Introduction
This Privacy Policy applies to the processing of your personal data (hereinafter referred to as „Personal Data“) as a hotel guest or visitor to our Website (hereinafter referred to as „Client“ or „Guest“ or „you“) made by the company SAMSON Single Private Member Company (hereinafter referred to as „Hotel“ or „Cabana Blu Hotel & Suites“ or „we“).
As a hotel guest or visitor to our Website you are entitled to the protection of your Personal Data. The Hotel respects your privacy and your personal data and always complies with the Personal Data Protection Legislation. The hotel also undertakes to act transparently as to how to collect and use the data in the course of fulfilling its obligations.
The term „Personal Data Protection Legislation“ (hereinafter referred to as „Legislation“) means all laws, regulations, directives, etc., Greek or European that deal with the processing of Personal Data, privacy and security.
Basic, but not exclusive, laws are the General Data Protection Regulation (GDPR), the e-Privacy Directive for the protection of privacy in electronic communications, and any other Opinions or Guidelines issued by the Hellenic Data Protection Authority.
It is important that you read carefully and keep this notice which is explaining explicitly how and why we collect your Personal Data, what we do with them, how long we maintain them, with whom we share them, how we protect them, and the choices you can have about them. In this way you will always be fully aware of the ways and the purposes for which we use this data and your rights in accordance with the Legislation.
Data Controller
The Hotel in accordance with the General Data Protection Regulation acts as „Data Controller“. This means that the Hotel is responsible for deciding on the ways and purposes for which it collects and uses (processes) your personal data.
Our contact details are:
Samson Single Private Member Company
Cabana Blu Hotel & Suites
Kardamaina, Kos, 85302, Greece
Tel: +30 22420 91415
Email: info@cabanablu.gr
https://www.cabanalblu.gr
Principles of Processing
In the context of complying with our Privacy Policy, we make every effort and in particular:
- We process your personal data in a fair, legal, fair, clear, objective and transparent manner.
- We collect your data only for specified, explicit and legitimate purposes that we deem appropriate and have been adequately explained to you. We also assure you that they will not be used in any other way except for those purposes.
- We collect and maintain the least possible data, which is appropriate, relevant and absolutely necessary for processing purposes.
- We confirm that the data is correct and kept up-to-date and accurate.
- We will retain your data only for as long as we need it to fulfill any processing goal.
- We will make sure that we store them with the appropriate security.
- We process it in a way that ensures that it will not be used unlawfully or contrary to your will.
Legal basis for the processing of personal data
We process your Personal Data according to at least one of the legal bases mentioned in particular below:
- Processing of your Personal Data is necessary for the execution of the contract between us.
- Processing is based on your consent, given for one or more specific purposes.
- Processing is necessary to comply with the legal framework that obliges the Hotel to maintain and process specific categories of personal data.
- Processing is necessary in order to protect your vital interests or of another natural person.
- Processing is necessary for reasons of public interest in the area of public health (for example special, categories of personal data related to the Covid 19 virus).
- Processing is necessary for the purposes of the legitimate interests pursued by the Hotel or a third party unless these interests override your own interests, fundamental rights and freedoms with regard to the protection of Your Personal Data.
- Processing is necessary for the performance of a duty performed in the public interest or in the exercise of public authority assigned to the Hotel.
Personal Data we Collect and Process
Personal Data is any information that relates to you as an identifiable person. In detail, the Personal Data we collect and process are described below:
- Identity information (name, surname, gender, date of birth, marital status, identity card or passport, nationality, country of residence, occupation, etc.)
- Contact details (home address, telephone or fax numbers, email address, etc.)
- Details related to your stay (room preferences, arrival and departure dates, name, birth dates and ID or passport numbers of people staying in the room).
- Information about the consumption of products (food, beverages), provision of services (travel, spa, recreation, etc.), participation in actions on site and possible related fees and bills.
- Financial information such as details of your payment method, your credit card details, tax ID number, detailed costs and transaction history.
