Privacy Policy
INFORMATION TO CUSTOMERS AND PROSPECTIVE CUSTOMERS OF ASTERI PASCHALIDIS STEFANOS HOTEL (hereinafter referred to as “We”)
1. Introduction
(a) Scope of this Statement
We recognize that protecting your privacy is an important issue. Therefore, we collect, store and process personal data in compliance with the General Data Protection Regulation 2016/679 (GDPR), and with the respective national data protection legislation (together the “Data Protection Law”), to the extent that such Legislation is applicable. This Privacy Statement describes how we protect your Personal Data in the context of providing our services.
This Privacy Statement (“Statement”) applies to all customers and prospective customers (“You”) and covers Personal Data held electronically and also applies to paper filing systems.
(b) Explanation of terms used in this Statement
In this Statement:
Personal Data: any information relating to a natural person from which that person can be identified. It does not apply to information that is not related to an identifiable person and has become anonymous (anonymous data).
Special Category of Personal Data: means any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as any information concerning physical or mental health, sex life, sexual orientation and biometric or genetic data.
2. Information and Data Security
Our policy is to protect your right to privacy. We will take all reasonable steps to ensure that appropriate technical and operational security measures, confidentiality obligations and compliance procedures are in place to prevent any improper access, disclosure, alteration or deletion of Personal Data.
In addition, we limit access to your Personal Data to those employees, representatives and partners who need to know it for business purposes. Our representatives and partners will process your Personal Data solely in accordance with our instructions and are subject to an obligation of confidentiality vis-à-vis us.
We have put in place procedures to deal with any suspected breach of data security and we will inform you and the respective regulatory authority of any suspected breach, if such notification is required by applicable law.
With regard to e-mail communication, we have taken all appropriate technical and operational measures for the secure transfer of information and we make every effort to limit risks from viruses or errors that may occur during transmission. However, it is important to note that the transfer of information via e-mail carries risks. Therefore, please take this into account if you request or send information to us by email. We recommend that you do not include confidential information (e.g. credit card information) when using your email.
Finally, it would be wise to ensure that you always close your browser when you finish using our online booking form. Although the form session will end automatically after a short period of inactivity, it is best to close your browsers immediately after the form ends, especially when using a publicly accessible computer.
3. Types of Personal Data Collected
In the context of providing our services, we may process Personal Data and Personal Data of Special Categories. This includes, but is not limited to, the following information relating to you:
§ Personal contact information such as first name, surname, father’s name, title, home address, postal code, contact phone, personal email address.
Date and place of birth.§
Sex.§
Marital status, details of dependants (name and age).§
Financial information, such as credit card information and transaction history.§
§ Special Categories of Personal Data when disclosed and related to the provision of our services, such as health data (e.g. disabilities, allergies), religious or philosophical beliefs, political Opinions Opinions and, to the extent permitted by applicable law, information related to any criminal convictions or offenses.
§ Technical information, such as information about the device you use to contact us (including unique identifier, hardware model and operating system).
Correspondence (e.g. when contacting§ you submit questions or requests related to the provision of our services).
Preferences – such as special requests, service issues and other preferences for your stay.§
§ Information related to the services we provide to you (including data on your arrival and departure from our hotel units).
Your signature.§
4. Sources of Personal Data
We collect your Personal Data when you provide it to us or contact us directly, for example:
When you book online with the reservation office of our hotel units.§
When you book using our online booking platform/online booking form.§
When you create profiles, in case of use of our application available on mobile phones.§
When you exchange information as a result of our generally provided services.§
We also receive your Personal Data from other sources, such as cooperating parties, travel agents/agencies/offices and other publicly accessible sources.
We may collect your Personal Data through the use of cookies when you visit our website or through publicly accessible sources. For more information about our use of cookies, please visit our “Cookie Policy”.
5. How we use your Personal Data
We are a controller which means that we are responsible for determining the purpose and manner of processing your Personal Data. We may use your Personal Data before, during, or after the termination of our relationship with you.
(a) Legal Basis for processing your Personal Data
We use your Personal Data only to the extent permitted by applicable law. Usually and depending on the situation in which we will use your Personal Data (see paragraph b above), we will use your Personal Data in the following cases:
When we are called upon to fulfill the agreement in§ that we have entered into with you or in order to take steps, at your request, before we even enter into any such agreement.
When we are required to comply with any legal and regulatory obligation.§
§ When necessary for our legitimate interests (or the interests of a third party), and as long as those interests are not overridden by your interests and fundamental rights (e.g. when the use of your Personal Data helps us operate and improve our business and limit any interruption to the services we may offer you).
We may also use your Personal Data in the following cases, which are considered rare:
When we are called upon to protect your interests (or the interests of a third party).§
For reasons of public interest.§
When you have given your consent to this.§
(b) Cases where we will use your Personal Data
The cases in which we will process your Personal Data are set out below.
