- Introduction
This Personal Data Protection Policy together with the Privacy Note attached to the Registration Forms: “HOTEL REGISTRATION CARD” and the Cookies Policy provide us with information explaining and describing how the Greek public limited company under the name “L.S. SANTORINI KAMARI HOTEL SA”, based in Alimos, Attica (77 Poseidonos Avenue), in Greece (TIN: 099528759 / Tax Office FAE PIRAEUS) (hereinafter referred to as the “Company or Hotel”), collects, uses and processes the personal data of its customers, visitors, suppliers, associates, employees, as well as any natural person transacting in any way with the Company, and determines the basis on which any personal data that we collect from you, or those that you provide to us, will be processed by us.
Any natural person visiting the website pages or using the services shall be hereinafter referred to as “Personal Data Subject” or “Data Subject”.
Management and protection of your personal data is governed by the terms of this announcement and the relevant provisions of both the Greek and the EU and international law regarding the protection of the individual against the processing of personal data and the Decisions of the Hellenic Data Protection Authority. Any future change in the above regulatory framework will be included in this Policy.
This Personal Data Protection Policy (hereafter the “Data Policy” or “PDPP”) aims at informing you on the policy of the Company as regards your personal data, which you share with us, so that you are aware of the purpose of their processing by us, the category of recipients and the procedures that you can follow to exercise your legal rights.
This Policy constitutes an integral part of the Cookies Terms and Conditions of Use of www.zaffronresort.com and a single set with them. The Company acting as Controller can occasionally amend its Terms and Policies, including the “PDPP”, in whole or in part, at its sole discretion. Any amendment hereto shall take effect as soon as the amended Policy is posted on the Website. Hence, we advise you to regularly check its content.
In any event, as long as you continue to use our Website and its services and the services of our E-shop www.zaffronresort.com, after amendments have been made in accordance with the above, you will be deemed to unconditionally accept such amendments. If you do not agree with the terms of this Policy, as may be amended, you must stop using the Website and our E-shop.
Your confidentiality as well as the safety and protection of your personal data are very important for the Company. For this reason, we collect and manage your personal data with the utmost care, with responsibility and we take special measures to protect it with safety. In order for you to have detailed indications on how the Company manages your personal data, we invite you to read the following Data Policy, where you will find all the essential information on the processing of your personal data by the Company.
We also encourage you to read the “Cookies Policy” of www.zaffronresort.com and the “Terms and Conditions” of www.zaffronresort.com, which contain detailed information about the conditions regarding the services we provide. Some services may be subject to certain legal conditions and regulations. In these cases, we will make sure that you will be provided with all the necessary information.
The Company shall not be responsible in any way for the Personal Data Protection and Management Terms of other websites which you may access through links of this website. In this case you will be transferred to a third party website that we do not control and our Personal Data Protection Policy will no longer apply. Your browsing and interaction on any other website is subject to the terms of use and confidentiality and other policies for which we are not responsible and we do not accept any liability or fault or any processing carried out by such third parties. Please check these policies before submitting any personal data to these sites.
For any clarification, question or legal requirement regarding your confidentiality and the processing of your personal data, you may at any time contact the Personal Data Protection Officer (DPO) by sending a request via email to dpo@zaffronhotel.com or by sending a written letter by mail to the address of the seat of the Company to the “Personal Data Protection Officer”.
Controller:
“L.S. SANTORINI KAMARI HOTEL SA”
77 Poseidonos Avenue, Alimos 174 55, Attica, Greece TIN: EL099528759, TAX OFFICE FAE PIRAEUS
E-mail: dpo@zaffronhotel.com
PERSONAL DATA PROTECTION POLICY
- DEFINITIONS
The definitions included in this Personal Data Protection Policy have the meaning set out in EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, which together with the Greek Law and the regulatory framework applicable in Greece constitute the Legislation on Personal Data Protection.
Personal data means any information relating to the data subject, that is any information relating to the natural person to whom the data is related and who is identified or identifiable. Such data, as defined by the Law and the relative European provisions, is, for example, the name, the address, the date of birth and the sex of the member, the mobile number, the email address as well as any usage data, such as the username, the password and the IP address.
