GDPR: DATA PRIVACY NOTICE FOR CLIENTS
Suntos S.A. – Grand Hotel Holiday Resort is committed to protecting and respecting your privacy. This policy and any other documents referred to on it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
WHO WE ARE
Suntos S.A. – Grand Hotel Holiday Resort is a “data controller” for the purposes of the General Data Protection Regulation 2016 which means that we are responsible for, and control the processing of, your personal information.
INFORMATION WE MAY COLLECT FROM YOU
We collect personal data, which you directly provide us with, as well as, data forwarded to us by the booking engines and travel agencies of your choice, through which you have made your room reservation, or we may obtain such other personal data about you as may be provided to us in the course of our transaction.
We are obliged to request the following details about you and/or your family members:
- Contact details (e.g. surname, given name, father’s name, passport /ID-card details, telephone, home address, email)
- Personal data (e.g. date of birth, nationality, place of birth, names of accompanied children)
- Billing details (e.g. credit card number, VAT number)
- Date of arrival and departure, flight number, and room number; your car registration number for parking arrangements.
- Preferences and interests (e.g. non-smoking room, preferred floor, type of bed, sports, cultural interests)
- Audiovisual information collected through closed circuit television (CCTV) for security reasons. CCTV is installed in public areas, entrances and exits of our properties for the prevention and detection of crime. Footage is securely stored and is only accessible to authorised personnel. Footage may be shared with authorities if required by law.
- Questions and comments submitted during or after your stay in one of our Hotels.
The data we collect on persons under the age of 16 are restricted to given name, surname, nationality, and date of birth. This data can only be provided by an adult or guardian. We thank you for your efforts to ensure that children do not send us personal data without your consent, especially through the internet. Should any information of this type be sent to us, you can communicate with the Data Privacy department (see section “Questions and contact”) to arrange for the deletion of such information.
In general, we do not collect sensitive information (information related to your physical or mental health, racial or ethnic origin, political opinions, religious or other beliefs, your sexual life, genetic data, biometric data -if used to identify an individual- or trade union membership), unless it is volunteered by you or we are required to do so by law. For example, we are legally obliged to obtain your passport details, which, also, contain your country of origin, and thus, your nationality. Where you are using our spas or health club or fitness facilities, we may also ask you to advise us of any medical or health conditions from which you suffer where these are relevant to the activities you plan to participate in at the facilities.
We also may use health information provided by you, with your consent, to meet your particular needs during your stay, such as smoking habits, any mobility restrictions or specific meal preferences or food allergies. In certain cases, your meal preferences could, also, inevitably by their nature, reveal your religion beliefs, like in the cases of halal and kosher meals.
Furthermore, in situations when you stay with other guests whose details you may provide as part of the reservation or make a reservation on behalf of someone else, you should only provide us with information about other people if you have their permission to do so. It’s your responsibility to ensure that the other person is aware that you have done so and that this individual has accepted that we use their personal information as outlined in our Privacy Statement.
WE COLLECT AND PROCESS YOUR DATA FOR THE FOLLOWING PURPOSES:
We collect and use personal data to manage your relation with Suntos S.A. – Grand Hotel Holiday Resort and to offer our Services to you. Certain personal data is collected to provide you with personalised and improved services.
We collect personal data with the following purposes:
a) To manage reservations and other hospitality services:
Create and store legal documents in accordance with applicable law.
Collect data to meet requests relating to your stay (e.g. room preferences).
b) To manage the details of your hotel stay:
To help us identify you and your reservation during your check-in.
To collect your payment.
To manage the access to your room.
To monitor the use of services for billing purposes (room telephone, mini bar, online room service, Wi-Fi access, etc.).
To manage lists with customers’ personal data for operational purposes, e.g. daily customer arrival and departure lists and a list of special category customers (e.g. VIP, privilege members, etc.).
To keep record of incidents of record of incidents of aggressive behaviour, non-compliance with the hotel contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents.
c) To improve our hotel services, by customizing products and Services to better meet your requirements.
d) To manage our relations with you before, during, and after your stay:
To confirm your reservation in;
For billing purposes in relation to your stay with us;
To confirm prior transactions and reconcile statements or invoices;
To contact you in relation to matters that arise from your stay with us;
To send you newsletters regarding our properties and to advise you of promotions or to inform you of offers or other information that may be of interest to you (if, where required, you separately provide your consent for us to do so);
To conduct surveys or focus groups to receive your views of our properties and service delivery (if, where required, you separately provide your consent to this);
To customize the commercial offers and the promotional messages, which you have agreed to receive from us.
e) To ensure the safety of individuals, as well as, our hotel’s property through the use of CCTV cameras.
f) To comply with an obligation imposed by law, which include keeping record of all our customers’ essential identification data, such as full name, address, Passport or ID number, as well as keeping record of invoices and proofs of payment for a period of twenty (20) years for tax verification purposes.
g) To ensure the safe use of services provided by our spas and fitness facilities. When you make a booking with us for accommodation, hospitality, spa treatments or other services, we may need to collect some of your personal data by law, or under the terms of a contract we have with you. This means that if you decide not to give us your data, we might not be able to provide the service, and may have to cancel your booking or purchased service. We will let you know if this is the case at the time, so you can decide what you’d like to do.
