- Who we are and what we do
- Types of data collected
- Special categories of data collected
- Source of data
- Use of the collected personal data – Identification of legal basis
- Use of the personal data for purposes different than those originally collected for
- To third parties – Description and legal basis
- International Transfers of Personal Data
- Take a moment and explore your rights
- This is how you can exercise them and our obligations to respond
- How you can file a complaint
- How we protect your data
- Retention period
VII. Changes to this Policy
Last modified: 25.05.2020
Effective date: 25.06.2020
Thank you for visiting our website www.calderaelements.com which is dedicated to providing accommodation services of the highest quality to the island of Thira (Santorini) Greece. Through our Website you can review our services and remotely visit the wonderful island of Santorini while our hotel and staff are anxiously waiting for you to visit us and have a memorable stay.
2. Who we are and what we do
Our hotel is operated by EPIFANIOS SIGALAS E.E. and our contact details can be found below:
- ELEMENTS OF CALDERA
- Address: 84700 Akrotiri Santorini
- Telephone: +30 22860 82821
- E-mail: firstname.lastname@example.org
While providing our services and/or offering them via the Website we need to collect certain personal data and our primary goal is to keep it safe and secure and protect your privacy. We regard your wish to spend some time on our premises and relax with the highest respect and therefore all necessary measures are in place to safeguard your ultimate right to personal and private time.
Offering our services means that except for the Website, where you can directly access and book the services you wish for, we engage and cooperate with third parties, such as online booking engines, tour operators and travel agencies through whom you may request and receive our services.
As of May 2018, our Accommodation has fully aligned its policies and operation with the requirements of GDPR (General Data Protection Regulation) and only works with people and entities who share the same views and high sense of responsibility towards the need to lawfully and safely process personal data.
Personal data refers to any information related to an identified or identifiable person and basically refers to all information that may identify you as an individual.
As mentioned above, you have the ability to review and book our services through third parties (e.g. third parties’ online platforms/applications or other service providers). When doing so, information provided by you to these third parties may be separately collected and processed by them, so you need to be mindful of their privacy policies.
II. Personal Data and Special Categories of Personal Data – Processing
1. Types of data collected
1.1. Site visitors
Persons browsing through our Website and interacting with it and any features and/or applications operated by the Website are considered as Visitors.
(a) data we collect while you browse our Website
When visiting our Website, we collect the following information (i) IP address, (ii) device and browser type as well as the device operating system, (iii) the pages you visited on our Website, and (iv) the time you spent on our Website.
(b) data we collect while using the Contact Us form
When you choose to contact us via our online Contact form you will be requested to fill in your full name, a valid e-mail address (required field) and optionally your phone number, your country of origin, possibly requested arrival and departure dates.
(c) data we collect while using the Book Now platform
In order to make a booking you will have to provide us with your name and last name, your country of origin as well as a valid e-mail address and a mobile phone number. You are free to provide any requests or additional information you may consider important so that we can provide additional services requested (if possible).
Additionally, you will be requested to fill in your debit/credit card details in order to proceed with your transaction as per the terms of your booking.
If you decide to receive our accommodation services either via our Website Online Booking Platform or through third parties, then you are considered a Guest.
(a) data we collect while using the Book Now platform
Please see in the above section.
(b) data we collect upon check-in
Once you arrive at our Accommodation, we will ask you to fill in a check-in form where you will have to provide us with the following data: Full name, e-mail address, date of birth, Passport Number, Nationality, Profession, Company (Employer if applicable), full address details (city, street and number, ZIP code), telephone number (home or mobile) and fax number. You will also be requested to present the credit/debit card used for payment/guarantee while it is noted that the holder of the card must also be present during check-in. As per legal requirements, we will also ask and receive a photocopy of the passport of all other guests staying with you.
(c) data we collect from third parties (e.g. online booking platforms/tour operators/employers):
As already mentioned you may as well request third persons to intervene for making a booking in our Accommodation. In such instances we shall receive all personal data already provided by you and especially those mentioned under 1.2.(b).
(d) data we collect during your stay
Kindly note that our premises are monitored by closed circuit television systems (installed as per legal requirements) while certain data may be collected if you choose to use our wired or wireless networks (data about your device or your location). Data shall also be collected through the use of card keys and other security and/or technology systems.
2. Special categories of data collected
Under normal circumstances we will not ask, nor will we hold special categories of personal data i.e. health data, religious beliefs. Any such data will only be provided by you and/or under your explicit consent by third parties (e.g. online platforms) if you wish us to adapt our services to specific requests (e.g. meal preferences, food allergies, use of spa services) and subject to availability of such custom services.
3. Source of data
Personal data are provided to us either by you personally either by third parties acting on your behalf and under your explicit authorization (e.g. online booking platforms, tour operators, etc.).
4. Use of the collected personal data – Identification of legal basis
4.1. Provision of services and experiencesThis shall include using data to:
- communicate with you for upcoming reservations or after check-out for any pending issues
- enable transfer and other services
- offer, process or facilitate payments for our services
- perform internal operations necessary to obtain our services
- provision of custom/personalized services as per guests’ requests
Kindly note that if you provide us with special categories of data in order to receive personalized services, such data will not be used for any other purposes.
