PRIVACY & PERSONAL DATA PROTECTION POLICY
The website www.alkyonhotel.gr, henceforth the “Website”, is under the management of the company under the corporate name “HOTEL AND TOURIST ENTERPRISES OF VRACHATI SOCIÉTÉ ANONYME”. Personal data, i.e. all information identifying you as a person or able to identify you directly or indirectly, which you provide optionally and obligatorily when you access our website or sign up for different applications regarding services provided by Alkyon Resort Hotel & Spa and any further personal data requested at a later stage, is collected, processed, forwarded, stored and used by us, under the capacity of data controller, as well as by service providers including data processors and service providers. You may contact the hotel’s Data Protection Officer at the email address [email protected]
Our hotel takes privacy and personal data protection very seriously and has taken all necessary measures in order to ensure the safety and confidentiality of the information concerning visitors/users of its Website.
You are kindly requested to carefully read the present Privacy and Personal Data Protection Policy in order to be aware of the information that is collected when you visit and make use of our web services, the information posted on it, its use, as well as your rights. These terms may be improved, updated or in any way amended, fully or partially, at any time.
This Policy is equivalent to a notification of the data subjects, pursuant to articles 13-14 of the General Data Protection Regulation (EU) 2016/679. If you have any questions about this Policy and the manner in which the hotel collects and processes your personal data in general, please contact us at the following address: [email protected]
INFORMATION COLLECTED BY OUR WEBSITE
- Information automatically collected during your visit and interaction with our Website
Our Website has informative content about the provided services that pertain to your stay at our hotel and mere navigation (without booking or sending a request) does not require the provision/entry of personal data by the visitor. However, merely by visiting and navigating our Website, certain information may be automatically collected, which can identify you directly or indirectly, such as:
- Your computer’s Internet Protocol (IP) address,
- The browser type and operating system,
- The web pages you visited right before and following your visit to the site,
- Basic server connection information and
- Information collected via HTML, cookies, Flash cookies, web beacons and other similar technologies (see section “Cookies” below).
- Information directly provided by you:
If visitors of the Website wish to express their interest for hotel services via the Website, they are asked to fill in and submit a relevant communication form, during the submission of which the Website collects and processes, with consent, the following personal data:
- Name and surname
- Telephone number
- Details about your stay at the hotel (date of arrival/departure, number of days, number of adults/minors/infants, room type, booking type)
- Credit card details (number, expiry date, owner, security code)
- Permanent residence details (Country, purpose of stay, address, street, region, postal code)
- Message-remarks (free text by the concerned person)
You will also be requested to provide personal information for specific purposes, for instance when you book a stay at our hotel for provision of additional services (e.g. Spa services, meals, etc.), such as, among others:
– Contact details, such as your name, postal address, email address and telephone number.
– Credit card number or other payment account number, billing address and other payment and billing details (“Payment information”)
– Files and copies of your correspondence in case you contact us.
– Necessary information for covering special requests (e.g. Health conditions that require special accommodation)
– Information on visitors’ stay, including the dates of arrival and departure as well as purchasable goods and services.
– Information collected via closed-circuit television systems and other security systems
– And, in extraordinary cases, information concerning customers’ credit.
By using this Website and without prejudice to the provisions of the legislation on consent to online communication for purposes of direct marketing, you provide your explicit consent to all above cases of data processing. We may also use the information you have provided to contact you from time to time, in order to share important information, necessary notifications and marketing offers. You are free to withdraw your consent at any time. If you wish to withdraw your consent, please let us know via post at the address Vrachati Korinthias Postal Code 20006, via telephone by calling +30 27410 52010 or via an email at [email protected]
In relation to the information that is automatically collected when you visit our Website, you are kindly requested to refrain from visiting if you do not wish this information to be collected and processed.
- We may collect personal information from different sources, among which:
– the Website
– booking centres and phone calls
– social media and brand name channels (e.g. Facebook, Twitter).
FOR STATISTICAL ANALYSIS:
In order to learn more about how our Website is used by its visitors, we keep in aggregate form and analyse the data we collect. We may use this information, for instance, to monitor and analyse the use of the Site, to enhance its functionality and to better shape its content and design according to our visitors’ needs.
