Privacy Policy
Privacy Policy – Personal Data Protection
Last Update: 18/04/2024
Introduction
The privacy of the visitors of our website is a priority for the company “AMMON ZEUS HOTEL AND TOURISM ENTERPRISES S.A.” (Hereinafter referred to as “our company” and/or “we” and/or “us”), and we are committed to safeguarding it. This policy explains what we will do with your personal data, which you provide mandatorily and optionally, when you visit our website, purchase and use our services, register for various applications related to services provided by our company, as well as at any later time, or interact with us in any way, the way we process this data lawfully, provided that you supply it to us correctly and accurately and notify us of any changes, and the purpose of this processing, as well as your rights arising from Regulation 679/2016 of the E.U. (General Data Protection Regulation, hereinafter “GDPR”) and the overall union and Greek legislation on this matter. By accepting the privacy policy, which complies with the GDPR, you agree to the terms of collection, processing, storage, and use of your personal information by our company. We only collect personal data that is necessary to achieve the purposes specified in this Policy, namely, to provide our visitors and customers with the requested services and to respond to their requests for better service.
Browsing our website and using our online and any other services, as well as providing information on your part, implies knowledge and acceptance of the terms of this Policy, as well as the terms of use of our website. This policy governs the terms of use of the Website, online platforms, and any mobile application related to it. By providing personal data to our company, you consent to the collection and processing of this data by our company for the purposes and under the terms described in this Privacy Policy. The provisions for personal data protection included herein supplement the Terms of Use of our company’s website, which also govern this policy. Please do not disclose any information to us if you do not wish it to be used as described below. Additionally, please read this Policy carefully to be informed about the information collected from you when visiting the website and using its online services, the information posted on it, their use, and your rights.
This Policy serves as a notification to data subjects under Articles 13–14 of the General Data Protection Regulation (EU) 679/2016. If you have any questions about this Policy and, in general, about how our company collects and processes your personal data, please contact us at the email address listed below.
Definitions
For better understanding of this policy, we use the following terms with their respective explanations:
“Personal Data”: Any information that refers to an identified or identifiable individual (e.g., full name, ID number, Tax ID, home address, phone numbers, age, gender, physical characteristics, marital status, profession, interests, etc.). A subset of personal data includes “sensitive data” (referred to as “special categories of data” under GDPR), which pertains to the core of human personality and enjoys stricter protection (e.g., health status, political beliefs, philosophical and religious convictions, sexual orientation, etc.). The company processes sensitive personal data only in accordance with the law. The individual to whom the personal data refers is called the “data subject.”
“Processing’’ any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Legal Basis for Processing”: The conditions defined in the GDPR, including, but not limited to: i) for “ordinary” data, consent, performance of a contract, compliance with a legal obligation, safeguarding vital interests of the data subject, or legitimate interests of the controller (Article 6 of the GDPR); ii) for special categories of data (“sensitive” data), explicit consent, establishment, exercise, or defense of legal claims, substantial public interest under EU or national law (Article 9 of the GDPR).
“Data Controller”: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Our company is the data controller of the personal data we collect from you and the owner of this website. You may contact us, aside from cases explicitly defined by this policy or applicable law, at the phone number 0030 2310475224 or by sending an email to [email protected], alternatively by sending a letter to 2, G. KRANIDIOTI STR., PYLAIA, THESSALONIKI, POSTAL CODE 57001.
“Processor”: The natural or legal person, public authority, agency, or other body, which processes personal data on behalf of the controller.
“Data Protection Officer”: The individual designated by the data controller and the processor, as required by law, based on their professional qualifications and expertise in data protection practices. Their main duty is to oversee all matters relating to the protection of personal data.
“Recipient”: the natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular investigation in accordance with Union or Member State law are not regarded as recipients; the processing of such data by these public authorities is carried out in compliance with applicable data protection rules according to the purposes of the processing.
“Third party”: any natural or legal person, public authority, agency, or body other than the data subject, the controller, companies of the same Group of Companies with shared interests, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data. We collect and process data only when absolutely necessary. We respect your privacy and do not trade, disclose, or share your personal information with third parties without your consent.
Data is collected and processed only when necessary. We respect your privacy. We do not exchange, disclose, or share your personal information with third parties without your consent.
