PRIVACY AND PERSONAL DATA PROTECTION POLICY
Website https://www.orloff.gr, hereinafter the Website, is managed by the company under the name “PETROS KLADAKIS – ORLOFF SOCIETE ANONYME”. Personal data, that is, all information that identifies you as persons or may identify you directly or indirectly, which you provide voluntarily and compulsorily, when you visit the website or sign up for various applications related to services provided by the hotel Orloff Boutique Hotel, and any additional personal data requested at later stages, shall be collected, processed, transferred, stored and used by us, under the capacity of controller, as well as by service providers, including personal data processors and service providers.
Our hotel takes the protection of your privacy and personal data very seriously and has taken all necessary measures to safeguard the security and confidentiality of the information concerning the visitors/users of its Website.
Please read this Privacy and Personal Data Protection Policy carefully in order to be informed about the information collected from you when you visit it and when you use its online services, the information posted on it, the use thereof and your rights. These terms may be improved, updated or amended in any way, in whole or in part, at any time.
This Policy serves as information of data subjects in accordance with Articles 13-14 of the EU General Data Protection Regulation 679/2016. If you have any questions regarding this Policy and, in general, regarding the way the hotel collects and processes your personal data, please contact us at the address
WHICH INFORMATION IS COLLECTED BY OUR WEBSITE
1. Information automatically collected during your visit and interaction with our Website
Our Website has informative content about the services concerning your stay in our hotel and only its browsing (without making a reservation or sending a request) does not require the visitor to provide/enter personal data. However, only by visiting and browsing the Website, certain information may be collected automatically, which can identify you directly or indirectly, such as:
- the Internet Protocol (IP) address of your computer;
- the type of browser and the operating system;
- the websites you visited immediately before and after your visit to the page;
- the speed of connection and information about the software programs installed on the computer;
- basic connection information to the server; and
- information collected via HTML cookies, Flash cookies, web beacons and other similar technologies (see below in the Cookies section).\
As regards the information automatically collected from your browsing of our website, please refrain from visiting it if you do not wish the collection and processing of this information.
-Reservation & Provision of extra services
You may also be asked to provide personal information for specific purposes, such as when you make a reservation for accommodation at our hotel, for the provision of additional services, in which case the following shall be collected, among others:
-contact details such as your name, mailing address, e-mail address and telephone number.
-credit card number or other payment account number, billing address and other payment and billing details (Payment information)
– records and copies of your correspondence if you contact us.
-information necessary for the fulfillment of specific requests (e.g. health conditions requiring special accommodation)
-information about the stay of visitors, including the date of arrival and departure, as well as goods and services purchased.
-and in limited cases, information on customer credit.
2. We may collect personal information from various sources, including:
-through the Website
-through booking centers and telephone calls
-through social media and trade mark channels (e.g. Facebook, Twitter).
When you sign up to receive newsletter, we shall collect and store your e-mail address. In the context of your previous transaction with our hotel or following your explicit consent, we may send you, from time to time, to your personal or professional email, or call you and send messages to your phone number, in order to inform you of news, offers and events of the hotel, which might be of interest to you. By using this Website and without prejudice to the provisions of the legislation on consent for sending electronic communications for the purposes of direct marketing purposes, you provide your explicit consent for all the above cases of processing of your personal data. In case you wish not to receive such information or at any time you want to discontinue them, please notify us immediately at the e-mail address of the hotel. You are free to withdraw your consent at any time.
FOR STATISTICAL ANALYSIS:
In order to learn more about how our Website is used by its visitors, we keep in aggregated form and analyze the data we collect. We may use this information, for example, to monitor and analyze the use of the Website, to enhance its functionality and to better shape its content and design according to the needs of our visitors.
When collecting information directly from you, we take appropriatecare to verify which of the collected personal information relates to minors. In any case, if we find that we have collected any personal information from a minor under 15 years of age without verifiable parental consent, in accordance with the provisions of Article 21 of Law 4624/2019, we will delete the information from our database as soon as possible, with respective information of the parent or guardian of the minor. If you believe that we may have collected information from a minor under 15 years of age, please contact us immediately.
FOR WHICH PURPOSES WE USE THE COLLECTED INFORMATION
We collect, process, use and store your personal data:
– To verify your details when you are connected to our websites, Applications and wi-fi.
– To fulfill requests of stay or information and for the withdrawal of your preferences and registration information.
– To provide our services to you
– To communicate with you and send you information material about our services and offers
– To assess and obtain data for administrative and other communication purposes and to operate and improve the quality and effectiveness of our services, our websites, of the Programs and Applications related to our operations
– To comply with the applicable law, such as the recording of all personal data of customers staying at the hotel and the keeping of documents of all movements.
– To support IT purposes.
– To support operational procedures.
LEGAL BASES OF DATA PROCESSING
The legal bases for data processing are directly related to the intended purpose. When your data is collected for the purposes of booking or provision of extra services by our hotel, processing is considered lawful in the context of performance of the contract with you. The collection of your identification data is necessary to comply with our legal obligations. The processing of your data for promotional purposes is based on your consent. At the same time, depending on the nature of the processing, it may also be based on other legal bases of Article 6 of GDPR (e.g. our legitimate interest) or Article 9 when the processing concerns personal data of special categories (e.g. explicit consent in case you share with us data such as your allergies or other preferences, in order to be taken into account during your stay).
