Introduction

Our Company respects guests privacy and is committed to protecting guests personal data and comply with General Data Protection Regulation (EU) 2016/679 – GDPR and the applicable Greek legislation on the protection of personal data (No 4624/2019, No 2472/1997, No 3471/2006, as applicable, etc.) as well as the opinions and guidelines of the Hellenic Data Protection Authority and the European Data Protection Board.

This Policy is applicable to every service or operation provided by us on this Website, on any location on the web or online application, in any promotion, online and offline, for access to our services, whether an electronic means or other device is used or not.

The Data Controller determines the purposes and the way in which guests Personal Data is processed. Unless otherwise stated, the Data Controller is our Company.

Personal Data is any information that concerns an identified or identifiable individual. An identifiable individual is a person who can be identified, directly or indirectly, especially by reference to an identification particular, such as name, ID card number, geolocation data, an online user ID or to one or more factors that describe the physical, physiological, genetic, psychological, economic, religious, cultural or social identity of the individual in question. Personal data includes information such as email address, home address, mobile phone number, user names, personal preferences and purchasing habits, content created by the user. It is also likely to include unique numerical identifiers, such as guests IP address and cookies.

We are particularly sensitive concerning the Personal Data guests entrust to us and we undertake to process it in a fair, transparent and secure way. Our basic principles are as follows:

Lawfulness: we will collect guests Personal Data in a strictly fair, lawful and transparent manner.

Data minimisation: we will minimise the collection of guests Personal Data to only that directly related to and essential for the purposes for which it has been collected.

Purpose limitation: we will collect guests Personal Data only for specific, clear and legitimate purposes and will not process it further in a manner that is incompatible with these purposes.

Accuracy: we will keep guests Personal Data accurate and up to date.

Security and protection of data: we will put in place technical and organisational measures to ensure the appropriate level of security and protection of data, considering, among other things, the nature of guests Personal Data that is being protected. Such measures ensure the prevention of any unauthorised disclosure or access, accidental or unlawful destruction, accidental loss or alteration and any other unlawful Processing.

Access and correction: we will process guests Personal Data in accordance with guests legal rights.

Storage limitation: we will keep guests Personal Data on record in a manner that is consistent with the applicable laws and regulations concerning personal data protection and for no longer than is necessary for the purposes for which it has been collected.

Protection during international transfers: we will ensure that all guests Personal Data transferred outside the European Economic Area is adequately protected.

Fail-safe security against third parties: we will ensure that access to guests Personal Data by (and its transfer to) third parties will be made according to the applicable law and the appropriate standard safety procedures.

Direct marketing and cookies legitimacy: when we send guests promotional material or place cookies on guests computer, we will ensure that it is done according to the applicable law.

INFORMATION WE COLLECT

 Information collected automatically with our Website

Our Website has informative content about the services provided for guests stay in our hotel and only browsing it (without making a reservation or sending a request) does not require the guests to provide / import personal data.
Certain information can be automatically collected, just by visiting and browsing the Website, which can identify guests directly or indirectly, such as:

• guests computer’s Internet Protocol (IP) address
• the type of browser and the operating system
• the websites guests visited immediately before and after guests visit to the page
• connection speed and information about the software programs installed on the computer
• basic server connection information and
• information collected through HTML cookies, Flash cookies, web beacons and other similar technologies (see our Cookies Policy).

Regarding the information that is automatically collected from guests browsing on our Website, please refrain from visiting it if guests do not wish to collect and process this information.

Information guests provide us directly

In case the guest of the Website wishes through this to contact our office, he is invited to fill in and submit the corresponding contact form, during the submission of which the Website collects and processes, with guests consent, the following personal data:

• email
• name and surname
• phone number
• message (free text of the guests of the Website)
• security code.

Booking, check in and out and extra services information

Guests may also be asked to provide personal information about special purposes, such as when making a reservation for accommodation at our facilities, when making a request for additional services, at which time they are collected, among other things: 

• communication details, such as guests name, postal address, email address and phone number
• credit card number or other payment account number, billing address and other payment and charge details (“Payment information”), copies of guests mail if contact us
• information that is necessary for the fulfillment of special requests (for example health conditions that require special accommodation)
• information about the stay of guests, including the date of arrival and departure, as well as goods and services purchased, information about the level of satisfaction , suggestions for improvement, complaints and remarks.

  We may collect personal information from various sources, including:

• Our Website 
• Booking and telephone call centers 
• Social media 
• Our facilities internet (wifi) connection.