Categories of personal data we collect and process
Our company collects the personal information you provide directly or through third parties you contact for room reservations (travel agencies, booking centers, etc.), as well as during your stay at our hotel, provided you have consented to their use under this policy (indicatively and not limited to, by using our website, our services, or by completing the relevant forms, either online or in paper format, available on our website, etc.). These data are collected at every pre-contractual and contractual stage between us, with the relevant distinctions set out below (e.g., visiting our website, registering for our services, using our services, making reservations by any means, subscribing to our newsletter, etc.). We ensure that we collect only data strictly necessary to serve the purpose for which they were provided, and they are used exclusively for the purposes for which they were collected. The following types of personal information may be collected, stored, and used:
During your visit to our website and the use of our services, to become informed about your visit and offer you the best possible browsing experience, we automatically collect non-personal technical information regarding the identity of the device that submitted the connection request to our website, the operating system and version of your computer or other device identifiers, the external links you follow on our company’s website and your activities on it, connection data such as date, time, and duration of the visit, the country code where the device is located, Internet Protocol (IP) address, and other details concerning the connection protocol, such as the website’s domain name, browser type, URL address of the specific page, your geographical location, language preferences, and other diagnostic data, such as information sent by the browser each time you visit our website. These constitute browsing data, which are necessary to transmit to the website for the functioning of the computers on which it operates and the internet communication protocols. These details alone, as well as cookies, cannot be used to reveal your individual identity and are recorded as statistical data or log files to collect general demographic information for aggregated use, stored under the terms of the law, subject to their use for identifying and locating offenders of any computer crimes committed against or through this website. Since non-personal information does not personally identify you, we may collect, use, or disclose such information without your consent for any purpose beyond the above, indicatively to safeguard our legitimate and contractual interests, monitor any unauthorized, illegal, or malicious activities through our website and/or service, ascertain and prove the commission of any offenses, as well as to confirm and prove the use of our website and services in a manner contrary to these terms of use. The IP address through which the visitor’s/user’s device accesses the internet and, consequently, the Website/Application, is stored and may be utilized by our company, if deemed necessary, in case of a violation of the Terms of Use of the Website/Application by the visitor/user. Regarding the above information collected automatically through your browsing of our website, please refrain from visiting it if you do not wish for such information to be collected and processed.
Furthermore, we may collect and process data provided directly by you, especially but not limited to the following cases: when you provide your personal data, e.g., by potentially subscribing to our newsletters, sending an email to our company’s email address, or submitting your details at any point on our company’s website, such as by filling out the respective contact form to communicate with you. Additionally, we collect personal data to provide you with hospitality, catering, entertainment, and social event services within our hotel. We collect them either during the booking process, regardless of the method by which it is carried out (electronically, by phone via customer reception, etc.), or/and upon your check-in at the hotel, or/and during your participation in activities within the hotel. The data may include the following:
Information entered during the use of services on our website, such as completing a contact form on our website, filling out a registration card, or registering for our services. When you express interest in purchasing our services and submit relevant requests, we collect the data you provide, whether contacting us directly by phone, through our website, or via third parties you have appointed (e.g., travel agencies) for this purpose, in your communication with our employees, via email, or by any other means. Depending on the reason and method of communication with us and your use of our services, the personal data we process may vary, meaning we may collect:
Data required by applicable legislation when making a reservation to stay at our hotel premises to provide hotel and additional services, which include, among others: i) Personal details (e.g., full name, patronymic, date of birth, gender, place of birth, nationality, ID or passport number, issuing authority, marital status, as well as details of any minor children staying with you at our hotel). If you interact with us via social media, information (e.g., username) from your profile on those platforms may also be included; ii) Contact details (home address, country, city, postal code, contact phone numbers, email address); iii) Room number, your arrival and departure dates, vehicle registration number used to arrive at our hotel, to appropriately carry out the parking services in the specially designated parking area of our hotel. Before completing the booking, a relevant field may appear where you declare that you have read and accepted the booking terms, as well as this policy and the terms of use of our website.
Information required for invoicing and the issuance of legal tax documents, such as Tax Identification Number (TIN) and Tax Office (DOY), as well as information necessary for payment, including credit or debit card number, card expiration date, cardholder name, CVC code, direct debit details/bank account, and, if you are a company member, the company’s details to enable us to issue invoices.If you make an electronic or online payment via debit, credit, or prepaid cards during your online reservation, our company does not store or collect payment details. Specifically, upon entering the necessary payment details—such as the card number, security code, cardholder name, and expiration date—and completing the payment, this information is automatically transmitted to the authorized bank managing all card transactions, using appropriate technical and organizational measures. The bank collects the data, processes the payment, and subsequently confirms the completion of the transaction to our company. In the case of partial payment, installment payment, or full settlement of the agreed service fees at our hotel or company premises by any means, our company collects and stores your financial information within the framework of this policy, exclusively to ensure the proper execution of our services, your effective service, and the lawful fulfillment of our contractual and financial obligations, as well as any other obligations derived from the valid service agreement between our company and you during your stay at our hotel, including the signing of related documents. This data is securely deleted without retaining copies immediately after the contractual and legal purposes for which it was collected have been fulfilled. For the above reason, we may also collect transaction data, including details of payments to and from you and other details of the products and services you have purchased from us.
