The company named GEORGIOS & VASILIA SMYRNAKI S.A., is committed to protect your personal data which are disclosed to the company by any source such as emails, fax, business cards, company’s site and other sites, databases etc. according to the law 4624/2019 and also according to the General Data Protection Regulation (GDPR – EU 2016/679).
COLLECTED PERSONAL DATA
Identifiable and contact information such as: Your name, surname, phone number, address details (Country, Town, State, Postal Code), email address, information related to your reservation (arrival/departure date), voucher/reference number and for companies we collect extra details like VAT and tax office. Personal characteristics details, such as nationality, passport details (number, sex, date of birth, place of birth, issue date, expiry date and issue issuing authority). Payment information, such as your payment card number and other card information Guest preferences, marketing and communication preferences. We may also use closed-circuit television and other technologies that record video for the protection of our staff, guests and visitors within our facilities where permitted by law.
With your permission, we may collect sensitive information, such as racial or ethnic origin, political opinion, religion or other beliefs, health data or sexual orientation, allergies, nutritional habits, dermatological diseases etc. We collect sensitive information only if it is provided by you. Furthermore, we may use health data with your permission in order to serve you better and meet your particular needs. In addition, some other information will be treated as sensitive, depending on applicable local laws. For example, your leisure activities, personal activities and hobbies, whether you are a smoker or not/ smoking habits etc.
PERSONAL DATA COLLECTED FROM MINORS UNDER THE AGE OF 18
We collect personal data from individuals under 18 years of age, such as name and age/ or date of birth, passport number/ ID details. We permit the stay of teenagers between 15-18 years old in our hotels (with or without guardian) but we need parent’s consent in order to gather all the above information for our services. As a rule, we only collect personal data from adults, but if data collection under the age of 15 exceptionally occurs, it will be necessary to obtain permission from parents or guardians. We also have activities for kids and we need to collect information for safety such as name, personal phone number from parents, room number, arrival/ departure time, and health information about your child (such allergies, nutritional habits, dermatological diseases and other).
PERSONAL DATA WE COLLECT FROM THIRD PARTIES
We can raise information about you from third parties, including information from our other partners (payment card, tour operators, travel agencies, web sites, and online forms), from your social media services consistent with your settings on such services, from credit reporting agencies, from data information verification providers and from other third- party sources that are lawfully entitled to share your data with us.
LINKS TO THIRD PARTY WEBSITES AND WIFI SERVICES
Our site may have links to third parties’ websites. We emphasize that we are not responsible for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. If you provide information during the use of third party sides the privacy police and terms of service on those sites are applicable. We advice you to read the privacy policies of websites you visit before submitting personal information.
USE OF PERSONAL DATA
We collect your personal data for the purpose of:
❖ Accounting reasons (for example contracts, cooperation agreements, invoices, etc.)
❖ Financial information (information on services cost, account balances, etc.) ❖ Promotional reasons, newsletters, contests, customer satisfaction surveys, etc. ❖ Room reservation and provision of hotel services (weddings, special events etc.). ❖ Spa and beauty treatments services, gym services, etc.
❖ Participation in activities and excursions.
❖ We may use your personal information to provide you with information about meeting and event planning.
❖ We may use your personal information to improve our services and to ensure that our site and services are of interest to you. We also use your personal information to provide you with the expected level of hospitality in-room and throughout our properties
❖ Internal use by our company.
❖ Internet and Wi-Fi-services
GEORGIOS & VASILIA SMYRNAKI S.A. ensures that all legal and appropriate measures are being taken for the protection and confidentiality of personal data that are being collected, in order (among other reasons) to prevent any non-authorized access to those data as well as to the equipment used for their processing and archiving. For the purposes of this policy, the term ¨data subject¨ includes all the individuals or single member companies, whose personal data we possess (data subject is the individual related to the term ‘personal data’) Our company guarantees that your personal data will not be used for other purposes, except the ones that are mentioned in this policy, without prior notice and without your approval, when such is required. We do not share personal data with third parties who are not related to us unless it is required by our legal professional purposes and needs, in order to fulfil your demands or/and it is imposed by law.
TIME PERIOD OF CONSERVATION AND USE OF PERSONAL DATA
We are committed to keeping your personal data in a safe space with controlled access for as long as it is required. You may submit a deletion request within a shorter time, which we will satisfy upon checking on the legal basis of the processing and our legal obligations, as well as on the provisions of our binding contract.
DISCLOSURE OF PERSONAL DATA
We may disclose your personal information to third parties who are processing data on behalf of our Company, including, but not limited to, providers of data processing systems support. We may partner with other companies to provide you with services or offers based upon your experiences at our facilities and may share your information with our business partners accordingly. For example, we may organize your transfer to /from the airport station by taxi or other means of transportation provided by our business partners in order to provide those services. We may also share your collected information with third parties, such as hotel and payment card partners, in case of over booking.
SAFETY AND PROTECTION OF DATA
Our company applies all the necessary policies and processes of technical and organizational safety in order to protect your personal data from being lost, changed, damaged, misused or accessed by a non authorized person. Our Company executives who have access to the data are obliged to respect the confidentiality of these data. We also commit our affiliates and service providers with whom we share personal information to maintain the confidentiality of your personal information. For online transactions, we use appropriate – technological measures to protect personal information collected through our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email. We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. If you receive this type of request, you should not respond to it. If printed on paper, personal information will be destroyed in a secure manner, such as by cross shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.
RIGHTS ON PERSONAL DATA
You have the possibility to apply for:
We handle your requests with the utmost care to ensure that your rights are protected. We may ask for your identity to make sure we do not share your personal information with someone else.
You should be aware that in certain cases (for example, due to legal obligations), we may not be able to respond to your request immediately. However, we will notify you of the progress of your request within one month after submitting your original request.
You should be aware that during our contractual relationship, personal data required by law or by our contract, are legally complied with and cannot be objected to. Consequently, the rights of objection, limitation and deletion should concern data processing for other purposes and not for the legal or contractual ones.
Furthermore, in some cases (due to for example, legal obligations), we may not be able to satisfy your request immediately. However, you will receive a response to your request within one month after submission at the latest. You have always the right to submit complains by contacting the Data Protection Officer of the company, GEORGIOS & VASILIA SMYRNAKI S.A. either by sending a letter at company’s office or by email at email@example.com , mentioning your full personal details and the reason you contacted GEORGIOS & VASILIA SMYRNAKI S.A.
We may modify this Statement from time to time. If substantial changes are to be made to this Statement, we will post a link to the revised Statement on the homepage of our site. You can review the date of the last update by looking at the “Last Updated” date provided at the top of Statement. Any changes to our Statement will become effective upon posting of the revised Statement on our company’s site.
WITHDRAWAL OF CONSENT
You may, at any time, withdraw the consent you have granted to our company for the processing and disclosure of your Personal Data. However, you must understand that this withdrawal will not affect the legitimacy of the processing, based on your consent for the period before your withdrawal. Furthermore, your right to withdraw your consent is subject to the above-mentioned exceptions due to law or contract restrictions.
In case you want to withdraw your consent, please send a signed declaration at the Data Protection Officer of the company GEORGIOS & VASILIA SMYRNAKI S.A. either by sending a letter at company’s office or by email at firstname.lastname@example.org , mentioning your full personal details and the reason you contacted GEORGIOS & VASILIA SMYRNAKI S.A..