The Pebbles Collection

Dear Guest,

Dear Guest,

In order for your booking to be confirmed, a 25% deposit of the booking value is required.
The balance of your booking value is due 2 weeks before arrival.

If you cancel your booking up to 60 days before check in you will receive a 100% refund of your deposit. If you

would like to proceed with your booking, please ask us for transfer instructions. As soon as your payment is

received, a confirmation email will be sent to your email account.

 

PRIVACY POLICY
The Privacy Policy captures the way we handle your personal information. Of course,
it is a prerequisite for its application to collect your personal data. Therefore, if you just
browse our site without having any online or other transactions with us, then all you
are interested in is the cookie policy, which you can directly choose here (cookies).
The Privacy Policy is a brief summary of how we collect and process your personal
information. In the course of our business activity and the operation of our business
we collect and process personal data from visitors, prospective visitors, associates,
staff and others in order to be able, on the one hand, to provide excellent services to
our guests and, on the other, to fulfil the obligations derived from our contracts and
the law.
Our goal is to process as little personal data as possible for as little time as possible.
We apply policies that require minimal use of personal data and we create a security
environment to process them. The Privacy Policy lists the purposes for which we
process the personal data, the legal basis of the processing, the recipients of the data
and the retention time. It also makes extensive reference to your rights in relation to
personal data and gives you full details of those responsible in order for you to be able
to exercise them.
The Privacy Policy structure follows the requirements of the General Data Protection
Regulation (GDPR), but is customized to a user-friendly so that it can easily locate the
area of interest.
SECTION 1
BASIC CONCEPTS AND INFORMATION
1. Reservations/Reception/Check in
2. Customer registration tab / file
3. Newsletter/ Mailing list
4. Credit/Debit card
5. Social Media (Facebook-Instagram)
6. Data recording on the Web (Cookies, Ad Words, Google Analytics)
1. Data recording
2. Links to other web sites
3. Cookies
4. Pixel Tags and other similar technologies
5. Analytics
6. Non Entities
7. Resumes/ Curriculum Vitae (CV)
8. Personnel
9. Cameras / Surveillance systems
10.Disclosures to Service Providers
11.Data Security
SECTION 2
RIGHTS
1. Right to receive transparent information
2. Right to access your own data
3. Right to rectify inaccurate data
4. Right to Erasure (“Right to be Forgotten”)
5. Right to withdraw consent
6. Right to limit processing
7. Right to data portability
8. Right of Objection
9. Right to complain to the competent supervisory authority
10.Updates to This Privacy Statement
SECTION 1
BASIC CONCEPTS AND INFORMATION
A. Data Controller
A Controller is the natural or legal person who decides on how to process personal
data. It is the person who bears responsibility for any processing and has the obligation
to answer any of your requests about them.
contact phone number +30 6974 844549 and email
thepebblescollection@gmail.com
B. Processing Purposes
We process your personal data in order to be able to provide you with all the services
and to achieve our business goals with security for your privacy.
In order to facilitate your information, the purposes of processing your personal data
are listed below. For each purpose a corresponding analysis of the GDPR
requirements is made.
1. Reservations/Reception/Check in
Reservations can be made by phone, via our website, by email, by fax, through partner
offices or directly at the reception. In any of the above cases, the following personal
data are collected:
• Name/Surname
• Arrival date
• Departure date
• Type of accommodation
• Postal address
• Date of birthday
• Country
• Nationality
• Passport No.
• E-mail address
• Full credit card details
• Special requirements
Purpose of data processing. The purpose of collecting this information is to allow us
to identify the visitor making the reservation in order to predict, keep and prepare the
appropriate space with the appropriate preferences so that (upon check-in) we are
able to deliver the corresponding space. We need to record credit card details in order
to be able to collect the remuneration of the reservation in accordance with the terms
of the agreement in the event that the guest makes a reservation or cancels and does
not check in at the hotel. We need to use the email address in case of relaying
information about booking changes, the booking itself, or comments about our
services. We must maintain all the data about special preferences (i.e. the additional
services requested by the customer) in order to be able to provide services to the
customer and to justify the charge and the benefits requested.
