Data Protection

PERSONAL DATA PROTECTION POLICY

Thank you for visiting the Company’s website or contacting us via e-mail.

We in the Company “Winvest Greece LTD” (hereinafter referred to as “the Company”) consider it extremely important to protect the personal data of our hotel guests and the visitors of our website. For this reason, we have taken the necessary steps to comply with all rules for the protection of personal data. We handle personal data with special care, in accordance with the Company’s Personal Data Protection Policy, as well as European Law (EU Regulation 2016/679 – GDPR) and any other applicable national legislation (L. 4624/2019 currently in force) with regards to collection, storage, processing, access and transfer of personal data.

You may on all times access the Company’s updated Privacy Statement Personal Data Protection Policy (hereinafter referred to as “Privacy Policy”) at the current web page of our website www.thegemsocietyhotel.com.

The Privacy Policy applies to personal data collected by means of communication, such as our website, e-mail and other online tools, which contain a link to this Privacy Policy. This Privacy Policy does not apply to personal data gathered from sources and by means of communication outside the Internet, except in cases where such personal information is consolidated with personal data collected online. We only collect personal data in relation to you, if you choose to provide it to us. We do not share your personal data with third parties, unless you have expressly authorized us to do so.

Please read our Privacy Policy to learn more about how we collect, use, share and protect personal information online:

CRITERIA OF LEGALITY

Personal data may be processed, if at least one of the following applies:

-the subject of the personal data (you) has given his/ her consent;
-processing is necessary for the performance of a contract between the subject (you) and the Company (us);
-processing is necessary for the Company to comply with its legal obligations;
-for the establishment, exercise or defense of legal claims or proceedings.

PERSONAL INFORMATION COLLECTED

You can visit our website without giving us any personal information, by not entering this information in any field on our website and by not using any available personalized services. We collect your personal information, only if you choose to provide it to us.

The personal information that we process includes:

-Identity information – such as name, age, gender and passport information;
-Contact information – such as your home address, postal code, e-mail address and phone number;
-Financial information – such as your credit card details;
-Health information – where disclosed and relevant to the provision of services;
-Preference information – such as special requests, service issues and other preferences for your stay.

AUTOMATICALLY COLLECTED INFORMATION

A specific type of information is automatically collected whenever you contact our website, as well as through e-mails that we exchange. The automatic technologies we use include, for example, web servers, cookies and web beacons.

IP ADDRESSES

The IP address is a number given to your computer each time you connect to the Internet. All computers have IP addresses which allow computers and servers to be identified and communicate with each other. The Company collects IP addresses to analyse its website, control its profitability and pass on collective information to affiliated companies, business partners and/ or vendors.

COOKIES

Cookies are information that is automatically placed on a predefined folder on your computer every time you enter our website. Cookies help uniquely distinguish your computer from the server. They also allow us to collect information about the server in order to help you browse the web better, and to be able to analyse the website and control its operation.

WEB BEACONS

In our website or emails, the Company may use a common internet technology called web beacons (also known as “action tag” or “clear GIF technology”). Web beacons help analyse the effectiveness of our website by measuring, for example, how many visitors the website has received or how many visitors have chosen a particular piece of the website. Web beacons, cookies and other means of identification do not automatically collect identifiable information about you.

If you would like to maintain your anonymity when browsing our web page, you can set your browser to refuse cookies or to notify you whenever they are sent to you. Only if you voluntarily submit identifiable information, such as a registration request or an e-mail, automatic means will be used to provide further information about your use of our web page and/ or interactive e-mails, with the purpose to become more useful to you.

USES OF YOUR PERSONAL DATA

For each of the categories of personal data described above, we use your personal data for the following purposes:

-To enable you to use our website;
-To help us identify you and any accounts you hold with us;
-To provide superior customer service to you;
-To assist us in making your reservation and providing the services you request;
-To process transactions through our website;
-For billing purposes in relation to your stay with us;
-To contact you in relation to matters that arise from your stay with us;
-To conduct surveys to receive your views of our service delivery (if, where required, you separately provide your consent to this);
-To analyse customer trends and insights;
-To operate our business, including for internal purposes, such as auditing, data analysis, statistical and research purposes and troubleshooting, to help us improve our services.

In some cases, we may combine personal data with other information, to generate anonymized, aggregate statistical data (e.g. number of visitors, domain name of the Internet Service Provider) that helps us improve our products and services. When this occurs, we remove all identifiers from the personal data you have provided to us and keep it in aggregate form.

PRINCIPLES APPLIED DURING PROCESSING

The Company may process your personal data, in order to provide you with personalised services. Your personal data is not used for purposes other than those described in this Privacy Policy, unless we obtain your prior permission or unless this is required or permitted by law. Personal data should be processed in a way that is compatible with the purpose for which it was collected.

The principle of proportionality applies to the processing of personal data. Among other things, it creates the obligation not to collect personal data unnecessarily.

Personal data used should be accurate and up-to-date. Personal data that is no longer accurate and complete should be corrected or deleted.

The processing of personal data should be in accordance with the principles of good faith. This means that data subjects can rely on the processors to show proper care in all data processing issues.