Special categories of personal data – means personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or participation in trade unions and processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Controller– means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the Union or Member State law, the controller or specific criteria for its nomination may be provided for by Union or Member State law.
Data subject– any living natural person subject to processing by the company “L.S. SANTORINI KAMARI HOTEL SA”
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structure, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, location, health, personal preferences, reliability or behaviour. This definition is linked to the right of the data subject to oppose profiling and the right to information about the existence of characteristic elements, measures based on profiling and the intended impact of the analysis on the individual.
Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Controller / Personal Data Protection Officer is required to report personal data breaches to the supervisory authority and where the breach may adversely affect the personal data or confidentiality of the data subject.
Consent of the data subject – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Child – the GDPR defines a child as a person under the age of 16, although this may be reduced to 13 by the law of the Member States. The processing of a child’s personal data is only legal if the parental consent has been obtained. The controller shall make reasonable efforts to verify in such cases that the parent in charge of the child provides or permits his or her consent.
Third party – means a natural or legal natural person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Filing system – means any structured set of personal data which are accessible according to specific criteria, whether cetralised, decentralised or dispersed on a functional or geographical basis.
- HOTEL RESERVATION PROCEDURE
To simply browse www.zaffronresort.com, you will not be asked by the Company to provide any personal data. However, the Company, while browsing or using the services offered by www.zaffronresort.com, collects and processes browsing data through cookies. For more details on the information collected through cookies and similar technologies, please refer to the relevant section “Cookies Policy”.
3.1 As part of the hotel reservation procedure – whether this is done online from www.zaffronresort.com, or through a travel agent, or through travel agencies based in European Union countries as well as in countries outside the European Union , either through our call center or directly to the hotel – we process your Personal Data for this purpose (i) which allows you to book a room at the hotel; (ii) to verify the availability of the hotel and manage the reservation; (iii) to send the booking confirmation; and (iv) to send an email before arrival. You can unsubscribe at any time from the e-mail messages before arrival by clicking on the unsubscribe link in the e-mails sent to you.
Categories of data that we process:
Address, Reservation details (including reservation number), Arrival and departure date, E-mail address, Name / Surname, Name / Surname of adult co-guests, date of birth, identity card or passport number, type of payment card, number and date of expiry, telephone number, title, and we may also collect additional information such as airline, flight number, etc.
Data source:
Depending on the reservation mechanism you use:
– Directly from you via the online booking form
– From your travel agent or travel agencies
– From our call center
– From our hotel when you made a direct reservation
Legal basis for processing:
Processing is necessary for the conclusion and execution of a contract.
3.2 In the context of the hotel reservation procedure carried out through the online booking channel of the company Radisson Hospitality Belgium BV/SRL online from the website www.radissonhotels.com/, or from Radisson Hospitality Belgium BV/SRL, we process your Personal Data for this purpose (i) which allows you to book a room at the hotel; (ii) to verify the availability of the hotel and manage the reservation; (iii) to send the booking confirmation; and (iv) to send an email before arrival. You can unsubscribe at any time from the e-mail messages before arrival by clicking on the unsubscribe link in the e-mails sent to you. In the above case of reservation through the company Radisson Hospitality Belgium BV/SRL, both companies will act together as Controllers.
Categories of data that we process:
Address, Reservation details (including reservation number), Arrival and departure date, E-mail address, Name / Surname, Name / Surname of adult co-guests, date of birth, identity or passport number, Country, type of payment card, number and date of expiry, telephone number, title
Data source:
Radisson Hospitality Belgium BV/SRL, Avenue du Bourget 44, B-1130 Brussels, telephone number: +32 2 702 9200, Belgium
Legal basis for processing:
Processing is necessary for the conclusion and execution of a contract.