Legal basis for the processing of data. The legal basis for the processing is the
contract between us (including the pre-contractual stage) and the need to protect our
legitimate interests, namely maintaining a high quality of service. Indeed, sending an
email after staying on our premises to learn about the quality of our services and your
comments does not affect your fundamental rights, but instead allows you, if you wish,
to exercise your right of expressing your view about our services and suggest ways to
improve them. If you do not provide the above personal information, we will either not
be able to book a room for you or we will not be able to provide you with the services
you are requesting or we will not be able to contact you if there is a problem.
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Data processing period. We process personal reservation data differently in terms of
holding time, depending on the individual purpose of their processing, for example we
keep the registration for the name and the date of check-in for a period depending on
the retention period of data about your stay and preferences for special services, while
the email address for a period up to the completion of the transaction between us if
you have not given consent to our sending newsletters. In some cases, we have a
legal obligation to retain personal data for a longer period, e.g. for the Municipality in
relation to the hotel guests and the payment of a relevant fee for as long as the law
provides. If you have given your consent to process the address data for future
communication, it is retained for as long as you have consented, as a rule for 20 years.
You may withdraw your consent at any time, but the withdrawal of consent will not
affect the legitimacy of consent-based treatment before it is withdrawn. We delete all
personal data after the end of the above periods.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner. If you wish to exercise any of your rights
listed in Section 2 in relation to the data recorded during the above activities or if you
wish to contact us for any other reason, please let us know by sending an email.
2. Customer registration tab / file
We keep a customer database, with each individual tab concerning a single customer.
The following personal data are recorded in this tab:
• Name/Surname
• Time of stay
• Gender
• Age
• Nationality
• E-mail address
Purpose of data processing. Our customer tab serves to manage the customers’
requirements and to deliver our services. Every transaction and every service provided
to our client remains on the tab in order to meet our statutory and contractual
obligations, and to satisfy our high standard of service requirements.
Legal basis of data processing. For the maintenance of a customer database, the legal
bases are: 1) the law, which requires the retention of data due to the issue of receipts
and invoices, for tax audits and because of municipal and police provisions, 2) the
contract with the customers for the provision of hotel services, catering and recreation
services and to allow invoicing, payment by bank and justification of charges in cases
of dispute, 3) the legitimate interest of the company in being able to systematically
manage its clientele in order to provide excellent services, of a high and competitive
level, and to know and facilitate its customers, and (4) your consent for certain specific
processes (preferences, updates, etc.). Your data are only then entered on the tab in
order to facilitate future bookings and service of specific choices and needs without
the need to re-enter your data. You may withdraw your consent at any time, but the
withdrawal of consent will not affect the legitimacy of the processing for the period
before it is withdrawn.
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Data processing period. We maintain and process your personal data for the above
purpose in a different manner as appropriate. For tax audits, invoice data is retained
for twenty years after client’s departure. For municipal and police provisions, data is
retained for as long as the law provides, and however up to five years, and then
deleted. For the needs of servicing the contracts and then any disputes arising from
them, twenty years after the departure. Communication data shall be retained for as
long as necessary for any post-service provision of post-service issues and shall then
be deleted unless consent has been given for their retention and shall be retained for
5 years and then deleted. The amount of your personal data that is retained over a
period of time as above differs, as for example for tax audits it is not necessary to
maintain your email address or our service choices or respectively for our
communication it is not necessary to maintain credit card data, etc., so keeping your
data by category for different periods.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner.
If you wish to exercise any of your rights listed in Section 2 in relation to the data
recorded during the above activities or if you wish to contact us for any other reason,
please let us know by sending an email.
