The protection of personal data you disclose to us is very important for us. The collection and processing of your personal information is based on your consent and the provisions of applicable law. We appreciate your trust and make every effort to continually improve our systems and procedures in order to keep your personal data safe. We protect your personal data through technical data security measures, internal management procedures and physical data protection measures.
- Personal data processing consent
“Personal data” means any information that is collected or recorded in a way that may allow direct or indirect identification of a natural person. Each user of reservation systems and services for reservation at our Hotel and any person providing his/her personal information to the Hotel in the context of a reservation (including its amendment or cancellation), payment, checking availability or to receive information, grants his/her explicit, free and fully cognizant consent and agreement for the processing, pursuant to this policy, of his/her personal data as necessary in the context of the attainment of the objectives mentioned in this policy.
- Data and purposes of data collection and processing
We collect and process data that enables us to provide services and benefits to our guests and to better understand our guests’ requirements. In particular, we collect and use our guests’ personal data in order to provide our Hotel services including supplementary or personalized services, hospitality services and commodities to our guests and in general to manage our guests’ relation with the Hotel and improve the Hotel’s services. Therefore, personal data is processed on a need to know and process basis by the Hotel’s staff and associates responsible for the Hotel’s reservations, marketing/guest relations, IT systems, legal or medical services, if and when required.
We only collect and process data where we either have your consent, where it is necessary for the performance of a contract between us, where we need to process your data for compliance with a legal obligation, where the processing is necessary to protect the interest(s) of individuals or where we have a legitimate interest in processing the data where to do so is both necessary for us and to would not impact upon your interests or fundamental rights.
We receive and store personal information (contact details such as name, surname, telephone number, postal and digital addresses, father’s name, passport number, ID-card details, room preferences, billing details such as credit card number, VAT number, loyalty programme member number etc) you enter on our website or which you provide to us in any other way (via tour operator, travel agency, internet platform reservation systems etc) as required in order to complete your reservation of our services. Moreover, we collect personal data in various other occasions prior or during your stay at the Hotel including activities at the Hotel’s reception desk such as room reservation, check-in and payment, handling of requests, complaints, and/or disputes, participation in online and offline activities such as subscription to mailing lists for e-notification of offers and other promotions, registration in loyalty programmes, participation in marketing programmes or events, fill out of reservation forms, precheck-in forms, satisfaction survey or comments forms, forms for notification of preferences and interests (including hobbies, leisure and cultural interests and sports), but also when you order, book or register for other available by the Hotel products and/or services including table reservation, room catering, spa, sports and recreational services.
The processed data about you may also include information such as your date of arrival and departure, flight number, and room number, data about your health, such as health issues, medical and/or medicine reports and certifications, medical test results, data on pathological diseases, other information included in forms required by applicable legislation and/or public authorities for the protection of public health and/or public interests. We retain such information only if we are obliged to do so by applicable law or if you have explicitly given us your consent (e.g. to provide you with an appropriate service, such as a special diet).
Please note that prior to providing your travel companion’s details, personal information and travel preferences, you must obtain their individual consent, since access for the display of said information or possible changes to them shall be available only via customer’s account (or your reservation code).
Sensitive data (special categories of personal information): This term refers to data which reveal an individual’s racial or ethnic origin, their political beliefs, religious or philosophical convictions or participation in a trade union, as well as biometric data aimed to the indisputable identification of an individual, data relating to the health or information regarding the sexual life and preferences of a natural person or their gender orientation. In general terms, we do not collect sensitive data unless you voluntarily provide them. We may potentially utilize data on the state of your health, provided exclusively by you, in order to better serve you and satisfy your needs (for example, catering to offer access to the facilities for the disabled).
Provision of information by minors: We do not knowingly collect personal information from individuals under 18 years other than given name, surname, nationality, and date of birth. As the parent or legal guardian, you should not allow your children to submit personal information without your permission.