These information and the relevant that help us learn more about how our Website is used by its guests, are collected  in aggregate form. We can use this information to monitor and analyze the use of the Website, to enhance its functionality and to better shape its content according to the needs of our guests.

When collecting information directly from our guests, we take the appropriate care to verify which of the collected personal information relates to minors. If we find that we have collected any personal information from a minor under the age of 15 without verifiable parental consent, in accordance with the provisions of Article 21 of Law 4624/2019 (Greek Legislation), we will delete the information from our database as soon as possible with the relevant information of the parent or guardian of the minor. 

WHY WE COLLECT DATA:

We collect, process, use and store guests data :

• For verification of guests’ data by us, when guests link to our Website, our Applications and wifi.
   To fulfill accommodation or information requests and recall guests preferences and registration information. 
• To provide our services to guests.
• To contact guests and send information about our services and offers.
• To assess and retrieve data for administrative and other communication purposes and to operate and improve the quality and effectiveness of our services, our Website, programs and applications related to our operations.
• For compliance with applicable law, such as the recording of all personal data of customers staying at the hotel, and the maintenance of documents of all movements.
• To support IT purposes.
• To support business processes.

Depending on the purpose for which guests data is used, the legal basis for processing it may be:

1. Guests consent, for the purposes of Processing (as for example, when processing special categories of data under section 9, subsection 1 of the General Data Protection Regulation E.U. 2016/679, or when we inform him/her about service and product offers, events organised by us, etc.). To avoid any kind of doubt, he/she  has the right to withdraw the consent at any time.
2. Contract execution: we process guests Personal Data when it is necessary for entering into a contract.
3. Legal purposes, when processing is required by law.
4. Our vested interest, namely:

• Improvement of our services: through enhancing the quality of the services we provide and better understanding guests needs and expectations, we are able to provide even better services,
• Prevention of fraud incidents: to ensure that every payment is completed without any incident of fraud or appropriation,
• Security of our tools: to protect the tools guests are using (websites, devices, etc.) so as to ensure their proper functionality and constant improvement.
• To lawfully update and correct guests Personal Data at our disposal via different systems operated by us or any other recipient.
• To manage guests consent as mentioned above.

 In case guests provide Personal Data of third parties ( relatives, employees, partners, etc.), they are  obliged to ensure that it has been fairly and lawfully collected and  they have the required authorization to act in their name and on their behalf (including consenting for them), so that further processing of such data by our Company is possible.

Personal Data retention period

The Company, depending on the amount, the nature and the sensitivity of Personal Data, as well as the purposes for which we process it, determines the appropriate data retention period. We will retain guests Personal Data only for as long as necessary in order to fulfill the purposes for which it has been collected e.g. the fulfillment of a legal obligation.

More specifically, we retain guests Personal Data for ten (10) years from its collection date so that we can provide the above mentioned services. The only exceptions to the time length stated above are cases where:

• the law requires that we retain guests Personal Data for a longer period of time or delete it sooner, or
• we may have a vested interest in raising, proving or defending legal claims relevant to the above mentioned products and/or services (e.g. liability issues arising from the provision of services, claims for wrongdoing, etc.), or
• it is required for accounting, taxation or auditing purposes, or
• it is required for the protection of guests vested interest, or
• exercise his/her right to have Personal Data deleted (where applicable) and we are under no obligation to retain it in relation to any of the reasons allowed or required by law.

In addition, our company reserves the right to anonymise  guests Personal Data so that it cannot be traced back  in order to use this information indefinitely for research or statistical purposes without further notice.

REQUIREMENTS FOR THIRD PARTY ACCESS TO GUESTS PERSONAL DATA

 A basic principle of ours is that we will not share guests information with third parties for their own independent business or promotional purposes without consent.

Aiming at providing guests with the best possible services, we grant access to their personal data, or to part of it, to certain authorized members of our staff, namely to:

a) Our Company’s employees: authorised members of our staff only

b) Business partners:

• Business partners: for example, reputable companies that may use guests Personal Data in order to provide services and/ or send promotional material (provided that he/she has given consent for receiving such material). We request that such companies always adhere to the applicable law and to this Policy and that they pay particular attention to maintaining the confidentiality of guests personal information.
• Our Company’s service providers: companies that provide services to our Company or on its behalf for the purposes of such provision.
• Advertising, marketing and promotional companies: so that they can help us achieve and analyse the effectiveness of our advertising campaigns and our promotional activities.

c) Other third parties:

• When required by law or deemed legally necessary for the protection of Data Controller

Guests Personal Data may be transferred to recipients outside the EEA and be processed by both us and the recipients in question. For any transfer of  Personal Data to countries outside the EEA that do not normally have the same level of data protection as the EEA, Data Controller will take the appropriate special measures to ensure an adequate level of protection for  Personal Data. Such measures may, for example, consist in an agreement with the recipients concerning binding contractual clauses that guarantee such an adequate level of protection.