3. Newsletter/ Mailing list
We collect data for the purpose of communicating with you. Specifically:
• your email address
The purpose of processing is to maintain our communication with you and to send you
business news about new services, offers, activities and events. We want to engage
with you in a way that is meaningful to you. We recognize that you may only want to
hear from us in a limited way.
You may choose to unsubscribe from our newsletters by clicking the link at the bottom
of one of our communications.
*Please note that even if you choose to opt-out of communications with us, we will
continue to send you transactional messages about your specific reservation or stay
with us, such as pre-arrival, confirmation and guest satisfaction surveys.
The legal basis of data processing is your consent. This consent has been received
by you either upon your arrival at the hotel or during your stay in this or any other
contact we have had with you. Without your consent to processing your data, we will
not be able to send you newsletters about our offers, discounts and new services that
may be of interest to you. Besides, if you are a customer of our hotel, then because of
the contract between us it is possible to keep in touch with you to find out if you are
happy with our services and help us improve them and also to inform you about our
new programs and services. You have the right at any time to oppose our further
communication with you.
Data processing period. We renew our list every ten years. Therefore, you will receive
a message again in order to resubmit your consent otherwise after the lapse of time
we will delete from our database the specific personal data of your e-mail address.
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner.
If you wish to exercise any of your rights listed in Section 2 in relation to the data
recorded during the above activities or if you wish to contact us for any other reason,
please let us know by sending an email.
4. Credit/Debit card
In some cases of a room reservation, we ask you to give us the following details of
credit/debit card:
• Cardholder name and typed of credit/debit card
• Credit/debit card number
• Security number (CVV)
• Expiry date
The purpose of processing. Provide a reservation and charge the total amount of the
reservation or only part thereof, depending on the cancellation.
The legal basis of data processing. The execution of the contract concluded for the
provision of room reservation as a service. The provision of data is mandatory as it is
the requirement to provide the service and the security of the payment.
If in any form regarding your booking you acknowledge your specific consent for your
credit / debit card data to be retained for other transactions as well, the legal basis for
our processing your data will be your consent for this processing. You may withdraw
your consent at any time, but the withdrawal of consent will not affect the legitimacy of
consent-based treatment before it is withdrawn.
Data processing period. Credit / debit card data are disclosed solely for transaction
purposes and only to authorized persons. Upon departure from the hotel, these data
are not disclosed, and access to these data is avoided. The data are deleted within
six months of the transaction and if it is completed. In cases of consent, your personal
data are retained for as long as your credit card is valid.
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner.
If you wish to exercise any of your rights listed in Section 2 in relation to the data
recorded during the above activities or if you wish to contact us for any other reason,
please let us know by sending an email.
5. Social Media (Facebook-Instagram)
Our company may communicate with you through social networks, and specifically
through Facebook or Instagram.
By clicking the “Like” and “Follow” buttons on this page, Facebook users can subscribe
to the News Feed published on the page. Clicking the “Decline Like” button they can
be deleted.
The Company may have access to its “friends” profiles, however, it does not record or
process them in its system.
The purpose of data processing. The purpose of processing the personal data of
Facebook and Instagram users (friends) is to share the content of the page with them.
Users and company share news and offers, keeping in touch. This helps to make the
company familiar to the public and to promote its services to those who choose it.
The legal basis of data processing. The processing of personal data relies upon the
consent of the subject. Consent can be revoked at any time by unsubscribing.
Withdrawal of consent does not affect the legitimate processing that took place before
the revocation. If the consent is revoked, the user will no longer receive notifications.
Data processing period. The processing of personal data takes place as long as the
consent exists and is interrupted when it is revoked. No personal data are stored or
further stored and processed.
