Ελληνικά
English
Deutsch
Français
Privacy Policy
Date: 7/10/2022
This Privacy Policy aims to inform you about the information we collect and process about you.
In collecting this information, we are acting as data controllers and, according to the European Union's General Data Protection Regulation (GDPR) and Greek Law 4624/2019, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Who we are
We are El Greco Hotel and Tourism Businesses Chr. Christoforakis S.A., with the trade name Palazzo Greco Boutique Hotel (hereinafter Palazzo Greco).
Our address is Mpizaniou, Agia Galini - Crete 740 56, Greece.
You can contact us through one of the following options:
- Post: In the above address
- Telephone: +30-28320-91187
- E-mail: dataprotection@palazzogreco.com
We are not required to have a Data Protection Officer, so any enquiries about our use of your personal data should be addressed to the contact details above.
What are Personal Data
According to Article 4 of the GDPR, 'personal data' means any information relating to an identified or identifiable natural person. This includes your full name, postal address, e-mail address, telephone number, and any piece of data which can be used to, directly or indirectly, identify you (the data subject).
What is Data Processing
According to the GDPR, 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What personal data do we collect
The personal data we collect from you and process are the minimum required to achieve the purposes of processing activities. For processing activities that require your consent, we will not process your personal data without said consent. All processing activities are compliant with Greek and European legislation and security requirements.
In case you do not wish to disclose some of your personal information, this may have an effect in some of our interactions with you.
Newsletter
When you sign-up to our hotel newsletter, we collect and process your full name and e-mail address (only with your explicit consent).
Your personal data will be shared with The Rocket Science Group LLC d/b/a Mailchimp, who maintain a list of newsletter recipients and send out our newsletter.
Your personal data will be kept by us until you withdraw your consent.
Bookings
When you book a room with our hotel, we collect and process your contact (full name, address of residence, e-mail address, telephone number), identification (id document number, nationality), stay (duration of stay), and billing information (credit or debit card number, CVC). The legal basis for this are the contractual obligations you, as a customer, enter into with our hotel.
Your personal data will be recorded in our booking software and will be shared with our accounting partner and the booking software administrator.
Your personal data will be kept by us until the end of the holiday season, unless we are obliged by law to extend the retention period.
For bookings made through our website, see the Privacy Policy available on our booking engine. For bookings made through third-party website, see their Privacy Policy.
Satisfaction Questionnaire
At the end of your stay, you will be presented with an optional satisfaction questionnaire that you may fill-in and submit. On it, we will ask for your explicit consent to collect and process your e-mail address and country of residence. The purpose of processing this information is statistical research regarding customer satisfaction at our hotel.
Your personal data will be stored in a secure file cabinet at our facilities, and will be processed in spreadsheet software once anonymized. If you submit the questionnaire digitally, your data will be shared with Google as they maintain the digital form service. If you consent explicitly to this, we may contact you regarding the scores or comments you left on the questionnaire.
Your personal data will be kept by us until the end of the holiday season, and then they will be completely anonymized.
CCTV Cameras
The hotel premises are monitored by closed-circuit cameras (CCTV) in order to ensure the safety of guests and staff, to prevent criminal or delinquent acts, and to assist the authorities' investigations in the event of an incident.
The data collected includes footage taken where there are surveillance cameras, which may include your image if you are at the location. The legal basis for the processing of this data is the safeguarding of the public interest.
The footage will be retained for approximately 15 days, after which it will be automatically deleted unless required by the relevant authorities. The material may be shared with the relevant authorities in the event of an incident, and may also be accessed by employees of the monitoring system maintenance company.
Contact Form
When you reach out to us using the contact form in our website, we collect and process your full name and e-mail address in order to provide you with a satisfactory answer to your request. The legal basis of processing here is our company's legitimate interest.
Your personal data will be shared with Google, who is our e-mail service provider.
Your personal data will be kept by us until your request is resolved, or if we haven't heard back from you in one month.
Cookies
To ensure the proper function of our website, we use cookies, small text files that are stored on your computer or mobile device when you visit our website. These files do not harm your device, and do not contain malicious software. Information relating to the terminal visiting the website, including preferences and behavior, are stored inside cookies but that does not mean we can always identify you.
Except for necessary cookies, we will always ask for your consent before placing them on your computer.
Our website uses the following types of cookies:
1. Necessary cookies
These cookies are strictly necessary for our website to function, and we don't ask for your consent to place these on your computer.
Name
Provider
Purpose
Duration
PHPSESSID
Palazzo Greco
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.
