PRIVACY POLICY

Please read this Privacy and Privacy Policy carefully, in order to be informed regarding collected information, when you visit and use our online services, information posted on it, its use and your rights. These terms may be improved, updated or in any way modified, in whole or in part, at any time.

This Policy is for the information of data subjects, in accordance with Articles 13-14 of the EU General Data Protection Regulation 679/2016. If you have any questions about this Policy and the general way the hotel collects and processes information.

  1. Purpose and Principles of the processing of personal data

The Personal Data Protection Policy (hereinafter referred to as the “Policy”) aims to protect the personal data processed by Adele Beach Hotel and to prevent any form of unfair processing.

The Policy and the processing of personal data pursuant to this Policy, is based on the following principles:

  • Lawfulness, objectivity and transparency in processing (‘lawfulness, fairness and transparency’)
  • Limitation of the purpose of processing (‘purpose limitation’)
  • Minimisation of the data being processed (‘data minimisation’)
  • Accuracy and where necessary, updating of the data being processed (‘accuracy’)
  • Integrity and confidentiality in processing (‘integrity and confidentiality’)
  • Limitation of the retention/storage time (‘storage limitation’)
  • Compliance with the applicable legal and regulatory framework

Adele Beach Hotel is responsible for, and able to demonstrate its compliance with the above principles, as specified in this Policy. Adele Beach Hotel checks, reviews and updates at regular intervals and, in any event, whenever necessary, this Policy, taking into account the applicable legal and regulatory framework.

  1. Definitions

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed.

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one can be identified, directly or indirectly.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data that have been or will be made known to Adele Beach Hotel, both under relations with individuals and in the context of information that Adele Beach Hotel receives from third parties, natural or legal, persons or public sector bodies, in the exercise of their legal rights or the rights of Adele Beach Hotel.

“Individuals” means natural persons who trade / cooperate with Adele Beach Hotel (customers, contractors, etc.) and any other natural person contracted with Adele Beach Hotel, other than its personnel.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Policy, Adele Beach Hotel shall be deemed to be the Controller.

“Data protection officer” means the natural or legal person designated by the controller to participate in all matters relating to the protection of personal data in accordance with this Policy and the applicable legal and regulatory framework.

“Data subject” means any identified or identifiable natural person to whom the personal data being processed relates.

  1. Processing of personal data

3.1.Purposes of processing & Legal basis of the processing

We process your personal data in the following cases, in accordance with the specific provisions of the applicable legislation and the terms and conditions laid down in it:

  • To ensure the quality of the services provided and to protect your health, with your express consent to the processing of your personal data (point (a), par. 1, Article 9, GDPR),
  • For the service of our legitimate interests (point (f), par. 1, Article 6, GDPR)
  • To contact you and send you information material about our services and offers
  • To evaluate and obtain data for administrative and other communication purposes and to operate and improve the quality and effectiveness of our services, our websites, our Programs and Applications related to our operations
  • To support IT purposes.
  • To support business processes.
  • The legal databases of data processing are directly related to the intended purpose. When your data is collected for the purpose of booking or providing extra services from our hotel, the processing is considered legal within the pre-contractual stage. ‘When a visitor wishes to contact the hotel via the Website, the legal basis for processing the data provided with his or her consent.

3.2. Type of personal data

Our Website has informative content about the services provided regarding your stay at our hotel and only browsing it (without sending a message) does not require the visitor to provide / enter personal data. However, just by visiting and browsing the Website, some information can be automatically collected, which can identify you directly or indirectly, such as:

  • the Internet Protocol (IP) address of your computer,
  • the type of browser and operating system,
  • the websites you visited immediately before and after your visit to the page,
  • the connection speed and information about the software programs installed on the computer,
  • basic server connection information and
  • information collected through HTML cookies, Flash cookies, web beacons and other similar technologies (see below in the Cookies section). \

Regarding the information that is automatically collected from your browsing our Website, please refrain from visiting it, if you do not wish to collect and process this information.

3.3. Information you provide to us directly:

-Contact

When the visitor of the Website wishes to contact the hotel through it, he is invited to fill in and submit the corresponding contact form, during the submission of which the Website collects and processes, after your consent, your name and email.

3.4. Data retention period

Your personal data shall be retained and stored in a secure environment, solely and exclusively for the purposes for which they are intended and only for as long as is necessary to achieve those purposes, without prejudice to the more specific provisions of the applicable legislation.