4.2. Safety and security
We use personal data to maintain the safety of our facilities, services, guests and personnel (e.g. CCTV data, data collected from the use of room card-keys).
4.3. Customer supportOur Accommodation may use your personal data to provide customer support, such as:
- review and satisfy guests’ concerns and requests
- monitor and improve our customer support responses and processes
- reply to requests submitted by interested guests
4.4. Legal proceedings and requirements
We may use personal data to investigate or address claims or disputes relating to services or as otherwise allowed by law or as requested by public, police or other authorities. Additionally we shall process personal data to detect and prevent fraud.
4.5. Statistical purposes
Greek authorities issue annual reports referring to the number and nationality of foreigners visiting Greece and we shall disclose in anonymized and aggregate form the aforementioned details (if provided by the guest).
5. Use of the personal data for purposes different than those originally collected for
Under normal circumstances we shall not use your data for purposes other than those originally collected for. However, should that be the case we shall inform you in a proper and timely manner for any new processing of your personal data along with all details set out by law.
III. Transfer of personal data
1. To third parties – Description and legal basisIn order to perform our contractual obligations and provide the best possible service we shall share personal data with:
(a) Business associates such as:
- In pseudonymized form with marketing associates, so that they can suggest a marketing activity (legal interest)
- Third party suppliers for the provision of services requested by you
- Financial institutions and payment services providers
- Cloud storage providers/ E-mail providers
- Consultants, lawyers, accountants and other professional service providers
- Insurance and financing partners
- Travel agents/online booking platforms you have used in order to process your booking and comply with contractual requirements
(b) For legal reasons or in an event of a dispute
We may disclose personal information if that is required by EU or national legislation or in compliance with a ruling, order, mandate received from any authority or court. Legislation may also require collection and disclosure of personal data e.g. passport information to police authorities, guests’ information in line with Covid-19 measures. We may also share personal data in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
(c) Investors, to the extent that the expansion of business activity requires a due diligence by an interested investor, taking any measures necessary to secure and protect confidentiality of personal data.
2. International Transfers of Personal Data
Our Accommodation does not transmit personal data in countries or international organizations outside the EEA.
IV. Data Subjects’ Rights
1. Take a moment and explore your rights
- Right to access: You have the right to ask us if we keep your personal data, which are these and you can ask a copy thereof. Exercising this right is subject to ID verification processes and is satisfied under the condition that third parties’ rights are not violated.
- Right to rectification: You have the right to ask us to rectify your personal data if this is imprecise, inadequate or not up to date.
- Right to erasure/to be forgotten: You have the right to ask us to delete your personal data except for those we need to keep pursuant to legislation or for lawful business purposes stipulated by law.
- Right to restrict processing: You can ask to restrict processing all or part of your personal data in certain cases e.g. when your data held is imprecise.
- Right to object: You have the right to object to processing your personal data for reasons related to your personal status or for processing related to direct marketing purposes.
- Right to portability: You have the right to ask us to deliver a copy of your personal data in easily readable format and/or send such a copy to a third person indicated by you for the provision of similar services.
- Right to not be subject to automated processing: Notwithstanding exceptions stipulated in law, you have the right to ask us not to proceed with decision making for you based on automated means such as profiling, in cases where such a decision could have or has important legal consequences for you.
We would like to draw your attention that in the event you do not allow us to collect personal information from you, we may not be able to deliver certain products and services, while some of our services may not be able to take account of your preferences. If collection of personal information is mandatory, we will make that clear at the point of collection so that you can make an informed decision whether you shall proceed with visiting our Accommodation and making use of our services.
2. This is how you can exercise them and our obligations to respond
For the exercise of your rights, you can contact us via our Contact Form on this Website under the subject “Exercise of Data Subject Rights” or send an e-mail at email@example.com and we shall proceed with any required action to respond in a timely manner and within the time limits set by law. Exercising the aforementioned rights is free of charge unless requests are repeated in an unreasonable way or excessive.
3. How you can file a complaint
Law provides you with the ability to lodge a complaint to the competent data protection authority in your country of residence or the country of our main establishment. Please find below the contact details for the competent authority in Greece:Hellenic Data Protection Authority
1-3 Kifisias Avenue
115 23 Athens
Tel: +30 210 6475600
Fax: +30 210 6475628
V. Technical and organizational measures put in place to safely process your data
1. How we protect your data
Our Accommodation has taken all necessary technical and organizational measures for the safety of your personal data. We have applied all required procedures, such as encryption and pseudonymization, in order to prevent unauthorized and/or unlawful access or transmission to third parties. Our standard procedures include periodic review of security measures but it must be considered that despite our best efforts, these are not perfect or unbreachable.
2. Retention period
We retain personal data for the period necessary to fulfill processing purposes unless legislation requires or allows retention for a longer time period. We retain information in our reservation system for at least five (5) years following a guest’s departure in order to process your booking and provide invoicing and recordkeeping.
VI. Children’s privacy
Our and services, as well as the website www.calderaelements.com do not address to children under 15 years old. Therefore, we do not knowingly collect personal data belonging to minors that do not meet the required age criteria. In that case minors are not allowed to make use of our Website and not provide any personal data.
In case you realize, acting under your capacity as guardian or parent that a minor has notified personal data to us, please send us immediately an e-mail through Contact Form.
VII. Changes to this Policy