Personal data concerning the use of our services, such as room telephone, mini-bar consumption, restaurant or bar charges, room service, and information necessary to fulfill special requests (e.g., health conditions requiring specific accommodations, dietary habits, etc., through feedback submission).
Data concerning your preferences and interests (e.g., specific room type, preferred floor, bed type, etc.).
Personal data collected through closed-circuit video recording systems, provided you are within the system’s field of view, in areas where specific signage (signs) indicating such monitoring is present, aimed at controlling entries and exits (such as the main entrance, reception area, elevator and stairway entrances/exits), as well as in central cash-handling and transaction areas, excluding safes in guest rooms, within the context of protecting the life and property of our guests, employees, and our business. These data may concern your activities, your image, your vehicle’s registration details, and other visual information about you captured by the system. Our company ensures that the heightened expectation of privacy of the individuals recorded is not violated and that there is no risk of such a violation occurring in the future, adhering to all requirements of the applicable Greek, European Union, and international legislation.
In the event that, during your stay at our hotel, you use the wireless internet access services (WiFi) provided by our hotel or simply visit our company’s website with or without the offered wireless access, we collect exclusively certain technical identification details of the device you use to navigate the internet, information about your computer, including the IP address, geographical location, type and version of the browser, and the operating system.
To provide better and improved services, we may collect data for quality control purposes, in order to evaluate the effectiveness of product and service promotion (marketing), provided you have given your consent for this and have selected the relevant option. For this reason, we analyze, for example, whether sent newsletters (informative bulletins offering products, services, and personalized discounts) are opened and whether their content is selected. Additionally, to supplement the points already mentioned, for statistical purposes and to optimize our services, we may collect information about your visits and use of our website, including the source of origin, duration of visits, page views, and navigation paths on the site, to develop and improve our products and services. We may provide third parties with statistical information about our users (e.g., the aforementioned data, as well as their interests, age, gender, and visited pages, information that third parties collect directly from their users when using their services, such as data Google collects from users of its services like Gmail), without these third parties being able to identify any individual user from this information. These third parties may provide us with data that could be used for your personal identification (such third parties include, for example, Google Analytics, as explained in the following chapter of this policy, whose services are subject to their own terms and conditions, which we recommend reading). Additionally, we may collect data from our hotel’s official social media pages, where your participation is optional and occurs only after your explicit consent.
Contact details (full name and email address) for sending updates within the framework of our newsletter, offers, registration in loyalty clubs (if you wish to register in the members’ club, this can be done via a link – a relevant field on our website where you fill in and submit the corresponding form with your consent), reservation confirmations, registration in our services and/or our website, and any other actions concerning you.
Information contained in any communications you send to us via email or through our website, including the content of the communication and any other personal information you send to us.
Information from our company’s official pages on social media and from brand channels (e.g., Facebook, Instagram, Twitter, etc.).
Any other information necessary to provide you with personalized and improved services.
As a rule, we do not collect sensitive personal data or data that could lead to such, unless you voluntarily provide them to help us improve your stay. For example, medical data such as allergies or health issues may be used to meet your needs and provide you with the appropriate diet and assistance. We may use the health data provided by you exclusively to better serve you and address your specific needs. By exception, general health data may be collected for the use of certain services provided by us or our data processing partners (e.g., SPA services), provided you give your consent, or without it in exceptional cases (e.g., accidents, public health crises), where we may transfer your health data to third parties (doctors, hospitals) to ensure your safety and health or to protect public interest.
In cases where you provide us with personal data of third parties, you must obtain their consent for both the disclosure and processing of such personal information in accordance with this policy. In any case, you guarantee that you have informed them about the purposes and methods by which we will process their personal data as outlined in this Policy.
Use of the website and services by minors
This website and our services are intended for use by adults and are NOT directed at minors under the age of 15. If you are a minor below the age at which parental consent is required in your country (in Greece, this age is 15 or above, according to Law 4624/2019), we MUST obtain parental consent before you use any of our services that may result in the processing of your personal data, as outlined in this policy. Since it is technically impossible to verify the age of individuals using our website, we encourage parents to contact us if they discover any disclosure of personal data by minors without their consent.
Our policy is to knowingly avoid processing personal data of individuals under the age of 15. By using this website, you confirm that you are over 15 years old. If you are under 15, you must refrain from using the website or providing any personal data without the approval of your legal guardian. If you fail to comply with these obligations, you are required to immediately notify our company. In any case, by using this website, you acknowledge that our company is not responsible for any violation of the above obligations by you, as we do not have the ability, even with reasonable efforts, to verify your age or the consent of your legal guardian.