PROTECTION OF GUESTS PERSONAL DATA

We have implemented a series of technical and organisational security measures to protect  Personal Data against unlawful or unauthorised access or use, as well as from accidental loss or damage to its integrity. These measures have been designed taking into consideration our IT infrastructure, the possible impact on privacy and the relevant costs, as well as in accordance to the existing standards and practices on the market.

Guests Personal Data will be processed by a third party Processor only if they agree to comply with these particular technical and organizational data security measures.

Our data security procedures include: safe access, backup systems, monitoring, review and maintenance, security incident and business continuity management, etc.

GUESTS RIGHTS TO CONTROL PERSONAL DATA

1.  
   1. Right to information: the right to receive clear, transparent and straight forward information as to the way we use Personal Data. This is the reason why we provide the information in this Policy.
   2. Right to access-communication of the subject with the Data Controller: the right to access the Personal Data we retain (without prejudice to some Legal restrictions).
   3. Right to withdraw consent: the right to withdraw the consent for the processing of Personal Data by us, when such processing requires this consent. Said withdrawal of consent does not affect the legitimacy of the processing already performed based on such consent in the time preceding its withdrawal. 
   4. Right to rectification of data: In case of incorrect and/ or outdated/ incomplete data, the right to ask for rectification of guests Personal Data.
   5. Right to erasure of data from our records: In certain cases guests are entitled to request the erasure of their Personal Data. 
   6. Right to restrict processing of the data: Guests have the right to request the restriction of the processing of guests Personal Data. According to the New General Data Protection Regulation (GDPR), this right is valid in the following cases:
      • the accuracy of the personal data is contested by the data subject (guests) for a period that enables the Data Controller to verify the accuracy of guests personal data,
      • the processing is unlawful and the data subject (guests) opposes the erasure of the personal data and requests the restriction of its use instead,
      • the Data Controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims,
      • the data subject (guests) objects to the processing while awaiting verification on whether the legitimate grounds presented by the Data Controller override those of the data subject.

Right to object to the way data is processed:

• Guests have the right to object to receiving notifications for direct marketing purposes. 
• Guests have the right to object to the processing of  Personal Data when this processing is based on a legitimate interest according to the above, if he/she believe that it affects guests fundamental rights and freedoms,

Right to portability: the right to have Personal Data copied or migrated from our database to another. 

Right to file a complaint: the right to file a complaint against the Data Controller with the Hellenic Data Protection Authority (HDPA).

In order to handle guests requests according to the above, we may ask guests to verify their  identity.

For the exercise of your rights, please address your respective request by writing to us in the following postal address: Getaways Greece IKE Deligiorgi 55-59 Athens or by phone calling +30 210 3252138 or by sending us an email to the email addres: info@getawaysgreece.com 

Our Company will make every effort to respond to your request within thirty days of receipt. However, if due to the complexity of your request or due to the volume of information it is not possible to satisfy your request within thirty days, we undertake to inform you within the above deadline in writing of the reasons for the delay and to make every effort to satisfy your request as soon as possible and in any case within one additional month.

Our Company however reserves the right not to satisfy your request in the event that it is found to be manifestly unfounded or excessive informing you of the reasons for such refusal.

In any case, you have the right to lodge a complaint with the Personal Data Protection Authority (www.dpa.gr).

PRIVACY POLICY UPDATES

Our Company reserves the right to modify this Policy, always in accordance with applicable law on privacy and personal data protection and provide the necessary information to its guests and users by any means possible in compliance with the conditions set by the EU General Data Protection Regulation (EU) 2016/679 – GDPR. Guests to our Website should regularly read the Privacy Policy to be informed of any changes made. 

USE OF COOKIES

We use cookies on our Website. This helps us offer to guests a better browsing experience and allows us to improve our Website.

For further information concerning our use of cookies and how you can avoid them, please refer to our cookies policy.