When we collect data directly from you, we take care to verify which of the collected personal information concerns minors. In any case, if we realize that we have collected personal information from minors under 15 years of age without verified parental consent, pursuant to Article 21 of Law 4624/2019 we will delete the information from our database as soon as possible and inform the minor’s parent or guardian. If you believe that we may have collected information from minors under 15 years of age, please contact us at [email protected]
PURPOSES FOR WHICH WE USE THE INFORMATION WE COLLECT
We collect, process, use and store your personal data:
– To verify your details, when you connect to our websites, applications and Wi-Fi.
– To meet booking or information requests and retrieve your preferences and registration information.
– To provide our services
– To evaluate and receive data for administrative and other communication purposes and to operate and improve the quality and efficiency of our services, websites, Programmes and Applications relevant to our functions
– To comply with the applicable law, which entails registration of personal data of customers staying at the hotel and keeping vouchers of all transactions.
– To support IT purposes.
– To support operating procedures.
– To ensure and protect your legitimate interests, as well as ours. To this end, we use closed-circuit television (CCTV) systems and security cameras in order to be able to protect the safety of natural persons, materials, facilities. Cameras are placed at both indoor and outdoor hotel areas.
USE AND EXCHANGE OF INFORMATION
- The hotel respects your right to protect your privacy and personal data and to this end we use this information for the purposes mentioned above. We do not share, forward or make this information accessible to third parties. We also do not forward this information outside the European Union.
We may make information that concerns you available to other companies, applications or persons, in the cases mentioned below:
- We may share aggregate information or information that does not identify you directly with third parties, in order to develop the content and services of our Website. Please note that we do not share your contact details with third parties in any way.
- We may use, in the present or in the future, third parties for provision of services relevant to our Website, such as database management, provision of maintenance services, analytical data, data processing and distribution of email and text messages. These third parties will have access to information concerning you only in order to perform their above mentioned obligations on our behalf and with explicit contractual commitments regarding the protection of your privacy and personal data.
- We may share your personal information in the event the hotel is acquired or merged with another company or in the event any other similar business transaction takes place. However, in cases as such, our Website will inform you by displaying a distinct notice or by sending a relevant notice to the email address you have provided, before the information concerning you is transmitted and generally subjected to a different personal data protection policy.
- We may share information about you in order to respond to judicial summons, search warrants, judicial proceedings, court orders, legal procedures or other measures of law enforcement by any competent authority, including the Hellenic Data Protection Authority and the Supervisory Authorities for Data Protection of other member states of the European Union, as well as in order to establish and defend our legal rights or to respond to claims against us.
Please note that third parties may independently collect data that concerns you, including your IP address and information about pages you visit and connections you click on, via cookies, connection or other media links you click on during your visit. For more information, see the “Cookies” section below.
When you provide personal data of third parties, you guarantee that they are aware of the purposes and the manner in which we shall process their personal data.
DATA RETENTION PERIOD
The hotel shall retain the personal data it collects through its Website for the period of time strictly necessary for fulfilling the above processing purposes or for complying with applicable laws or voluntary restraint agreements or with the terms of this Policy. We will retain the information that is automatically collected for up to 12 months and it may then be stored in an unrecognizable summary form. If you withdraw your consent regarding the collection and processing of your personal data, we will delete your data from our electronic and physical files, unless retaining said data is necessary in order to ensure compliance with our legal obligation for the exercise, establishment or defence of our rights or legitimate interests before judicial authorities.
When processing is required by provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.
When processing is performed on a contract basis, your personal data shall be stored for as long as is necessary for the performance of the contract and for the establishment, exercise and/or defence of legal claims, pursuant to the contract.
When processing is carried out in order for us to serve your request, we will process your data for as long as it takes to satisfy you request.
When processing is performed within the framework of promotions and marketing, we will process your data until you have withdrawn your consent and you have requested to no longer receive our promotional messages.