In any case may we discover that we have collected any personal information from a minor under the age of 15 without verifiable parental consent, as required by law, we will delete the information from our database as soon as possible.
Purposes and Legal Basis for Processing Your Personal Data
Your personal data will be used for processing your reservation, enhancing your experience on this website, and other purposes defined in this policy and/or on the relevant pages of our website. The processing of your data is carried out either by the specially authorized personnel of our company or through information systems and electronic devices managed by our company and, exceptionally, by third-party partners who are contractually bound to maintain confidentiality and protect your data (see below “Third-party recipients of your personal data”).
The GDPR permits the processing of personal data under the following conditions, either alternatively or cumulatively:
a) Performance of a contract: This applies when processing your personal data is necessary to fulfill our contractual obligations.
b) Legal obligation: This applies when we are required to process your personal data to comply with a legal obligation, such as keeping records for legal and tax purposes or providing information to a public body or authority. In this case, your explicit consent is not required.
c) Your consent (where required): You may revoke it at any time as stated in this policy. If consent is provided, our company may keep a record of how and when the consent was given. When personal data collected and processed are required for the performance of a contract with the data subject, explicit consent is not necessary. This often occurs when the contract cannot be completed without such personal data, e.g., a reservation for a meal or a room cannot be made without a name, email address, and credit card details.
In accordance with the above and strictly adhering to the appropriate legal basis for processing in each case, we may lawfully use your personal data for the following actions:
Managing our website and business, personalizing our website for you, verifying compliance with the terms and conditions governing the use of our website, and other uses.
Providing the ability to create an account, register, or authenticate on applications to facilitate the process of purchasing our services.
Non-personalized processing of your data for statistical purposes and/or for the improvement of our services, to tailor the website content to your needs and to enhance its structure, updates, and dynamics.
Purchase and activation of the use of services offered on our website and the sending of terms and conditions for the use of our services purchased through our website, with the aim of developing and improving our products and services, which constitutes our legitimate business interest, by providing third parties with statistical information about our users without these third parties being able to identify any individual user from this information (e.g., Google Analytics), as mentioned in the immediately preceding section of this policy.
Providing the personalized hotel services you request by any means (online reservations, phone bookings, etc.), using our facilities and amenities (reservation, confirmation, and further actions, vacation package purchases, and other transactions, stay, check-in and check-out, services during your stay, accommodation and service payments). This ensures a unique stay experience. Communications can be provided via email, post, social media, phone, mobile text messages, app messages, and other means.
Calculating the use of our services and issuing necessary tax documents for our transactions, as required by applicable tax legislation. This involves collecting your details and Tax ID for issuing legal receipts, retaining them for a specific period, and submitting them to the Independent Authority for Public Revenue (AADE).
Safety of persons and property (our clients, employees, and facilities), handling potential claims, and provision of data to third parties for judicial purposes. The aforementioned processing activities are essential, on the one hand, to safeguard our legitimate interests in protecting individuals and assets within our premises and our legal protection in the event of claims against our company, and on the other hand, to serve the legitimate interest of third parties in receiving and using specific data held by our company for the defense of their rights before judicial authorities, always provided that the disclosure is deemed necessary and appropriate by our company to achieve the specific purpose.
Communication with you during your stay at the hotel to provide you with useful information that will make your stay comfortable and pleasant (e.g., room access management, special activities, and hotel programs). This information is sent to you via email, text message on your mobile phone (SMS, Viber, WhatsApp, etc.), or by any other means to inform you about activities taking place within our facilities, as we undertake to do within the framework of providing hotel services.
If you have provided your contact information through the contact form or by any other means (e.g., email address at any pre-contractual or contractual stage, including when completing the form on our website’s homepage titled “subscribe to our newsletter” or phone number) or your username on social media accounts by choosing to locate us on social media, we may use this information to contact you for advertising purposes and to promote our services, according to the preferences you have expressed, participation in loyalty programs, contests, promotional activities, or surveys, provided you have given your consent for this, as well as for services from carefully selected third-party partners to enhance your complete hotel experience. If you are visiting our hotel as part of a conference or group, we may share certain personal data with the conference organizers or agencies to verify bookings. Please note that if you subscribe to our newsletter, you may unsubscribe at any time from this service and stop receiving such updates by clicking the link provided in the newsletter email and selecting the unsubscribe option. However, we clarify that if you “unsubscribe” as described above, we will not be able to delete your data from the databases of the partnering businesses with which we have already shared your personal data (i.e., to which we have already provided your personal data prior to the date of your unsubscribe request).
