Who are we?
We (“we”, “us”, “our”) are business ΔΟΥΛΓΕΡΗΣ ΚΟΣΜΑΣ ΓΕΩΡΓΙΟΣ (140499744), with its Headquarters located at Agios Ioannis Peristeron, 49084, Kastellanoi.
We are the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
This Service is provided by Dataverse Ltd. Dataverse Ltd is the data processor. This means it processes your personal data on behalf of us.
Personal data – what is it?
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
Personal Data we process
We process your data in order to process and execute the reservation made by you. We collect and use information which you provide to us. When you make a Room Reservation, you are (as a minimum) asked for your name, your telephone number and email address. Depending on the Room Reservation, we may also ask for the names of any guests travelling with you and any preferences (such as meal preferences and any mobility restrictions) you might have.
We also collect and process the result of the pre-payment made to a financial service provider. We do not collect your credit card details.
We process your name and your email address to contact you for marketing purposes.
Other information we process
We may collect personal identification information about Users whenever they interact with our Web Site. Personal identification information includes User IP address. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to the Web Site. We do not carry out any analytics on this information other than that required to ensure cyber security.
How do we process your personal data and what is the legal basis for processing your personal data?
We process your personal data in order:
• To perform the contract between you and us regarding the reservation (legal basis: contract performance)
• To be compliant with the financial legal obligations and any other legal obligation we may have (legal basis: legal obligations)
• To communicate with you, if you have given consent, for marketing purposes. (legal basis: consent)
• Το ensure cyber security (legal basis: legitime interests)
Sharing your personal data
Processor: We use Dataverse Ltd to process your personal data on our behalf. Dataverse Ltd is bound by confidentiality clauses and is not allowed to use your personal data for other purposes than instructed us.
Competent authorities: We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or properties, or the rights and properties of our business partners.
In every other case, your personal data will be treated as strictly confidential, and will not be shared with third parties.
How long do we keep your personal data?
• We keep your personal data regarding your reservation for 13 months at most from the last date of your accommodation.
• Your personal data that are included in the financial statements issued will be kept for five (5) to twenty (20) yearsat most according to current Greek Law.
• Your personal data regarding marketing purposes will be kept as long as your consent is valid.
• Your personal data (IP address) that we use in order to ensure cybersecurity safety will be kept for 1 month from the collection time.
Your rights and your personal data
You have the following rights with respect to your personal data:
• The right to request a copy of your personal data which we hold about you;
• The right to request that Dataverse corrects any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for us to retain such data;
• The right to withdraw your consent to the processing at any time
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data;
• The right to lodge a complaint with the Data Privacy Authority.
This website may contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Changes to this policy
To exercise all relevant rights, queries of complaints please in the first instance contact as at email address firstname.lastname@example.org or on 00302661072644.
You can contact the Data Protection Authority at www.dpa.gr or on +30 210 6475600.