Information for the Processing of Guests and Website Visitors’ Personal Data

Version 1.0 / 20.01.2019

Introduction

This Privacy Policy is valid for the processing of your personal data (hereinafter called “Personal Data”), as guest of the hotel or visitor of our website (hereinafter called “Guest” or “Visitor” or “you”), performed by the company “ATLAS SA” (hereinafter called “Hotel” or “Hotel Porto Angeli” or “us”).

As a hotel guest or visitor of our Website you are entitled to the protection of your Personal Data. The Hotel respects your privacy and personal data and acts always in compliance to the Legislation for the Protection of Personal data. The hotel is also engaged to act with transparency regarding data collection and use mode in the context of the fulfillment of its obligations.

With the term “Legislation for the Protection of Personal Data” (hereinafter called “Legislation”) we mean the total of laws, regulations, directives etc., Greek or European concerning the processing of Personal Data, their privacy and safety.

Basically but not restrictively, statutes are the General Data Protection Regulation (GDPR), the ePrivacy Directive for the protection of private life in electronic communications, as well as any other Judgment or Guideline issued by the Hellenic Data Protection Authority.

It is important to read carefully and save this policy through which it explicitly explains to you the mode and reason we collect your Personal Data, what we do with them, how long we save them, with whom we are sharing them, how we protect them, as well as the options you can have related to them. In this way you will always be fully informed on the ways and reasons for which we use the aforementioned data as well as your rights according to Law.

Data Controller

The Hotel according to the General Data Protection Regulation acts as “Data Processor”. This means that the Hotel is responsible to decide on the ways with which and the purposes for which it collects and uses (“processes”) your personal data.

Our contact details are:

ATLAS S.A.

Porto Angeli Beach Resort
Stegna Beach, Archangelos
Rhodes, 85102, Greece
Tel:  +30 22440 24000
Fax: +30 22440 22121
E-mail: info@portoangeli.com 
https://www.portoangeli.com

Processing Principles

In the context of compliance with the Legislation of Personal Data, we make every effort and more specifically:

Legal Base for the Processing of Personal Data

We process your Personal Data according with at least one of the legal bases mentioned below:

Personal Data that we Collect and Process

Personal Data are any information relating to you as identifiable person. The Personal Data we collect and process are described in detail as follows:

When you use our Website, we collect information automatically, few of which can be personal data. Those include elements such as language settings, IP address, location, device settings, device’s operational system, time of use, URL redirection etc. We might also collect data through cookies. Cookies are small files that a website stores to the visitor’s computer and through which the Website has access aiming to analyze the user’s behavior. The types of Cookies existing as well as the type of processing made are described at a separate policy (CookiesPolicy)

We also use GoogleAnalytics to analyze the use of our Website. GoogleAnalytics produces statistics and other information relating to the website use which is used for the production of reports. The processing types performed through GoogleAnalytics are described in detail at a separate policy (CookiesPolicy)

In case of registration or / and access through Social Login, we can collect and gain access to specific information of the user’s profile by the respective social network only for internal administrative purposes or/and for purposes mentioned above.

We do not process minors’ data without the parent or guardian’s consent.

Processing of special categories of personal data

The General Data Protection Regulation defines special categories of data that must be processed according to the strictest procedures such as for example health data. The processing of such data is made only when they are provided by you probably in the context of your request (i.e. food allergies) or when it is required by the current law or regulations.

Collection mode and source of Personal Data

The collection of personal data is usually made from you but it can also be made through other sources such as:

Purpose for the Collection and Process of your Personal Data

We process and use your personal data for one or more of the following purposes:

Some of the aforementioned processing cases are overlapped at some extent and on the whole become the legal bases and legitimate objective in the context of which we process your personal data.

Your personal data will be exclusively used for the purposes that they have been collected or for other purposes compatible with the initial ones. If it is required to use your personal data for any other reason, you will be informed accordingly and the legal base to which this processing is based will be provided to you or your consent will be requested.

In any case, the processing of your personal data is made according to the principles of this document and the rules of the Legislation about Personal Data Protection.

Automated decision taking including profiling

We do not take decisions which can have significant impact to you, including profiling at an automated way (decision taking exclusively with the use of an electronic system without human participation)

When and how we share or notify Personal Data that we received with others

In the context of the Hotel’s operation and in order to fulfill its contractual and legal obligations for the purposes included in this Privacy Policy, the Hotel might forward some personal data to third parties including credit institutions, tax authorities, accounting offices, travel agencies, suppliers, collaborating private insurance companies, doctors, lawyers, health bodies, maintenance providers, various services providers etc. and generally to any third party required for the fulfillment of regulation and legal obligations.

The data transmittal will be performed with the assurance (wherever possible) that those third parties are processing your data with absolute privacy, taking the required safety measures for their protection according to our policies and do not use your personal data for their own purposes or any other purpose except from those agreed.

Specific data can be forwarded to your relatives following your former consent or in case of emergency.

Except those, the Hotel will not forward personal data to any third party unless it is legally committed to do so, or when it has to comply with its contractual and legal duties (tax authorities or police for the fulfillment of our controlling duties).

The Hotel will not sell your personal data to third parties under any conditions and will not allow third parties to sell the data that it has forwarded to them.