- Special requests and other preferences regarding your stay to satisfy particular circumstances (professional, health, social, entertainment, religious, etc.)
- Health related information, allergies, nutritional preferences, etc.
- Information you provide about your preferences regarding the hotel’s ability to communicate with you, for example, for sending mail.
- Data collected from hotel and customer security control systems such as closed CCTV.
- Health data, physician call, symptoms, medical history, personal medical data collected by you or your relatives or friends in the event of illness, injury, accident, or emergency during your stay at the hotel.
- Data about complaints and / or objections that you may have submitted.
- Details regarding your level of satisfaction with our products, services and more generally your experience during your stay.
- When you use our website, we also collect information automatically, some of which may be personal data. These include items like language settings, IP address, location, device settings, device operating system, usage time, redirect URL, etc. We can also collect data through cookies. Cookies are small files that store a website on a visitor’s computer and to which the Site has access to analyze the user’s behavior. In detail, both the types of Cookies that exist and the type of processing that is made are described in a separate policy (Cookie Policy)
We also use Google Analytics to analyze the use of our Website. Google Analytics generates statistics and other information about using the site used to generate reports. In detail, the types of edits processed through Google Analytics are described in a separate policy (Cookies Policy)
In the case of registration and / or access via a Social Login account, we can collect and access specific information about the user’s profile from the corresponding social network only for internal administrative purposes and / or for the purposes mentioned above.
We do not process minors‘ data without the consent of the parent or guardian.
Processing of special categories of personal data
The General Privacy Policy defines specific categories of data that need to be processed according to stricter procedures such as health data. The processing of such data is only possible when given to us by you, possibly in the context a request you submitted (eg dietary allergies) or if required by applicable laws or regulations. Special categories of Personal Data may also be processed for reasons of public interest in the area of public health.
How we collect and source of your Personal Data
The collection of your personal data is usually done from yourself but we may also collect your Personal Data from other sources as below:
- From travel agents, business associates, and third-party systems (e.g., reservations).
- Information generated for you when you use our products and services.
- From family members, partners, or beneficiaries of products and services.
- From our Website
- From Business partners (for example, financial institutions, insurers), account holders or others who are part of our products and services.
Purpose of Collection and Processing of Your Personal Data
We process and use your personal data for one or more of the following purposes:
- For the execution of the contract between us and in order to fulfill our contractual obligations such as the provision and completion of a reservation, including payment management, the provision and completion of the contractual accommodation service, and additional services you have requested.
- To manage requests you have submitted.
- To respond more effectively to special requests, and other preferences regarding your stay to satisfy particular circumstances (professional, health, social, entertainment, religious, etc.)
- To protect your vital interests or of another natural person.
- To protect the public interest.
- For reasons of public interest in the area of public health.
- To protect the legitimate interests of the Hotel (or third party) provided that the interests or fundamental rights and freedoms of the Visitors do not override these interests.
- To manage your communication requests through the channels provided for this purpose.
- To comply with the legislative framework that obliges the Hotel to maintain and process specific categories of personal data such as compliance with legitimate requests from law enforcement authorities such as the police or tax authorities.
- To handle complaints, comments, incidents, illness, accidents, injuries or emergencies during your stay at the hotel.
- To be able to contact you or any other relevant contact in an emergency.
- To provide personalized information, offers and services during your stay.
- For direct marketing actions such as newsletters and promotional communications for new products and services or other offers that we believe may be of interest to you through physical mail, email, mobile devices or social networks (with your consent).
- For direct marketing actions by publishing photos and videos in electronic or printed media (with your consent).
- To evaluate the effectiveness of promotional campaigns and advertising.
- To identify, investigate and prevent fraud and other illegal activities. For these purposes, personal data may be shared with third parties, such as law enforcement authorities, and external consultants.
- To improve visitor experience, our business operations and our business partners, develop new products and services and review and improve current products and services and promotional activities through information provided by your reviews and ratings.