Session
2. Performance cookies
For performance monitoring purposes, we use cookies to collect information about the use of our websites by visitors with the aim of meeting more visitor needs, improving the content of our websites, and making our websites easier to use.
Name
Provider
Purpose
Duration
_ga
Google Analytics
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
2 years
_gat
Google Analytics
This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
1 minute
_gid
Google Analytics
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
1 day
Blocking and deleting cookies
1. Necessary cookies
These cookies are strictly necessary for our website to function, and we don't ask for your consent to place these on your computer.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| PHPSESSID | Palazzo Greco | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed. | Session |
2. Performance cookies
For performance monitoring purposes, we use cookies to collect information about the use of our websites by visitors with the aim of meeting more visitor needs, improving the content of our websites, and making our websites easier to use.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 2 years |
| _gat | Google Analytics | This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites. | 1 minute |
| _gid | Google Analytics | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. | 1 day |
If you wish to block or delete cookies from your computer, you can do so through your browser's settings. For more information:
Who will receive your data
The recipients of your personal data will include:
- The appointed staff of our company, within the framework of their responsibilities and on the basis of commonly accepted rules of confidentiality.
- Service companies, which will process your personal data strictly on our behalf. These service providers shall be contractually bound by confidentiality agreements and conditions.
- National and European Supervisory and Administrative Independent Authorities, as well as the Prosecuting and Judicial Authorities.
In the event that your personal data is transferred outside the European Union, the transfer will be governed by all necessary and indicative measures to ensure compliance with European and national legislation at all times.
How we protect your data
Our company has taken all necessary and recommended organizational and technical measures to ensure the security, protection, and confidentiality of your personal data, including protection from accidental or malicious processing, theft, or accidental loss. Our company has implemented appropriate business systems and procedures, and security procedures, restricting access through technical and physical measures. Access to your data is limited to authorized persons who handle the information under full confidentiality and as part of the performance of their duties.
These measures are subject to regular review.
In the event that we use third parties to process your personal data, this is done strictly according to written instructions, and third parties are contractually bound by confidentiality agreements and the obligation to implement appropriate technical and organizational measures to ensure the security of the data to which we allow them access.
For how long are your personal data retained
Your personal data are retained by our company for the period necessary to fulfill the purposes for which we have collected them unless a longer retention period is permitted by law.
All your personal data collected by us are subject to the present Privacy Policy. In case you object to the processing of your personal data, this does not affect the legality of previously carried out processing activities.
After the retention period has elapsed, your data will be safely deleted and removed from our systems.
Legal basis of processing
The processing of your personal data is carried out on a case-to-case lawful basis, depending on the purposes of the processing activity in question. Specifically:
- fulfilment of our contractual obligations
- your written and unconditional consent, where necessary
- the current legal and regulatory framework
- the legitimate interests of our company
Your rights as data subject
Your rights as a 'data subject' include the following:
- The right to be informed. Our company is transparent in informing you about our use of your personal data and your rights over them. You can contact us at any time, so we can answer your questions.
- The right of access. You have the right to ask us, at any point, for access to your personal data, to learn and control the legality of the processing activities. Requests of access will be responded to within one (1) month from receiving your request.
- The right to rectification. You have the right to request the correction of inaccurate or incomplete personal data.
- The right to erasure. You have the right to request that we erase personal data about you, without undue delay, when there is no lawful basis for the continuation of processing and storage of your personal data.
- The right to restrict processing. You can exercise your right to restrict the processing of your personal data, if the data's accuracy is contested, as an alternative to erasure in the circumstances that the processing is unlawful, where you need the data for legal claims but it is no longer required by us, or whilst a decision on an objection to processing is pending.
- The right to data portability. You have the right to request your data to be provided in a structured, commonly-used and machine-readable format, and to transfer your data to another party (e.g. service provider). This applies to personal data for which processing is based on your consent and the processing is carried out by automated means.
- The right to object. You have the right to object to processing based on the lawful basis of the legitimate interests of the controller, or of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Rights in relation to automated decision-making and profiling.
To submit a request regarding your personal data, you can contact us in the postal address or telephone number provided in the 'Who we are' section of this consent form, or by email at dataprotection@palazzogreco.com.
Your right to complain
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Hellenic Data Protection Authority, via their website at www.dpa.gr or by telephone at +30-210 6475600, or write to them at:
Data Protection Authority OfficesKifissias 1-3, 115 23
Athens, Greece
Reviews to the present Privacy Policy
We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven't previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.
We will update the version number and date of this document each time it is changed.