Provision of specific services (e.g., Spa services), for which the collection of sensitive health-related personal data may be required, which, as a rule, we do not collect unless you provide your consent.
To comply with applicable law, such as recording the personal details of customers staying at our hotel and maintaining records of all transactions.
To support IT and business operations purposes.
In exceptional cases (e.g., accidents), the collection of your personal data and any subsequent processing of such data (e.g., transfer to third parties, such as a doctor or hospital) is conducted to protect your life and health, either with your consent or without it if you are unable to provide it.
The legal bases for processing data are directly related to the specific purpose pursued. We may process your personal data based on more than one legal basis, depending on the purpose and nature of the processing. Each time we process your data, we will ensure that we do so respectfully, taking your lawful rights into account.
We will not disclose your personal information to any third party without your explicit consent. Furthermore, to provide personal data on behalf of a third party, you must have obtained that third party’s consent before disclosing their information to us. These individuals must be informed about this privacy policy.
Social Media
Within our Website, the option to share on Social Networks and other related tools may be offered, allowing you to share your activities within the Website with other applications, websites, or mass media, and vice versa. Using such features enables the exchange of information with your friends or the general public, depending on the settings you have configured in your personal profile.
Furthermore, third-party social networks that provide interactive activities, plugins, or social networking functions (e.g., allowing you to connect to Facebook or Google to find friends to add as connections or to “Like” a page) may use cookies or other methods to collect information about the use of our website and applications. The use of such information by third parties depends on the privacy policy available on the social network’s website, which we encourage you to review carefully (please refer to the Privacy Policies of these social networking services for more information on how they handle your data).
Such third parties may use these cookies or other tracking methods for their purposes, associating information about your use of our website with any personal information they may have about you. We may also receive analytical data from social networks to help us measure the effectiveness of our content and advertisements on social networks (e.g., views and clicks).
Furthermore, as part of our hotel activities in which you have expressed interest and participate (e.g., social, culinary events involving prominent or non-prominent individuals), photographs of the areas where these activities are conducted may be taken by third-party professionals and/or employees of our company. These photographs may incidentally (although we make every effort to avoid this) capture the faces of our hotel guests, third-party users of our services, or other attendees present in the hotel premises. These photographs may be posted on our company’s website and/or our social media accounts solely to promote our services.
Acceptance of this policy, as outlined above, also implies your consent for the use of your data for this purpose. This consent can be revoked at any time by requesting us to remove any publication or photograph, which we will implement promptly. However, we shall not bear any responsibility (criminal or civil) if you fail to do so, and you shall not be entitled to any compensation for any reason should you proceed with such a request.
Links to Third-Party Websites
Our website may contain links to third-party websites. Please note that this privacy policy does not apply to third-party hyperlinks, and for any further processing of your data by those third parties through the use of such hyperlinks, you should consult the respective website to which the link leads. We are not responsible for the collection, use, maintenance, distribution, or disclosure of data and information by third parties.
If you follow these links, you will leave our company’s website, and thus the scope of this Policy. Our company is not responsible for the data protection practices or policies of third-party websites and services, nor can it guarantee the security of your browsing on these websites.
If you provide personal data to third-party websites, the privacy policy and terms of those services will apply. Please note that in such cases, third parties may independently collect data about you, including your IP address and information about the websites you visit and the links you click, through cookies, link clicks, or other means during your visit.
We encourage you to read the privacy statements of each and every website that collects personally identifiable information. This policy applies exclusively to information collected from our website. For more information on this subject, please refer to the “Third-Party Links and Our Company’s Responsibility” section of our website’s terms of use.
If You Choose Not to Provide Your Personal Data
When making a reservation for accommodation and use any of our services, we may need to collect certain personal data mentioned above, as required by law or according to the terms of execution of the contract between us, to enable the provision of our services. If you refuse to provide your personal data, it will be impossible to achieve the primary purpose of collecting such data, and, for example, it may become impossible for our company to properly provide the services available on our website or otherwise. This means we may be unable to provide our service and may need to cancel your reservation or the provision of the requested services. We will inform you accordingly so that you can freely decide what you wish to do.
Retention Period of Your Personal Data
We retain your data for as long as necessary to fulfill the respective purpose for which it is being processed and to meet our contractual obligations to you (e.g., the purchase of our services in accordance with hotel regulations), as well as for as long as required by law (e.g., tax, commercial law) and for the legitimate interests of our company (e.g., if we need to raise legal claims) and our clients. When the processing of personal data is carried out on a contractual basis, your personal data will be stored for the duration necessary to ensure the proper execution of the contract and thereafter for the establishment, exercise, and/or defense of legal claims arising from the contract, or as otherwise required by law. When the processing is based on your consent, we will retain your personal data until you withdraw your consent. If you withdraw your consent for the collection and processing of your personal data, we will delete your data from our records unless retaining it becomes necessary to comply with a legal obligation or to exercise, establish, or defend rights or legitimate interests before judicial and other authorities. When processing is mandated by provisions of the applicable legal framework, your personal data will be stored for the duration required by those provisions. When the processing is performed to serve a request of yours, we will process your data for as long as it takes to fulfill your request.
