DATA POLICY PERSONAL DATA PROTECTION POLICY
(Referred to as annexes: Cookies Policy, Level B Update for the processing of personal data through a Video Surveillance System and Curriculum Vitae Policy)
This Policy was updated on 29/07/2021.
Purpose of this policy
The protection of your personal data is important for our hotel and describes some of the security measures that the company takes to protect the privacy of the data and provides some guarantees for things that the company will not do. At our hotel we consider the protection of privacy and data to be of utmost importance and we are committed to providing personalized services that meet their requirements, in a way that ensures their privacy. The personal data is used exclusively for our company and our employees for the sole purpose of serving them and to respond to your requests and serve you better, in accordance with this policy.
Individuals who manage personal information are trained to use appropriate procedures. The representatives and service providers of our company keep your personal information confidential and do not use it for any purpose other than those that serve the provision of specific services to us. In addition, in some cases you may be asked by our company if we could share information with other trusted third parties. We will let you know at the time of collecting the information if such sharing of information with any third party is expected.
Our company will define the types of businesses at the relevant information collection point, describe the type of information it will transmit (such as your address or e-mail) and transmit the data to other parties only if you consent. Legal Framework The Societe Anonyme with the name "NAME" and with the distinctive title "TITLE", based in the "CITY", (AREA, ROAD, NUMBER, TEL, EMAIL), for the purpose of hotel services collects and processes personal data, the exercise of its responsibilities, the execution of its electronic services and the fulfillment of its legal obligations. For the purposes of this, the "COMPANY" is the "Responsible Processor" within the meaning of article 4 no. 7 of the General Data Protection Regulation. The management and protection of the personal data of the visitor / user of this website https://www.aktaion-resort.com, owned by "COMPANY", is subject to these terms, as well as the relevant provisions of European Regulation 2016/679 for the Protection of Personal Data (GDPR) and Law 4624/2019.
These terms are formulated considering both the rapid development of technology, and in particular the internet, and the existing set of legal regulations on these issues. This website www.aktaion-resort.com will not engage in any unlawful and unauthorized use of your data, in accordance with the principles of personal data protection provided by applicable laws and international conventions.
The website www.aktaion-resort.com in no way discloses, publishes, exchanges personal data and information that you trust. In addition, it does not transmit personal information and data of its users to any other organization or partner that is not connected to it, the email addresses or generally any other information concerning its users. What is the “GDPR” – Applicable Law The GDPR (General Data Protection Regulation), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter referred to as "the Regulation") concerns the formulation of a single legislative framework for the processing of personal data in the Member States of the European Union and replaces the previous Legislation (Directive 95/46 / EC).
The protection of individuals regarding the processing of personal data is a fundamental right. Article 8 (1) of the Charter of Fundamental Rights of the European Union ("Charter") and Article 16 (1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data character concerning it. The Regulation is binding in all its parts and applies directly in each Member State (i.e., no special adaptation of the National Legislation is required, Article 83 of the Regulation).
What is Personal Data?
The term "personal data" refers to information of individuals, such as name, postal address, email address, contact telephone number, etc., which identify or may identify you, hereinafter referred to as "Personal Data". What is Personal Data Processing? Any operation or sequence of operations performed with or without the use of automated means, on personal data or on personal data sets, such as collection, registration, organization, structure, storage, adaptation or modification, retrieval, the search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion, or destruction.
What is the responsible for processing?
Responsible for processing is the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and the manner of processing personal data.
What is the executor of the processing?
The executor of the processing is the natural or legal person, public authority, service or other body that processes personal data on behalf of the responsible for processing.
Is it mandatory to provide your Data?
The provision of personal data to the "COMPANY" through this website may be necessary to achieve the purposes set out in this Policy or optional. If you refuse to provide the data marked as mandatory on the Website (https://selida.com), it will be impossible to achieve the main purpose of collecting this Data, and it may, for example, become impossible for the "COMPANY" the provision of services available on the Website (www.aktaion-resort.com).
What kind of Data do we collect through this website?
Any information that is included in the meaning of personal data of the Personal Data Protection Regulation and their collection is not based on the Law or the conclusion or execution of a contract, is collected by the "COMPANY", through this website, only if you choose to expressly consent. Below is a complete report of the data we collect and the purpose. We collect the following personal data: Identification Data: Name, nationality, ID/passport number, date of birth, telephone number. Contact Information: Mailing address, email address, phone number. Transaction Data: VAT number, type, place, time of products or services provided. Contractual Relationship Data: Contractual documents, information and consent forms, electronic declarations of will.