We are absolutely committed to maintaining the security of your personal data. To achieve this, we apply all modern and appropriate technical and organizational measures for the purpose of processing, in order to reasonably protect your personal data from being accessed and processed in an unauthorized or unlawful manner or from being accidentally lost, destroyed, damaged, stolen, used or disclosed. Thus, we regularly control the effectiveness and adequacy of these measures.
Your security and the security of your information are also up to you. In cases where we have provided to you or you have chosen a password to access the services through our site and / or our applications, you are responsible for maintaining the confidentiality of that password. You are kindly requested not to share your password with anyone else.
We will make every effort to ensure the safest possible use of our site or applications. You are advised not to include confidential information (e.g. credit card information) when using email. For your own protection, our replies to you via email will not include any confidential information.
You can exercise, where applicable, the following rights:
- the right of access, in order to find out which personal data we process, for what purpose and their recipients,
- the right of rectification, in order to correct any deficiencies or inaccuracies in your data,
- the right of deletion (right to be forgotten), for deleting your personal data from our archives, provided that their processing is no longer necessary or the retention of your data is no longer required in order to comply with our legal obligations or defend our legitimate interests before the Court,
- the right to the restriction of processing, if the accuracy of your data is questioned
- the right to portability, in order to get your data in a structured, commonly used and machine readable format.
- the right to object, if you do not wish your data to be used for the purpose of direct marketing of our services. Our hotel does not compile profiles based on the personal information you provide through this Website.
For the exercise of your rights, please send your respective request in writing to the following address: Vrachati Corinth PC 20006, or by calling 27410 52010 or by emailing us at [email protected]
The hotel will make every effort to respond to all your relevant requests within thirty days from the date of receipt. However, if your request cannot be satisfied within thirty days due to its complexity or due to the volume of information, we commit to inform you in writing within the above deadline, stating the reasons for delay and make every effort to satisfy your request as soon as possible and, in any event, within the two following months.
The hotel reserves the right to refuse your request, if it is considered manifestly unfounded or excessive, informing you of the reasons for such refusal.
In any case, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
What are cookies and why do we use them?
They are small pieces of information stored on computers for the purpose of identifying the browser used during website navigation. Device identifiers are aggregated from available system components, which may include IP addresses, user agent information (browser version, operating system type and version) or device-generated identifiers, such as Apple advertiser identifiers, Apple identifiers for suppliers, Google Android identifiers, or Google Play Store advertisement identifiers. Cookies and similar technologies can be used to memorize information, such as identifiers and users’ preferences.
In addition, cookies help us monitor the performance and traffic of our Website, improving its layout and content according to our guests‘ preferences.
Which cookies do we use?
Some or all of the cookies described below might be stored in your browser. You can view and manage cookies in your browser (however, mobile device browsers may not include this feature). Our Website may use the following cookies.
- Strictly Necessary Cookies:
The technically necessary cookies that are essential for the proper operation of our Website, allowing you to browse and use its features. These cookies do not identify you.
Without these cookies, we cannot ensure efficient operation of our Website.
In addition, these cookies allow our Website to remember your options, such as font size, in order to provide improved and personalized features.
- Performance Cookies
These cookies collect information about the way you use our Website, for example, which pages you visit most often. These cookies collect aggregated, anonymous information that does not identify visitors. They are used solely to improve the performance of a website.
These cookies collect aggregate anonymous information about the proper operation and possible errors on our Website, such as when a user is looking for an older version or certain files have been compromised.
You can set your browser to block all cookies or indicate when a cookie is being sent, however some features or services on the website may not work properly without cookies.
For more information on the types of cookies see http://www.allaboutcookies.org. If you wish to learn how to manage or remove cookies, visit the following website: www.AboutCookies.org.
If you have any questions regarding this Policy or the hotel’s activities in general, you may contact the hotel’s Data Protection Officer at the following email address: [email protected]
AMENDMENTS TO THIS POLICY
The hotel reserves the right to amend this Policy, always in accordance with the applicable law pertaining to privacy and personal data protection. Visitors of our Website should regularly read our Privacy and Personal Data Protection Policy in order to be informed of any amendments that may occur, whereas the hotel is bound to provide the necessary updates to its visitors and users by any appropriate means, in compliance with the conditions set by the General Data Protection Regulation (EU) 2016/679.