Information for the Processing of Guests and Website Visitors’ Personal Data

Version 1.0 / 20.01.2019

Introduction

This Privacy Policy is valid for the processing of your personal data (hereinafter called “Personal Data”), as guest of the hotel or visitor of our website (hereinafter called “Guest” or “Visitor” or “you”), performed by the company “ATLAS SA” (hereinafter called “Hotel” or “Hotel Porto Angeli” or “us”).

As a hotel guest or visitor of our Website you are entitled to the protection of your Personal Data. The Hotel respects your privacy and personal data and acts always in compliance to the Legislation for the Protection of Personal data. The hotel is also engaged to act with transparency regarding data collection and use mode in the context of the fulfillment of its obligations.

With the term “Legislation for the Protection of Personal Data” (hereinafter called “Legislation”) we mean the total of laws, regulations, directives etc., Greek or European concerning the processing of Personal Data, their privacy and safety.

Basically but not restrictively, statutes are the General Data Protection Regulation (GDPR), the ePrivacy Directive for the protection of private life in electronic communications, as well as any other Judgment or Guideline issued by the Hellenic Data Protection Authority.

It is important to read carefully and save this policy through which it explicitly explains to you the mode and reason we collect your Personal Data, what we do with them, how long we save them, with whom we are sharing them, how we protect them, as well as the options you can have related to them. In this way you will always be fully informed on the ways and reasons for which we use the aforementioned data as well as your rights according to Law.

Data Controller

The Hotel according to the General Data Protection Regulation acts as “Data Processor”. This means that the Hotel is responsible to decide on the ways with which and the purposes for which it collects and uses (“processes”) your personal data.

Our contact details are:

ATLAS S.A.

Porto Angeli Beach Resort
Stegna Beach, Archangelos
Rhodes, 85102, Greece
Tel: +30 22440 24000
Fax: +30 22440 22121
E-mail: info@portoangeli.com
https://www.portoangeli.com

Processing Principles

In the context of compliance with the Legislation of Personal Data, we make every effort and more specifically:

We process your personal Data with fair, legal, legitimate, clear, objective and transparent way.
We collect your data only for specific, explicit and legal purposes that we deem appropriate and are sufficiently explained to you. Moreover, we assure you that they will not be used in any other way but only exclusively for those purposes.
We collect and preserve the minimum possible data, which are appropriate, coherent and absolutely necessary for the processing purposes.
We assure you that the data are correct and will be preserved updated and with accuracy.
We will preserve your data only for the time period required for the completion of each processing purpose.
We will make sure they are saved with the appropriate safety.
We process them in a way that assures that they will not be used with an illegal or contrary way from your will.

Legal Base for the Processing of Personal Data

We process your Personal Data according with at least one of the legal bases mentioned below:

The processing of your Personal Data is required for the execution of the agreement between us.
The processing is made based on your consent that has been provided for one or more specific purposes.
The processing is essential for the compliance with the legislative framework that obliges the Hotel to the conservation and processing of specific categories of personal data.
The processing is essential for the protection of your vital interest or of another natural person.
The processing is essential for purposes of legal interests that the Hotel aims or of a third party except if your interests prevail those interests, fundamental rights and freedoms concerning the protection of your Personal Data.
The processing is essential for the performance of a duty performed for the public interest or for the execution of a public power assigned to the Hotel.

Personal Data that we Collect and Process

Personal Data are any information relating to you as identifiable person. The Personal Data we collect and process are described in detail as follows:

Particulars relating to your identity (name, surname, sex, date of birth, family status, ID or passport number, nationality, country of residence, occupation, etc.)
Contact details (residence address, telephone or fax numbers, e-mail etc.)
Details relating to your stay (room preferences, arrival and departure dates, full names, dates of birth and ID or passport numbers of the people staying at the room).
Information relating to the consumption of products (food, drinks), provision of services (transfers, spa, leisure etc.), participation to actions at the hotel’s area and any relevant charges and bills.
Financial details such as payment mode details, your credit card details, your T.I.N., detailed expenses and transactions history.
Special requests and other preferences concerning your stay for the satisfaction of special cases (professional, health, social, recreational, religious, etc.)
Details relating to your health, any allergies, nutritional preferences etc.
Details provided relating to your preferences for the hotel’s ability to contact you for example for sending a newsletter.
Data collected by control systems for the safety of Hotel and Guests such as through CCTV.
Health data, doctor’s call, symptoms, medical history, details of personal doctor collected either from you or your relatives or friends in case of a disease, injury, accident or emergency during your stay at the hotel.
Data relating to accusations, complaints or objections that you might submit.
Details concerning your level of satisfaction concerning the products, our services and generally your experience during your stay.