- GUESTS OF THE HOTEL
Check-in and check-out at the hotel
4.1 During your stay at the hotel, we will collect and process your Personal Data for the purpose of (i) registering your arrival and departure at the hotel; (ii) assigning a key card to your room; (iii) obtaining a credit card or hotel deposit guarantee to ensure payment of your stay; (iv) managing (and archiving) the hotel registration card; ( v) creating or updating your profile in the hotel management system; (vi) assessing your ability to upgrade a room and managing it, if any; (vii) managing payment of your stay; (viii) creating, printing or sending an invoice for your stay; and (ix) payment of commission to your travel agent (if applicable).
4.2 In case you have booked a room at our hotel but you do not show up – without prior cancellation – the date you announced your arrival we will process your Personal Data for purposes of (i) canceling your stay and any other reservation which you may have done and (ii) management, processing and settlement of any payment due.
Categories of data that we process:
Address, Date of arrival and departure, E-mail address, Name / Surname, Name / Surname of adult co-guests, date of birth, identity or passport number, Country, type of payment card, number and date of expiry, telephone number, title,
Data source:
Depending on the reservation mechanism you use:
– Directly from you via the booking form
– Through the online booking channel www.zaffronresort.com where you made the reservation
– From your travel agent or travel agencies
– From our call center
– From Radisson Hospitality Belgium BV/SRL
– Directly from you via the hotel registration card
Legal basis for processing:
Processing is necessary for the execution of the contract with the hotel.
- STAY AT THE HOTEL
When you stay at our hotel, we try to make your stay as pleasant as possible. This requires the processing of your Personal Data in order to provide specific services during your stay at the hotel. In some cases, we may also need to collect sensitive personal data, such as medical data, in order to be able to meet your particular needs. These services include (i) cleanliness and maintenance; (ii) returning lost or forgotten items to you; and / or (iii) managing your preferences and those of your guests, such as nutritional preferences, any allergies, your interests, activities, in order to provide you with better service during your stay with us.
Categories of data that we process:
Address, Consumption habits, Date of arrival and departure, Nutritional preferences, Allergies, Nutritional data, Email Address, Name / Surname, Name / Surname of the adult passenger (s), Other preferences, Telephone number
Data source:
Depending on the reservation mechanism you use:
– Directly from you via the booking form
– Through the online booking channel www.zaffronresort.com where you made the reservation
– From your travel agent or travel agencies
– From our call center
– From Radisson Hospitality Belgium BV/SRL
– Directly from you via the hotel registration card
Legal basis for processing:
In order for the hotel to organise its daily maintenance activities, to personalise the services it provides and / or to be able to identify the owner of a lost or forgotten item. In cases where we need to collect sensitive personal data, such as medical data, for example any allergies, we keep them only if we are obliged by the applicable legislation or if you expressly give us your consent, in the context of the provision of our services, e.g. to provide a specific diet.
The Hotel protects all categories of personal data using the most up-to-date encryption methods.
- ADDITIONAL SERVICES AND FACILITIES FOR GUESTS OR VISITORS
At our hotel you can benefit from additional services and facilities such as room service, mini bar, swimming pool, restaurants, tennis court and bar, spa treatments, laundry services, parking, boat trips, taxi requests, car rental, free Wi-Fi, etc. In case you use additional services or facilities in our hotel, your Personal Data may be processed in order to (i) manage the reservation and use of such additional services and / or hotel facilities. (ii); personalise the arrival of customers who make reservations at the hotel (regular customers) and the selection of the amenities and features of the room and (iii) manage the costs incurred for such additional services and / or facilities.
Categories of data that we process:
Consumption Habits, Arrival and Departure Date, Nutritional Preferences, Email Address, Name / Surname, Name / Surname of adult co-guests, type of payment card, number and expiry date, Title
Data source:
– Directly from you via the online booking form
– From your travel agent or travel agencies
– From our call center
– Directly from you via the hotel registration card
– Directly from you when you submit your additional request for service / amenity at the hotel reception
Legal basis for processing:
Processing is necessary to take measures for the purpose of concluding a contract and / or executing the contract.