Transaction Behavior Data: Information regarding interests, preferences and participation in events, competitions, surveys. Health Data Due to the COVID 19 pandemic, health data may be collected. We do not collect or access in any way specific categories of ("sensitive") personal data (except during the COVID 19 pandemic due to strict instructions from the Ministry of Health) or data relating to our clients' criminal convictions and offenses. The client has the obligation to refrain from providing such data, which concern his person or third-party data subjects (except for the period of the COVID 19 pandemic, due to strict instructions of the Ministry of Health).
In case a customer provides such data, they will be deleted as soon as they come to our notice (except for the period of the COVID 19 pandemic, due to strict instructions of the Ministry of Health). We also do not bear any responsibility to customers or third parties for any provision and / or processing of sensitive data, due to acts or omissions of customers in violation of the above obligation.
A visit to its website (www.aktaion-resort.com) does not necessarily imply the provision by you of any kind of personal data. In many cases, however, it is necessary for you to provide some of your personal data, which is indicated in the respective data entry sections on its website.
We may collect and store the following personal information about you from the following restricted sources:
• contact information when you contact us to ask questions or request information about the services we provide.
• identification, communication, transaction, contractual and transactional data when you book a room or place in the restaurant regardless of the medium through which it is done (electronically, by telephone through the customer reception, etc.).
• data of identification, communication, transactions, contractual relationship and transactional behavior, when, in the context of the use of the services "category Brands" provided within our hotel, you trade with the tenant of the space in question company "COMPANY".
• identification, communication, transactions, contractual and transactional data, when you enter a contract with us for the provision of any services by us
• identification, communication, transaction, contractual and transactional data when you make online purchases of the products or services we provide
• health data from questionnaires that need to be completed due to the COVID 19 pandemic and following instructions from the Ministry of Health.
The data we collect through this website, www.aktaion-resort.com, may also be combined with data provided in other cases, for example, when you call its call center, or participate in contests and promotions. The personal data given to the company, in these cases, may be integrated into existing databases and stored, to simplify your data management systems "Our company" does not store or collect payment details during electronic or online payments via credit, debit, or prepaid cards. Specifically, with the registration of the number, the security code, the name and surname of the holder and the expiration date of the debit or credit card and the completion of the payment, these data are automatically transmitted to the competent Bank. The Bank collects the data and makes the payment and then confirms to "BRAND" the completion of the transaction. Collection and purposes of use of personal data
The use of personal data, which we collect from you, serves the following purposes:
- Transactions: Our company can use the personal data of visitors / users to process any transactions with them, such as credit card payments, etc.
- Advertising / Marketing: The company may use the personal contact data of visitors / users for informational purposes and promotions regarding contests, gifts, discounts on products and services of our company and its partner companies and sponsors with their explicit consent.
- Website Improvement and Customization: This information will only be used by the company for the purposes for which it was collected and to provide you with information. It will also use them to adapt the content of the website to your needs and to improve its composition, changes, and dynamics.
- Provision of electronic services, through a user identification process: The company is going to use this information for the purpose of processing your electronic application and more specifically:
- For registration or identification in its applications Credit check: in some cases, we may carry out some credit checks with the competent bodies, when you request to enjoy a service or receive a product. If this is the case, then it will refer to the terms and conditions of the activity between you and our company or the company that will perform the processing.
- COVID 19: for the purposes of public health prevention (case tracking) and public interest, due to the COVID 19 pandemic.
- IMPORTANT NOTE: For the collection of personal data, which does not take place electronically, through our proprietary websites and concerns the processing of personal data of employees, prospective employees, associates, contractors, suppliers, individuals, customers and, in general, individuals. of the data separate written and detailed information, during the collection of the above data, based on the relevant obligation set by the requirements of Articles 13 and 14 of the GDPR.
Data Retention-Storage We store personal data only for the time required to perform a service for which you have requested or for which you have given your approval, subject to the contrary provisions of the Law, as in the case of matters which governed by commercial and / or tax legislation, the various relevant provisions, etc. In any case, the personal data you provide to us and recorded in written agreements, contracts and e-mail related to the execution of the contract or the execution of a commercial transaction, are stored for a period of 20 years in a physical and electronic file in the legal department, in the sales department / contracts and in the accounting department of our company or any other third party provides directly or indirectly the above services or assists these departments in the execution of their work or provides management services to us.