When you use our Website, we collect information automatically, few of which can be personal data. Those include elements such as language settings, IP address, location, device settings, device’s operational system, time of use, URL redirection etc. We might also collect data through cookies. Cookies are small files that a website stores to the visitor’s computer and through which the Website has access aiming to analyze the user’s behavior. The types of Cookies existing as well as the type of processing made are described at a separate policy (CookiesPolicy)

We also use GoogleAnalytics to analyze the use of our Website. GoogleAnalytics produces statistics and other information relating to the website use which is used for the production of reports. The processing types performed through GoogleAnalytics are described in detail at a separate policy (CookiesPolicy)

In case of registration or / and access through Social Login, we can collect and gain access to specific information of the user’s profile by the respective social network only for internal administrative purposes or/and for purposes mentioned above.

We do not process minors’ data without the parent or guardian’s consent.

Processing of special categories of personal data

The General Data Protection Regulation defines special categories of data that must be processed according to the strictest procedures such as for example health data. The processing of such data is made only when they are provided by you probably in the context of your request (i.e. food allergies) or when it is required by the current law or regulations.

Collection mode and source of Personal Data

The collection of personal data is usually made from you but it can also be made through other sources such as:

Travel agents, business partners and third systems (i.e. bookings).
Information produced from you when you use our products and services.
From your family members, partners or holders of products and services.
From our Website
From business partners (for example, financial institutions, insurance agents), holder of accounts or other consisting parts for the provision of our products and services.

Purpose for the Collection and Process of your Personal Data

We process and use your personal data for one or more of the following purposes:

For the execution of the agreement between us and in order to fulfill our contractual obligation such as the provision and completion of a reservation, including the payment management, the provision and completion of the contractual accommodation service, as well as additional services you requested.
For the administration of requests you submitted.
To respond more efficiently to special requests, and other preferences concerning your stay for the fulfillment of special cases (professional, health, social, recreational, religious etc.)
For the protection of your vital interests.
For the protection of Public Interest.
For the advocacy of the Hotel’s (or third party) legal interests provided that the interest or the fundamental rights and freedoms of Visitors do not prevail those interests.
To manage your contact requests through channels provided for this purpose.
For the compliance with the legislative context that obliges the Hotel to the preservation and processing of specific categories of personal data such as for example the compliance with legal requests from the application principles of the law such as police or tax authorities.
For the administration of complaints, observations, accusations, incidents, diseases, accidents, injuries or emergencies during your stay at the hotel.
To be able to contact you or any other relevant contact in case of emergency.
For the provision of customized information, offers and services during your stay.
For actions of direct Marketing such as newsletters and promotional communications for new products and services or other offers that we believe they might interest you through standard post, email, mobile devices or social networks (with your consent).
For actions of direct Marketing through the publication of photographs and video in electronic or printed means (with your consent).
To evaluate the effectiveness of promotional campaigns and advertisement.
For the location, investigation and prevention of fraud and other illegal activities. For those purposes, personal data can be shared to third parties, such as to the authorities for the application of law, and to external counselors.
For the improvement of visitor’s experience, the operation of our enterprise and our business partners, the development of new products and services and the review and improvement of current products and services and promotional activities through information provided to us by your comments and evaluations.
For your safety, your protection and in order to avoid illegal actions against you.

Some of the aforementioned processing cases are overlapped at some extent and on the whole become the legal bases and legitimate objective in the context of which we process your personal data.

Your personal data will be exclusively used for the purposes that they have been collected or for other purposes compatible with the initial ones. If it is required to use your personal data for any other reason, you will be informed accordingly and the legal base to which this processing is based will be provided to you or your consent will be requested.

In any case, the processing of your personal data is made according to the principles of this document and the rules of the Legislation about Personal Data Protection.

