2 years
Analytics sbjs_* WooCommerce Order Attribution Records visit source and session data Session
Third-party – Payment Nexi (XPay) Nexi Secure payment processing – set on Nexi’s domain during payment redirect Session

7. Data Subject Rights

According to GDPR, data subjects have the following rights:

  • Right of access (Article 15 GDPR): to receive confirmation as to whether personal data are being processed and, if so, access to those data.
  • Right to rectification (Article 16 GDPR): to request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17 GDPR): to request deletion of data when no longer necessary, consent is withdrawn, or processing is unlawful.
  • Right to restriction of processing (Article 18 GDPR): to request limitation of processing in certain circumstances.
  • Right to data portability (Article 20 GDPR): to receive data in a structured, commonly used format.
  • Right to object (Article 21 GDPR): to object to processing based on legitimate interest or direct marketing.
  • Right to withdraw consent (Article 7 GDPR): consent may be withdrawn at any time without affecting prior lawful processing.

You may exercise your rights by contacting: museum.lesvos@ouzoplomari.gr. The Company shall respond within one (1) month in accordance with Article 12 GDPR.

8. Data Security

The Company implements appropriate technical and organizational security measures in accordance with Article 32 GDPR, including encryption, access control, restricted staff access, secure information systems, and data recovery procedures.

9. Payment Security

All payments made using the card are processed through the electronic payment platform of “Nexi XPay” of Nexi Payments Greece S.A. and uses TLS 1.2 encryption protocol encryption with 128-bit (Secure Sockets Layer – SSL). Encryption is a way of coding the information until it reaches its recipient, who will be able to decode it using the appropriate key.

10. Amendments

This Policy may be updated periodically to reflect legislative changes, technological developments, or modifications to the Company’s processing activities. Any updated version will be published on the website with the latest revision date.