We cooperate with third companies to offer you electronic booking services such as booking.com or WebHotelier and Channel Managers. Although we provide the content to those websites and you perform a booking directly to us, the bookings processing is made by the third companies. The data you provide to those third companies are saved in one or more databases hosted by them. Those third companies do not use or do not have access to your personal information for purposes other than the bookings management.

Disclosure of Personal Data

We will use and disclose personal data as we believe that is required or appropriate:

International Forwarding of Personal Data to third countries

Sometimes your personal data might be forwarded to third countries out of EU zone for purposes described in this policy. The forwarding of personal data to a third country or international organization can be performed provided that the European Committee has assessed that those third countries offer an adequate level of protection or provide enough assurances and guarantees (i.e. standardized contractual penalties that have been approved by the European Committee) and on condition that enforceable rights and effective legal remedies are applied for you).

How long we keep your data

We will keep your Personal Data for the period required for the fulfillment of purposes mentioned in this Privacy Policy since they are required for the fulfillment of our contractual and legal duties, except if the extended period is required or permitted from law or if the User requests their recall from us, is opposed to or withdraws his/her consent.

The criteria used for the determination of our saving periods include:

If the data collection was based on your consent, those can be deleted anytime after the withdrawal of your consent.

Your data may also be deleted in one of the following cases:

The data will be destroyed with safety when they are no longer required. The company might need to maintain some financial data for legal reasons (i.e. accounting issues).

Your Rights relating to the personal data protection

Under specific requirements imposed by the Legislation of Personal Data, you have the following rights relating to your personal data:

Moreover, in cases where we process your personal data based on legal interest or public interest, your are entitled to express your disagreement anytime relating to the use of your personal data, according to the current legislation.

In case where you have given your consent for the use of some of your data, you also have the unlimited right to recall it any time. The withdrawal of your consent means that we will stop the processing of your data you have previously provided your consent. The Hotel however retains the right to assess which information must continue to maintain in order to fulfill its tax and legal duties in general. There will be no consequences for the withdrawal of your consent except than the Hotel’s disability to perform the aforementioned processing. 

You can apply your rights by contacting the Hotel or through an email at privacy@olympicpalacehotel.com or by filling out the Application Form of Subject Data. Since you use any of your rights in written request, we will apply any possible measure for the completion of your request within thirty (30) days from its receipt and we will inform you either for its completion or for the reasons preventing its completion. If you do not receive a response within 30 days or you are not satisfied by our reply, you are entitled to complain at the Data Protection Authority.

Your are entitled to complain to the Data Protection Authority, which imposes the laws for the data protection, if you are concerned on the way the Hotel processes your personal data or your are dissatisfied from our response to your complaint or request.

Hellenic Data Protection Authority

Kifisias 1-3, P.C. 115 23, Athens

Tel: +30-210 6475600

Fax: +30-210 6475628

email: contact@dpa.gr

http://www.dpa.gr

Protection of your personal data

The data are saved at a series of various sources, including natural file (candidate’s file), Website, Hotel’s Property Management System and to other computerized systems (including email). The data are saved at their whole and with the form they are submitted, without any intervention to their content.

We have established a series of technical and organizational safety measures to prevent the use or access to your personal information by non authorized or illegal way, the random loss or damage of their integrity, their change or disclosure. Moreover, we limit the access to your personal information only to those who have business need to know. They will process your personal details according to our instructions and are subject to confidentiality obligation. Your Personal Data will be processed by a third processor only if he/she agrees to comply with the specific technical and organizational safety measures of the data.

At any violation of the data’s safety we will notify you and any applicable regulative bodies that we are legally committed to do so.

Questions, Concerns or Complaints

If you have questions regarding this Privacy Policy, if you wish to submit any complaint relating to the personal data processing mode by the Hotel or its partners you have the right to contact us. The contact details are found in sections Processor and Data Protection Manager.

Connections with other websites and Social Media

Our website may contain links to allow you visit easier other websites or Social Media. However, as soon as you use these links, you must know that we do not have any control to this or other Website you visit. Therefore, we are not liable for the protection and the privacy of the information you provide during your visit to them and those websites are not governed by this Privacy Policy. You must be careful and examine the personal data protection declaration existing for those Websites.

Third companies operating in the hotel’s area

In the hotel’s area third companies are operating for the provision of services and products to you. Therefore, we are not liable for the protection and the privacy of the information you provide at your visit to them and those enterprises are not governed by this Privacy Policy. You must be careful and examine the personal data protection declaration existing for those Websites.

In detail the third enterprises operating in the hotel’s area are the following:

Amendments to the current policy

The Hotel retains the right to amend this Privacy Policy and the relevant practices that follow any time in order to respond to the changes in the regulative environment, the business needs or to satisfy the needs of the subjects, ownerships, strategic partners and services provided without warning. Such changes, amendments, additions or deletions to the Privacy Policy will replace former notifications and will exist right after their publication.

The updated versions will be published at the Hotel’s website at the following address and will have a date of publication, in order for you to know when the policy was updated.

We recommend you to frequently check our website to see the current privacy policy and to make sure you agree with any changes made to it. For older versions you can contact us.