We will retain the information that is automatically collected for up to 12 months and then can be stored in an unrecognizable summary form. If you revoke your consent to the collection and processing of your personal data, we will delete your data from our electronic and physical records, unless their maintenance becomes necessary in compliance with our legal obligation or for the exercise, establishment or defense of our rights or legal interests before judicial authorities.

When processing is required by the provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.

When processing under contract, your personal data is stored for as long as is necessary for the performance of the contract and for the establishment, exercise, and / or support of legal claims under the contract.

When processing is done to serve any of your requests, we will process your data for as long as it takes to satisfy your request.

When processing in the context of promotions and marketing, we will process your data until you revoke your consent and request that our advertising messages, are  no longer received.

3.5. Recipients of the data

Our hotel respects your right to privacy and information that applies to you and therefore uses this information for the aforementioned purposes. For this reason, it does not disclose, transmit or make the information about you accessible to third parties. We also do not transmit this information outside the European Union.

We may make information about you available to other companies, applications or persons in the circumstances listed below:

We may disclose aggregate or non-personally identifiable information to third parties so that we can develop the content and services of our Website. Please note that we do not disclose your contact details to third parties in any way.

We may use or may in the future use third parties to provide services related to our Website, such as database management, maintenance services, analytics, data processing, and the distribution of e-mail and text messages. These third parties will have access to the information that concerns you only for the performance of the above duties on our behalf and with explicit contractual commitments regarding the protection of your privacy and personal data.

We may share information about you in the event that the hotel is acquired by or merged with another company or a similar business transaction takes place. However, in this case, our Website will inform you by placing a clear notice within it or by sending a relevant information to the e-mail address you have provided to us, before the information concerning you is transferred and generally subject to a different privacy policy.

We may disclose information about you to investigate, prevent or take action in connection with illegal activities, if there is a suspicion of illegal conduct or criminal acts to the detriment of the rights and legitimate interests of any natural or legal person in the event of a breach of our Website Terms of Use. or if required by law, as well as in other cases in which we consider in good faith that disclosure of the information is necessary.

We may disclose information about you to respond to subpoenas, search warrants, litigation, court orders, legal proceedings or other law enforcement measures by any competent authority, including the Data Protection Authority and the Data Protection Supervisors of other States. members of the European Union, as well as to safeguard and defend our legal rights or to refute claims against us.

Please note that third parties may collect data about you independently, including your IP address and information about the websites you visit and the links you click through, through cookies, click-throughs or other media. during your visit. For more information, see the “Cookies” section below.

In cases where you provide us with personal data of third parties, we guarantee that you have informed them of the purposes and the manner in which we should process their personal data.

  1. Your rights
  2. a) You have at any time the right to information and access (‘right of access and information’) to the personal data concerning you, as well as for the purposes of their processing, the legal basis of the processing, the recipients or the categories of recipients and the period of their storage.
  3. b) You have at any time the right to correct (‘right to rectification’) inaccurate data and to complete incomplete data that we process.
  4. c) You have the right to delete (‘right to erasure’) your data, without prejudice to our obligations and our legal rights for their retention for a minimum specific period of time, under the applicable legal and regulatory framework.
  5. d) You have the right to restrict the processing (‘right to restriction of processing’) of your data, provided that the accuracy of your personal data is contested, or their processing is unlawful, or the purpose of the processing is no longer required and provided that there is no legitimate reason for their retention.
  6. e) You have the right to portability of the data (‘right to data portability’) provided that the processing is based on your consent and is carried out by automated means. The satisfaction of this right is without prejudice to our legitimate rights and obligations to retain the data and fulfill our duty to the public interest.
  7. g) You have the right to object to the processing of your data, on grounds relating to your particular situation.

Your requests regarding your personal data and the exercise of your rights are submitted to the Data Protection Officer (DPO) of Adele Beach Hotel, to the e-mail address gdpr@taseism.gr, kepesoglou.dpo@taseism.gr or to Adele Beach Hotel, to the e-mail address info@adelebeach.gr to the attention of the Data Protection Officer (DPO). To this end, you may fill in the special form of Adele Beach Hotel available at Hotel reception.

The hotel will make every effort to respond to your every request within thirty days of receipt. However, in the event that due to the complexity of your request or due to the volume of information it is not possible to satisfy your request within thirty days, we undertake to inform you within the above deadline in writing of the reasons for the delay and to make every effort to Satisfaction of your request as soon as possible and in any case within two additional months.

