PRIVACY POLICY

Company…………………., with Trade Name ………………. is committed to protect your personal data which are disclosed to the company by any source such as emails, fax, business cards, company’s site, databases etc. according to the law 2472/1997 as it is amended and in force and also according to the European General Data Protection Regulation (GDPR - EU 2016/679).

PERSONAL DATA

Identifiable and contact information such as:

Name, Surname, phone number, fax number, email, VAT, tax    office, address details (Country, Town, State, Postal Code), Nationality, date of birth, profession, passport number, charge information (credit card number, owner name, expiration date, security code), arrival date/departure date, voucher’s number, reference number and company details.

Health and Biometrics data

Allergies, nutritional habits, dermatological diseases, height, etc.

USE OF PERSONAL DATA

  • Accounting reasons (for example contracts, cooperation agreements, invoices, etc.)
  • Financial information (information on services cost, account balances, etc.)
  • Promotional reasons, newsletters, contests, customer satisfaction surveys, etc.
  • Room reservation and provision of hotel services.
  • Reservations via website and internet.
  • Internal use by our company.

…………………… ensures that all legal and appropriate measures are being taken for the protection and confidentiality of personal data that are being collected, in order (among other reasons) to prevent any non-authorized access to those data as well as to the equipment that is being used for their processing and archiving.

For the purposes of this policy, the term ¨data subject¨ includes all the individuals or single member companies, whose personal data we possess (data subject is the individual who is related to the term personal data).

Our company guarantees that your personal data will not be used for other purposes, except the ones that are mentioned in this policy, without prior notice and without your approval when required. We do not share personal data with third parties who are not related to us, unless it is required by our legal professional purposes and needs, in order to fulfil your demands or/and it is imposed by law.

TIME PERIOD OF RETENTION AND USE OF PERSONAL DATA

We are committed to keeping your personal data in a safe space with controlled access for as long as it is required. You may submit a deletion request in a shorter time which we will satisfy upon checking on the lawful basis of the processing and our legal obligations, as well as the provisions of our binding contract.

DISCLOSURE OF PERSONAL DATA

We may disclose your personal information to third parties who are processing data on behalf of our Company, including but not limited to providers of data processing systems support.

Transfer to processors will take place only under meeting the legal requirements provided for in articles 24 and 28 of Regulation.

In case of data transfer to non-European countries, the Company shall inform the data subject in advance and ensure that adequate precautions are taken, so that all the appropriate (by means of expertise, reliability and recourses) technical and organizational measures are implemented, in such a way that the processing is legal and that the rights of the subjects are being protected.

SAFETY AND PROTECTION OF DATA

Our company applies all the necessary policies and processes of technical and organizational safety in order to protect your personal data from being lost, amended, damaged, misused or accessed by a non-authorized person.

Our Company executives who have access to the data are obliged to respect the confidentiality of these data.

RIGHTS ON PERSONAL DATA

You have the right to apply for:

  • Access to your data
  • Review of the personal data that we possess
  • Rectification of inaccurate information and completion of incomplete information
  • Erasure of your personal data
  • Portability of your data
  • Restriction to the processing of your data
  • Opposition to your data processing as long as the conditions of 21 Article of GDPR are met.

We handle your requests with the utmost care to ensure that your rights are protected. We may ask for your identity card to make sure we do not share your personal information with someone else.

You should be aware that in certain cases (for example, due to legal obligations), we may not be able to respond to your request immediately. However, we will notify you on the progress of your request within one month, at the latest.

You should be aware that during our contractual relationship, personal data required by law or by our contract, are legally processed and cannot be objected to. Consequently, the rights of objection, limitation and deletion should concern data processing for other purposes and not for the legal or contractual ones.

Furthermore, in some cases (due to, for example, legal obligations), we may not be able to satisfy your request immediately. However you will receive a response to your request within one month after submission at the latest.

You have always the right to submit a complain by contacting the Data Protection Officer of the company…….……….either by sending a letter at company’s office ………..…..or by email at dpo@..................gr , mentioning your full  personal details  and the reason you contacted …………

WITHDRAWAL OF CONSENT

You may, at any time, withdraw the consent you have granted to our company for the processing and disclosure of your Personal Data.

However, you must understand that this withdrawal will not affect the legitimacy of the processing, based on your consent for the period before your withdrawal.

Furthermore, your right to withdraw your consent is subject to the above-mentioned exceptions due to law or contract restrictions.

In case you want to withdraw your consent, please send a signed declaration at the Data Protection Officer of the company…….……….either by sending a letter at company’s office ………..…..or by email at dpo@.................gr , mentioning your full personal details and the reason you contacted …………