The company publishes photos / videos about various events, etc. on her Facebook
page and Instagram. The photos that are published are always of groups and always
relate to the events without allowing any other conclusions about the participants as
the selection of the photos is made in such a way that they do not exhibit exceptional
conditions and are usually taken with the consent of the subjects within the company’s
premises in locations where an event took place. Any unauthorized mention of any
element identifying the subjects is avoided. If it is not a photo of a group of people, the
company always requests the prior written consent of the data subjects prior to
publication. You have the right to request removal of a photo that includes you. The
company proceeds to do so in order to promote its services and considers that this
does not violate the fundamental freedoms of the subjects. Keeps photos for six
months from the day of the event and then deletes them.
Facebook and Instagram record your personal information independently of us. Every
time you visit our pages on Facebook and Instagram, these businesses collect
and process your personal data without our own intervention or knowledge.
They are processors independent of us. You can configure your own parameters and
learn about data processing performed by these businesses. Visit the links below for
more information on Facebook’s data editing and Facebook guidelines on
websites: https://www.facebook.com/policies/cookies/ and https://www.facebook.com
/about/privacy/update and for Instagram: the page www.help.instagram.com
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner.
If you wish to exercise any of your rights listed in Section 2 in relation to the data
recorded during the above activities or if you wish to contact us for any other reason,
please let us know by sending an email.
6. Data recording on the Web (Cookies, Ad Words, Google Analytics)
6.1 Data recording
When you open our site on a device (such as a laptop or a desktop computer,
smartphone or tablet), this device will automatically record data. Data that are
automatically recorded include:
• the IP address of your device. We collect your IP address, a number that is
automatically assigned to the computer that you are using by your Internet Service
Provider (ISP). An IP address is identified and logged automatically in our server log
files when a user accesses the Online Services, along with the time of the visit and
the pages that were visited. We use IP addresses to calculate usage levels, diagnose
server problems and administer the Online Services. We also may derive your
approximate location from your IP address.
• the date and time of your visit to our site
• the type of browser
• the name and address of your internet service provider.
• Browser and device data
• App usage data
• Data collected through cookies, pixel tags and other technologies
• Demographic data and other data provided by you
• Aggregated Data. We may aggregate data that we collected and this aggregated data
will not personally identify you or any other user.
The data are automatically logged by the web server of the site, without your consent
or any specific activity being required by you. The system records and uses the data
for the automatic production of statistical measures. These data cannot be associated
with other personal data unless such an association is provided for by law. These data
will only be used to correct mistakes and improve the quality of our services and for
statistical purposes. More
information: https://support.google.com/analytics/answer/2611268?hl=el
Purpose of data processing. The technical development of the IT system, the
monitoring of the service and the production of statistics. In the case of criminal
activities, this data can be used – in cooperation with the user’s internet provider and
the competent authorities – to identify the source of such criminal activities.
The legal basis for data processing. The data collected and processed can only lead
to identification of the subject except through cooperation with the provider and only
upon the related request of the Judicial authority. Otherwise, any other treatment is
based on the provision of Law 3471/2006 on the issues of e-commerce services and
information society services.
Data processing period. 30 days from opening our web site.
6.2. Links to other web sites
In order to anticipate your needs, our website provides links to other web sites and
third parties for your convenience and information. We are not responsible for the
collection, use, maintenance, sharing or disclosure of data (including personal data)
by such third parties. We encourage you to contact these third parties to ask questions
about their privacy practices, policies and security measures before disclosing any
personal data. We recommend that you review the privacy statements and policies of
linked web sites to understand how those web sites collect, use and store information
6.3. Cookies
What are cookies? Cookies are small text files that are stored on the hard disk drive
of computers or smart devices until their expiration date set in the cookie and are
triggered (by sending a notification to the site’s web server) whenever the web page
opens in a browsing application on the device.
Purpose of data processing. Sites use cookies to capture information about the use
of the site (pages visited, time devoted to pages, browsing information,
disconnections, etc.) and personal settings – but these data cannot be associated with
the identity of the visitor. Cookies allow website administrators to maintain userfriendly

websites and improve the experience of users who offer their sites to their
visitors.
