Information on the Processing of Personal Data
Introduction
We would like to assure you that for NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A. the protection of our customers’ personal data is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by third parties who process personal data on behalf of the company.
Data Controller – Responsible for the Processing of Personal Data
NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A., with the distinctive title “NAXOS RESORT” having its registered office at Agios Georgios, Naxos, Greece, email: [email protected], tel: +30 22850 26650, website: https://naxosresort.gr/, hereinafter also referred to as the “Company”, informs that, in the context of its business activities, it processes the personal data of its customers in accordance with the applicable national legislation and the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”) as is currently in force.
The Company uses external providers/processors for the purposes of registration and booking.
In the above cases, the company is the sole data controller, and it defines the specific elements of the processing. It also signs a contract with the third parties to whom it assigns the data processing, in order to ensure that the processing is always carried out in accordance with the current legal framework and that any natural person can freely and without hindrance exercise the rights conferred on him/her by the legal framework.
For any matter concerning the processing of personal data, please contact the Data Protection Officer (DPO) directly, email: [email protected].
Which are the categories of personal data we process?
Your personal data we process are absolutely necessary and appropriate for the achievement of our business purposes. The personal data processed to achieve these purposes are indicatively the following:
A. Simple Data
Personal data you provide to us, such as:
Identification Data (name, surname, date of birth, nationality and any other information which may appear in your passport or other piece of formal identification),
Contact details (phone number, email address),
Additional information, such as address, city, and other information by responding to a communication from us or by filling in forms (both online and offline).
Please note that the data relating to your identification, or your contact details are absolutely necessary for any transaction or contractual relationship with the company and that the type and number of other data depend in each case on the contract which either has been or will be concluded, and /or on the offered service.
We hereby inform you that it is your duty to inform the company on time of any changes to the data you have submitted at your own initiative, as well as to respond to any update request.
How and why do we process your personal data?
We use your data for the following reasons:
- To provide the services you request, to perform our contract and in general to fulfill our obligations towards you
We collect your personal data in order to provide you with our services after the conclusion of the relevant contract. In order to conclude a contact with you and in general to fulfill our obligations towards you, we need your personal identification data and your contact details.
- To improve our services and protect our business interests
Our business purposes, for which we use your information, help us improve the quality of our services and meet your expectations. For example, we may need to contact you by email or telephone to handle requests or complaints about our services. Moreover, during your visit to our Company’s website, you can fill in the contact form by filling in your name, phone number, email and anything you wish to be informed about and receive a reply from our company as soon as possible! We may also invite you to complete surveys that we use for research purposes, although you do not have to respond to them.
- To inform you about our services and offers
If you have consented to this by subscribing to our Company’s newsletter or you are part of our corporate customers, we will send you promotional material about our new services and offers.
- To comply with our legal obligations
We process your personal data in order to comply with our legal obligations, and in particular with labor, insurance and tax legislation, judgements or administrative authorities’ decisions. We also process your personal data in order to investigate complaints, identify and prevent fraud, evaluate the accuracy of pricing and assess situations relating to possible threats to the security of any person or violations of our policies or terms.
- To safeguard our legitimate interests and protect individuals, materials and facilities with the settlement and operation of CCTV systems.
Which are the legitimate grounds for processing your personal data?
We process the personal data you provide us only when we have a legitimate interest to do so.
Legal grounds for processing your personal data are:
(a) the proper performance of the services you wish to receive from us in accordance with our contractual obligation between us under an existing contract, or the necessity to process personal data at the pre-contractual stage at your request to provide you with our services in the context of our partnership,
(b) the safeguarding and the protection of our legitimate interests, both yours and ours. Therefore, we may process personal data in order to ensure security of individuals, materials and facilities, network security and smooth operation of the company’s information systems and their protection against malware, IT support, the establishment, exercise and defense of our legal claims as well as the overall organization and development of our business activities, including marketing towards our corporate clients,
(c) compliance with an obligation imposed by law, which may consist of obligations arising from the provisions of labor, tax and social security legislation,
(d) the consent you provide us with under the specific conditions set out by the legal framework, for instance in order to receive information on our services, offers etc.
To whom do we transfer personal data?
NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A. transfers your personal data to the following categories of recipients:
- Company’ s employees
Your data may be transferred to our company’s employees in charge of assessing and satisfying your requests, managing and performing your contract(s) with the company, meeting the obligations arising from the contract(s) or imposed by law.
Your personal data are dealt with the highest degree of confidentiality, as those employees who process your personal data have a sufficient and significant level of awareness to protect them and are bound by a confidentiality clause or are subject to the appropriate regulatory obligation to observe the confidentiality clause. - State Authorities, law enforcement authorities in the exercise of their duties
We may share your information with the competent state authorities, law enforcement authorities as long as this is necessary and permitted by law, in order to identify or prevent criminal acts, unlawful activities and situations relating to potential security threats of any person or violation of our policies or terms. - External partners, legal consultants, auditors, advertising companies etc.