- REGISTRATION TO OUR NEWSLETTERS
If you register, with your express consent, in the service of our Newsletters, the Company will process and use your personal data to send you emails and text messages (sms) with a view to informing you of our marketing services, advertising and direct promotion of our products and / or services… You may at any time request to unsubscribe using the unsubscribe links contained in any newsletter e-mail and text messages that we send you or you may at any time send a relevant email to the Personal Data Protection Officer (DPO), electronically at dpo@zaffronhotel.com or by mail to the “Personal Data Protection Officer”.
Categories of data that we process:
Address, date of birth, email address, name / surname, telephone number, Hotel stay history, country of residence
Data source:
Directly from you when you subscribe to our newsletter
Legal basis for processing:
Consent
- COMMUNICATION
If you choose to contact us using the Contact Form on the “Contact Us” page of the Website www.zaffronresort.com, none of the data you provide will be stored by this Website or transmitted/processed by any of the third-party data processors set forth in Paragraph 12. Instead, the data will be sorted into an email so that we can reply to you.
Categories of data that we process:
Address, Email Address, Name / Surname,
Data source:
Directly from you when you complete the contact form
Legal basis for processing:
Processing is necessary for the communication you requested.
- PROVISION OF PERSONAL DATA OF THIRD PARTIES
in case you provide personal data of third parties (for example when booking on behalf of a third party), the Company and www.zaffronresort.com will protect the Personal Data of the Third Party in accordance with this Personal Data Protection Policy. If you provide us with personal data of third parties, you confirm that you have informed that third party of the purposes and means in which we must process their personal data.
- SOCIAL NETWORKS
We may process your Personal Data obtained through social networking platforms (including Facebook, Instagram,) or online reviews (including TripAdvisor) about our hotel for the purpose of (i) addressing your questions or complaints. (ii) monitoring our online reputation; and (iii) improving our services.
Some of our social media pages allow users to submit their own content. Remember that any content submitted on one of our social media pages can be viewed by the public and you should be careful about providing certain personal information (e.g. financial information or address information) through these platforms. We are not responsible for any actions taken if you post personal information on one of our social networking platforms (e.g. Facebook or Instagram). Please also refer to the respective privacy and cookie policies of the platforms of the relevant social networks you use.
For the exercise of your rights as described in Article 18. DATA SUBJECT RIGHT TO INFORMATION AND ERASURE, do not use social networks and their platforms. For the exercise of your above rights or for matters relating to the processing of your personal data, please submit your request using the specially designed forms of our company, at the reception area of the Hotel or you can apply in writing to the Data Protection Officer (DPO) of the Company by physical or electronic correspondence using the following information: Postal address, Email: dpo@zaffronhotel.com .
Categories of data that we process:
Any Personal Data that you may decide to share with us or published on social media or other online reviews about us.
Data source:
– Directly from you through publicly accessible social media pages, online booking channels or other websites (reviews)
Legal basis for processing:
– It is a legitimate interest of “L.S. SANTORINI KAMARI HOTEL SA” as an enterprise to process the Personal Data you choose to address us or make publicly available on social media platforms, or other websites (reviews), in order to improve our services.
- PERSONAL DATA RETENTION PERIOD
We shall retain personal data for the period of time required to fulfill the purposes described in this PDPP, unless a longer period of retention by law or applicable regulations is required or permitted.
Upon the expiry of this period, the data are retained in accordance with the applicable legal framework for as long as it is provided from the termination of the business relationship or for as long as it is required for the defense of the rights of the Company before a Court or other competent Authority.
- PERSONAL DATA RECIPIENTS AND PURPOSE OF ITS FORWARDING
Your Personal Data are subject to processing by the Company which acts as Controller.
For organisation and operation requirements related to the provision of products and services by the Hotel and www.zaffronresort.com, the Company, depending on its needs and if deemed necessary, may transmit your personal data to its representatives and/or subcontractors aiming at the support, promotion and execution of your transaction with the Company, but always under conditions that completely ensure that your personal data are not subject to any unlawful processing, that is, other than the purpose of the transmission according to the above.
