Personal data protection policy
The protection of personal data is very important to our Company. We ensure full compliance with Law 2472/1997, as in force at any given time, and with all laws in force now or in the future on the protection of personal data, as well as with Regulation (EU) 679/2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”, and we process Personal Data in accordance with the applicable basic principles.
Registered office and scope of operations
The Company has its registered office in the Municipality of Mykonos of the Prefecture of Cyclades (headquarters of G-Tourism S.A.: postal address Ano Mera, Mykonos, 84600) and has the following scope of operations: The exploitation of hotels or tourist facilities, in general, and the provision of hotel-related services, catering services based on the highest international standards.
Lawful processing of personal data
The Company, in compliance with the provisions of the related EU and national legislation, manages the Personal Data with which it is provided with the greatest possible care, ensuring, in any case, their protection and confidential nature. In order to ensure the confidentiality and security of the Personal Data, the Company has adopted all necessary organisational and technical measures, establishing internal security policies, using suitable electronic means, adequately informing and training its personnel.
The Company shall lawfully process Personal Data, as it collects and processes such data exclusively for specific, explicit and legal purposes and only to the extent that such processing is necessary for the fulfilment of such purposes. The Company ensures that the data it keeps are accurate and updated, seeking for this purpose the assistance of the data subjects, i.e. of the natural persons whom these data concern; it shall retain such data for the time necessary for the fulfilment of the specific purposes.
Personal data being processed
The Company collects and processes Personal Data, i.e. information concerning a natural person who is identified or may be identified by such information, regardless of whether the identification is direct or indirect. The term “data processing” shall mean any operation performed concerning such data, whether automated or not. Making a booking
When you make a booking or use the Company’s services, the Company must collect the data that are absolutely necessary to identify you and communicate with you for the completion of the transaction. Such data usually include the following: • name and surname
• home address
• telephone number
• e-mail address
• credit card number
• credit card expiry date
• preferred communication language
• dietary habits
• possible health-related data (e.g. allergies, specific conditions, necessary in order for us to offer you better hospitality)
• age of the persons who will stay in the rooms (The hotel does not accept persons under 13 or / The hotel is family friendly)
If you choose to share the specific data with us, we will also know your preferences regarding the type of room, the type of bed and other related information. Further, special discounts linked to details, such as age, are provided in the context of specific promotional actions. In such cases, so that we may check that you eligible for the discount, we will record your date of birth at the time of the booking, always on the condition that you will consent thereto. For the same reason, on arrival you may be asked to produce an official identity document, ID card, passport, etc. that mentions your date of birth.
The aforementioned data are requested exclusively when a visitor contacts the Company through the general or more specific contact forms available on our Website or if he/she fills in his/her details to make a booking. Collection of technical information
In addition and for technical reasons, additional data are collected during a visit to the Company’s website, such as: • IP address (Internet Protocol address) of the computer of access
• website from which you are visiting us (recommendation)
• our web pages that you visit
• time of visit to the website
• date and time of the visit
• type of browser and browser settings
• operating system
• Geographical Area of the visit
Such technical information may, in individual cases, constitute personal data. As a general rule, however, we use technical details only to the extent necessary for technical reasons, for the operation and protection of the website and its application from attacks and malicious use, as well as in pseudonymous or anonymous form for statistical reasons.
For the more specific purposes of Personal Data processing, i.e. information on products, services, promotional actions, offers and events, the Company collects and processes the e-mail address through a special form (Newsletter) available on the home page of our Website and which the Visitor may fill in if he/she wishes to receive such information.
Social plugins ( Facebook, Twitter, Google+ )
Our website includes the widely-used “social network plugins” from the Facebook social network (https://www.facebook.com). You can recognise Facebook plugins from the Facebook logo or the “Like” button on our website.
If you do not want Facebook to link your visit to our website to your Facebook account, log out of your Facebook account.