- For your safety, protection and in order to avoid unlawful actions against you.
- Some of the above processing cases overlap to a certain extent and, in total, constitute legitimate bases and legitimate purposes within which we process your personal data.
Your personal data will be used solely for the purposes for which it has been collected or for other purposes compatible with the original. If you are required to use your personal data for any other purpose, you will be informed and notified of the legal basis on which the processing will be based or your consent may be requested.
In any case, your personal data is processed in accordance with the principles hereof and the rules of the Personal Data Protection Act.
Automated decision making, including profiling
We do not make decisions that can have a significant impact on you, including profiling, in an automated way (decision-making only with the use of a non-human computerized system)
When and how we share or disclose Personal Data we receive with others
In order to fulfill its contractual and legal obligations for the purposes contained in this Privacy Policy, the Hotel may transfer certain personal data to third parties including credit institutions, tax authorities, accounting agencies, travel agents, suppliers, co-operating private insurance companies, doctors, lawyers, health care providers, maintenance providers, various service providers, etc. and more generally with any third party required to fulfill its regulatory and legal obligations.
Data transmission will be made by ensuring (where feasible) that these third parties process your data with absolute confidentiality, taking appropriate security measures to protect them in accordance with our policies and not using your personal data for their own purposes or any purpose other than those agreed upon.
Specific data may be passed on to your relatives after your prior consent or in an emergency.
In addition to the above, the Hotel will not transfer personal data to any third party unless it is legally obliged to do so or when it has to comply with its contractual and legal duties (the tax authorities or the police performing our audit duties)
The Hotel will not sell your personal data to third parties under any circumstances and will not allow third parties to sell the data they have forwarded to them.
We work with third parties to offer you online reservation services such as Booking.com or Web Hotelier and Channel Managers. Although we provide the content on these websites and you make a reservation directly to us, the processing of the reservations is made by third parties. The data you give to these third parties is stored in one or more databases hosted by them. These third-party companies do not use or access your personal information for purposes other than managing reservations.
Disclosure of Personal Data
We will use and disclose personal information as we think is necessary or appropriate:
- To law enforcement authorities and other government authorities to the extent required by law or strictly necessary to prevent, detect or prosecute criminal offenses and fraud.
- To comply with the applicable law, including laws outside your country of residence.
- Respond to requests from public and state authorities, including authorities outside of your country of residence, and respond to national security or law enforcement requests.
- To deal with emergencies.
International Transfers of Personal Data in Third Countries
Sometimes your personal information may be transferred to third countries outside the EU for the purposes described in this policy. The transfer of personal data to a third country or international organization may take place if the European Commission has determined that these third countries offer an adequate level of protection or appropriate safeguards (eg standard contractual clauses approved by the European Commission); and provided that there are enforceable rights and effective remedies for you.
How long do we keep your data?
We will maintain your Personal Data for the period necessary to fulfill the purposes described in this Privacy Policy as long as it is necessary to fulfill our contractual and legal obligations, unless required or permitted by law for a prolonged retention period or the User requests their withdrawal from us, opposes or withdraws their consent.
The criteria used to determine the retention periods include:
- The time we have a continuous relationship with you and we provide you with our Services
- If you have a reservation that is not yet complete
- If there is a legal obligation that forces us to maintain (for example, some laws require us to keep your transaction records for a certain period of time before deleting them)
- Whether retention is appropriate taking into account our legal and tax situation
- As long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- As long as someone can appeal against us.
- Maintenance periods in accordance with legal and regulatory requirements or instructions.
If the data collection was based on your consent, these may be deleted at any time after your consent has been withdrawn.
Your data may also be deleted in one of the following cases:
- when they are no longer necessary for the purposes that are collected
- when deletion is necessary to comply with our legal obligations
- at your request, provided there are no compelling legal reasons for maintaining it.
Data will be destroyed in a secure way when it is no longer necessary. It may be necessary for the company to retain some financial data for legitimate purposes (eg accounting matters).