USE AND EXCHANGE OF INFORMATION
- Our hotel respects your right to the protection of your privacy and the information that concerns you and therefore uses this information for the aforementioned purposes. For this reason, it does not disclose, transmit or make available to third parties the information concerning you. We also do not transmit this information outside the European Union.
We may make information about you available to other companies, applications or persons in the circumstances listed below:
- We may disclose to third parties aggregated information or information that does not identify you directly, in order to be able to develop the content and services of our Website. Please note that we do not disclose your contact details to third parties in any way.
- We may use or use in the future third parties for the provision of services related to our Website, such as database management, maintenance services, analytics, data processing and e-mail and text messages distribution. These third parties will have access to the information that concerns you only for the performance of their above tasks on our behalf and with explicit contractual commitments regarding the protection of your privacy and personal data.
- We may share information about you in case the hotel is taken over by or merged with another company or a similar business transaction takes place. However, in this case, our Website will inform you by placing an explicit notice within it or by sending relevant information to the e-mail address that you have provided to us, before the information concerning you is transferred and subject to a different personal data protection policy.
- We may disclose information concerning you to respond to summonses, investigation orders, court proceedings, court orders, legal proceedings or other law enforcement measures by any competent authority, including the Hellenic Data Protection Authority and the Supervisory Data Protection Authorities of other Members States of the European Union, as well as to secure and defend our legitimate rights or to challenge claims against us.
Please note that third parties may collect information about you in an independent manner, including your IP address and information about the websites you visit and the links you click on, through cookies, clicks on links or other media during your visit. For more information, see the “Cookies” section.
In cases where you provide us with personal data of third parties, you guarantee that you have informed them of the purposes and the method by which we must process their personal data.
PERIOD OF STORAGE OF INFORMATION
The hotel will keep the personal data it collects through its Website for the absolutely necessary period for the fulfillment of the above processing purposes or for the compliance with the applicable laws or limitation agreements or terms of this Policy. We will retain the information that is automatically collected for up to 12 months and consequently it can be stored in an non-identifiable summary form. If you withdraw your consent to the collection and processing of your personal data, we will delete your data from our electronic and physical records, unless their storage becomes necessary in compliance with our legal obligation or for the exercise, establishment or defense of our rights or legitimate interests before judicial authorities.
When processing is required by the provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.
When processing is performed based on a contract, your personal data shall be stored for as long as it is necessary for the performance of the contract and for the establishment, exercise, and/or defense of legal claims based on the contract.
When processing is performed to serve your request, we will process your data for as long as it takes to satisfy your request.
When processing is performed in the context of promotional activities and marketing, we will process your data until you withdraw your consent and request not to receive our advertising messages anymore.
SECURITY OF INFORMATION
The security of your personal data is an absolute commitment for us. To achieve this, we apply all modern and appropriate technical and organizational measures for the purposes of processing, for the reasonable protection of your personal data from unauthorized and unlawful access and processing or accidental loss, destruction, damage, theft, use or disclosure, the response and adequacy of which we check at regular intervals.
The security and safety of your information also depends on you. In cases where we have given you or you have chosen a password to access the services through our website and/or our applications, you are responsible for maintaining the confidentiality of this password. We ask you not to share your password with anyone else.
We make every effort to ensure as fully as possible the safe use of our website or applications. We recommend that you do not include any confidential information (e.g. credit card information) when using e-mail. For your own protection, our replies by e-mail to you will not contain any confidential information.
You may exercise, as appropriate, the following rights:
- the right of access, to find out which data of yours we process, for what purpose and the recipients thereof;
- the right to rectification, in order to correct any deficiencies or inaccuracies in your data;
- the right to erasure (right to be forgotten), in order to have your personal data deleted from our records, provided, however, that their processing is no longer necessary or your data is not required in order for us to comply with our legal obligations or for the defense of our legitimate interests before the Courts;
- the right to restriction of processing, in case the accuracy of your data is contested;
- the right to data portability, in order to obtain your data in a structured and commonly used format;
- the right to objectif you do not wish the use of your data for the purpose of direct marketing of our services. Our hotel does not proceed to profiling based on the personal data you provide us through this Website.
For the exercise of your rights, please address your respective request by contacting us in writing at the postal address 9 Rafalia and Votsi str. 180 40 Hydra, Greece or by calling +30 22980 52564 or +30 22980 52495 or by email to the email address [email protected]
The hotel will make every effort to respond to your request within thirty days of its receipt. However, in the event that, due to the complexity of your request or due to the volume of information, it is not possible to satisfy your request within thirty days, we undertake to inform you within the above deadline in writing of the reasons for the delay and to make every effort to satisfy your request as soon as possible and in any case within two additional months.
The hotel reserves the right not to satisfy your request in case it is found to be manifestly unfounded or excessive, informing you of the reasons for not satisfying it.
In any case, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
If you have any questions regarding this Policy or, in general, regarding the activities of the hotel, you can contact the hotel at: [email protected]
AMENDMENTS TO THIS POLICY
The hotel reserves the right to amend this Policy, always in accordance with the applicable rules of law on privacy and personal data protection. The visitors of our Website should regularly read the Privacy and Personal Data Protection Policy to be informed about any change that takes place, while the hotel undertakes to inform as necessary its visitors and users by any appropriate means, in compliance with the conditions laid down by EU General Data Protection Regulation 679/2016.