In any case, the personal data you provide to us and are reflected in written agreements, contracts, and electronic correspondence related to contract execution or business transactions are stored for the lawful duration in our company’s sales/contracts department and accounting office, or by any other third party directly or indirectly providing the above services or assisting these departments in their tasks or providing service management services to us. Furthermore, your billing data for the hotel services we provide is stored for the period specified by the applicable tax law, to enable us to comply with possible audits by the competent authorities. Once the purpose for which we collected your data is fulfilled, the data is deleted unless you give your consent again for its processing. Deletion can also occur following your explicit request for data deletion unless a longer retention period is required by applicable law, in which case we may retain certain processed data, but for no other purpose than the lawful one.
Image data collected via closed-circuit television (CCTV) is automatically deleted after 15 days. If an incident is identified during this period, we isolate a portion of the video and retain it for up to one more month to investigate the incident and initiate legal proceedings to protect our legitimate interests. If the incident involves a third party, we will retain the video for up to three more months, as specifically defined by the Data Protection Authority. This period may vary depending on the case, particularly in criminal or civil litigation, which could mean that personal data will be retained at least until the final resolution of the respective case. Once the data is no longer needed for the aforementioned legal purposes, we will proceed to delete it.
Security of Your Personal Data
Our company implements reasonable security policies and procedures to protect personal data and information from unauthorized access, loss, misuse, disclosure, or destruction. We are committed to safeguarding the personal information and data provided by our visitors and customers. For this purpose, we have implemented and will continue to update the necessary technical and organizational measures to ensure the protection of our visitors’ and customers’ personal data. We maintain appropriate safeguards to ensure the secure storage of your data and to prevent unauthorized access. We keep up to date with technological advancements, reviewing and upgrading our security systems as necessary, with the sole purpose of ensuring the safety and protection of your data. On an organizational level, access to your personal data is restricted to our authorized and appropriately trained personnel and the individuals mentioned in the following section of this privacy policy, strictly within the scope of their duties. All communications between our company’s website and your browser are encrypted via HTTPS protocol.
The security of your information also depends on you. If we have provided you with or if you have chosen a password for accessing services through our website or applications, you are responsible for maintaining the confidentiality of this password. We request that you do not share your password with anyone.
Although we take all reasonable measures to protect your data, we cannot guarantee that these technologies and procedures will never be breached, especially when it comes to transmitting information over the internet. To safeguard your personal data, we advise you not to include sensitive personal data or confidential information in emails sent to us. Additionally, please do not send your credit card numbers or any other sensitive personal information via email. Our company bears no responsibility for any unauthorized access or loss of your personal information that is beyond our control.
In the event of a data breach or loss, we implement all necessary suppression and mitigation procedures to resolve the issue as quickly as possible, limit potential consequences, and comply with our legal obligations. Therefore, if any visitor or customer becomes aware of any illegal, malicious, inappropriate, or unlawful use of personal data in connection with our company, they are obligated to report the incident immediately. Failure to do so may result in personal liability to the company.
Third-Party Recipients of Your Personal Data
Our company does not disclose or share personal data with third parties who are not connected with us unless it is required for our legitimate professional and business needs, to respond to your requests, and to provide our services or if it is mandated by law. Your data is processed in a manner that ensures its protection by specifically authorized personnel of our company strictly within the scope of their duties (e.g., hotel staff, reservations department, IT, commercial department, etc.), with a commitment to maintaining confidentiality. However, to provide our services, we also purchase services from specific third-party service providers, i.e., our external partners who have been carefully selected, comply with the applicable personal data protection laws, and to whom we grant limited access to specific data (data processors). In any case, before disclosing any information to a company we collaborate with, we thoroughly check such companies. All data recipients must comply with the applicable legal framework and personal data protection obligations. They are not permitted to use your personal data for their own purposes but are only allowed to process it for the execution of their tasks on our behalf and according to our instructions unless otherwise required by applicable laws or regulations or as otherwise stated in this Policy. Additionally, we transparently inform you about the countries to which data may be transferred if such need arises.
