Data Management and Newsletter Policy
Personal Data Protection Policy
By means of this policy GOLDEN STAR HOTEL – ANASTASIOS PAPIAS S.A. hereby defines and discloses the terms by which, acting according to law, the “Data Controller”, collects, stores, uses and generally processes your personal data, which is collected when visiting, registering or using the Company’s website as well as when dealing with the company’s executives/premises. This Policy also describes the method of using, disclosing and protecting your personal data, your choices regarding your personal data, and how you can exercise your rights.
This Personal Data Protection Policy is in accordance with the requirements of European Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the clauses of L. 3471/2006, which are complementary to the protection of personal data in electronic communications. The applicable law is the Greek law, as formed according to the valid national and European legislative and regulatory framework on the protection of personal data.
Responsible for the processing is Eleni Papia, who is registered in Greece, Perea, [Romanou 3], telephone number ++30 23920 22755.
For inquiries regarding this Policy, but also for any matter relating to the processing of your Data or exercising your rights, you may use the e-mail firstname.lastname@example.org.
Personal Data we collect
ANASTASIOS PAPIAS SA collects only the absolutely necessary Personal Data, which are appropriate, relevant and necessary for the intended purpose. These Data include the following:
- Data you provide when signing up for our newsletter or when registering and creating a user account on our site via your internet or mobile or in your personal contact with our executives in Greece and abroad; and specifically: name, surname, postal address, email, land-line and mobile phone number and in the case of services through invoices, profession and TIN. The provision of appropriate personal data is a prerequisite for the conclusion of a hotel services contract through an invoice or service provision. In the event of failure to provide the above data, ANASTASIOS PAPIAS SA may not be able to meet your orders, queries or requests.
- Data and information you provide to us through transactions and communication between us (through our physical premises, our website, via telephone, email or any other way), such as feedback on the services offered on the site, your participation in competitions, etc. This information helps improve our services.
How are Personal Data used?
Where appropriate, ANASTASIOS PAPIAS SA uses your Data:
- To Create a User Account: ANASTASIOS PAPIAS SA processes your Data in order to provide you with relevant account functions and to facilitate the services provided. Cancelling a registered user account can be performed through the Preferences section in your account.
- To execute a Contract for the services: The processing of your Data is necessary for the performance of the Contract you enter into with us when receive a service on our behalf.
- To Communicate with you and to offer you its Customer Service: ANASTASIOS PAPIAS SA uses your Data to respond to requests/queries you submit through your customer service, to manage and provide information regarding refund/cancellation requests, to disclose information in compliance with its legal obligations, such as changes to the personal data protection policy.
- To Send newsletters and offers: With your consent, ANASTASIOS PAPIAS SA will use your Personal Data, preferences, and transaction data to inform you via email, internet, telephone and/or social media about new products and services, including personalised offers, as well as for bids, offers, promotions, promotion activities and remote website promotion activities. To unsubscribe from the newsletter users can select the link “Click here to unsubscribe from the newsletter mailing list” at the bottom of each newsletter at any time.
- To develop and improve services: Pursuant to its legal business interests, ANASTASIOS PAPIAS. SA processes your Data in order to improve the level of its services as well as the visibility of its website. If the company conducts a market survey, as part of improving its services, your consent will be sought prior to processing your data.
What is the legal basis for processing your Data?
Depending on the purpose of the processing, the legal bases that allow ANASTASIOS PAPIAS SA to process your personal data in accordance with the applicable law are:
- The Company’s obligations arising either directly from the law (e.g. tax legislation, e-commerce legislation, etc.) or from a contract concluded with the company when receiving a service.
- Your consent, where applicable, e.g. when you choose to receive a newsletter.
- The Company’s legitimate interest. In specific cases, your Data is processed because it is part of the operation of the business in the context of improving the services provided, without said processing affecting your rights, freedoms or interests.
Who has access to your Data?
Your data is accessed by the absolutely necessary ANASTASIOS PAPIAS SA personnel, which is committed to confidentiality, as well as the collaborating businesses or third-party service providers, such as financial organisations for the processing of credit cards and payments, technology, marketing, advertising, accounting and other relating service providers, who process your Data as Data Processors on our behalf and according to our orders.
To this end, ANASTASIOS PAPIAS SA exclusively uses Processors providing adequate assurance on the appropriate technical and organisational measures, in order for the processing to comply with the Regulation requirements and ensure the protection of your data. In particular, in the framework of the written agreements concluded by ANASTASIOS PAPIAS SA with the Data Processors:
- We exclusively provide information required for the execution of the specific services performed by them.
- They may use your Data exclusively for the precise purposes set out in our contract with them.
- If we stop using their services, all the data they own will be deleted or become anonymous.