- Use of data
We process your data to allow for booking of rooms or tables, or to communicate with you about matters relating to your stay, to confirm your reservation and provide information relating to it or to manage your reservation account, to manage the access to your room and to render services you request, to monitor the use of services (room telephone, mini bar, online room service, Wi-Fi access, etc.), to manage lists with customers’ personal data for operational purposes, e.g. daily customer arrival and departure lists and a list of special category customers (e.g. VIP, privilege members, etc.), to process payment and provide travel notifications, to contact you in general and to respond to your questions and comments, to ensure safe use of services provided by our spas and fitness facilities, to measure your interest with respect to our services and our website and to improve the same, to inform you on special offers and services that may interest you, to ensure via recorded data security and to prevent fraud. We also collect and process personal data to create and store legal documents in accordance with applicable law.
Moreover, we may use data provided by you to send to you, subject to your consent, newsletters, promotion products and offers, or to contact you by telephone, to perform marketing campaigns, direct marketing and sales promotion activities, to manage requests for deletion from update lists, to create and manage questionnaires, customer comments, researches and statistics, to organise lotteries, contests and offers, to manage customers’ claims and complaints. You may receive relevant e-notifications, if you have given your consent to receive traveling opportunities, accommodation/reservation information or advertisements. Registering your e-mail address in our paper contact form, our website contact form, or our web application constitutes such consent. We abide by legal requirements for opt-in/opt-out options when sending you marketing communications. You will have the opportunity to choose not to receive these e-notification messages in any such e-notification we send.
Furthermore, login to our website, connection to our WiFi network, the use of electronic services and activities through electronic devices may be linked to the collection of device information, location information and connection information, such as the time and duration of use, search commands etc. Other information about you, your device, or your use of services in manners may also be collected as described at the point of collection or otherwise with your consent. You may choose not to provide certain types of information, but this may limit your access to certain services. Be aware that when using certain social media functions through our website or applications, you share information with the social media provider and the information you share will be governed by said provider’s privacy policies (including the possibility of us having access to such information via the social media provider). Should you use any of the Hotel’s social media, either on our website or via a social networking provider, we may gain access to your personal information via this social networking provider and in accordance with said provider’s policies. For example, our website offers the option to register using the function “Facebook Login”, allowing you to register automatically on our website using your Facebook account information. When you use a social networking function, we may potential gain access to the information you provide by means of it, such as your name, profile avatar, sex, birthday, your e-mail address, your city, town or region, as well as any other information you have chosen to make available via the social networking medium.
- Sharing your data
We do not share any personally identifiable data with third parties without your specific consent. We may, however, aggregate our guests’ data and provide this analysis to our group companies and our partners to manage the preferences of new and recurring customers, to create tailor products and services including the offer of loyalty programme privileges and of customised content and recommendations based on our guests’ previous activities, to manage special offers, loyalty schemes and marketing programmes, to create statistical data and reports in order to analyse the market and our services, to improve the Hotel’s services and develop new services. To this end we use our guests’ data on an aggregated and anonymous basis to the furthest extent possible. For example, we may look at how many guests we have in different age brackets, their rough geographic spread, frequency of visits to our inns and pubs and rough spending habits, but none of our guests will be identifiable from this data. Information from available public and commercial sources may be combined with other information that we receive directly from you or in relation to our customers.
Subject to your specific consent or request we may disclose your information to third parties such as car rental companies and activity providers.
We may also share data on a need to know basis with third party service vendors who perform services on the Hotel’s behalf such as processing of credit cards, business analytics, customer service, booking, marketing, survey distribution/raffle programs, systems security or fraud prevention under the condition that such third parties have undertaken to comply with EU data protection standards.
Additionally, we may share your information with third parties (advisors, agents, associates etc) on a need to know basis and under obligations of confidentiality and data protection in the context of legal action for the exercise of our legal rights, for investigation or other actions for defense and protection against unlawful activities, or in order to comply with mandatory legal procedures (such as search warrants or other court orders), to implement or confirm our compliance with the policies governing our services, to protect rights, ownership or security of the Hotel or any of our affiliates, business partners, or customers, in case of the Hotel’s company transformation, merger, consolidation, absorption, asset sale, or bankruptcy, in case of a credit approval claim in which case personal data are utilized and disclosed to designated third parties according to applicable legislation.
- Transfer of data outside of the European Economic Area (“EEA”)
We do not ordinarily transfer your data outside of the EEA. The only exception to this is that our servers, or those of our website or mobile application hosts and developers, or those of those with whom we share your data, may be located outside of the EEA. Where any such arrangements are in place, the EU standard contractual clauses approved by the European Commission apply and such third parties must comply with the requirements of the GDPR and, in particular, maintain your data securely and address any requests that you may make in respect of it.
