- Data information we collect and for what purpose :
Full name, gender, full address, phone number, email address, payment details (bank account number, IBAN, card details etc), proof of your identity documents (ID, passport and visa information, driving license or health booklet number), nationality, tax details, dates of your stay and products or services ordered or purchased. We do not collect “sensitive personal data”, unless you wish to forward it to us in order to facilitate your stay.
We also may collect:
- Data concerning family members and/or partners and/or friends, who will stay in our Hotel,
- Images and video and audio data via security cameras,
- Wi-fi connection data,
- Automated information: When you visit our website, we may also collect certain information through the use of “cookies” or other automated means. Cookies are small files of information stored by your browser on your computer’s hard drive. Such information may comprise the following information:
- date and time,
- web protocol address,
- domain name,
- type of browser and operating system used (if provided by the browser),
- URL of the referring page (if provided by the browser),
- geographic location or
- language preferences.
How we collect the above information:
- by filling a relevant online form on our website,
- by filling in a physical registration form,
- by contacting us by phone or in person,
- by sending us a letter, e-mail or social media message,
- by subscribing in order to use our services (e.g. a newsletter or by following us on social media),
- by requesting promotional information from us (e.g. information about any of our services),
- by participating in a survey or competition.
We collect personal data either directly from you, when you visit our Hotel or through online services (the website we operate: https://santannaluxurysuites.com/el/, our social media pages – facebook – instagram – linkedin).
Principles of Data Processing:
- Purpose specification and purpose limitation: the purposes for which our Hotel collects and uses personal data must be specified and legitimate. The data shall not be used for any other purpose than those specified,
- Transparency: clear information shall be provided to individuals about the purposes for which personal data is collected and used at the time the data is collected,
- Data minimization: our Hotel shall only collects personal data that is strictly necessary for the specific purpose(s) i.e. the minimum required personal data shall be collected and used,
- Accuracy: personal data shall be accurate and, where required, updated,
- Retention: personal data shall not be kept for longer than necessary,
- Security: appropriate measures are in place to protect personal data,
- Accountability: our Hotel will be able to demonstrate that it has implemented measures to comply with the above mentioned principles.
Legal grounds for processing your personal data:
- The provision of services that you have commissioned and want to receive from us,
- Complying with a statutory obligation, such us refunding an advance payment, managing your claims for compensation etc,
- Safeguarding and protecting the legitimate interests, both yours as ours, with potential use of closed circuit television (CCTV) and security cameras to enable us to be able to protect the safety of individuals, property and premises,
- Consent you provide us with under the specific conditions set out in the legislative framework, in order to receive updates on services and offers.
- Data sharing – Third parties :
We may share information with service providers who perform functions and services on our behalf. Such third parties will be designated as data processors and will only be provided with information necessary to perform the services on our behalf, but in no case are authorized to use such information for any other purposes. We may disclose your information if we are required to do so in compliance with a legal obligation, or in response to a request to a request from law enforcement or other government authorities.
Our Hotel shares your personal data with the following categories of recipients:
- Governmental authorities, law enforcement agencies etc
- Our Hotel’s partners (external accountants, booking agency), who act as processors on behalf of our Company.
We declare that we do not sell your personal data we collect and store.
We take all appropriate technical and organizational measures to ensure the secure processing of your personal data and to prevent any accidental loss or destruction and any unauthorized and/or unlawful access, use, modification or disclosure. Any personal data in hard copy format will be kept in a locked filing cabinet, drawer or other secure place, with strictly limited access to our premises, and only our Data Controller and our authorized staff will have access to the data. Our facilities are protected by CCTV camera systems. Confidential document files will not be left unattended or exposed to public view anywhere there is general access. All electronic devices are password-protected to protect personal data in case of theft or loss. Digital files are encrypted, encoded or password-protected on a network drive, which is regularly backed up. All members of our staff are provided with personal security codes, and each computer on a regular basis prompts users to change their password for security purposes. Email messages we receive from you containing sensitive or confidential information are password-protected in the event that insecure servers are proxied between the sender and recipient of the message. The above security of our computer and storage systems, and access to them, is continuously monitored.
However, our Hotel is not responsible for payments made by you to bank accounts other than our own as a result of interception. For the security of your transactions, we recommend you before you transfer funds to a bank account, contact us to verify the correctness and accuracy of our Hotel’s bank accounts.
- Data retention
We retain your personal data only as long as necessary to fulfill the purposes for which we collect it, including any existing legal obligation. The period of time we retain your personal data will vary depending on the obligations of European and national legislation. In order to decide the retention period for your personal data, the quantity, nature (if it falls into a special category of data), exposure to potential risk from unlawful use, the purposes of collection and processing and whether these purposes can be achieved by other means, as well as any applicable legal obligations, will be taken into account. We are obliged by law to retain basic information about our customers (including contact details, payment information and transaction data) for a certain period of time after they stopped being our customers for tax purposes.
- CCTV Data
Our Hotel uses CCTV. We use a surveillance system for the purpose of protecting persons and property. The processing is necessary for the purposes of legitimate interests that we pursue as a data controller. The security cameras are positioned to cover the entrance to the Hotel, the reception area, the surrounding area of the building, parking areas, cashiers, mechanical installations and areas of increased risk. Areas where CCTV is installed shall be specially marked.
Our legitimate interest consists of the following: enhancing the protection of the personal safety of our staff and guests; facilitating the identification, apprehension and prosecution of offenders; protecting our hotel premises; preventing theft, vandalism, damage and burglary; pursuing and/or defending legal claims.
We assure you that access to your data is granted to the Data Controller and only to our authorised personnel. The data, which is stored digitally, is protected by security codes. The retention period for images and videos is 15 days.
- Your rights :
- Access, update, withdraw, amend or correct: You may have the right to access your personal data, and if you wish you can request a copy of the information we have collected and stored. You also have the right to update, withdraw, amend or correct your personal data.
- Restriction of processing and erasure: You may have the right to request the restriction of processing of your personal data or even its deletion.
- Data portability: You may have the right to receive your personal data free of charge in a format that allows you to access, use and process them. You also have the right to ask us, where technically feasible, to transfer your data directly to another processor.
- Objection or complaint: You may have the right to object to the use of your data by us, in case we use them for unlawful or unauthorized purposes. To exercise the above rights, please contact us by using the contact information stated below.
Finally, if you are resident in EU, or a citizen of EU, and you wish to lodge a complaint regarding our use of your personal data, you may contact your local data protection authority.
- Contact for GDPR issues
For any question, query or clarification regarding GDPR issues, you may contact us, Manager for GDPR issues: Mr Evangelos Spyridakos, via email: email@example.com, tel.: 2286036415, postal address: Imerovigli Santorini, P.O. Box 84700.