Who we are?
«Data Controller» for the operational needs of this site is the company «IOANNIS KAI GEORGIOS NIKOLAOU GEORGIDAKIS GENERAL PARTNERSHIP — HOTEL & TOURIST ENTERPRISES» based in Tolo of Nafplion, Greece.
Telephone: 27520 59868 — 27520 59097
Via e-mail: firstname.lastname@example.org
What data do we collect about you?
- Name, Surname.
- Phone number.
- Country of origin.
This booking data is then transmitted to our company.
It is clarified that our company does not have any access to customers’ payment details as the transactions take place in the secure environment of the contracted Alpha Bank.
When you browse this website, you provide us with your personal information at any time you announce your arrival (check in), you contact us through the contact form and you accept cookies in full.
We process only those necessary personal data that are essential for the fulfillment of the purposes of our transactions, namely:
To check in:
- Name, Surname.
- Date of birth.
- Passport / ID number.
- Residence address, city, postal code, country — nationality.
- Phone number, email address.
- Tax Registration Number, in case of invoice issuance.
For the contact form:
- Name, Surname.
Our company informs its visitors/customers that the personal data it processes remains highly confidential.
Why do we collect your data?
We process visitor / customer data for purposes related to our tourism services.
Below we list in detail the purposes of processing:
- Preparation and execution of our contract.
- Protection of public health — keeping a file of accommodation and book of events COVID — 19 (Law 1881/30.05.2020). According to current legislation and due to the new coronavirus COVID-19 our hotel must keep a record of staff members and all persons staying at the hotel.
- Commercial promotion of our services (e.g. Cookies).
Therefore some of your data that we already collect during the check in (name, nationality, date of arrival and departure, contact details: address, phone, e-mail) procedure, are recorded in this file of our company to be able to communicate with close contacts of any COVID-19 incident, which may be identified a posteriori.
The processing of your personal data is always carried out in accordance with the principles and rules of GDPR.
How do we process your data?
- Data collection: The collection of data from our customers on this site is as follows:
- Filling the «Check In» form.
- Filling the contact form of our page.
- Accepting all cookies.
- Data security: Our company implements strict security procedures in order to protect the personal information of our visitors/customers from damage, destruction or disclosure to a third party without their consent and to avoid unauthorized access to them. Computer data is stored in a secure environment with limited physical access. We also use technical measures to restrict electronic access. If the data is to be forward to a third party (e.g. accountant’s office) we require that similar measures be put in place to protect your information. We clarify in any case that the personal data we collect in the context of the website are absolutely necessary for the purposes of the smooth operation of our transactions. They are completely confidential and are kept only for the above purposes. This data is accessed by our employees who are bound by confidentiality clauses. With extremely strict procedures, some of your data is disclosed to our processors (e.g. external accounting, etc.), who are committed to maintaining them confidential. In addition, we have adequate security mechanisms and take all necessary and appropriate organizational and technical measures in order to avoid any data breach.
- Recipients of data — transfers: It is clarified that our company does not disclose the personal data of our customers to another country. If the disclosure of our clients’ data to our contracted external partners (e.g. accountant) is required for our compliance with a legal obligation (e.g. tax legislation) or the exercise of our legal claims, we make this data available to the absolutely necessary extent for the fulfillment of our purposes.
- Retention period: The above data obtained by the client for room reservation are initially maintained for one (1) year after the completion of the provided service. Temporarily, COVID-19 details are stored as long as the above law is in force (31.12.2020). Το uninstall cookies, see the relevant policy. In case your personal data are deemed necessary to secure or support our legal claims, or in case some of your data is recorded in tax documents (e.g. name, home address or VAT number), our company expressly reserves the right to keep them for a period of more than one (1) year or the above stipulated time and until any court decision becomes irrevocable or until the end of any administrative control or until the completion of the legal limit of tax legislation.
What are your rights?
According to GDPR you have the following rights:
- Right to access: Know if and to what extent your personal data is being processed in any way, in particular the purposes of the processing, the categories of data we process, the recipients of your data inside and outside the EU, the retention period for which we keep your data as well as the existence of automated decision making (Article 15 GDPR).
- Right to rectification: Request the rectification and/or completion of your personal data, so that it is complete and accurate (Article 16 GDPR).
- Right to restriction: Request the restriction of the processing of your data under the conditions of article 18 GDPR. It is noted, however, that our company has in any case the right to refuse your request for restriction of the processing of your personal data if the processing or observance of the data is necessary for the establishment, exercise or support of our legal rights or the fulfillment of obligations.
- Right to objection: Object to any further processing of your personal data (Article 21 GDPR), unless we prove that there are compelling and legitimate reasons for processing your data or that retention is necessary for the exercise of our legal claims.
- Right to erasure («right to be forgotten»): Request the deletion of your personal data from the records we keep under the conditions of Article 17 GDPR. It is pointed out that our company has in any case the right to refuse your request for erasure of your personal data, if the processing or keeping of the data is necessary for the establishment, exercise or support of our legal rights or the fulfillment of our obligations.
- Right to portability: Request the transfer of your data from our company to any other controller (Article 20 GDPR). Please note that the right to portability does not imply the erasure of your personal data.
Right to complain: File a complaint to the Hellenic Data Protection Authority (www.dpa.gr), if you consider that your rights are violated in any way. To exercise your rights, you can contact the «controller» in writing or via e-mail. The company, fully respecting your rights, will make efforts to respond to your request within thirty (30) days of submission. This deadline may be extended for an additional sixty (60) days, if this is deemed necessary taking into account the complexity of the request and the number of requests. Our company, in any case, will contact you about the extension of the response deadline within thirty (30) days. Exercising your rights does not require any costs. However, in the event that the requests of visitors/customers are manifestly unfounded, excessive or repetitive, we have the right to either impose a reasonable fee on the visitor/customer, informing him or her, or to refuse to respond to his request/ requests.