Version 1.0 / 20.01.2019
As a customer of our hotel or user of our Website, you have a right to demand protection of your Personal Data. The Hotel respects your privacy and your personal data and complies with the applicable Data Protection Laws at all times. The hotel further undertakes to adopt fully transparent policies and procedures in collecting and using data in the context of its obligations.
The term “Data Protection Laws” (hereinafter: “Law”) refers to a set of Greek or European laws, regulations, directives etc. that regulate the processing of Personal Data and the privacy and security of such Data.
Basic legislative instruments in this regard are, among others, the General Data Protection Regulation (GDPR), the ePrivacy Directive concerning the protection of privacy in the electronic communications sector and such other Opinions or Guidelines issued in this regard by the Hellenic Data Protection Authority (HDPA).
It is important that you read this policy carefully and keep it for future reference, as it provides a thorough description of how and why we collect your Personal Data, how we use them, how long we keep them, who we share them with, how we protect them and the remedies available to you in this regard. This way you will always be fully informed on how and why we use your data as well as of the rights that are afforded to you in this regard under the Law.
The Hotel is acting as a “Data Controller” in accordance with the General Data Protection Regulation. This means that the Hotel is responsible for deciding how and why it will collect and use (“process”) your personal data.
Our contact details are as follows:
As part of our policy to act in compliance with the Data Protection Legislation, we make all reasonable efforts to:
Processing of your Personal Data shall be conducted on at least one or more of the following legal bases:
Personal Data is any information that relates to you as an identifiable individual. The categories of Personal Data we collect and process are thoroughly described below:
Whenever you make use of our Website, certain types of information, including information that may constitute personal data, are collected automatically. Such information includes information about your language settings, IP address, location, device settings, device operating system, time of access, redirecting URL, etc. We may also collect data through cookies. Cookies are small files that are stored on the user’s computer, which are accessed by the Website for the purpose of analysing user behaviour. The types of Cookies we use and the type of processing that is conducted are described in a separate policy (Cookies Policy).
We also use Google Analytics to analyse your use of our Website. Google Analytics generates statistical and other site usage information, which is used to generate reports. The type of processing performed through Google Analytics is described in a separate policy (Cookies Policy).
In case you register and / or access our Website through a third-party account (Social Login), we may collect and access specific user profile information from the relevant social network only for internal administration purposes and / or for the purposes listed above.
Processing of minor persons’ data is subject to the consent of their parents or guardians.
The General Data Protection Regulation defines specific categories of data that are subject to stricter processing procedures, e.g. health data. We only process this type of data with your request (e.g. information concerning food allergies) or in any situations where such processing is required under the applicable laws or regulations.
Your personal data is normally collected from you; however, we may also collect Personal Data from other sources, such as:
We process and use your personal data for one or more of the following purposes:
Some of the above types of processing may partly overlap, but they altogether constitute the legal bases and legitimate purposes that govern our processing of your personal data.
Your personal data will be used exclusively for the purposes for which it was originally collected or for other purposes consistent with such original purpose. If a need arises to make use of your personal data for any other purpose, you will be notified accordingly and you will be made aware of the legal basis on which such processing will be conducted or may even be requested to grant your consent.
In any case, your personal data shall be processed in accordance with the rules laid down in this policy and those applicable under the Data Protection Legislation.
We make no decisions which might have a significant impact on you, including profiling, under automated procedures (decision-making procedures conducted through use of a computerised system without human intervention).
When and how we share or disclose any Personal Data we receive with/to third parties
Such disclosure shall be made in a manner which ensures (where possible) that the third parties concerned will process your data with strict confidentiality, applying all security measures necessary to protect it in accordance with our policies, and that they shall not use your personal data for their own purposes or for any purposes other than those explicitly authorised.
Specific categories of data may be disclosed to your relatives with your prior consent or in case of an emergency.
In addition to the above, we shall not share your personal data with any third parties, save where we bear a statutory obligation in this regard or where such disclosure is necessary in order to meet any contractual or legal obligations (e.g. disclosure to tax authorities or the police, or for compliance with audit requirements).
The Hotel shall under no circumstances sell your personal data to third parties or allow any third parties to sell any data which is forwarded to them by the Hotel.
We work together with third parties (such as booking.com or Web Hotelier and the Channel Managers) to offer you online booking services. All content posted on those websites is supplied from us and you are able to make reservations directly with us; however, bookings are subject to processing by third parties. Any data you provide to such third parties is stored in one or more databases that are hosted by them. Such third parties do not use or access your personal data for any purposes other than to manage reservations.
We shall use and shall disclose your personal data to the following parties, in the manner we consider necessary or appropriate:
Your personal information may be sometimes transferred to third countries outside the EU for the purposes described in this policy. Personal data may be transferred to third countries or international organisations in any situations where the European Commission has determined that these countries offer an adequate level of protection or effective safeguards and guarantees (e.g. standard contractual clauses approved by the European Commission), provided that you are afforded enforcement options and effective legal remedies.
The data retention period is defined among others on the basis of the following criteria:
If your data was collected on the basis of your consent, it may be erased any time after your consent is withdrawn.
Your data may also be erased in any of the following situations:
Your data shall be safely destroyed when it is no longer necessary. We may need to keep certain financial information for legitimate purposes (e.g. for accounting purposes).
Moreover, in any situations where we process your personal data on the basis of a legal interest or a public interest, you have a right to object to such use of your data any time, as per the applicable regulations.
If you have given your consent to the use of certain data, you have an unrestricted right to withdraw your consent at any time. Withdrawing your consent means that we will terminate the processing of any data in respect of which we had obtained your consent. Of course, we reserve the right to determine which information needs to be retained for reasons of compliance with our general tax and legal obligations. Withdrawing your consent shall entail no effects other than our inability to carry out processing.
You may exercise your rights by contacting the Hotel or by email (email@example.com) or by filing a Data Subject Application Form. If you exercise any of your rights by filing a request, we shall make all reasonable endeavours to process your request within thirty (30) days of receipt and to inform you of the positive outcome or of any reasons preventing us from granting your request. If you do not hear from us in 30 days or if you are not happy with our response, you have a right to file a complaint with the Data Protection Authority.
You have a right to file a complaint with the Data Protection Authority, which is responsible for enforcing the data protection legislations, if you have any concerns as to how we are processing your personal data or if you are not happy with our response to your complaint or request.
Your data is stored in different resources, including in a physical record, on our Website, on the Property Management System and on other computer systems (including in email applications). Your data is stored in its entirety, in the form it was submitted to us, without any interference in their content.
We have a series of technical and organisational security procedures in place to prevent any unauthorised or unlawful use of, or access to, your personal data, as well as any accidental loss or damage, modification or disclosure of your data. In addition, we only allow access to your personal information strictly on a need-to-know basis. Any third parties shall process your personal data in accordance with our instructions and shall be bound by a confidentiality obligation. Your Personal Data shall only be processed by a third party Processor only if the latter agrees to apply our technical and organisational security measures.
In case of a data security breach, we will notify you and the competent regulatory authorities, where we bear a legal obligation to that effect.
The third-party undertakings carrying out operations on our premises are listed below:
Any updates to this Policy shall be posted on the Hotel’s website (cf. address below) along with an indication of their publication date, to enable Users to keep track of updates.