The health data that may be collected during the COVID 19 pandemic will be deleted immediately after the end of the pandemic and following the instructions of the Ministry of Health. Clear data Your data is deleted and always in accordance with the provisions set by the relevant Legislation. Transfer of personal data We do not pass on personal data to third parties, unless required to do so for lawful purposes, to respond to your requests and / or if required or permitted by law. In any case, access to your personal data is allowed only to authorized persons, who are required to have access to be able to complete the purposes of their collection, use and processing, as disclosed in this Statement. In some cases, it may forward your personal data to competent Public Authorities or to natural or legal persons entrusted with the execution of any processing, provided that we inform you in advance and obtain your prior consent, if required for the respective processing.
Individuals who have access to the data are required to maintain their confidentiality. Log files We use IP (Internet Protocol) addresses to analyze trends in the use of the Internet, to manage the resources of our computers and network, to monitor any unauthorized illegal or malicious activities (attacks) and to collect general demographic information (country origin) for aggregate use. Data security The Internet, like any medium used to transmit information, cannot be considered 100% secure. Internet security is a sensitive issue and is based mainly on trustworthy organizations and companies that respect the confidentiality and security of its user data. Our company strives to maintain strict security measures and controls to protect your personal information, in order to ensure compliance with all applicable legal requirements and we implement security measures, at technical and organizational level, in order to secure the data we collect from you, against any intentional or unintentional attempt, manipulation, loss, destruction or access in general by an unauthorized person.
Our security measures are subject to continuous re-inspections and reformulations, in accordance with the latest technological developments. We use the latest encryption and information protection tools (128-bit encryption, secure pages, firewall, digital signatures, etc.). Access to your personal data is restricted to those authorized to provide you with products and services who come into contact with such data. Physical, electronic, and procedural safeguards have been activated, which are harmonized with the regulations of protection of your personal data. Semiologically, our company, due to the nature of the internet, cannot guarantee the protection of communications or data stored in its browsers from any arbitrary access by third parties.
For the simple browsing of our website, no personal information of the User is collected. The information provided by users when registering on the online commenting platform is kept only for security reasons, in accordance with the provisions of the law.
Cookies and IP address
If you are a minor below the age limit, from which parental consent is required in your country (in Greece this limit is over 15 years - Law 4624/201 Chapter C article), you should check the terms of this Statement, together with your parent or guardian, to make sure you understand and accept these terms. If it is found that we have collected information from a minor without the consent of the parent or guardian, while such consent should have been obtained, we will delete the information as soon as possible.
Communication through the website platform
If a user communicates with us, through the contact form or in any other way, the provision by the user of his personal data is done voluntarily and exclusively at the free will of the user. We will process such generated personal data only to the extent necessary for that purpose.
Our Website may offer the ability to share on Social Networks and other related tools that allow you to share your actions within the Website with other applications, websites or media, and vice versa. Using such features allows you to share information with your friends or the public, depending on the settings you have set in your personal profile. Please refer to the Privacy Policies of these social networking services for more information about how they handle your data.
Special Data Categories
We ask you not to send us via e-mail and not to disclose to us, using the communication platform, your sensitive personal data. The processing of personal data in this category does not in any way serve the purpose of the processing as defined in this Policy.
Surveillance of communications
All communications of our company. with you (including telephone conversations, e-mails, etc.) are not monitored and recorded. Links Our website may contain links to other websites.
This Privacy Statement applies only to the access of the user to this website, but also to other websites managed exclusively by our company. In no case is the administrator of this portal responsible for the terms of protection of personal data of others. websites, which are the responsibility of third parties (natural or legal persons).
Revisions of the Declaration
Our company reserves the right to modify or periodically revise this Statement, at its sole discretion. In the event of any changes, it will record the date of modification or revision in this Statement and the updated Statement will be valid for you from that date. We encourage you to periodically review this Statement to determine if there are any changes to the way we handle your personal data. Applicable law and Jurisdiction For any dispute that arises between our company and the user, the applicable law is the Greek and the competent courts for resolving the dispute are the substantively competent Courts of the Prefecture of Thessaloniki.
What are your rights?