Your Rights on the Protection of Personal Data
Under certain conditions set forth in the Privacy Policy, you have the following rights regarding your personal data:
- Right to Transparency. You have the right to know who is processing your data, how it processes, what are they and for what purpose.
- Right of access. You have the right to request free access to your personal data.
- Right to rectification. You have the right to request the correction of inaccurate personal data and fill in incomplete information.
- Right of remission („right to delete“). You have the right to request the deletion of your personal data under certain conditions, such as when the data are no longer necessary in relation to the purposes for which they were collected, you have withdrawn your consent and there is no other legal basis for processing, the data have been subject to unlawful processing, etc. Deletion cannot be applied when processing is necessary to meet a hotel’s legal obligation, to perform a duty performed to the public interest, for the exercise of public authority assigned to the hotel on the grounds of public interest in the field of public health, for establishing, exercising or supporting legal claims etc.
- Right to limit processing. You have the right to request the limitation of the processing of your personal data when their accuracy is questioned, the processing is illegal, the data is no longer needed by the controller or you have objections to the automated processing.
- Right to data portability. You have the right to request the transfer of your data to another controller where technically feasible.
- Right of objection. You have the right to oppose to the processing of your personal data, provided that the public interest is not prejudiced. The right to oppose to certain forms of processing of your personal information, so not to be subject to the legal consequences of automated processing or formatting.
In addition, in cases where we process your personal data on a legitimate interest or in the public interest, you have the right to express your disagreement at any time regarding this use of your personal data in accordance with applicable law.
If you have given your consent to the use of some of your data, you also have the unlimited right to withdraw it at any time. Recalling your consent means that we will stop processing the data you have previously given your consent. The hotel reserves the right to determine what information should continue to be retained in order to fulfill its tax and legal obligations in general. There will be no consequences for the withdrawal of your consent beyond the hotel’s inability to perform this action.
You can exercise your rights by contacting the Hotel or by sending an email to info@cabanablu.gr or using the Data Submission Form. If you exercise any of your rights in writing on request, we will take every possible action to process your claim within thirty (30) days of receipt. If you do not receive a response within 30 days or are not satisfied with our response, you have the right to complain to the Data Protection Authority.
You have the right to complain to the Data Protection Authority, which enforces data protection laws, if you have concerns about how the Hotel is processing your personal data or you are dissatisfied with our response to your complaint or request.
Hellenic Data Protection Authority
1-3 Kifissias str. 115 23, Athens
Tel: + 30-210 6475600
Fax: + 30-210 6475628
email: contact@dpa.gr
http://www.dpa.gr
Protection of your personal data
Data is stored in a variety of resources, including the physical file, the Website, the Property Management System, and other IT systems (including email). The data are stored in the whole and the format they are submitted to, without any interference with their content.
We have established a set of technical and organizational security measures to prevent the use or access of your personal information with an unauthorized or illegal way, accidental loss or damage to their integrity, their change or disclosure.
In addition, we restrict access to your personal information only to those who have a business need to know. They will only process your personal information in accordance with our instructions and are subject to a confidentiality obligation. Your Personal Data will be processed by a Third Processor only if he agrees to comply with the specific technical and organizational data security measures.
In case of a breach of data security we will notify you and any applicable regulatory bodies where we will be legally obliged to do so.
Questions, Concerns or Complaints
If you have questions about this Privacy Policy, if you would like to complain about how your personal data is processed by the Hotel or its partners you have the right to contact us. The contact details can be found in the Data Controller section of this policy.
Connections to Other Websites and Social Media
Our site may contain links to allow you to easily access other Web sites or Social Networks. However, once you have used these links, you should be aware that we have no control over this other websites you are going to visit. Therefore, we cannot be held responsible for the protection and confidentiality of the information you provide during your visit to them and these websites are not governed by this Privacy Policy. You should be careful and review the privacy statement applicable to these websites.