The company, in the course of managing court proceedings and for the purposes of establishing, exercising and defending its legal claims against third parties, may transfer your data to external lawyers in the event that their assistance is considered necessary for the management of the case and the defense of the company’s rights.
Furthermore, the company may also transfer your personal data to third cooperating companies for the purpose of sending newsletters about products, services and offers, to provide you with information about the Naxos Resort Beach Hotel services which may be of interest to you via email, post or telephone and to provide other services and facilities.
In the above cases, the company remains data controller and defines the specific elements of the processing. It also signs a contract with the third parties to whom it assigns the data processing, in order to ensure that the processing is always carried out in accordance with the current legal framework and that any natural person can freely and without hindrance exercise the rights conferred on him/her by the legal framework.
Furthermore, the company ensures that the processors it engages fulfill the requirements and provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will ensure the protection of your rights.
Storage Time
The data storage time is decided based on the following specific criteria, as appropriate on each case:
When the processing is necessary for compliance with legal obligations under the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions.
When the processing is based on a contractual relationship, your personal data are stored for as long as is necessary to perform the contract and for the establishment, exercise or defense of legal claims in accordance with the contract.
For marketing purposes, your personal data are stored until their withdrawal. You have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
In all the above cases, the personal data processed by the company are stored in a hard copy and/or soft copy. We undertake all efforts so that your data is stored for a period no longer than is necessary for the purposes for which they have been obtained.
What are your rights with respect to your personal data?
Any natural person whose data are being processed by NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A., enjoys the following rights:
Right of Access:
You have the right to be aware and verify the legitimacy of the processing. So, you have the right to access the data and get additional information about how your date are processed.
Right to Rectification:
You have the right to study, correct, update or modify your personal data by contacting the person in charge for the processing of personal data with the above-mentioned contact details.
Right to Erasure (“Right to be forgotten”):
You have the right to request the erasure of your personal data when we process them based on your consent or in order to protect our legitimate interests. In all other cases (for example, when there is a contract, or an obligation to process personal data required by law or for public interest reasons), this right is subject to specific restrictions or may not apply, depending on the case.
Right to Restriction of Processing:
You have the right to obtain from us restriction on the processing of your personal data where one of the following applies:
(a) the accuracy of the personal data is contested and until such accuracy is verified;
(b) you oppose the erasure of your personal data and request (instead of erasure) the restriction of their use;
(c) personal data are not needed for the purposes of processing, but they are, however, required for the establishment, exercise, or defense of legal claims; and
(d) you object the processing pending the verification whether our legitimate grounds override those of yours.
Right to Object:
You have the right to object at any time the processing of your personal data where, as described above, such processing is necessary for the purposes of legitimate interests we seek as controllers, as well as to the processing for direct marketing purposes, including profiling related to such direct marketing.
Right to Data Portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them, using commonly used editing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. This right concerns the data you have provided to us, and their processing is carried out in a commonly used format based on your consent or in order to perform a contract.
Right to withdraw consent:
Where processing is based on your consent, you have the right to withdraw it. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
In order to exercise any of the above-mentioned rights please contact the Data Protection Officer (DPO), email: [email protected].
In all the above cases, we will do our best to respond to your request within thirty (30) days of its submission. This deadline may be extended for up to sixty (60) additional days, if necessary, considering the complexity of the request and the number of requests. Therefore, we will notify you within thirty (30) days.
Right to lodge a complaint with the Hellenic Data Protection Authority
You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr) electronically through the portal https://eservices.dpa.gr/.
Personal Data Security
NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A. implements appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and/or unauthorized access to, use, modification or disclosure thereof. In any case, the way in which the internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and/or unfair purposes. Several security measures are in place so that NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A. can safeguard the integrity of its communications and computing infrastructure, including authentication methods, monitoring, auditing, and encryption technology. We seek to use reasonable organizational, technical, and administrative measures to protect your personal data.
Transfers of personal data to third countries or International Organizations
Personal Data processed by NAXOS RESORT BEACH HOTEL SINGLE MEMBER S.A. are not transferred to third countries outside the EU.
Links to other websites
Our website may include links to other websites that are beyond our control, and other websites beyond our control may be linked to this website. While we try to ensure that our website is only linked to websites sharing the same privacy and security criteria, the company is not responsible for the privacy practices or the content of other websites. Therefore, we suggest that you carefully read the privacy policy on the relevant website.
Changes to this Privacy Notice
Information about privacy on our site reflects the current state of the data processing. In case of changes in the data processing, this information will be updated accordingly. There will be always the latest version of this data protection information on our site so that you are informed via our site about the data processing.
We recommend that you always be aware of how we process and protect your personal information. All changes in respect of this Privacy Notice will become known in time, before these changes take effect.
The above information is provided in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council as well as with the relevant provisions of the national legislation on the protection of personal data applying the Regulation.