- Retention of personal data
Your personal data provided in relation to bookings only will be held and used by us (as set out above) for up to 6 months following completion of your last stay, at which point:
- once all outstanding payments have been made, your payment details will be securely destroyed by our third-party payment provider;
- we will retain your contact details and purchase history for as long as we are required by law or to deal with any possible disputes;
- we will generally delete your other personal data after 6 months of completion of your last stay or (if later) once all outstanding payments have been made.
You may request the deletion of your data immediately on completion of your last stay should you wish – please contact us at email@example.com or by sending to us a written request at the Hotel’s address below. We will only be able to do this once all outstanding payments have been made and to the extent that we are not required to retain any details by law or in relation to any disputes.
We will retain certain of your data as part of aggregated data sets or forming part of analysis of our guests. You will not be personally identifiable from this data.
- Managing your access to your personal information
You can access and update your personal information by contacting us at the e-mail address firstname.lastname@example.org or by sending to us a written request at the Hotel’s address below. Answers to legitimate requests will be free of charge. However, we may refuse to handle or charge the handling of requests that are manifestly unfounded or excessive, requests that are made for further copies of the same information, or requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardise the privacy protection of others, are extremely impractical, or involve access that is not otherwise required by domestic law. Any fee will be based on the administrative cost of providing the information.
You have the following rights in respect of your data:
- Right of information and access to data. You may request a copy of the personal information we hold about you.
- Right of rectification/erasure: You may request the correction of inaccurate data as well as the completion of missing data relating to you.
- Right to restriction of processing: You reserve the right to request that data processing is restricted in certain circumstances.
- Right to object to processing: You object to the processing of your information, under specific conditions, especially when it relates to profiling or is intended for direct marketing purposes.
- Right to be forgotten: When you no longer wish for your personal information to be kept or processed, you may request that your personal data is erased, under the condition that such data is not kept for some specific lawful purpose as described in this policy.
- Right to data portability: You are entitled to request a copy of your data for transfer to another person.
- Right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
- Right to lodge a complaint to the data protection supervisory authority, the Hellenic Data Protection Authority.
- Security measures
We make every possible effort to implement appropriate technical and organizational measures and we continually seek to improve the application of safety procedures (administrative – organizational, technical and physical) to assist us in the protection of the information you provide to us. Access to personal data is restricted to authorized personnel who have a legitimate business purpose for accessing and processing your personal data. Additionally, we utilized encryption methods when transmitting your personal information between your system and ours, while we also utilize a firewall and Intrusion Detection Systems (IDS) in order to prevent unauthorized persons from gaining access to your information. Our IT managers implement international standards and practices to ensure the safety of networks and the encryption of data. However, please bear in mind that despite the reasonable measures that we take to protect your information, no website, internet transmission, computer system or wireless connection is ever completely safe.
- Cookies and similar technology
We are using various “cookies” and “beacons” on our website. Cookies are small text files installed on your computer or mobile device, when you visit almost all websites. Cookies cannot reveal your identity or cause any harm to your computer or mobile device. They are used by the websites you visit to improve your browsing experience, to provide web analytics information to us, that will help us to generally improve our website, and to collect information regarding travel destinations of interest to you, so that you may see travel ads that better fit your wants and needs. In any case, the collection of anonymous data using “cookies” shall take place only provided you have stated that you accept their use.
“Beacons” send information from your device to a server. Beacons can be embedded in internet content, videos, and emails to allow a server to read certain types of information from your device. Beacons can also be embedded to determine when you have viewed specific content or a specific email message, the time and date on which the beacon was viewed, and the IP direction of your device. We use beacons for a variety of purposes, such as to analyse the use of our services and offer you more relevant content and advertisements.
By accessing and using our services, you agree to the storage of cookies, other local storage technologies, beacons, and other information on your devices. You also allow us to access these cookies, local storage technologies, beacons, and information.
- Other provisions
- Contact details
- Representative: Michael Gasparis
- E-mail: email@example.com
- Postal Code 70007
- Agios Ioannis 44, Stalida – Chersonisos, Heraklion, Crete
- Tel.: 289750 2240-43
- Fax: 289750 2244
Thank for your interest and support.