Based on the above, we may disclose your personal information to any of our employees, officers, insurers, professional advisors, agents, suppliers, or subcontractors, as reasonably necessary for the purposes set out in this policy, who further process the data on our behalf or for us, according to the purposes for which it was initially collected or may be lawfully processed, such as for the delivery of services, evaluation of the usefulness of this website, marketing, advertising, data management, or technical support. Additionally, we may disclose your personal information to any member of our group of companies (this includes our subsidiaries and all their subsidiaries) as reasonably necessary for the purposes set out in this policy. We may share certain personal data with conference organizers or travel agencies to verify bookings if you visit our hotel as part of a conference or group. We work with external partners and will only provide the data necessary for them to offer services you may need during your stay at our hotel (e.g., taxi companies, car rental companies, etc.).
Specifically, we transfer your data to third parties only when necessary for a specific lawful processing purpose, such as to:
Suppliers and service providers, such as service providers who have outsourced hotel management (e.g., reservation systems, customer relationship management systems), technology and media providers, payment processing and fraud prevention providers, partners providing services at our hotel complex, such as spa and vehicle parking services for our customers.
Businesses and professionals who also act as “data controllers” and are independently responsible for the lawful processing of “personal data,” as stated in their respective notices and policies (e.g., insurance companies, lawyers, auditors, our partners in the hotel sector such as travel agents, health service providers such as public and private hospitals, diagnostic centers, health professionals to whom we may transfer your data in case of a serious accident to safeguard your vital interests). Additionally, we may contact the bank with which you collaborate to verify your card’s credit limit and make the relevant charges.
Our external service providers, i.e., data processors, who are bound by confidentiality obligations, and to whom we transfer the necessary data to execute the tasks we have assigned them (e.g., IT service providers, accountants, etc.).
We may share information about you to investigate, prevent, or take action concerning illegal activities if there are suspicions of unlawful conduct or criminal acts against the rights and legitimate interests of any natural or legal person, in the event of a violation of the Terms of Use of our Website, or if required by law, as well as in other cases where we believe in good faith that sharing the information is necessary.
Finally, we may transfer your data to competent authorities if required, on a case-by-case basis, to comply with legal obligations or to defend our legal rights (e.g., Courts, Prosecutor’s Office, Police, General Secretariat of Consumer Protection of the Ministry of Development and Competitiveness, Independent Authority “Consumer Ombudsman,” Data Protection Authority, Supervisory Authorities of Data Protection of other EU member states, relevant Ministries, Prefectures, Tax Offices, Financial and Economic Crime Unit, Independent Authority for Public Revenue).
Data Breaches
We will report any unlawful data breach within 72 hours of becoming aware of it and will take all necessary legal, technical, and organizational actions to promptly address and contain the breach.
Transfer of Personal Data to Third Countries
Our company does not transfer your data outside the EU. However, our services may be provided using resources and servers located in various countries worldwide. As a result, your Personal Data may be transferred across international borders, outside the country where you use our services, including countries outside the European Economic Area (EEA). If such a transfer is required, it will be conducted only for lawful and contractual reasons, as stipulated by the GDPR, and solely to enable the conclusion and execution of hotel service contracts. This may involve transferring data to third-party companies (e.g., travel agencies) based in a country outside the EEA. In such cases, we ensure a level of data protection equivalent to that in the European Union.
Your Rights
You may exercise the following rights at any time, under the conditions specified by Greek and European legislation, by sending an email to our Data Protection Officer at [email protected] or by submitting a related request using the data subject rights application form available on our website. You may send the completed form to our company’s postal address, 2, G. KRANIDIOTI STR., PYLAIA, THESSALONIKI, 57001, or to [email protected] with the subject “Data Subject Request.” Specifically:
“Right to Information,” meaning you have the right to be informed clearly, transparently, and accurately about how we use, store, and process your personal data and your rights.
“Right of Access,” meaning you have the right to know which Personal Data we collect about you and any individual you legally represent in the exercise of your legal rights and obligations (e.g., your child), how these are processed, their processing purpose, who accesses them, their storage duration, your rights concerning the processing of your personal data, whether automated decision-making occurs, to obtain copies of these data, as well as any other information regarding the processing carried out.
“Right to Rectification,” meaning you have the right to request the correction of inaccurate personal data concerning you, the completion of any incomplete personal data, and their updating in our database (e.g., in case you change your email address).
“Right to Erasure,” meaning you have the right to request the deletion of your data if they are no longer necessary in relation to the purposes for which they were collected, if you wish to withdraw your consent to their processing, and no other legal basis for processing exists beyond that consent.
“Right to Restriction of Processing,” meaning you have the right to request a restriction of processing your personal data for data you have asked us to delete or rectify, as well as in cases where our company must delete your data, but you wish to retain them solely for your own purposes, e.g., to defend yourself or make legal claims.