What cookies are used:
“permanent cookies” that remain during many visits to the site and stored on your
hard disk. Permanent cookies will remain stored on the computer or on the smart
device after the site is closed. Such cookies are used to allow the site to track returning
visitors. Permanent cookies track visitors returning by linking the server side ID to the
user and are therefore an essential part of the functionality of sites that require user
authentication – for example, in web shops, net-banking sites and e-mail sites.
Permanent cookies do not contain personal data, they can only be used to uniquely
identify users by linking them to the correct item in the database stored on the web
server of the site. The inherent risk of using permanent cookies is that they can only
track the web browser as opposed to the user, so if a user uses a public access point
– like a computer in an Internet café or a public library – to connect to a store and fails
to disconnect from the store at the end of his/her session, another person may have
non-authentic access to the web store, which is falsely identified by the system as the
original user (and therefore authenticated ).
“session cookies”, which are automatically deleted after each visit. Session cookies
are temporarily stored only on the computer or smart device while the visitor uses the
site. These cookies allow the system to “remember” certain information, so the visitor
should not provide them whenever they open the site. The period of validity of session
cookies is limited to the duration of the site’s use. the purpose of using session cookies
is to prevent data loss (for example, when filling in a longer form). At the end of every
use of the site – each session – as well as when the browser closes, cookies of this
type are automatically deleted.
«Third-party cookies» are created by other websites. These sites have some
content, such as ads or images, which you can see on the website you are visiting.
«Third Party Advertisers». We may use third-party advertising companies to serve
advertisements regarding goods and services that may interest you when you access
and use the Online Services, other websites or online services. To serve such
advertisements, these companies place or recognize a unique cookie on your browser
(including through the use of pixel tags)
«Third Party Advertisers». We may use third-party advertising companies to serve
advertisements regarding goods and services that may interest you when you access
and use the Online Services, other websites or online services. To serve such
advertisements, these companies place or recognize a unique cookie on your browser
(including through the use of pixel tags)
http://www.allaboutcookies.org/manage-cookies/
Keep in mind that if you choose to disable cookies, you limit the functionality of the
site.
The legal basis for processing as far as cookies are concerned is their necessity for
the functionality of the website. These cookies are necessary for the proper operation
of the site, so in these cases the legal basis for data processing is the law itself.
Recipients of your personal information. Your personal data (the respective ones in
each instance) can be forwarded to the relevant authorities or a third party partner.
6.4 Pixel Tags and other similar technologies
We collect data from pixel tags (also known as web beacons and clear GIFs), which
are used with some Online Services to, among other things, track the actions of users
of the Online Services (including email recipients), measure the success of our
marketing campaigns and compile statistics about usage of the Online Services
6.5 Analytics
We collect data through Google Analytics and Adobe Analytics, which use cookies
and technologies to collect and analyze data about the use of the Services. These
services collect data regarding the use of other websites, apps and online resources.
We use Google Analytics and Google AdWords, services which transmit website traffic
data to Google servers. Google Analytics does not identify individual users and does
not associate your IP address with any other data held by Google. We use reports
provided by Google to help us understand website traffic and webpage usage and
optimize advertisements bought from Google’s own and other advertising networks.
Google may process the data in the manner described in Google’s Privacy Policy and
for the purposes set out above in this section. You can learn about Google’s practices
by going to www.google.com/policies/privacy/partners/ and opt out by downloading
the Google Analytics opt-out browser add-on, available
at https://tools.google.com/dlpage/gaoptout.
We collect certain data through your browser or automatically through your device,
such as your Media Access Control (MAC) address, computer type (Windows or
Macintosh), screen resolution, operating system name and version, device
manufacturer and model, language, internet browser type and version and the name
and version of the Online Services (such as the Apps) you are using. We use this data
to ensure that the Online Services function
properly.