- They have agreed and are contractually bound to maintain confidentiality, not to send your Data to third parties without our permission, to take appropriate security measures, including protecting the data from unauthorized or unlawful processing, accidental loss, alteration or destruction, and to comply with the legal framework for the protection of personal data, in particular the General Data Protection Regulation.
How long is your Data retained for?
ANASTASIOA PAPIAS SA retains your Personal Data for as long as may be required for meeting the purposes set forth in this Policy (unless a longer retention period is required under the law in force). In specific, your Personal Data will be retained depending on the purpose, as follows:
- Regarding User Account data: For as long as you remain a registered user.
- Regarding data for the execution of the service Contract: For as long as may be required for the management of the service, including contractual time on cancellations or shall be defined by law for the possibility of civil claims or tax or commercial legislation (e.g. for warranty purposes where applicable).
- Regarding Customer Service data: For as long as may be required for meeting your request or for responding to your query, if none of the other data retention cases stipulated herein applies. If you participate in promotions or competitions, we will retain your data for a period of six months after the end of the promotion/competition, unless a longer or shorter period in expressly stipulated in the specific terms of the relevant promotion/competition.
- Regarding data for direct marketing purposes: Until you unsubscribe or cancel your subscription to the newsletter.
After expiry of the relevant retention period specified above, as well as of the period during which liabilities may arise from processing under the relevant personal data protection law in force, your data shall be completely deleted or shall be anonymised, e.g. by pooling with other data, in order to be used in a non-identifiable manner for statical analysis and business planning.
Are your Data safe?
ANASTASIOS PAPIAS S.A. is committed to ensuring that your Personal Data:
- are subject to lawful and fair processing in a transparent manner
- are collected for specified, express and lawful purposes and are not subject to further processing in a manner that is incompatible with these purposes.
- are appropriate, relevant and limited to those required for the purposes they are subject to processing.
- are accurate and updated, when necessary
- are retained in a form which allows the identification of natural persons only for the period required for processing purposes.
- are processed using appropriate technical or organisational measures, in a way that guarantees the appropriate security of data, including the protection of data against unauthorised or unlawful processing, accidental or unlawful destruction, loss or alteration and unauthorised disclosure. Thus, indicatively, ANASTASIOS PAPIAS S.A. and parties performing the processing on its behalf implement measures that continuously ensure the confidentiality, integrity, availability and reliability of the processing systems and services, restore in due time the availability and access to data in case of physical or technical incidents and regularly test, assess and evaluate the effectiveness of these measures.
What are your rights?
- Access to your Personal Data.
This means that you have the right to be updated by us on whether we process your Data. If we process your Data, you may ask to be informed of the purpose of the process, the type of your Data we keep, who they were disclosed to, the retention period, whether automated decision-making takes place; you may also be informed of your other rights, such as correction, data deletion, processing limitation and filing a complaint to the Personal Data Protection Authority.
- Rectification of inaccurate personal data.
If you find there is an error in your Data, you may submit an application for correction (e.g. correction of name or update of address change). If you are a registered user, you can modify or update your personal data, using your Account.
You may request the erasure of your data, if they are no longer necessary for the above mentioned processing purposes or if you wish to withdraw your consent, in case this is the sole legal basis for their processing or if you exercise the right to object to their processing or if the data has been subject to unlawful processing. The right to erasure shall not apply when the processing is required for our compliance with legal obligations under the national or Community law or for establishing, exercising or defense of legal claims.
- Restriction of processing.
You may request us to limit the processing of your Data for as long as your objections on processing are pending or until they are found to be accurate, provided that you contest said processing. You may also request us to limit the processing, provided that the data are no longer required for the purposes of processing, but are required for exercising your legal claims. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims.
- Data portability.
You may ask us to receive, in readable form, the Data you have provided or ask us to transmit them directly to another controller.
- Opposition and withdrawal of consent for the processing of your Data.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you and we shall no longer process your Data, unless there are other compelling and legitimate reasons for the processing thereof, which prevail your right or for establishing, exercising or defense of legal claims. If you have given your consent for processing your data, you may withdraw it at any time with future effect, choosing not to receive marketing communications, by clicking on the “delete” link or following the instructions in the message. The withdrawal of consent shall not affect the legitimacy of the processing based on consent before its withdrawal.
To exercise your rights you can submit a request at the e-mail address email@example.com and we will examine it and we will respond as soon as possible.
You have the right to lodge a complaint with the Personal Data Protection Authority (postal address:1-3 Kifissias Ave., P.C. 115 23 Athens, tel. 2106475600, e-mail address: firstname.lastname@example.org), if you believe that the processing of your Personal Data is in breach of the General Data Protection Regulations or the generally applicable legal framework of personal data protection.
How will you be informed of any amendments to this Policy?
This Personal Data Protection Policy was last amended on November 2020.