The Company reserves the right to forward your Personal Data:
– To the Courier companies with which it cooperates, as referred to in the Terms and Conditions (for the purpose of returning lost or forgotten items);
– To the providers of technical IT services who have a contract with the Company that grants them access and to their authorised personnel (online) reservation procedure);
– To communication service providers;
– To third parties, natural or legal persons, that may provide on behalf of the Company promotion and marketing services both of the Company and its products or services, through social networking;
– To your travel agent or travel agencies;
– Or to our third partners who provide technical services, such as hosting and technical support services, fraud detection and prevention, technological and analytical services.
All collaborators, representatives and/or subcontractors have been assessed and selected by the Company for their proved trustworthiness and ability and all comply with the law laid down in the above paragraphs. In case some of them are based in countries which are not members of the European Union, forwarding of your Personal Data shall be carried out with the guarantees laid down by the Law.
The Company and www.zaffronresort.com will not sell or in any other way transmit or share the personal data of the Data Subjects of its Website with third parties, apart from the above-mentioned ones, without the consent of the Data Subject, except for the implementation of relevant legal obligations and only as regards the Competent Authorities. Retained data of the file may be shared with the Competent Judicial, Police and other Administrative Authorities upon their legal request and in accordance with the applicable legal provisions. Also, in case of a legal provision, service order or official preliminary examination, www.zaffronresort.com and the Company reserve the right to place the relevant data at the disposal of the corresponding authority.
- CHILDREN
We do not knowingly collect or request Personal Data from anyone under the age of 16 and we do not knowingly allow them to book a room at our hotel except with the consent given or approved by the person who has parental care of the child. In the event that we learn that we have collected Personal Data from a child under the age of 16 without verification of parental consent, immediate action will be taken to remove this information. If you believe we have or may have information from or about a child under the age of 16, please contact us at dpo@zaffronhotel.com.
- REPORTING INCIDENTS OF PERSONAL DATA BREACH
In accordance with the Law, the Company must report to the Hellenic Data Protection Authority any illegal breach of the Personal Data database of the Website or any third party data processing database to any and all relevant persons and authorities within 72 hours from the breach, if it is evident that the personal data that are saved in an unidentifiable form have been breached.
- PROCESSING REGARDING FRAUDULENT ACTS
By completing a transaction at www.zaffronresort.com and the Company, you agree that, in case there are reasonable data and if required by the specific circumstances, the www.zaffronresort.com and the Company will have the right to collect, process and use all the data necessary for the disclosure, as well as for the termination of offers created for fraudulent purposes, as well as the details of any other illegal or unconventional use of www.zaffronresort.com and the Company.
- TRANSMISSION TO LEGAL SERVICES IN CASE OR LACK OF LEGAL PROVISION
Since forwarding of data is not allowed according to Law, you consent to the forwarding of your personal data to prosecution and supervisory authorities for the necessary protection from risks to state and public security as well as for the prosecution of criminal offenses.
- TRANSFER AND STORAGE OF PERSONAL DATA
The transfer of Personal Data between the Website and your browser is carried out by encryption and is delivered via HTTPS.
Your data are stored on our servers in a secure location. The Company has taken the appropriate technical and organisational measures in order to ensure the implementation of the Legislation and the appropriate level of security of your personal data and has duly trained its staff and the entire network of its collaborators, through the Policies and the Personal Data Protection Procedures, and binds all its partners, who act on its behalf as Processors with contracts governed by guarantees and safeguards.
- INFORMATION AND UNSUBSCRIPTION RIGHTS OF THE DATA SUBJECT
The provision of your Personal Data is a contractual obligation. You are free to choose whether you will share with us or not your Personal Data, but in the absence of the required data the conclusion or execution of the Products and Services Agreement and the satisfaction of your requests by our Company will not be possible.
In the event of the conclusion of a Products and Services Agreement through www.zaffronresort.com, and our Company, the processing of the Data Subject’s personal data will be performed solely for the purpose of enabling the Company to fulfill its legal obligations and comply with the tax provisions and applicable law to which it is subject.
