DATA PROTECTION POLICY
ATHINEON HOTEL acknowledges the importance of the security of your personal data, as well as of your electronic transactions and takes all the necessary steps, using the most modern and advanced methods, to protect your data from unauthorized access, disclosure, modification or deletion.• The Controller of your data is the limited company with the name «AVETE K.KOSTARIDIS», address Vironos17, Rhodes GR85100, telephone number +302241026112. The legal representative of the Company is: Konstantinos Kostaridis, telephone number +302241022631-3. E-mail: email@example.com• The security of the online store of ATHINEON HOTEL is achieved with the cooperation of the Company with WebHotelier.
This security policy explains our practices regarding the personal information we collect from you or with reference to you on this website or via the travel agencies or online booking platforms and at the reception upon your arrival at our hotel. In addition, the policy explains the purposes for which we collect your personal data and the methods we use when collecting
If you make a room booking in any way at our hotel you agree to the terms of this data protection policy and you declare that you are at least 16 years of age.
DATA WE COLLECT
When booking a room at our hotel either through our current website or otherwise, and upon arrival at our hotel, you may be asked for the following personal information:• first name – last name• gender• e-mail address• telephone number,• passport or ID number• date of birth-age• place of birth• nationality• booking reference• flight number• your credit card number, and optionally• address
We do not knowingly collect personal data from individuals under the age of 16.
As a parent or guardian, you should not allow the submission of personal data on our website by your children.
DATA COLLECTION SOURCES
Α) Directly from you through e- mail, or phone call for room reservation, by filling out a form upon arrival at the hotel and during your stay at our hotel,
B) through travel agents,
C) through online booking platforms
The above personal data are necessary and are intended solely for:• your room reservation• your check-in and check out• registering your preferences and fulfilling them during your stay• the provision of hotel services to you• ensuring our payment of your stay• confirmation of a credit card transaction with credit institutions• the repudiation of legal claims by customers and corporate partners• support our legal claims• safeguarding of our legitimate interests• our compliance with applicable Greek and European legislation.
The provision of your personal data is mandatory for the conclusion of the contract of room rental and provision of hotel services with you, for the fulfilment of the brokerage contract with electronic booking platforms, the contracts with our corporate partners.
Failure to provide such information would result in the failure or incomplete fulfilment of the above contracts, our inability to comply with Greek and European legislation and possible sanctions against us.
TIME PERIOD OF POCESSING• We retain your personal information for as long as necessary for the fulfilment of the aforementioned purposes.• The personal data you provide when booking a room through a online booking channel ( such as Booking com, Expedia and others) are also stored in the clouds of Webhotelier and Primal-res, both using Amazon Web Services, in N. Virginia, USA and in Frankfurt, Germany• The personal data you provide when booking a room through this website are also stored in the cloud of Webhotelier.• Both Web-hotelier and Primal-Res are required by PCI-DDS to preserve your data for at least 12 months.
PEOPLE TO WHOM WE TRANSFER DATA
We do not transfer your personal data to third parties, apart from the following specific reasons:• To travel agencies through which you have booked a room to our hotel, to fulfil the hotel contract• To our corporate partners and service providers. In this case, we always require from our partners to provide us guarantees for processing your data lawfully and only within the scope of the purpose for which they were forwarded.• To police, tax and other administrative authorities in accordance with the current applicable laws.
INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA (OUTSIDE EU)• We may transfer specific pieces of your personal data to travel agencies with which we cooperate in countries outside the EU, if you made a reservation to our hotel through them, for the purpose of implementing the hotel contract and always in accordance with the provisions of the GDPR. By submitting your personal data to them or to us upon your arrival to our hotel, you agree to the aforementioned transfer.• The data collected through online booking channels arealso stored in the clouds of Webhotelier and Primal- Res, both using Amazon Web Services in N. Virgina USA ,and in Frankfurt Germany.• Your data collected through this website are also stored in in the cloud of Webhotelier.• Amazon Web Services is certified under the EU-US Privacy Shield
RIGHTS OF THE SUBJECTS OF PERSONAL DATA
Α. RIGHT TO ACCESS YOUR DATA• You have the right to access with absolute security the data you have provided us through our website by entering the passwords used for your identification: your Access Password (e-mail or username) and the Personal Security Password (password).• You have the right, at any time, to request that we inform you of the personal data we hold for you. Your requests must be submitted in writing to the hotel reception , by e-mail to: firstname.lastname@example.org or by registered mail or courier at ATHINEON HOTEL, address Vironos 17, GR85100 RODOS, GREECE. We are required to respond to your requests within one month.
B. TO CORRECT, LIMIT THE PROCESSING, RIGHT OF PORTABILITY AND OF DELETION OF YOUR DATA
You are entitled to request, at any time:• To correct or limit the processing of your data, when possible.• To delete your data if this is not contrary to our legal obligation under National and / or European law, to the fulfilment of our duty in the public interest or to reasons of public interest in the field of public health, to the foundation, exercising and support of our legal claims, and more generally, if this is not contrary to paragraph 3 article 17 and to other provisions of GDPR 679/2016.
In addition,• you have the right to object to the processing of personal data• as well as the right to receive your data in a structured, commonly used format and the right to forward them to another controller, without our objection.
Your requests must be submitted in writing to the hotel reception, by e-mail to: email@example.com or by registered mail or courier at ATHINEON HOTEL, address Vironos 17, GR85100 RODOS, GREECE. We are required to respond to your requests within one month.C. FILE A COMPLAINT
You have the right to file a complaint at the competent supervising authority at www.dpa.gr.
VERSION CONTROL TABLE
|0.1||24th May 2018||Creation of document|
|0.2||18 th June 2018||Recreation of the whole document|
|0.3||10th July 2018||Erasure of the paragraph “how we secure your data”|