Our Company fully shares your concern regarding your personal data. Recently, we have introduced several changes that reflect the enhanced requirements of the EU’s General Data Protection Regulation (a.k.a. GDPR). Our aim is to be as honest and transparent as possible regarding the personal data we collect and the way we process it.
Ι. Types of personal data collected – Purposes
Through this website, personal data are being collected and processed for the following purposes:
The phone number and the e-mail address through which you can contact us can be found on our website. During the process of communication, any personal data you have provided shall be collected.
When you make an enquiry on our website using either our booking enquiry form, or our contact form, we collect the data that you submit in the form, as listed below: name, e-mail, contact number, arrival and departure dates, number of adults and children up to twelve (12) years of age that will be staying at the hotel, and any other information you choose to include in the relevant message field.
In any case, you can send the request for your reservation to our e-mail address, thus – in addition to your email address – any data you submit during our communication shall also be collected.
When making a booking, you will need to fill out your full name, your e-mail address, your full address and the billing details in specially designed fields.
1.1 Additional features: Setting up a user account
When entering your booking details, you can set up a user account. In such a case, we will store your full name and e-mail address, the password you have chosen, and any other personal data that may be included in the answer to the security question.
Our hotel offers the best in complete spa and wellness services. If you are interested in these services, you may contact us via e-mail or/and phone, thus we shall collect any data you choose to submit.
Social Plugins are in use on our website. Through the use of the said plugins, we are granted access only to publicly shared information found on the respective Social Media platforms. The use of the plugins found on our website is governed by the terms and conditions of each platform.
ΙI. Legal basis for the data processing we conduct
Our Company collects and processes personal data when at least one of the following conditions are present:
• Execution of a contract: processing is essential for the performance of the contract or for action to be taken on the request of a natural person prior to the conclusion of a contract. For example, we collect and process your personal data to complete and manage your reservation so that we can respond adequately to any queries you have submitted through our communication channels (contact form, phone, fax, e-mail).
• Legitimate interests of the Controller or third parties, provided that they are not overridden by the interests of the employee: Collection and processing are essential for the protection of our legitimate interests in order to ensure the smooth operation of our hotel, the achievement of our corporate goals and the defense of any legal claims.
• Vital interests: Processing is necessary to protect the life or any other vital interests of the data subject.
• Consent: In cases where required by law or when none of the above legal bases is applied, our company shall collect and process data after being given explicit, freely given, and informed consent by a natural person (the data subject) under the specific conditions provided by the GDPR. For example, we are given your consent for data collection through cookies.
Personal data shall be retained for as long as necessary for data collection purposes, unless otherwise specified by law.
If retaining your data is not needed for an explicitly described and legal purpose, we safely delete and/or destroy them in accordance to our “Policy for Keeping and Deleting Personal Data”.
ΙV. Who your personal data are disclosed and/or transmitted to
Your personal data shall be disclosed to:
(a) Authorized employees of our Company.
(b) Entities entrusted with the execution of specific tasks such as, but not limited to, lawyers, product suppliers and/or IT service providers and/or support service providers of all kinds of computer-based information systems or electronic systems and networks, logistics companies, marketing companies, business consulting firms.
(c) Third parties cooperating with or rendering services to our Company, including, but not limited to, reservation management companies, a spa management cooperating company, event planning companies, travel agencies.
(d) Supervisory, independent, judicial, prosecuting, public and/or other authorities, bodies or parties assigned to control/monitor the Company’s activities within the scope of their responsibilities.
(e) Companies under a franchise agreement, for example to “Design Hotels AG”.
The General Data Protection Regulation provides you with rights and options that we are committed to satisfying. Thus, you may:
You may send your requests to the email address: email@example.com .
Our Company shall fulfill all your requests within one (1) month. In the extremely rare cases that such a fulfillment is proven unfeasible, we shall immediately inform you explaining the reasons in detail.
If you believe that the provisions for personal data are being violated, you may file a complaint to the Hellenic Data Protection Authority (www.dpa.gr).
We shall remain at your disposal for any further query or clarification. Contact us.
|Istoria Hotel Santorini|
|Revival Consulting Services Α.Ε|
Version 1.0, Posted on 17/05/2019