“Right to Data Portability,” meaning you have the right to receive your data in a readable electronic format or/and have them directly transferred to third parties, other data controllers, as you will indicate to us. This right applies to data we process based on a legal basis such as contract, law, or consent (see above “Purposes and Legal Basis for Processing Your Personal Data”).
“Right to object to the Processing of Your Personal Data,” meaning you have the right to object at any time to the processing of your data, provided there are no other compelling and lawful reasons for the processing that override your right. The exercise of this right can be done in one of the ways outlined at the beginning of this section. If you object to the collection of your data, the service may no longer be available to you for technical reasons. Accordingly, we inform you that if the transfer of data is necessary for the establishment, exercise, or defense of legal claims in court or out of court, our company’s legitimate interest prevails, and the right to objection you may exercise cannot be satisfied.
“Right to Withdraw Consent,” meaning you have the right to withdraw at any time the consent you have given for the processing of specific data collected and processed only upon your consent, as described in detail for each such action and purpose in this Policy.
When exercising any of the above rights, we may need to request specific information from you to help us verify your identity and ensure your legal rights, as well as for any authorized person you designate. This is a security measure to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We may also contact you to request further information regarding your request.
We strive to respond to all legitimate requests within one month. Depending on the case, it may take us more than a month and for up to an additional two months from the submission of the request if it is particularly complex or involves a series of requests and a particularly large volume of information. In this case, we will inform you about the progress of your request and keep you generally updated. If the requests are manifestly unfounded or excessive, especially due to their repetitive nature, our company may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or refuse to follow up on the Request and fulfill it, providing justification for its response. For information on the progress of your request, you can contact our company’s Data Protection Officer, whose details are listed below in this Policy.
If you do not receive a response within the prescribed period (one month with – under conditions – an extension as mentioned above) or the response you received was unsatisfactory or your issue has not been resolved, you can contact the Data Protection Authority (www.dpa.gr), as well as in any case where you believe that your personal data or/and the data of individuals you legally represent are affected in any way.
Protection of Personal Data in the Event of Changes to the Ownership Structure of Our Company
Please note that in the case of a legal transformation of our company, your information will be shared only with your renewed consent, which you will provide in any appropriate manner, in addition to your prior acceptance of this current privacy policy.
Modification of This Privacy Policy
We reserve the right to modify and update this privacy policy at any time, as well as any text concerning your personal data that may be posted on this website, to comply with current legal or regulatory obligations. We will not explicitly and personally inform our customers or website users of these changes. Before any potential changes in the processing of personal data, we will amend this policy accordingly and post it on our website so that you may be informed and effectively exercise your rights. The date indicated will mark the last modification of this Policy, and any change will apply from its publication on our website. For this reason, we recommend that you systematically and regularly check our company’s website regarding the protection of your personal data, especially before making a reservation at our hotel. Use of the website after such changes constitutes your acceptance of the revised Terms of Use and Privacy Policy.
Our company may provide additional privacy notices to website users in specific sections of the website during the collection of personal data on a case-by-case basis. These notices supplement this Privacy Policy and jointly apply under the terms outlined above.
IMPORTANT NOTICE: For the collection of personal data that does not occur electronically for users of our website and does not concern our visitors/customers and users of any of our services but involves the processing of personal data of employees, job applicants, partners, suppliers, and, in general, natural persons with whom we have contractual or transactional relationships, separate written and detailed information is provided to the data subjects (either in person, through posting on our website, or by any other means) during the collection of such data, which may also be accompanied by relevant contractual texts. It is noted that this Policy may also be supplemented by additional informative notices, which you will find posted on our website.
Applicable Law and Jurisdiction
The applicable law is Greek law, as shaped by the GDPR, and the current national and European legislative and regulatory framework for personal data protection. The competent courts for any disputes related to your data are the courts of Thessaloniki.
Questions and Contact – Data Protection Officer
You can contact us with any questions, comments, or complaints regarding this Policy, to exercise any of your aforementioned rights, submit a related request, or inquire about the processing of your data. The Data Protection Officer (DPO) of our company, whom you may contact, is: VASILEIOS KOSMIDIS, 2, G. KRANIDIOTI str. ,0030 2310 475224, [email protected]
Upon the Visitor’s/Customer’s explicit consent, which can be provided at any time by completing the relevant form titled “declaration of consent,” the processing of personal data will be carried out under the framework of the service provision contract. This will be done in accordance with this Policy, to fulfill the contractual purpose and improve service delivery, in compliance with the GDPR, relevant national and European legislation, the Operating Regulation of the Personal Data Protection Authority, and the Authority’s decisions, as defined herein.
Get the latest offers
Sign up for our newsletter
ΜΗΤΕ: 1127981 (ver.7)