This Privacy Statement does not address, and we are not responsible for the privacy,
data or other practices of any entities outside of the “thepebblescollection.com”
including Franchisees, Owners, Authorized Licensees, Strategic Business Partners or
any third party operating any site or service to which the Services link, payment
service, loyalty program, or website that is the landing page of the high-speed Internet
providers at our properties. The inclusion of a link on the Online Services does not
imply endorsement of the linked site or service by us. We have no control over, and
are not responsible for, any third party’s collection, use and disclosure of your Personal
Data.
In addition, we are not responsible for the data collection, use, disclosure or security
policies or practices of other organizations, such as Facebook, Apple, Google,
Microsoft, RIM or any other app developer, app provider, social media platform
provider, operating system provider, wireless service provider or device manufacturer,
including with respect to any Personal Data you disclose to other organizations
through or the Apps or our Social Media Pages.
7. Resumes/ Curriculum Vitae (CV)
You can find an ad for job search either in a newspaper or on websites of other
organizations or on our website or learn about it through your acquaintances. In either
case, you will be asked to send or you will voluntarily send a CV in which you usually
indicate on your own your entire curriculum and personal data, gender, age, etc. In
each case of receiving a resume, we inform the subject about the processing of their
data by referring to this page.
Purpose of data processing. It’s the hiring of the subject by our business. It may also
be simple disclosure of qualifications for future recruitment. Finally, the covering of
vacancies (usually seasonal) with competent and trained staff. Finally, it may be the
storage of resumes so that they can be used in the future for any of the company’s
needs.
The legal basis for data processing. Your consent, which results from the CV itself in
our address and is included in it. If sent via our website, your consent is substantiated
and is up to date, as there is a reference to the current Privacy Policy on the site. In
any case where an assignment is made through a notice, there is a note and a referral
for your information from this site, so that the consent by sending the resume is
updated. In any case, if a CV is received, there will always be a communication to the
subject’s personal email in order to receive consent for the processing of his or her
data, otherwise the CV will be deleted or destroyed.
You have the right at any time to withdraw your consent to your CV being processed,
by email or in a letter, and you can also delete your registration at any time only if your
recruitment process has not proceeded. If you are hired, the basis for editing your
resume changes and is our contract and legitimate interest. Withdrawal of consent
does not affect legitimate consent-based processing before it is revoked.
Data processing period. We keep the CVs for as long as the employment relationship
lasts, and for a period equivalent to your other personal data after its expiration, if the
recruitment and employment of the subject. If no recruitment is made then CV data is
retained for a period of two years and only if the consent proof for this is available as
above.
As a rule, immediately after receiving the resume, we send notification to the email
address provided in order to request the subject’s consent to maintain the resume for
the period in question in accordance with the terms of this policy.
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner.
If you wish to exercise any of your rights listed in Section 2 in relation to the data
recorded during the above activities or if you wish to contact us for any other reason,
please let us know by sending an email.
8. Personnel
We keep our staff records in order to be able to manage the obligations arising from
our employment contract, by the law and by our legitimate interests. All the data we
process as well as the legal basis for the processing, the holding time and the rights
of the subjects in general are communicated in detail to the employees of our company
through internal correspondence and information.
9. Cameras / Surveillance systems
The personal data entered are the images of the clients and third parties who make
use of the hotel premises. Wired Cameras are located on the entire perimeter of the
hotel and are constantly recording areas of particular importance for security such as
entrance, check-in, reception, etc. There is a clear signage of the subject at every
point where the camera is located.
Purpose of data processing. Video surveillance is used to protect the persons and
property of visitors and the hotel. Their use also has a deterrent effect in the sense of
limiting incidents if it is known that there is some kind of monitoring. Their use is
intended to allow securing and controlling the facilities by a security team.
The legal basis for data processing. The legal basis is the company’s legitimate
interest in protecting both its assets and its clients and in securing their uninterrupted
stay at its premises. The safety of the facilities is of primary concern and business
necessity as tourist facilities are sensitive areas and their precaution is necessary.