Legal Bases for Using Your Personal Data:
There are different legal bases that Suntos S.A. – Grand Hotel Holiday Resort relies on to use your personal data, namely:
Conclusion and performance of a contract
We use your information in order to perform our contractual obligations for hospitality services, fulfil your requests for a reservation, and to take steps in anticipation of those obligations.
– Data processing may be necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights. Such legitimate interests include those of improving our services, minimizing any disruption to the services that we may offer to you, making our communications more relevant and personalised to your needs, and thus making our performed services more efficient and effective. Legitimate interests, also, may include the establishment, exercise or defence of legal claims or proceedings under contract.
Legal compliance and/or vital interest
as mandated by a valid and binding request from an applicable government entity with proper jurisdiction. For example, Suntos S.A. – Grand Hotel Holiday Resort may use your personal data in order to comply with legal and regulatory obligations against police, tax authorities, etc., including financial reporting requirements imposed by government regulators and our auditors;
Who do we share your information with?
Suntos S.A. – Grand Hotel Holiday Resort does not disclose your information to third parties for their own business or marketing purposes without prior your consent.
We may disclose your personal data to any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We may also share your information with companies that provide services on our account or behalf, such as travel agencies, tour operators, booking agencies, infrastructure providers, management systems, IT & information security professionals, etc, in order to pursue our legitimate interests and perform a contract. These third parties are required to comply with our data privacy and information security standards when handling personal data and we aim that they do not compromise your personal data and information
We may disclose your personal data to our insurers and/or professional advisers, such as lawyers, accountants, etc, insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of court procedure.
Financial transactions relating to our website and services are handled by our payment services provider. We will share transaction data with our payment services provider only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect your vital interests or the vital interests of another natural person (employees, customers, or others). If legally compelled to disclose your information to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We do not share your personal data outside Europe.
What we do to keep your information safe?
We have taken organisational and technical measures to protect the information that we collect in relation to our Services, especially sensitive personal data. Our IT department implements international standards and practices to ensure the safety of networks and the encryption of data. Access to Personal Data is restricted to authorized personnel who have a legitimate business purpose for accessing and processing your Personal Data. All personnel are legally bound to treat your personal data as strictly confidential, as well as, abstain from any unlawful use or transmission of your data to third parties.
Personal Data Storage Period
Suntos S.A. – Grand Hotel Holiday Resort ensures that your personal data will be deleted when it is no longer necessary for Suntos S.A. – Grand Hotel Holiday Resort to process or store such data for the aforesaid purposes or for other legitimate purposes, including in compliance with applicable law, or with a view to establishing, exercising or defending legal claims, within the time period set by applicable statute of limitations. For example, by law we have to keep basic information about our guests and customers (including Contact, Identity, Financial and Transaction Data) for at least ten years after they cease being customers, as proof of our compliance to tax legislation. Recordings from video surveillance for the purpose of preventing crime will be deleted no later than 5 days after the recording took place, unless is it necessary for Suntos S.A. – Grand Hotel Holiday Resort to store the recordings for the purpose of dealing with a specific dispute, for example in relation to solving crime or other illegal actions, in which case the recording could be stored for a total period of three months.. Any data collected for marketing purposes shall be kept until your consent is revoked.
What are Your Rights?
The right to access:
You have the right to access information we hold about your person and to obtain information about how we process it.
The right to withdraw consent:
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. We may continue to process your information if we have another legitimate reason for doing so.
The right to data portability:
You have the right to receive the information you have provided to us in an electronic format and/or request that we transmit it to a third party.
The right to rectification:
You have the right to request that we rectify your information if it’s inaccurate or incomplete;
The right to erasure:
In some circumstances, you have the right to request that we erase your information. We may continue to retain your information if we’re entitled or required to retain it;
The right to object or restrict process:
You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms. You, also have the right to ask us to suspend the processing of your personal data, with the exception of storage, in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You can exercise your rights by contacting our e-mail address ‘email@example.com’ or Mr. Konstantinos Toskoudis – Tel: +30 2810 380833, and we will make every effort to amend or remove to satisfy your requirements within a month of your contact.
You also have a right to file a complain to Hellenic Data Protection Authority by visiting www.dpa.gr or contacting Switchboard: +30 210 6475600, Fax: +30 210 6475628, E-mail: firstname.lastname@example.org.