To confirm or verify your identity in relation to your reservation request.§
To provide you with our services.§
For costing / pricing purposes regarding your stay with us.§
To charge your credit card, when authorized to do so, based on your reservation request.§
§ To carry out business, operational and administrative activities, including maintaining records and conducting audits.
To communicate with you about issues that may arise from your stay with us.§
To comply with the relevant legislation / regulatory framework.§
§ To comply with the request or requirement of any court or judicial authority of the relevant jurisdiction, mediator, arbitrator, tax authority, regulatory or governmental authority.
§ To use them in connection with any legal process or regulatory act (including future legal proceedings/regulatory acts) and to obtain legal advice or to establish, exercise or protect legal rights.
To provide you with information§ and promotional materials (by post, telephone, or email address) about events, products, and services provided by us that we deem may be of interest to you.
For§ conduct surveys or create special chat groups in order to receive your reviews about our services.
§ To operate our business, including internal purposes such as auditing, data analysis, statistical purposes and evaluation and troubleshooting purposes that will help us improve our services.
(c) Consequences of non-provision of Personal Data
If you do not provide us with certain information when requested, we may not be able to confirm your booking request/fulfil the agreement we entered into with you, or it may prevent us from complying with our legal obligations.
6. Recipients of your Personal Data
We (and the parties to whom Personal Data is disclosed) may disclose Personal Data in the circumstances set out below:
To third parties who provide us with services or act§ as our agents (or future third parties who will act as service providers to us or our future representatives). Such service providers and/or representatives may also disclose information to their own service providers or representatives. We will take all reasonable steps to ensure that our service provider or agent is subject to appropriate conditions for processing personal data and that they also enforce these conditions on their own service providers or representatives.
To our business consultants or auditors.§
§ To any court or judicial authority of the relevant jurisdiction, mediator, arbitrator, tax authority or regulatory or governmental authority.
Public authorities, national authorities or state bodies, when required by law or legislation.§
Otherwise, if you have consented to such disclosure.§
7. International Transfers of Personal Data
The recipients referred to in Section 6 above may be entities outside the European Economic Area. In these cases, except for countries that the European Commission has determined provide an adequate level of protection (currently Andorra, Argentina, Canada, Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, New Zealand, Uruguay and Japan), we require recipients to comply with appropriate measures designed to protect personal data.
8. Personal Data Retention Period
We will retain your Personal Data for as long as we deem necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, auditing or internal policy requirements. In order to determine the appropriate retention period of Personal Data, we take into account the applicable legislation, as well as the quantity, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we collected your Personal Data and whether we can achieve these purposes through other methods.
9. Your rights and obligations
(a) Your obligation to inform us of any changes
It is important that your Personal Data that we hold is up-to-date and accurate. Please inform us in case there is any change in the Personal Data you have provided to us until your arrival at our hotel facilities.
(b) Your rights regarding Personal Data
Under certain circumstances, by law you have the right to:
§ Request access to your Personal Data (commonly known as the “data subject’s right of access”). This allows you to receive a copy of your Personal Data that we hold about you and to control its lawful processing by us.
Request§ correction of the Personal Data we hold about you. This allows you to correct any incomplete or inaccurate information we hold about you.
Request deletion of Personal§ Your data. This allows you to ask us to delete or remove Personal Data as long as there is no valid reason for us to continue processing it. You also have the right to ask us to delete or remove your Personal Data if you have exercised your right to object to processing (see below).
Object to the processing of Personal Data§ Your data in cases where we rely on our legitimate interest (or any third party) and there is a reason for the specific situation that makes you want to object to the processing for this reason. You also have the right to object in writing if we process your Personal Data for direct marketing purposes to the email address indicated below or by using the opt-out option set by us in the relevant marketing communication.
§ Request the restriction of the processing of your Personal Data. This allows you to ask us to suspend the processing of your Personal Data, for example if you want us to prove its accuracy or the legal basis for processing it.
Request the transfer of your Personal Data to another party (also known as “data portability”).§
§ Withdraw, where we process your Personal Data based on your consent, your consent at any time. Please note that the withdrawal of your consent will not affect the lawfulness of processing based on your consent prior to such withdrawal.
Request, in some cases, not to§ You are subject to decisions made solely on the basis of automated processing, including profiling.
If you wish to exercise your rights in accordance with the above, please contact us at pasca@otenet.gr
Finally, you have the right to lodge a complaint with the competent Data Protection Authority (for Greece: www.dpa.gr).
(c) Questions about the processing of your Personal Data
If you have a question about the processing of Personal Data, please contact us pasca@otenet.gr
10. Changes to this Statement
We reserve the right to modify this Statement at any time and will notify you accordingly by updating this Statement on our website at: www.asteripatmos.gr. All changes to this Statement are effective as of the date of publication, unless otherwise stated.