Because the hotel area is also a workplace for the staff, camera shots are not used to
assess or control their work and do not focus on employees unless it is impossible to
avoid it, for example in the area of the cashier, the reception or of the entrance.
Data processing period. The processing period is 15 days from the day of receipt.
Each camera produces 24-hour movie material that is kept in the company’s security
records on behalf of our business and then destroyed.
Data transfer outside the EU. Your data is not transferred to non-EU countries.
Recipients of your personal information. Your personal data can be forwarded to the
relevant authorities or a third-party partner.
If you wish to exercise any of your rights listed in Section 2 in relation to the data
recorded during the above activities or if you wish to contact us for any other reason,
please let us know by sending an email.
From time to time we take pictures and videos of events taking place inside the hotel
premises where the company’s services are being promoted. We try to get the oral
consent of the subjects before shooting and the photo always concerns groups of
people in their public activities.
The legal basis for photographing the subjects in events of the hotel where they
participate is based either on their explicit consent to being photographed or on the
company’s legitimate interest in taking group photos of their events and posting them
on its Facebook page and on Instagram.
10. Disclosures to Service Providers
We sometimes contract with other companies and individuals to perform functions or
services on our behalf such as spas and restaurants within our hotels, website hosting,
data analysis, payment processing, order fulfilment, information technology and
related infrastructure provision, customer service, email delivery, auditing and other
services. They may have access to Personal Data needed to perform their functions
but are restricted from using the Personal Data for purposes other than providing
services for us or to us.
11. Data Security
We use reasonable physical, electronic, and administrative safeguards to protect your
Personal Data from loss, misuse and unauthorized access, disclosure, alteration and
destruction, taking into account the nature of the Personal Data and the risks involved
in processing that information. Unfortunately, no data transmission or storage system
can be guaranteed to be 100% secure. If you have reason to believe that your
interaction with us is no longer secure (for example, if you feel that the security of your
account has been compromised), please immediately notify us in accordance with the
“Contacting Us” section, below.

SECTION 2
RIGHTS
In this Privacy Policy you can learn about the rights you have against us as your
personal data processors. We have taken steps to be able to answer any of your
inquiries in a short period of time not exceeding one month from receipt of your request
and without any charge for this service. In complex cases, it may take longer for our
response. In this case, we will notify you of the reasons for the delay and the estimated
time for the delay, which may not exceed a total of three months.
We will respond to you electronically or by any other means as you have requested.
We reserve the right to charge administrative costs to process a claim that is
unreasonably repeated or in the case of a manifestly unfounded or excessive claim.
Note that we need to verify your identity to be able to respond to your request.
If we believe that we should not act on your request, we will inform you of the reason
for our decision as well as of your options for legal remedies.
If you believe that our hotel has processed your personal information irregularly,
please contact us to remedy this and in this way improve our services to all visitors.
You can send us a formal complaint by email or post to the address mentioned above.
1. Right to receive transparent information
We will provide you with all the information required by the GDPR in a short,
transparent, comprehensible and easily accessible format, using clear and simple
language, especially for any child-specific information. We will provide the information
to you in writing or by electronic means. If requested, we will provide the information
orally.
2. Right to access your own data
You have the right to receive from us the confirmation of whether or not your personal
data are processed and, if so, to access the data and the following information:
a. the purpose of the processing,
b. the relevant categories of personal data,
c. the recipients to whom we have revealed or will disclose personal data, in particular
recipients in countries outside the EU. If we transfer your personal data to a non-EU
country or to an international organization, information on appropriate safeguards
(Article 46 GDPR) on the transfer.
d. the period for which the personal data are stored or the criteria determining that period,
e. the existence of your right to ask us to correct or delete personal data or to restrict the
processing of personal data or to oppose the processing,
f. your right to file a complaint with a supervisory authority,
g. when your personal data are not collected directly from you, we will give you all
available information about their source,
h. if there is automated decision making including profiling, important information about
the rationale followed and the significance and predicted consequences of this
processing for you.