Automated decision taking including profiling

We do not take decisions which can have significant impact to you, including profiling at an automated way (decision taking exclusively with the use of an electronic system without human participation)

When and how we share or notify Personal Data that we received with others

In the context of the Hotel’s operation and in order to fulfill its contractual and legal obligations for the purposes included in this Privacy Policy, the Hotel might forward some personal data to third parties including credit institutions, tax authorities, accounting offices, travel agencies, suppliers, collaborating private insurance companies, doctors, lawyers, health bodies, maintenance providers, various services providers etc. and generally to any third party required for the fulfillment of regulation and legal obligations.

The data transmittal will be performed with the assurance (wherever possible) that those third parties are processing your data with absolute privacy, taking the required safety measures for their protection according to our policies and do not use your personal data for their own purposes or any other purpose except from those agreed.

Specific data can be forwarded to your relatives following your former consent or in case of emergency.

Except those, the Hotel will not forward personal data to any third party unless it is legally committed to do so, or when it has to comply with its contractual and legal duties (tax authorities or police for the fulfillment of our controlling duties).

The Hotel will not sell your personal data to third parties under any conditions and will not allow third parties to sell the data that it has forwarded to them.

We cooperate with third companies to offer you electronic booking services such as booking.com or WebHotelier and Channel Managers. Although we provide the content to those websites and you perform a booking directly to us, the bookings processing is made by the third companies. The data you provide to those third companies are saved in one or more databases hosted by them. Those third companies do not use or do not have access to your personal information for purposes other than the bookings management.

Disclosure of Personal Data

We will use and disclose personal data as we believe that is required or appropriate:

In law application authorities and to other governmental authorities at the extent required from law or that is absolutely necessary for the prevention, detection or the prosecution of criminal offences and fraud.
To comply with the applicable law, including laws from countries other than your residence country.
To comply with the legal procedure.
To respond to requests by public and governmental authorities, including authorities other than those of your residence country, and to respond to the national security demands or law enforcement.
To deal with emergency cases.

International Forwarding of Personal Data to third countries

Sometimes your personal data might be forwarded to third countries out of EU zone for purposes described in this policy. The forwarding of personal data to a third country or international organization can be performed provided that the European Committee has assessed that those third countries offer an adequate level of protection or provide enough assurances and guarantees (i.e. standardized contractual penalties that have been approved by the European Committee) and on condition that enforceable rights and effective legal remedies are applied for you).

How long we keep your data

We will keep your Personal Data for the period required for the fulfillment of purposes mentioned in this Privacy Policy since they are required for the fulfillment of our contractual and legal duties, except if the extended period is required or permitted from law or if the User requests their recall from us, is opposed to or withdraws his/her consent.

The criteria used for the determination of our saving periods include:

The time period that we have a continuous relation with you and provide you our Services
If you have made a reservation that has not been completed yet
If there is a legal requirement which imposes the saving (for example, specific laws require from us to keep the files of your transactions for a specific time period, before we delete them)
Whether the retention is indicated considering our legal and tax status
For as long as we have reasonable business needs, such as administration of our relation with you and the administration of our operations
For as long as someone could appeal against us.
Retention periods according to the legal and regulative demands or instructions.

If the data collection was based on your consent, those can be deleted anytime after the withdrawal of your consent.

Your data may also be deleted in one of the following cases:

when they are no longer required for the purposes collected
when the deletion is essential in order to comply to our legal duties
following your request, on the condition that there are no imperative legal reasons which required their retention.

The data will be destroyed with safety when they are no longer required. The company might need to maintain some financial data for legal reasons (i.e. accounting issues).

Your Rights relating to the personal data protection

Under specific requirements imposed by the Legislation of Personal Data, you have the following rights relating to your personal data:

Transparency Information Right: You have the right to know who processes your data, how he/she process them, which data they process and for what reason.
Access right. You have the right to request free access to your personal data.
Correction right. You are entitled to request the correction of inaccurate personal data and completion of incomplete particulars.
Deletion right (“right to be forgotten”). You have the right to request the deletion of your personal data under certain conditions, such as when the data are no longer essential relating to the purpose for which they were collected, you have recalled your consent and there is no other legal base for processing, the data have been illegally processed, etc. The deletion cannot be performed when the processing is required among others for the hotel’s keeping of legal obligation, for the fulfillment of duty executed for the public interest, for the execution of public authority that is assigned to the Hotel, for reasons of public interest to the public health sector, for the establishment, execution or support of legal claims etc.
Right of processing limitation. You have the right to request the processing limitation of your personal data when their accuracy is questioned, the processing is illegal, the data are no longer required to the processor or if you have objections relating to the automated procedure.
Right of portability of data. You are entitled to request the transfer of your data to another processor when this is technically feasible.
Objection right. You are entitled to object to the process of your personal data, on the condition that the public interested is not offended. The right to oppose to some processing types of your personal information in order not to fall to the legal consequences of the automated processing or formation.