Individuals whose personal data has been processed should be updated accordingly if they so request. In particular, they have the right to be informed of the purposes for which their data is processed, the type of data they concern and the identity of the recipients of the data. Where necessary, data subjects are also entitled to request the correction, non-transmission or deletion of their data. The above rights may be limited only if such limitation is provided for by law. This applies, in particular, to scientific research.

Personal data is protected against unauthorised disclosure and any unauthorised processing. The measures put in place should ensure a level of security commensurate with the nature of the data to be protected and the risks that may arise from its processing. The Company is responsible for implementing and complying with EU Regulation 2016/679 and the applicable National Law.

Employees of the Company dealing with the processing of personal data should be suitably informed. Any procedures for the processing of personal data by third parties by agreement should be set out in writing. The Company will ensure that the third party is properly processing the personal data and is in compliance with the principles set forth in this Privacy Policy. In the event that the third party decides that it cannot ensure an adequate level of security of personal data, the Company will terminate the cooperation.

SECURITY

Our Company applies technical and organisational security measures and other procedures to protect your personal data against unauthorized access, alteration, misuse, disclosure, loss or destruction. In order to ensure the confidentiality of your data, our Company also uses firewalls and password protection programs in line with international market standards.

Our partners who support us in the operation of this website also comply with these provisions.

However, it is your responsibility to ensure that the appliance you use (i.e. PC, phone, tablet, etc.) is sufficiently secure and protected against malicious software such as Trojan, virus, etc. You should be aware that, without sufficient security measures (e.g. secure browser setup, up-to-date virus software, effective firewall, no software from doubtful sources, etc.), there is a risk that the data and codes you use for protected access to your data, may be disclosed to unauthorized third parties.

The Company makes every reasonable effort to keep personal data collected only for the time it takes for the purpose for which it was collected or until its removal is requested (if that occurs earlier) unless the applicable legislation gives the right to preserve them.

ACCESS TO PERSONAL DATA & RIGHTS

You retain the following rights in detail, which can be exercised by sending an e-mail to the address  from your personal email address, enclosing a copy of your identity card:

  • Right to be informed about your personal data: Upon your request, we will provide you with information about the personal data we hold for you.
  • Right to correct and complete your personal data: If you notify us in this regard, we will correct any inaccurate personal data you may have. We will fill in incomplete data upon notification by you, provided that such data is necessary for the purpose of processing.
  • Right to delete your personal data: Upon your request, we will delete the personal data held by our Company. However, some data will only be deleted after a specified hold period, for example because in some cases it may be legally required to retain the data, or because the data is required to fulfil our contractual obligations vis-à-vis you.
  • Right to bind your personal data: In some cases provided by law, we will block your data upon your request. Further processing of blocked data occurs only to a very limited extent.
  • Right to withdraw your consent: You may -at any time- withdraw your consent to the processing of your personal data in the future. The lawfulness of your data processing remains unaffected by this action, up to the point at which where your consent is withdrawn.
  • Right to object to the processing against your data: You can always object to the processing of your personal data in the future, given that we process your data in the base of one of the legal justifications provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679.

NEWSLETTERS

The Company through its website uses your e-mail address, provided that you have given your consent through specific subscription fields, to advertise its products and services.

Newsletter is sent only to users and subscribers who have chosen to receive them and is fully technically compatible with mailing regulations. The Company provides Newsletter subscribers with the option of deleting them from the recipients list. When a subscriber chooses to be deleted from the recipients list then his email is permanently deleted. Newsletter subscribers’ emails are used exclusively for this purpose and for no other purposes.

The newsletters that the users receive by subscribing to the recipients list, are intellectual property of the Company and are therefore protected by the relevant provisions of Greek law and international conventions.

PERSONAL DATA OF MINORS

Our website is intended for adult audiences. We do not collect personal data from anyone we know is under the age of 18 without prior verifiable consent from their legal representative. The legal representative has the right to request access to any information provided by the minor and can also request its removal .

OTHER TERMS

This Privacy Policy is governed by the principles of EU Regulation 2016/679 and the applicable National Law.

If any of these terms are found to violate the applicable law, they shall automatically become void, without in any way affecting the validity of the remaining terms.

The Company may conclude an agreement for the assignment of its obligations to an appropriate third party.

All notifications must be made in writing by hand or by post.

The above terms constitute the complete agreement with the Company, which reserves the right to modify, update or delete any terms herein without any notice. Modification or updates will take effect once this text is revised accordingly.

REVISION OF THE PRIVACY POLICY

The Company reserves the right to modify or periodically revise the Privacy Policy at its sole discretion. If any changes are made, the Company will record the date of change or revision in the Privacy Policy and the updated Privacy Policy will take effect from that date. We encourage you to periodically review the Privacy Policy to stay informed about any changes to the way we manage your personal data. The continued use of our website will indicate your consent to the updated policy and the use of any new features.

LINKS TO OTHER WEBSITES

Our website may contain links to a number of other web pages that may include useful information for our visitors. This Privacy Policy does not apply to these websites, and we encourage you to visit them directly to learn their privacy policy.

HOW TO CONTACT THE COMPANY

For any questions or in case you wish the Company to change or modify your profile, please contact us in writing at the following address: [email protected]

Should you require more information on data protection or have any relevant complaints, you may contact the Greek Data Protection Authority at 1-3, Kifisias str., P.C. 115 23, Athens, dpa.gr.

JULY 2024