Our Company respects guests privacy and is committed to protecting guests personal data and comply with General Data Protection Regulation (EU) 2016/679 – GDPR and the applicable Greek legislation on the protection of personal data (No 4624/2019, No 2472/1997, No 3471/2006, as applicable, etc.) as well as the opinions and guidelines of the Hellenic Data Protection Authority and the European Data Protection Board.
This Policy is applicable to every service or operation provided by us on this Website, on any location on the web or online application, in any promotion, online and offline, for access to our services, whether an electronic means or other device is used or not.
The Data Controller determines the purposes and the way in which guests Personal Data is processed. Unless otherwise stated, the Data Controller is our Company.
Personal Data is any information that concerns an identified or identifiable individual. An identifiable individual is a person who can be identified, directly or indirectly, especially by reference to an identification particular, such as name, ID card number, geolocation data, an online user ID or to one or more factors that describe the physical, physiological, genetic, psychological, economic, religious, cultural or social identity of the individual in question. Personal data includes information such as email address, home address, mobile phone number, user names, personal preferences and purchasing habits, content created by the user. It is also likely to include unique numerical identifiers, such as guests IP address and cookies.
We are particularly sensitive concerning the Personal Data guests entrust to us and we undertake to process it in a fair, transparent and secure way. Our basic principles are as follows:
Lawfulness: we will collect guests Personal Data in a strictly fair, lawful and transparent manner.
Data minimisation: we will minimise the collection of guests Personal Data to only that directly related to and essential for the purposes for which it has been collected.
Purpose limitation: we will collect guests Personal Data only for specific, clear and legitimate purposes and will not process it further in a manner that is incompatible with these purposes.
Accuracy: we will keep guests Personal Data accurate and up to date.
Security and protection of data: we will put in place technical and organisational measures to ensure the appropriate level of security and protection of data, considering, among other things, the nature of guests Personal Data that is being protected. Such measures ensure the prevention of any unauthorised disclosure or access, accidental or unlawful destruction, accidental loss or alteration and any other unlawful Processing.
Access and correction: we will process guests Personal Data in accordance with guests legal rights.
Storage limitation: we will keep guests Personal Data on record in a manner that is consistent with the applicable laws and regulations concerning personal data protection and for no longer than is necessary for the purposes for which it has been collected.
Protection during international transfers: we will ensure that all guests Personal Data transferred outside the European Economic Area is adequately protected.
Fail-safe security against third parties: we will ensure that access to guests Personal Data by (and its transfer to) third parties will be made according to the applicable law and the appropriate standard safety procedures.
Direct marketing and cookies legitimacy: when we send guests promotional material or place cookies on guests computer, we will ensure that it is done according to the applicable law.
INFORMATION WE COLLECT
Information collected automatically with our Website
Our Website has informative content about the services provided for guests stay in our hotel and only browsing it (without making a reservation or sending a request) does not require the guests to provide / import personal data.
Certain information can be automatically collected, just by visiting and browsing the Website, which can identify guests directly or indirectly, such as:
Regarding the information that is automatically collected from guests browsing on our Website, please refrain from visiting it if guests do not wish to collect and process this information.
Information guests provide us directly
In case the guest of the Website wishes through this to contact our office, he is invited to fill in and submit the corresponding contact form, during the submission of which the Website collects and processes, with guests consent, the following personal data:
Booking, check in and out and extra services information
Guests may also be asked to provide personal information about special purposes, such as when making a reservation for accommodation at our facilities, when making a request for additional services, at which time they are collected, among other things:
We may collect personal information from various sources, including:
These information and the relevant that help us learn more about how our Website is used by its guests, are collected in aggregate form. We can use this information to monitor and analyze the use of the Website, to enhance its functionality and to better shape its content according to the needs of our guests.
When collecting information directly from our guests, we take the appropriate care to verify which of the collected personal information relates to minors. If we find that we have collected any personal information from a minor under the age of 15 without verifiable parental consent, in accordance with the provisions of Article 21 of Law 4624/2019 (Greek Legislation), we will delete the information from our database as soon as possible with the relevant information of the parent or guardian of the minor.
WHY WE COLLECT DATA:
We collect, process, use and store guests data :
Depending on the purpose for which guests data is used, the legal basis for processing it may be:
In case guests provide Personal Data of third parties ( relatives, employees, partners, etc.), they are obliged to ensure that it has been fairly and lawfully collected and they have the required authorization to act in their name and on their behalf (including consenting for them), so that further processing of such data by our Company is possible.
Personal Data retention period
The Company, depending on the amount, the nature and the sensitivity of Personal Data, as well as the purposes for which we process it, determines the appropriate data retention period. We will retain guests Personal Data only for as long as necessary in order to fulfill the purposes for which it has been collected e.g. the fulfillment of a legal obligation.
More specifically, we retain guests Personal Data for ten (10) years from its collection date so that we can provide the above mentioned services. The only exceptions to the time length stated above are cases where:
In addition, our company reserves the right to anonymise guests Personal Data so that it cannot be traced back in order to use this information indefinitely for research or statistical purposes without further notice.
REQUIREMENTS FOR THIRD PARTY ACCESS TO GUESTS PERSONAL DATA
A basic principle of ours is that we will not share guests information with third parties for their own independent business or promotional purposes without consent.
Aiming at providing guests with the best possible services, we grant access to their personal data, or to part of it, to certain authorized members of our staff, namely to:
a) Our Company’s employees: authorised members of our staff only
b) Business partners:
c) Other third parties:
Guests Personal Data may be transferred to recipients outside the EEA and be processed by both us and the recipients in question. For any transfer of Personal Data to countries outside the EEA that do not normally have the same level of data protection as the EEA, Data Controller will take the appropriate special measures to ensure an adequate level of protection for Personal Data. Such measures may, for example, consist in an agreement with the recipients concerning binding contractual clauses that guarantee such an adequate level of protection.
PROTECTION OF GUESTS PERSONAL DATA
We have implemented a series of technical and organisational security measures to protect Personal Data against unlawful or unauthorised access or use, as well as from accidental loss or damage to its integrity. These measures have been designed taking into consideration our IT infrastructure, the possible impact on privacy and the relevant costs, as well as in accordance to the existing standards and practices on the market.
Guests Personal Data will be processed by a third party Processor only if they agree to comply with these particular technical and organizational data security measures.
Our data security procedures include: safe access, backup systems, monitoring, review and maintenance, security incident and business continuity management, etc.
GUESTS RIGHTS TO CONTROL PERSONAL DATA
Right to object to the way data is processed:
Right to portability: the right to have Personal Data copied or migrated from our database to another.
Right to file a complaint: the right to file a complaint against the Data Controller with the Hellenic Data Protection Authority (HDPA).
In order to handle guests requests according to the above, we may ask guests to verify their identity.
For the exercise of your rights, please address your respective request by writing to us in the following postal address: Getaways Greece IKE Deligiorgi 55-59 Athens or by phone calling +30 210 3252138 or by sending us an email to the email addres: firstname.lastname@example.org
Our Company will make every effort to respond to your request within thirty days of receipt. However, if due to the complexity of your request or due to the volume of information it is not possible to satisfy your request within thirty days, we undertake to inform you within the above deadline in writing of the reasons for the delay and to make every effort to satisfy your request as soon as possible and in any case within one additional month.
Our Company however reserves the right not to satisfy your request in the event that it is found to be manifestly unfounded or excessive informing you of the reasons for such refusal.
In any case, you have the right to lodge a complaint with the Personal Data Protection Authority (www.dpa.gr).
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|