PERSONAL DATA PROTECTION POLICY
Thank you for visiting the Company’s website or contacting us via e-mail.
We in the Company “Winvest Greece LTD” (hereinafter referred to as “the Company”) consider it extremely important to protect the personal data of our hotel guests and the visitors of our website. For this reason, we have taken the necessary steps to comply with all rules for the protection of personal data. We handle personal data with special care, in accordance with the Company’s Personal Data Protection Policy, as well as European Law (EU Regulation 2016/679 – GDPR) and any other applicable national legislation with regards to collection, storage, processing, access and transfer of personal data.
CRITERIA OF LEGALITY
Personal data may be processed, if at least one of the following applies:
-the subject of the personal data (you) has given his/ her consent;
-processing is necessary for the performance of a contract between the subject (you) and the Company (us);
-processing is necessary for the Company to comply with its legal obligations;
-for the establishment, exercise or defense of legal claims or proceedings.
PERSONAL INFORMATION COLLECTED
You can visit our website without giving us any personal information, by not entering this information in any field on our website and by not using any available personalized services. We collect your personal information, only if you choose to provide it to us.
The personal information that we process includes:
-Identity information – such as name, age, gender and passport information;
-Contact information – such as your home address, postal code, e-mail address and phone number;
-Financial information – such as your credit card details;
-Health information – where disclosed and relevant to the provision of services;
-Preference information – such as special requests, service issues and other preferences for your stay.
AUTOMATICALLY COLLECTED INFORMATION
A specific type of information is automatically collected whenever you contact our website, as well as through e-mails that we exchange. The automatic technologies we use include, for example, web servers, cookies and web beacons.
The IP address is a number given to your computer each time you connect to the Internet. All computers have IP addresses which allow computers and servers to be identified and communicate with each other. The Company collects IP addresses to analyse its website, control its profitability and pass on collective information to affiliated companies, business partners and/ or vendors.
Cookies are information that is automatically placed on a predefined folder on your computer every time you enter our website. Cookies help uniquely distinguish your computer from the server. They also allow us to collect information about the server in order to help you browse the web better, and to be able to analyse the website and control its operation.
In our website or emails, the Company may use a common internet technology called web beacons (also known as “action tag” or “clear GIF technology”). Web beacons help analyse the effectiveness of our website by measuring, for example, how many visitors the website has received or how many visitors have chosen a particular piece of the website. Web beacons, cookies and other means of identification do not automatically collect identifiable information about you.
USES OF YOUR PERSONAL INFORMATION
For each of the categories of personal information described above, we use your personal information for the following purposes:
-To enable you to use our website;
-To help us identify you and any accounts you hold with us;
-To provide superior customer service to you;
-To assist us in making your reservation and providing the services you request;
-To process transactions through our website;
-For billing purposes in relation to your stay with us;
-To contact you in relation to matters that arise from your stay with us;
-To conduct surveys to receive your views of our service delivery (if, where required, you separately provide your consent to this);
-To analyse customer trends and insights;
-To operate our business, including for internal purposes, such as auditing, data analysis, statistical and research purposes and troubleshooting, to help us improve our services.
In some cases, we may combine personal data with other information, to generate anonymized, aggregate statistical data (e.g. number of visitors, domain name of the Internet Service Provider) that helps us improve our products and services. When this occurs, we remove all identifiers from the personal data you have provided to us and keep it in aggregate form.
PRINCIPLES APPLIED DURING PROCESSING
The principle of proportionality applies to the processing of personal data. Among other things, it creates the obligation not to collect personal data unnecessarily.
Personal data used should be accurate and up-to-date. Personal data that are no longer accurate and complete should be corrected or deleted. Except where there is an obligation under law to maintain them for a longer period of time, personal data should not be kept for a longer period of time than necessary for the purposes for which it was collected or processed.
The processing of personal data should be in accordance with the principles of good faith. This means that data subjects can rely on the processors to show proper care in all data processing issues.
Individuals whose personal data have been processed should be updated accordingly if they so request. In particular, they have the right to be informed of the purposes for which their data is processed, the type of data they concern and the identity of the recipients of the data. Where necessary, data subjects are also entitled to request the correction, non-transmission or deletion of their data. The above rights may be limited only if such limitation is provided for by law. This applies, in particular, to scientific research.
In particular, personal data is protected against unauthorised disclosure and any unauthorised processing. The measures put in place should ensure a level of security commensurate with the nature of the data to be protected and the risks that may arise from its processing. The Company is responsible for implementing and complying with EU Regulation 2016/679 and the applicable National Law.
