1. User privacy and data protection
- The personal data is collected and processed only when is absolutely necessary.
- We respect your privacy. We will never sell, rent or distribute your personal information without your consent.
2. Relevant legislation
2.1 Along with our company’s business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- EU General Data Protection Regulation 2018 (2016/679 GDPR)
- Greek law for Data Protection 2019/4624
- UK Data Protection Act 1988 (DPA)
2.2 In order to provide you hotel services, we must collect some personal information according to the law.
3. Personal information we collect and process
We collect and process personal data for the following reasons:
3.1 We collect personal data in order to provide you hospitality services in our hotel. We collect either at check-in, during the reservation process or when you participate on any of the hotel activities. We will collect personal data including your name, surname, home address, telephone, email address, ID or passport No, date of birth and any other special request which you may have in order to make your stay unique. We also collect payment details, (credit card no) or any other detail we need to collect for issuing the invoice for you. We collect arrival and departure date as well.
3.2 We do not collect any “sensitive” personal data (genetic biometric or health related) or data that may lead to that, unless you will voluntarily provide them to make your hospitality better. For example, allergies or any disability you may have, we will provide you with the food and assistance you need.
3.3 We collect some personal data from our official pages in social media, where you voluntarily use them.
3.4 Website visitation tracking.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find us and to see their journey through the site. Although Google does not provide us with any information which may identify/profile you.
3.5 Contact forms and email links
If you choose to contact us using the contact form or an email link, none of your personal data will be stored on the website or transfer in any third party data processors as defined in section 6. Instead, the data will be collected into an email and be sent to us over cryptography encryption SSL. The content is decrypted from our local device and computers.
If you are under 15 years old you must obtain parental consent before we collect your personal data. Because is technically impossible to check the age of people using this website, we suggest that parents inform if it comes to their attention that the personal data of their children was processed without their consent.
4. How we use your personal data.
4.1 We should collect personal data to provide you hospitality service on legal basis.
4.2 To provide you personalized hospitality at our hotel making your stay unique.
4.3 If you choose to accept our special offers, we will communicate to you via the available channels, for example email newsletter. You can unsubscribe at any time from our offers.
4.4 To analyze and improve our services.
4.5 We may share some personal data with congress operators or travel agencies to verify the reservations only.
4.6 We use some third party companies and we will share only the necessary personal data they need in order to provide you services during your accommodation. For example: taxi services, car rental e.t.c.
4.7 For communication with the authorities if required.
5. How we store, retain and secure your personal data
For our hospitality services we store your personal data to our hotel information system (PMS) that is compatible with GDPR and is located at a secure area on the hotel’s premises. We maintain security measures of personal data by applying security polices in our premises network, backup policies, cryptography on wan connections and more, to ensure the personal data from any unauthorized access. We stay informed on technical evolution by rechecking and reforming our systems if necessary. On organizational measures, only authorized and educated personnel have access in your personal data. We retain your personal data as long as you are an active customer or as long as it is required by the applicable law.
All the communication between this website and your browser is using HTTPS cryptography.
Our policy of the retention of your personal data is:
- Pseudonymisation inactive customer accounts: after 10 years
- Delete of canceled bookings: after 10 years.
6. Our third party data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the relevant legislation set out in section 2.
We will report any unlawful data breach within 72 hours from the moment we will notice the breach.
8. Data Controller
Ioannis Sarantis S.A. – Makryammos Bungalows Thassos, Greece.
9.0 Data Protection Officer
To communicate with the Data Protection Officer, you can use the following email: firstname.lastname@example.org
This policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our customers. Instead, we recommend that you check this page occasionally for any changes.
Revised: October 2019