Moreover, in cases where we process your personal data based on legal interest or public interest, your are entitled to express your disagreement anytime relating to the use of your personal data, according to the current legislation.

In case where you have given your consent for the use of some of your data, you also have the unlimited right to recall it any time. The withdrawal of your consent means that we will stop the processing of your data you have previously provided your consent. The Hotel however retains the right to assess which information must continue to maintain in order to fulfill its tax and legal duties in general. There will be no consequences for the withdrawal of your consent except than the Hotel’s disability to perform the aforementioned processing.

You can apply your rights by contacting the Hotel or through an email at privacy@olympicpalacehotel.com or by filling out the Application Form of Subject Data. Since you use any of your rights in written request, we will apply any possible measure for the completion of your request within thirty (30) days from its receipt and we will inform you either for its completion or for the reasons preventing its completion. If you do not receive a response within 30 days or you are not satisfied by our reply, you are entitled to complain at the Data Protection Authority.

Your are entitled to complain to the Data Protection Authority, which imposes the laws for the data protection, if you are concerned on the way the Hotel processes your personal data or your are dissatisfied from our response to your complaint or request.

Hellenic Data Protection Authority

Kifisias 1-3, P.C. 115 23, Athens

Tel: +30-210 6475600

Fax: +30-210 6475628

email: contact@dpa.gr

http://www.dpa.gr

Protection of your personal data

The data are saved at a series of various sources, including natural file (candidate’s file), Website, Hotel’s Property Management System and to other computerized systems (including email). The data are saved at their whole and with the form they are submitted, without any intervention to their content.

We have established a series of technical and organizational safety measures to prevent the use or access to your personal information by non authorized or illegal way, the random loss or damage of their integrity, their change or disclosure. Moreover, we limit the access to your personal information only to those who have business need to know. They will process your personal details according to our instructions and are subject to confidentiality obligation. Your Personal Data will be processed by a third processor only if he/she agrees to comply with the specific technical and organizational safety measures of the data.

At any violation of the data’s safety we will notify you and any applicable regulative bodies that we are legally committed to do so.

Questions, Concerns or Complaints

If you have questions regarding this Privacy Policy, if you wish to submit any complaint relating to the personal data processing mode by the Hotel or its partners you have the right to contact us. The contact details are found in sections Processor and Data Protection Manager.

Connections with other websites and Social Media

Our website may contain links to allow you visit easier other websites or Social Media. However, as soon as you use these links, you must know that we do not have any control to this or other Website you visit. Therefore, we are not liable for the protection and the privacy of the information you provide during your visit to them and those websites are not governed by this Privacy Policy. You must be careful and examine the personal data protection declaration existing for those Websites.

Third companies operating in the hotel’s area

In the hotel’s area third companies are operating for the provision of services and products to you. Therefore, we are not liable for the protection and the privacy of the information you provide at your visit to them and those enterprises are not governed by this Privacy Policy. You must be careful and examine the personal data protection declaration existing for those Websites.

In detail the third enterprises operating in the hotel’s area are the following:

Extremecars.gr rent a car office

Amendments to the current policy

The Hotel retains the right to amend this Privacy Policy and the relevant practices that follow any time in order to respond to the changes in the regulative environment, the business needs or to satisfy the needs of the subjects, ownerships, strategic partners and services provided without warning. Such changes, amendments, additions or deletions to the Privacy Policy will replace former notifications and will exist right after their publication.

The updated versions will be published at the Hotel’s website at the following address and will have a date of publication, in order for you to know when the policy was updated.

We recommend you to frequently check our website to see the current privacy policy and to make sure you agree with any changes made to it. For older versions you can contact us.