Employees of the Company dealing with the processing of personal data should be suitably informed. Any procedures for the processing of personal data by third parties by agreement should be set out in writing. The Company will ensure that the third party is properly processing the personal data and is in compliance with the principles set forth in this Statement. In the event that the third party decides that it cannot ensure an adequate level of security of personal data, the Company will terminate the cooperation.
Our Company applies technical and organisational security measures and other procedures to protect your personal data against unauthorized access, alteration, misuse, disclosure, loss or destruction. In order to ensure the confidentiality of your data, our Company also uses firewalls and password protection programs in line with international market standards.
Our partners who support us in the operation of this website also comply with these provisions.
The Company makes every reasonable effort to keep personal data collected only for the time it takes for the purpose for which it was collected or until its removal is requested (if that occurs earlier) unless the applicable legislation gives the right to preserve them.
However, it is your responsibility to ensure that the computer you are using is sufficiently secure and protected against malicious software such as Trojan, virus, etc. You should be aware that, without sufficient security measures (e.g. secure browser setup, up-to-date virus software, effective firewall, no software from doubtful sources, etc.), there is a risk that the data and codes you use for protected access to your data, may be disclosed to unauthorized users.
ACCESS TO PERSONAL DATA & RIGHTS
If you wish, you may request -at any time- to be informed about your personal data held by the Company, its recipients, the purpose of keeping and processing and you also may request the modification, correction or deletion of your personal data, by sending an e-mail to the address from the email address you have declared, enclosing a copy of your identity card.
You also have the right to review your personal data and, in general, to exercise any right under the law to protect your personal data. The personal data that you communicate to the Company through our website or in person at our hotel, either during your registration or at a later stage, is collected, used and processed in accordance with the applicable data protection provisions of national legislation, as well as the General Data Protection Regulation (EU) 2016/679.
You retain the following rights in detail:
- Right to be informed about your personal data: Upon your request, we will provide you with information about the personal data we hold for you.
- Right to correct and complete your personal information: If you notify us in this regard, we will correct any inaccurate personal data you may have. We will fill in incomplete data upon notification by you, provided that such data is necessary for the purpose of process.
- Right to delete your personal data: Upon your request, we will delete the personal data held by our Company. However, some data will only be deleted after a specified hold period, for example because in some cases it may be legally required to retain the data, or because the data is required to fulfil our contractual obligations vis-à-vis you.
- Right to bind your personal data: In some cases provided by law, we will block your data upon your request. Further processing of blocked data occurs only to a very limited extent.
- Right to withdraw your consent: You may -at any time- withdraw your consent to the processing of your personal data in the future. The lawfulness of your data processing remains unaffected by this action, to the point where your consent is withdrawn.
- Right to raise objections against your data: You can always object to the processing of your personal data in the future, given that we process your data in the base of one of the legal justifications provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679.
If you view objections, we will stop processing your data, provided that there are no legal grounds for further processing. Processing your data for advertising purposes is not a legitimate reason.
The Company through its website uses your e-mail address, provided you have given your consent through the specific subscription fields, to advertise its products and services. You retain the right to access your personal and your consent data maintained by the Company, as defined in EU Regulation 2016/679 and the relevant applicable National Law.
Newsletter is sent only to users and subscribers who have chosen to receive them and is fully technically compatible with mailing regulations. The Company provides Newsletter subscribers with the option of deleting them from the recipients list. When a subscriber chooses to be deleted from the recipient lists then his email is permanently deleted. Newsletter subscribers’ emails are used exclusively for this purpose and for no other purposes.
The newsletters that the users receive by subscribing to the mailing lists, are intellectual property of the Company and are therefore protected by the relevant provisions of Greek law and international conventions.
STATEMENT ON THE CONFIDENTIALITY OF MINORS
Our website is addressed to adult audiences. We do not collect personally identifiable information from anyone we know is under the age of 18 without prior verifiable consent of its legal representative. His lawful representative has the right, at his request, to see what information was given by the minor and / or to request their removal.
Any of these terms violate the applicable law, they shall automatically cease to apply, without in any way prejudicing the validity of the other terms. The Company may conclude an agreement for the assignment of its obligations to an appropriate third party. All notifications must be made in writing by hand or by post.
The above terms constitute a full agreement with the Company, which reserves the right to modify, renew or delete all terms herein without any notice. Modification or renewal will apply once this text is updated for any change.
LINKS TO OTHER WEBSITES
HOW TO CONTACT THE COMPANY
For any questions or in case you wish the Company to change or modify your profile, please contact us in writing at the following address: [email protected]
Should you require more information on data protection or have any relevant complaints, you may contact the Greek Data Protection Authority at 1-3, Kifisias str., P.C. 115 23, Athens, dpa.gr.