You are free to decide whether you will enter into a Products and Services Agreement with us and whether or not you will disclose your data. If, however, you enter into a Products and Services Agreement, your Personal Data will be necessary and processed to fulfill these legal obligations to which the Company is subject.
The Company carries out the following processing of personal data only in case the Personal Data Subject has explicitly consented to it:
- marketing activity, polling and market research;
- analysis of browsing and consumption habits in the environment using the Profile of the Personal Data Subject, with the sole purpose of creating a better and personalised shopping experience on our Website.
Provision of your Personal Data for these activities is absolutely optional. You are free to provide us with your Personal Data or not for this purpose, but in their absence the Company will not be able to carry out marketing and advertising activities, polling and market researches or analysis of your habits.
After we verify your identity, as Personal Data Subjects you have the following rights:
Right to information: | The COMPANY must inform you on the processing to which your data is subject, such as which data is processed, for what purpose, for how long it retains it, using clear and simple wording. |
Right of access: | You have the right to receive from the COMPANY a confirmation as to whether or not your personal data is processed and, if this is happening, you have the right to access this data. |
Right to rectification: | You have the right to demand from the COMPANY to rectify any inaccurate personal data of yours and to complete any incomplete data. |
Right to erasure: | You have the right to request from the COMPANY to delete your personal data, which can be satisfied provided some specific conditions are met. |
Right to restriction of processing: | You have the right to ensure that the COMPANY will restrict processing provided some specific conditions are met. |
Right to object: | You have the right to object, at any time, to the processing of your personal data. The COMPANY, in this case, must stop processing, except if it proves urgent and legal reasons which outweigh your interests, rights and freedoms as data subject or for the establishment, exercise or defense of legal claims. |
Right to human intervention in the framework of a decision through an automated procedure: | You have the right to request from the COMPANY that you do not undergo, if that is the case, a procedure of decision making solely according to an automated processing, including profiling, which produces legal effects that concern you or affect you significantly in a similar way. |
Right to portability: | You have the right to request from the COMPANY that you obtain your personal data, which you have provided in a structured, commonly used and machine-readable format, or that the COMPANY transfers it to another server. |
In order to facilitate the exercise of these rights, the COMPANY ensures that internal procedures are developed so that it can respond in time and effectively to your requests.
At any time you reserve the right to information or objection to further processing of your data in accordance with the relevant Law on Personal Data Protection. Do not use social networks and their platforms to exercise your rights. For the exercise of your above rights or for matters relating to the processing of your personal data, please submit your request using the specially designed forms of our company at the reception area of the Hotel or you can apply in writing to the Data Protection Officer’s Office (DPO) of the Company by physical or electronic correspondence using the following information:
Postal address, DPO Email: dpo@zaffronhotel.com
If you think that your Personal Data have been retained illegally, you can submit a request to one of the Supervisory Authorities that are competent for compliance with the Personal Data Protection Rules.
We respond to your Requests free of charge, without any delay and in any case within (1) one month from the day we receive your request. However, if your Request is complicated or there is a large number of Requests from you, we will inform you within a month if we will need to extend the deadline for (2) two more months within which we will respond.
If your Requests are clearly unfounded or excessive, especially due to their recurrence, the Company can impose the payment of a reasonable fee, taking into consideration the administrative cost for the provision of information or the execution of the requested action or it can refuse to continue with the Request.
If you think that your Personal Data have been retained illegally, you can submit a request to one of the Supervisory Authorities that are competent for compliance with the Personal Data Protection Rules.
This text may be amended with time; hence we advise you to regularly check its content.
- LEGAL REFERENCES AND USEFUL LINKS
The processing of the Personal Data of the Users/Customers of www.zaffronresort.com is carried out by the Company, which also uses a Data Protection Officer based in the EU and is subject to the terms provided by the Regulation (ΕU) 2016/679 General Data Protection Regulation, as well as the European and Greek personal data processing regulations and controls of the competent Hellenic Control Authority.
EU General Data Protection Regulation 2018 (GDPR)
Last update 01/02/2022