3. Right to rectify inaccurate data
If we process inaccurate or incomplete personal data, you have the right to request
we rectify without unjustified delay.
4. Right to Erasure (“Right to be Forgotten”)
You have the right to ask us to erase your personal data and to respond to the request
without undue delay when one of the following reasons apply:
a. Your data is no longer necessary in relation to the purposes for which it was initially
processed,
b. You withdraw your consent and we have no other legal basis for processing your data,
c. You declare your opposition to the treatment under Article 21 of the GDPR (as below
under 8) and there are no compelling reasons for continuing the processing,
d. Data have been processed illegally,
e. The data must be deleted in accordance with the law,
f. The legal basis for data processing is the consent given by a guardian for a child under
Article 8.1 GDPR and either (i) you are the guardian and the child is still under the age
of consent, or (ii) you are now that child and older than the age of consent.
Please note that we cannot delete your personal data to the extent that we need to
process it:
a. for the exercise of the right to freedom of expression and information,
b. to comply with a legal obligation that requires treatment,
c. for reasons of public interest in the field of public health,
d. for purposes of archiving for reasons of general interest, scientific or historical
research or statistical purposes, where the application is likely to render it impossible
or seriously detrimental to the achievement of the objectives of such processing; or
e. for the foundation, exercise or support of legal claims.
5. Right to withdraw consent
Where you have given your consent to any processing, you have the right to revoke it
at any time. You can do this by sending a request to the email address that is shared
with you here.
Please note that withdrawing your consent will not affect the processing we have
already done.
6. Right to limit processing
You may ask us to restrict the processing of your personal data when one of the
following applies:
• You question the accuracy of personal data
• We no longer have the legitimate basis for editing, but you oppose deleting the data
and you are asking to restrict its use
We no longer need the data for the original purpose, but you need it for the foundation,
exercise or support of legal claims
• You object to the processing of the data in accordance with Article 21 of the GDPR
(see below) and request the limitation until the reason for the objection is verified
Where processing is limited to the above, except for the continued storage of the data,
we will process it only with your consent or: (a) to establish, exercise or support legal
claims, (b) to protect the rights of another person, or (c) for reasons of overriding public
interest in the EU or a Member State.
Where we limit processing, we’ll let you know before we remove the restriction.
7. Right to data portability
You have the right to receive your personal data, which you have provided to us, in a
structured, commonly used and machine readable format, as well as the right to
transmit such data to another processor without objection by us when: processing is
based on your consent or contract and the processing is done by automated means
and only if it is technically feasible. This right does not apply to the processing
necessary for the performance of a duty performed in the public interest and cannot
adversely affect the rights and freedoms of others.
8. Right of Objection
You have the right to oppose, at any time and for reasons related to your particular
situation, the processing of your personal data, which is based either on the legitimate
interest under Article 6 (1) (f) of the GDPR or is necessary for the fulfilment duty carried
out in the public interest pursuant to Article 6 (1) (e) of the GDPR. We will not
subsequently process the data unless we can demonstrate overriding and legitimate
reasons for processing that prevail over your interests, rights and freedoms, or for the
foundation, exercise or support of legal claims.
9. Right to complain to the competent supervisory authority
In any case and for every request you have the right to request the assistance of the
Personal Data Protection Authority where you can report or complain. The address of
the Authority is 1-3 Kifissias Avenue, Athens, its site is www.dpa.gr and its contact
telephone number is 210 6475000 and fax 210 6475628
10. Updates to This Privacy Statement
The “LAST UPDATED” legend at the top of this Document indicates when this Privacy
Statement was last revised. Any changes will become effective when we post the
revised Privacy Statement on the Online Services. Your use of the Services following
these changes means that you accept the revised Privacy Statement.

Leave A Reply

Your email address will not be published. Required fields are marked *