The hotel reserves the right not to satisfy your request in the event that it is deemed manifestly unfounded or excessive, informing you of the reasons for its non-satisfaction.

If your request is not satisfied or in case you consider that the processing of your Personal Data violates the applicable legal framework for the protection of personal data, you can lodge a complaint with the Hellenic Data Protection Authority (Kifissias Avenue no. 1-3, 11523 Athens, Tel: 2106475600, E-mail: complaints@dpa.gr).

  1. Data security

5.1. Security of processing

Adele Beach Hotel implements appropriate technical and organisational measures to ensure on an ongoing basis the required level of security against your rights and freedoms as data subjects. In this context:

  • we have developed a personal data protection Policy and procedures for maintaining confidentiality and ensuring the integrity, availability and reliability of processing systems and services;
  • we regularly carry out testing, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing, taking into account mainly risks arising from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  • we ensure that any natural person acting under our supervision and having access to personal data (Processor), processes the data only within the limits of the relevant order given to him by Adele Beach Hotel and under the terms and conditions set by Adele Beach Hotel

We recommend that you do not include any confidential information (eg credit card information) when using email. For your protection, our email responses to you will not contain any confidential information.

5.2. Breach of personal data

Any breach of this Policy, as well as of the applicable to personal data and personal data protection legal and regulatory framework, and, in general, any breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed shall constitute a breach of personal data.

In order to address possible cases of personal data breach, we have adopted and are implementing a policy to address and manage personal data breaches. In the event of any breach, Adele Beach Hotel shall notify immediately and, where possible, within 72 hours of becoming aware of the event, the breach of personal data to the Hellenic Data Protection Authority, unless the breach may not cause a risk to the rights and freedoms of the subjects. In addition, in the event of data breach, Adele Beach Hotel shall immediately inform the Data Protection Officer (DPO), who shall, in consultation with Adele Beach Hotel, take all necessary measures and take all necessary steps to limit the extent of the breach and its restoration.

  1. Our obligations

6.1. Data protection by design (privacy by design)

We shall apply effectively, both at the time of the determination of the means of data processing and at the time of processing, appropriate technical and organisational measures designed for the application of data protection principles, which we ensure that they meet on an ongoing basis the requirements of the GDPR and protect your rights as data subjects.

6.2.Data protection by default (privacy by default)

We apply appropriate technical and organisational measures to ensure that, by definition, only the personal data necessary for the purpose of the processing are processed. The above

obligation covers all the data collected, the degree of their processing, the period of retention and storage and access to them.

6.3. Staff training

We take care of the complete information and training of our staff on all issues related to the protection of personal data and its compliance with the obligations arising from the GDPR, the applicable legal and regulatory framework, as well as the policies / procedures that Adele Beach Hotel has adopted.

  1. Assignment of processing to processors

In cases where we entrust to third parties, the processing of your personal data, on our behalf, we only use processors that provide sufficient assurances for the implementation of appropriate technical and organisational measures, in such a way that the processing meets the requirements of the GDPR and the applicable legislative and regulatory framework, and to ensure the protection of your rights. The above assignment is made, under a written contract signed between Adele Beach Hotel and the Processor, which binds the latter towards Adele Beach Hotel.

  1. Data Protection Officer (DPO)

We have appointed a Data Protection Officer who participates, duly and in a timely manner, in all matters relating to the protection of personal data. The DPO shall inform and advise Adele Beach Hotel and its personnel as regards its obligations arising from the GDPR, the applicable legal and regulatory framework, as well as the policies adopted by Adele Beach Hotel relating to the protection of personal data. The DPO shall cooperate with the Hellenic Data Protection Authority and act as a point of contact with you for any matter relating to the processing of your personal data and the exercise of your rights.

You may contact the DPO of Adele Beach Hotel at  gdpr@taseism.gr, kepesoglou.dpo@taseism.gr.

CHANGES IN CURRENT POLICY

The hotel reserves the right to modify this Policy, always in accordance with the applicable legislation, regarding the protection of privacy and personal data. Visitors to our Website should read regularly the Privacy Policy at in order to be informed of any changes that take place, while the hotel undertakes the right to provide all necessary updates to its visitors and users, in compliance to the conditions set by the EU General Data Protection Regulation 679/2016.