According to the EU General Data Protection Regulation (GDPR) 2016/679], as in force, you have the following rights: a) the right of access b) the right of correction c) the right to delete, under certain conditions, such as when the processing is no longer necessary for the purpose for which it was originally collected and there is no compelling reason to continue processing (or storing) it d) the right to restrict processing e) the right to the transmission of data f) the right to object and the right not to be subject to a decision taken solely based on automated processing, including profiling g) the right to complain to the supervisory authority That is, you have the right to receive, upon request, free information about the stored personal data concerning you, to raise, upon request, objections to the processing of the data concerning you, with effect for the future and revocation of your consent , as well as, in accordance with the provisions in force, the right to rectify, restrict processing, transmit data, delete such data and to complain to a supervisory authority. In these cases, please contact us in writing with a relevant original letter or by fax or e-mail to the competent department of Personal Data Protection of the Company, mentioned below.
Right to file a complaint
In case you consider that the processing of the data concerning you violates Regulation (EU) 2016/679, you have the right to file a complaint to a supervisory authority. Competent supervisory authority for Greece is the Data Protection Authority, Kifissias 1-3, 11523, Athens, https://www.dpa.gr/, tel. 2106475600 Contact Our company informs you that it has appointed Personal Data Protection Officers with an email address: firstname.lastname@example.org. If you have any questions or recommendations regarding this Policy, please contact them at the address above.
The cookies we use are the following:
1. Basic Cookies These cookies are necessary for the operation of our website in the part that requires registration in a service (eg posting comments). Without the use of these cookies the comment service of our website www.aktaion-resort.com will not be able to work.
2. Performance Analysis Cookies We use these types of cookies to monitor the performance of our websites and how their users can use them. These cookies provide us with information that helps us provide better articles and services to users. They also help us identify areas of our website that are not working properly or that need maintenance.
3. Functional Cookies Functional cookies are used to make the website remember your preferences on our websites. This can be anything from remembering your city to a weather forecast or saving your username (where needed) so that you do not have to enter it from the beginning when you return to our website www.aktaion-resort.com. If you use our website http://www.selida.gr you unconditionally agree to the sending of the above-mentioned cookies to your device.
We can also track IP addresses.
An IP address is a number that can identify the Internet service provider (Internet Provider) and the country of origin of the user. IP cannot provide personal information.
Remarketing Cookies (Facebook Pixel, AdWorks):
Displays ads to people who have visited your site or used your mobile app. For example, when people leave your site without buying anything, remarketing helps you reconnect with them by displaying relevant ads on their different devices. What if you do not want cookies? If you do not want cookies, you can use the special banner that pops up, choose each time which of the settings you want for your computer ACCEPT, MORE SETTINGS, DO NOT ACCEPT (Check the Help menu / Help of the browser you use to find out how to change or update the cookie settings correctly). Rejecting cookies may affect your ability to use any of the products / services on our company website Level B information for the processing of personal data through a video surveillance system Details of the Responsible for Processing: The company with the name "YOUR NAME" and with the distinctive title "…………", based in (address ………………… no. …, T: + 30 ………, E: ……. @ ............. gr).
Purpose of processing and legal basis:
We use a surveillance system for the purpose of protecting persons and property. The processing is necessary for the purposes of legal interests that we seek as the Controller (article 6 par. 1f GDPR). Analysis of legal interests: Our legal interest consists in the need to protect our space and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health, as well as the property of our staff and third parties, who are legally in the supervised area.
We only collect image data and limit the download to places that we evaluated, that there is an increased possibility of committing illegal acts e.g. burglary or vandalism, such as: around the hotel building, around the hotel fence, at the main entrance, at the side and back entrance, at the reception and reception area, in front of the elevators on each floor, in the basement and in the basement equipment and staff, without focusing on areas where the privacy of the persons being photographed may be severely restricted, including their right to respect for personal data. Recipients: The kept material is accessible only by our competent / authorized personnel, and those, contracted with us and bound by us with processing contracts of article 28 GDPR, external collaborators, who are in charge of the security and safety of the space.
This material shall not be passed on to third parties, except in the following cases:
- (a) the competent judicial, prosecutorial and police authorities, when it contains information necessary for the investigation of a criminal offense involving persons or property of the controller
- (b) the competent judicial, prosecutorial and police authorities, when requesting data, lawfully, in the performance of their duties, and
- (c) to the victim or perpetrator of a crime, in the case of data which may constitute evidence of the act. Retention time: We keep the data, to which this Information of par. 20 (CCTV) refers, for fifteen (15) days, after which they are automatically deleted. If during this period we find an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns thirdly we will keep the video, for up to three (3) more months.
