Book Now

PRIVACY POLICY

We would like to assure you that your personal data is incredibly important to us and we treat it with respect. The present privacy notice contains important information about how we use your personal data and complies with the General Data Protection Regulation (GDPR) as well as with the relevant national legislation regarding personal data.

 PERSONAL INFORMATION THAT WE COLLECT AND PROCESS

We collect and use many different kinds of personal data in order to provide our services. The personal information we may collect about you includes:

Contact details: first name, last name, mobile phone number, email address, home address, zip code, city of residence.

Age: Date of birth and/or age.

Demographic information: nationality, language, gender.

– Data related to your preferences/interests/desires, such as habits, special preferences for food, specific dietary, health restrictions, important events, such as birthdays, name days and other special occasions.

Financial information: credit or debit card details, bank account information, other payment details.

CCTV: Images, video and audio data provided through CCTV recordings in our properties.

Third party data: In case you provide the personal information of any third party, you are responsible for informing them that we are collecting their personal information.

Other data: browse and device data, IP address, data through cookies etc.

 All the above information is collected in the following ways:

1) Information you voluntarily give us, when you make or verify a reservation, purchase a gift card, make a payment in our facilities, subscribe to our mailing list, attend our events, use our services, interact with our online services, communicate with us through digital channels or phone and generally when you submit your personal data to us voluntarily.

2) Information collected automatically, such as payment and transaction data, CCTV data and other usage data, like IP address, marketing choices, online data and data through cookies.

3) Information collected by third parties, through social networks, event planners and organizers or personal information provided by your family members and friends.

 PURPOSE OF PERSONAL DATA PROCESSING

We undertake the obligation to keep your personal data strictly confidential and to keep and proceed with it for one or more of the following purposes:

– To fulfil our obligations arising from our agreement to provide services to you.

– To help us in making your reservation and providing the services you request.

– To enable you to use our website.

– To provide the best possible customer service to you, personalizing and enhancing your experience.

– For billing purposes.

– To communicate with you regarding the provision of our services and responding to your inquiries.

– For marketing, advertising and promotional purposes such as sending you newsletters, if you have already provided your consent.

– To enhance the operation of our business, including internal purposes, such as data analysis, statistical and research purposes.

– To conduct surveys and assessments in regard to the quality of our services.

– For the establishment, exercise and defense of legal claims or proceedings.

 LEGITIMATE GROUNDS FOR PERSONAL DATA PROCESSING

We collect and process your personal information on the following basis:

– To perform our duty to provide good service to our customers.

– To comply with our legal and regulatory obligations.

– To fulfil legitimate business purposes, as proceeding your personal data can make us better and improve our communication with you and your experience in general.

– Your consent has been previously granted.

– To safeguard our business and your personal interests. That justifies the use of CCTV and security cameras located in our establishment, in order to ensure your safety and prevent malicious activities.

– For the establishment, exercise or defense of legal claims or proceedings.

 PERSONAL DATA RETENTION

As a company, we will retain your personal data for the period necessary to fulfill the above purposes, unless a longer period of retention is required or permitted by the relevant legislation or in case you revoke your consent regarding the processing of your data.

 The retention period of your data varies depending on several criteria:

  • If processing is conducted on the basis of a contract, your personal data is stored for as long as the contract indicates.
  • If processing is required under any applicable laws, your personal data will be kept for as long as the relevant provisions require and for the time necessary for the exercise of claims or rights and legitimate interests.
  • Any image and location data collected are deleted in fifteen (15) days after their recording. If an incident happens, we retain the relevant receipts separately for three (3) months or, in exceptional cases, longer, if needed for the investigation of the incident.
  • If processing is based on your consent, your personal data can be deleted at any time upon the revocation of your consent, provided that there are no overriding legal grounds demanding their retention. You may exercise this right by contacting us at: info@spiliamykonos.com, phone number: +30 22890 71205 & 6975165343.

 

DATA CONTROLLER – DATA PROCESSORS

The company under the name “TECHNIKI ETAIREIA XENODOCHEIAKES TOURISTIKES EPICHEIRISEIS CHANIOTIS ANONYMH ETAIREIA”, located in Ano Mera of Mykonos, Greece, 84600, T.I.N. 094108788, is the Data Controller for the purposes of GDPR.

While processing your personal data, as described above, we may disclose your personal data to our Data Processors such as affiliates with our Company and third-party service providers including, but not limited to, companies providing technological services for the operation, protection and security of our electronic and digital systems, payment processing services, marketing, auditing and other services. The above process of your data is in accordance with our instructions to these Data Processors.

 MINORS

The Services provided by our Company are not directed to individuals under the age of eighteen (18), therefore we kindly request that underaged individuals do not provide their personal data through the services.

 YOUR RIGHTS REGARDING YOUR PERSONAL DATA

  1. The right to object to the processing: You have the right to object to certain types of processing, including processing for direct marketing.
  2. The right to be informed: You have the right to request and be provided with transparent and easily comprehensible information about how we use your personal data.
  3. The right of access: You have the right to access your personal data under processing. That way you can ascertain that we’re using your information in line with the law.
  4. The right to rectification: You can have your information corrected, in case it’s inaccurate or incomplete.
  5. The right to data portability: You are enabled to attain and reuse your personal data for your own purposes.
  6. The right to restrict processing: You can block further use of your personal information. When processing is restricted, we can still keep your information, but may not process it further.
  7. The right to erasure: Also known as ‘the right to be forgotten”, which enables you to request the deletion or removal of your information, if there’s no compelling reason for us to keep using it. This right comes of course with some exceptions described in the relevant provisions of the law.
  8. The right to revoke consent: If you have given us your consent to retain and handle your personal information, you also are enabled to withdraw your consent at any time. In that case, this does not necessarily mean that anything done regarding your personal data with your consent up to that date is illegal.
  9. The right to file a complaint: You have the right to file a complaint regarding the way we handle or process your personal information with your national data protection regulator.

If you want to exercise any of these rights, you may contact us at info@spiliamykonos.com or phone number: +30 22890 71205 & 6975165343.

SECURITY MEASURES

We implement suitable organizational and technical measures to guarantee the security and confidentiality of your personal data and their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us.

MODIFICATION OF PRIVACY POLICY

This Privacy Policy may be revised occasionally, in accordance with the requirements of the applicable law. In case of revision of this Policy, a relevant notice will be posted on the Website.