High Beach Hotel, High Beach White and Miramare High Beach Annex (hereinafter referred to as Hotel) consider the protection of your personal data as a high priority.
This Personal Data Protection Statement describes the personal data the Hotel collects about you, how we use and protect your personal data, the options you have about the way we use this data.
The use of the Internet pages of the Hotel is possible without any indication of personal data; On this website, the Hotel has integrated the component of Google Analytics with the application of Anonymizer function. Google Analytics is a web analytics service that places a cookie on the information technology system of the data subject for the collection, gathering and analysis of data about the behavior of visitors to websites. By means of this Anonymizer application the IP address of the Internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area. Cookies already in use by Google Analytics may be deleted at any time by the data subject.
- Which personal data we collect about you
- Customer Details: Name, Surname, Date of Birth, Nationality, Gender, Passport Number
- Contact Details: Phone number, Email, Home address
- Billing Details: VAT, Credit/Debit card details such as Cardholder name, Credit/Debit card number, Security Number, Expiration date
- Accommodation Details: Date of arrival/departure, Room number, Room Type
- Preferences and wishes: Preferred floor, Non-smoking room, bed type, special diet, smoking habits
- Medical data related to your health: Allergies, pathological disease data, mobility issues
1.1 Travelling Companions’ Data: When making a reservation for someone else through your reservation, we will ask for personal data and travel preferences for this person. You should obtain the other person’s consent before providing us with his/her personal data and travel preferences, as access to view data or any changes to his or her data will only be available through your account.
1.2 Surveys: We may be asking for demographic data or other personal data for the customer surveys we conduct
1.3 During your stay at our premises: We collect additional personal data when registering/entering to our facilities, including data that may be required by the national law.
Additionally, we may collect personal data related to services rendered at our facilities, such as reception services, gyms, spa, various activities, childcare services and equipment rental.
1.4 Personal data we collect from third parties. It is also possible to collect data about you from third parties, including data from our partners in airlines and card payments and from other partners, including social networking according to your settings in these services, as well as from other third party sources who have the legal right to share your data with us.
We use this data for the purposes described in this Statement.
- How we process your personal data
2.1 Service Management: We use your personal data for room reservation and other associated services such as keeping required documents in accordance with the applicable legislation, requests related to accommodation, room access, use of mini bar, room telephone, etc.)
2.2 Promotional Activities: We may use your personal data to send you a Goodbye letter via your e-mail. You may choose to opt in/out of this service.
2.3 Improving the quality of service: We may use your personal data to improve the quality of the Hotel’s services and to ensure that our products and services are of interest to you.
We also use your personal data to provide you with the expected level of hospitality in your rooms and in all facilities of ours.
2.4 Personalization of the Service: We may use your personal data to make your experiences with us more personal and more social aiming at offering you diversified services.
- What is the Legal Basis for the Processing
Depending on the purpose for which data is used, the legal basis for processing your data may be:
3.1 Your consent
3.2 Our legitimate interest, and in particular:
- for legal reasons, when processing is required by the applicable law
- the contract between us
- The execution of the contract concluded for the provision of room reservation as a service. The provision of data is mandatory as it is the requirement to provide the service and the security of the payment.
- to improve our services
- to prevent fraud: ensure that each payment is completed without any fraud or appropriation
- How we protect your data
We use reasonable physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
Among other things, we have implemented the following technical and organizational measures:
- detecting and managing security breaches
- use of servers located in rooms with restricted access and subject to regular checks
- use of information systems and programs for computers that are installed in a way that minimizes the use of personal data and/or user authentication data
- adoption of individual procedures for the retention of personal data and their secure deletion/destruction
- access to systems and databases on a need-to-know basis
- Rights of the Data Subject
7.1 Right to receive transparent information: Each data subject shall have the right granted by the European legislator to obtain from the hotel the confirmation as to whether or not personal data concerning him or her are being processed.
7.2 Right of Access: Each data subject shall have the right granted by the European legislator to be aware of and to verify the legitimacy of the processing.
7.3 Right of Rectification: Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
7.3 Right of Deletion: You have the right to request a deletion of your personal data when:
a) your data is no longer necessary in relation to the purposes it was initially processed for
b) you withdraw your consent
c) data has been processed illegally
d) The data must be deleted by law
In all other cases, this right is subject to specific restrictions or does not exist as the case may be.
7.4 Right to limit processing: You have the right to request a limitation to the processing of your personal data in the following cases:
- a) when the accuracy of personal data is questioned
b) when you oppose the deletion of personal data and request instead the limitation of its use
c) when personal data is not needed for the initial purpose, yet it is necessary for the establishment, exercise, support of legal claims
- d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and prevail over the reasons for which you are opposed to the processing.
7.5 Right to object to processing: At any time, you have the right to object to the processing of your personal data for the cases where, as described above, it is necessary for the purposes of legitimate interests we seek as processors, as well as for the processing for direct marketing purposes and consumer profiling.
7.6 Right to Data Portability: You have the right to receive your personal data free of charge in a format that allows you to access it, use it, and process it with commonly-used processing methods. You also have the right to ask from us, if technically feasible, to transfer the data directly to another processor. Your right to do so exists for the data you have provided to us and the processing is carried out by automated means based on your consent or on the execution of pertinent contract.
7.7 Right to file complaint to the DPA. You have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr): Telephone Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: email@example.com
- Transmission of personal data outside the EU
The personal data we collect from you is not transmitted or processed outside of the European Union.
- Data processing period
- We retain your personal data for as long as it is required to fulfill the purposes of this Statement, unless the applicable laws require or allow for a longer period of time.
- We retain personal data collected to satisfy customer reservations for seven years after the end of the stay. We retain other personal data for shorter intervals if this is possible and permitted by law.
- When processing is required as an obligation under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions
- When processing is done on the basis of a contract, your personal data will be stored for as long as necessary to execute the contract and for the establishment, exercise, and/or support of legal claims under the contract.
- For marketing purposes, your personal data is retained for up to five years. In any case, you can revoke your consent. Withdrawal of consent does not affect the legality of consent-based processing performed in the period before its revocation. To revoke your consent, please contact the Hotel Data Protection Officer (DPO)
- We will destroy your personal data as soon as possible and in a way that will not allow the data to be restored or reconstructed.
- How to contact us
NAME AND ADDRESS OF THE CONTROLLER
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
High Beach S.A.
Malia, 70007 Crete, Greece
Phone: +30 2897032783
NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
The Data Protection Officer of the controller is:
Data Protection Officer
Ethnikis Antistasseos 122, 71306, Crete, Greece
Phone: +30 2810301750
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.
This Statement was last updated on 24/5/2018.
We reserve the right to modify and update this Statement at any time, for any reason, without notice to you, other than posting the updated Statement on our website.