Rights of Data Subjects:
Data Subjects have the following rights in relation to the processing company concerned by this Information of par.20 (CCTV):
- Right of access: you have the right to know if we are processing your image and, if this applies, get a copy of it.
- Restriction right: you have the right to ask us to restrict processing, such as not deleting data that you deem necessary to establish, exercise or support legal claims. • Right to object: you have the right to object to the processing.
- Right to delete you have the right to request that we delete your data. You can exercise your rights by sending an e-mail to the address: email@example.com or a letter to our postal address or by submitting your request to us in person at our offices. To consider a request related to your image, you should tell us about when you were within range of the cameras and give us a picture of you to make it easier for us to locate your data and hide third-party data persons.
Alternatively, we give you the opportunity to come to our facilities to show you the images in which you appear. We also point out that the exercise of the right of objection or deletion does not imply the immediate deletion of data or the modification of the processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.
Right to lodge a complaint:
If you consider that the processing of the data concerning you violates Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for Greece is the Personal Data Protection Authority, 1-3 Kifissias, 11523, Athens, https://www.dpa.gr, tel. 2106475600. Curriculum Vitae Policy The data from the Curriculum Vitae and its accompanying documents are collected by the "COMPANY NAME" directly and only by the interested party to conclude a collaboration, because these are necessary for the evaluation of his / her suitability for the specific collaboration. In addition, it should be noted that by (voluntarily in this way) depositing / sending the personal data and information contained in the above Curriculum Vitae and its accompanying documents, the interested party consents to the collection, storage, use, in the processing and transmission of such data for the purposes set out in this information.
For the safe processing of the personal data of the interested party from the submitted Curriculum Vitae, the "COMPANY NAME" receives all the necessary technical and other means. Access to personal data from the Curriculum Vitae has only the authorized, as the case may be and depending on the purpose of processing, the staff of the "COMPANY NAME" and / or the staff of third parties (advertising) companies ("Executors of Processing" or "Responsibles for Processing" for which the "COMPANY NAME" is the "Executor of Processing"), with which a "COMPANY NAME" has been contracted, subject to compliance with the relevant confidentiality obligations contained in the relevant contracts. These data are processed by the "COMPANY NAME".
The "COMPANY NAME" will not disclose, sell, exchange, grant or in any other way available without the consent of the interested party to third parties, natural or legal persons, personal data from the collection and processing of the Curriculum Vitae, except of the cases mentioned above for the needs of the position to be filled and the selection process and due to the legal basis of article 6 par. 1b 'of GenKan. These companies will process the data exclusively for the needs of their cooperation with the "COMPANY NAME".
With regard to the personal data transmitted by the interested party, in the context of sending or submitting the Curriculum Vitae, the purpose of the processing is the intention to conclude a cooperation agreement at the request of the interested party ("Data Subject"), the control of his / her qualifications before the conclusion of the contract (6.1b 'GenKan), the minimum necessary processing of this data for the evaluation of the Curriculum Vitae and whether the information mentioned in it corresponds to the specific position of cooperation with the "COMPANY NAME Or as well as the defense of the interests of the "COMPANY NAME".
Also, the need for communication between the "COMPANY NAME" and the "Subject", the use of data (e.g., photos) on the company's social media to promote its actions. This processing is done by the company only for the stated purposes and does not extend to another processing purpose. Once the consent of the interested party has been obtained for cooperation, the CV data will be stored by our company for purposes of future cooperation for a period of 6-12 months at most after their submission and then will be destroyed / deleted. / anonymized in a secure way. If no such consent has been obtained, the data of the Curriculum Vitae, after covering the relevant job, for which the interested party sent or submitted this note, will be destroyed / deleted / anonymized in a safe way and within a timely manner within 1 month of filling the position, unless the "COMPANY NAME" is legally entitled or obliged to maintain them.
The latter happens in the event that the interested party finally cooperates with the "COMPANY NAME" where the Curriculum Vitae, its accompanying documents (photos, etc.) will be kept for as long as the project contract or cooperation is active. Also, any additional information requested and necessary for the needs of the insurance-tax legislation will be processed only for purposes that are directly related to the cooperation of the assignee. Once the co-operation period is terminated or expired, they will be retained for as long as required by law and will then be securely deleted / deleted / anonymized.