Similarly, we use plugins of the social networks Twitter, Google+. When you click on the “Tweet” or +1 button on our website (while you are logged in to your respective accounts in such social networks), you automatically disclose the content you are visiting to the social networks in question without the Company becoming in any way aware of such data. Please consult the Privacy Policies of the relevant social networks for detailed information on the way in which your Personal Data are managed by such networks (https://policies.google.com/privacy?hl=el, https://twitter.com/en/privacy)
Use of personal data
The Company collects, processes and uses the Personal Data that concern you mainly when you visit the Company’s websites. On a case-by-case basis, Personal Data are processed in accordance with the applicable legislation and this policy or in conformity with your consent. In certain cases, the data are used only in a pseudonymous or anonymous form. The Company stores and uses the Personal Data that concern you whenever you contact the Company over the phone, by e-mail or via the booking or contact form the Company makes available, or when you wish to send us information by some other means and you, therefore, transmit you data to us for such purpose. Such personal data will be used exclusively for the purpose of handling your request at any given time and/or to provide you with a service by executing the booking that you made, and for the issuance of all necessary tax and other documents.
Furthermore, we store and use personal data and technical information to the extent necessary for the prevention and handling of any malicious use or other illegal behaviour on your website, e.g. to keep the data secure in case of an attack on our IT systems. Lastly, we store and use your data to the extent that we are legally obliged to do so, e.g. as foreseen by specific provisions of the related legislation or a court judgment or another decision by the Authorities, as well as to safeguard our rights and claims, and to defend the Company before the courts.
Third parties to whom the personal data will be transferred
The Company may transfer these data to companies with which it collaborates, within the European Union, which will process the data on behalf of the Company, as data processors, exclusively for the purposes mentioned above. When transferring the data, the Company shall adopt all necessary measures to ensure the highest possible security level. The Company assures that such companies provide all the necessary guarantees for the protection of the Personal Data and that they adopt suitable technical and organisational measures so that the processing is lawful and that the protection of the Personal Data and the rights of the natural persons they concern are safeguarded. The Company states that it has entered into contract with the companies in question in advance, which contracts include terms related to the adoption of security measures thereby and the monitoring of such measures by the Company.
The security of your personal data is a high priority for the Company. We, therefore, protect your data which are stored by us by adopting technical and organisational measures for the efficient prevention of loss or abuse thereof by third parties. In particular, our employees who are in charge of the processing of personal data undertake to keep such data secret. The data you send us via the Website are transferred encrypted for the protection of your personal data. In order to ensure the long-term protection of your data, the technical security measures are monitored regularly and, if necessary, are adjusted to the relevant technological standards.
By choosing to agree with and consent to the processing of the Personal Data that concern you, you grant your consent for the processing of the data for the aforementioned purposes, either by the Company or by a company with which it collaborates. You may withdraw your consent at any time, as well as exercise one of your legal rights, i.e. access to your data and the receipt of a copy thereof, the correction of inaccurate information, the erasure of your data or the restriction of their processing, the portability of the data in a structured, commonly used and machine-readable format and their transfer to another data controller, the right not to be subject to a decision which is based solely on automated processing, including the drawing up of a profile, and which produces legal effects concerning you or similarly significantly affects you.
The Company handles your requests with due care, to safeguard the security of your data and the protection of your rights. For this reason, in case of doubts regarding the person who requests the disclosure of Personal Data, we may ask you for additional information that is necessary for your identification.
In case the Company is unable, due to the large number of requests, to fulfil your request immediately, it will inform you as soon as possible and in any case within one month from the submission of your request of its progress and of the reason for any delay in its fulfilment. If your requests are clearly unfounded or excessive, in particular because of recurrence, the Company may either impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or refuse to follow up on your request. In case of a data breach which may put your rights and freedoms at high risk, if this does not fall under one of the exceptions provided for in the law, the Company undertakes to inform you of the breach without unjustifiable delay. You may direct all questions or requests regarding the protection of your personal data kept by the Company to the following e-mail address: firstname.lastname@example.org.
In any case, if you believe that your privacy is violated in any way, you have the right to lodge a complaint with the Hellenic Data Protection Authority, using the following contact details: Website: www.dpa.gr, Postal address: 1-3 Kifisias Ave., 115 23 Athens, Switchboard: +30 210 6475600, Fax: +30 210 6475628, E-mail: email@example.com. Amendments to the information contained in this policy
Any future related regulations that may take effect will form part of this announcement. In any case, the Company shall reserve the right to change the terms related to the protection of personal data in accordance with the applicable legal framework.
Therefore, these Personal Data protection terms may be revised and updated at any time without prior notice. The users of the website are invited to observe the examined terms for changes at regular intervals, since the continuous use of the website suggests that they accept all possible modifications thereof.
The current version of the Personal Data Protection Policy entered into force on July 2019.