Privacy Notice for the Processing of Personal Data during the provision of the Wi-Fi service
Introduction
This Notice applies to the processing of your personal data (hereinafter referred to as "Personal Data") when you are using the Wi-Fi service offered from the Hotel as a customer of the hotel (hereinafter "Customer" or "Visitor" or "you"), carried out by the company "LANDA SA" (hereinafter referred to as "Company" or "Hotel" or "us").
As a hotel customer or visitor you have the right to the protection of your Personal Data. The Company respects your privacy and your personal data and always acts in compliance with the Personal Data Protection Legislation. The Company also undertakes to act transparently regarding the way data is processed in the context of fulfilling its obligations.
By the term "Personal Data Protection Legislation" (hereinafter "Legislation") we mean all laws, regulations, directives, etc., Greek or European relating to the processing of Personal Data, their privacy and security.
Basic but not exclusive legislation are the General Data Protection Regulation (GDPR), the ePrivacy Directive for the protection of privacy in electronic communications, as well as any other Opinion or Guideline issued by the Greek Personal Data Protection Authority.
It is important that you carefully read and keep this information which explicitly explains how and why we collect your Personal Data, what we do with it, how long we keep it, with whom we share it, how we protect it, as well as the options you can have about them. This way you will always be fully aware of the ways and the reasons for which we use this data as well as your rights in accordance with the Legislation.
Data Controller
The company LANDA S.A. in accordance with the General Data Protection Regulation, acts as “Data Controller”. This means that the Hotel is responsible for deciding on the ways and purposes for which it collects and uses (hereinafter “processes”) your personal data.
Our contact details are:
LANDA S.A.
Rhodes Bay & Elite Suites
100 Iraklidon Avenue, Rhodes, Greece, 85101, Greece
Tel: +30 22440 89000
Fax: +30 22440 89901
Email: info@rhodesbay.com.com
Processing Principles
In the context of complying with the Data Protection Legislation, we make every possible effort to:
Process your Personal Data in a fair, legal, legitimate, clear, objective and transparent manner.
Collect your data only for specified, explicit and legitimate purposes that we consider appropriate and that have been adequately explained to you. Assure you that they will not be used in any other way, except for these purposes.
Collect and maintain the least possible data, which are appropriate, relevant and indispensable for processing purposes.
Confirm that the data are correct and kept up-to-date and accurate.
Retain your data for as long as we need them to fulfill every processing purpose.
Make sure that the data are securely stored.
Process your data in such a way so as to ensure that they will not be used unlawfully or against your will.
Legal Basis for Personal Data Processing
We process your Personal Data according to at least one of the legal bases specifically listed below:
The processing of your Personal Data is necessary for the execution of our contract.
Processing is based on your consent, which is given for one or more specific purposes.
Processing is necessary for the purposes of the legitimate interests sought by the Hotel or a third party, unless your interests, fundamental rights and freedoms associated to your Personal Data protection prevail.
Personal Data we process
Personal Data is any information that relates to you as an identifiable person. The Personal Data we collect and process for the provision of the Wi-Fi service are described in detail below:
Information about your identity (name, surname, nationality)
Contact details (phone number, email address)
Information related to your stay (date of arrival, date of departure, room number, reservation number).
Manner of collection and source of Personal Data
The collection of your personal data is usually done by you yourself when you make a reservation, but your Personal Data may also be collected from other sources such as the following:
From the hotel management system (with your consent transfer to the Platform)
Upon check-in at one of the hotels
When you choose to contact us by phone or using digital services
Purpose of Collection and Processing of your Personal Data
We process and use your personal data for one or more of the following purposes:
To authenticate you as a legitimate user of the Wi-Fi service
For the execution of the contract between us and in order to fulfill our contractual obligations such as the provision of the Wi-Fi service, as well as additional services that you requested.
be provided with personalized products and services
receive newsletters with company’s news, offers and activities
have the service provision of the Company generally improved
know how many times you has visited us and enjoy unique service
know your opinion by sending you questionnaires
Your personal data will be used solely for the purposes for which it was collected or for other purposes compatible with the original. If your personal data is required to be used for any other purpose, you will be informed and informed of the legal basis on which the processing will be based or your consent may be sought.
In any case, the processing of your personal data is done in accordance with the principles hereof and the rules of the Personal Data Protection Legislation.
Automated decision making, including profiling
We do not make decisions that may have a significant impact on you, including profiling, in an automated manner (decision-making using only an electronic system without human involvement)
When and how we share Personal Data we receive with others
We work with IT Concept to offer you the Wi-Fi service. The information you provide is stored in one or more databases hosted by IT Concept. IT Concept does not use or access your personal information for purposes other than booking.
The transmission of data will be done by ensuring (where possible) that these third parties process your data with the utmost confidentiality, taking appropriate security measures to protect them in accordance with our policies and not using your personal data for your own the purposes or any purpose other than those agreed upon.
In addition to the above, the Company will not transfer personal data to any third party unless it is legally obliged to do so or when it must comply with its contractual and legal duties (the tax authorities or the police fulfill our audit duties)
The Company will not sell your personal data to third parties under any circumstances and will not allow third parties to sell the data it has transmitted to them.
Personal Data Disclosure
We will use and disclose personal data, if we believe it is necessary or appropriate:
To law authorities and other governmental authorities to the extent required by law or when strictly necessary to prevent, detect or prosecute criminal offenses and fraud.
To comply with the applicable law, including laws outside your country of residence.
To comply with the legal process.
To respond to requests from public and state authorities, including authorities outside your country of residence, and respond to national security or law enforcement requests.
To deal with emergencies.
For how long do we retain your data
We will retain your Personal Data for the period necessary to fulfill the purposes described in this Privacy Notice if necessary to meet our contractual and legal obligations, unless an extended retention period is required or permitted by law or if the User requests their withdrawal from us, opposes or withdraws his consent.
The criteria used to determine the retention periods include:
The time we have a continuous relationship with you and we provide you with our Services
If there is a legal obligation (for example, some laws require us to keep records of your transactions for a certain period of time before deleting them)
Whether the maintenance is appropriate taking into account our legal and tax situation
As long as we have reasonable business needs, such as managing our relationship with you and managing our operations
For as long as someone could sue us.
Retention periods in accordance with legal and regulatory requirements or instructions.
If the data collection was based on your consent, it may be deleted at any time after your consent has been withdrawn.
Your data may also be deleted in one of the following cases:
when they are no longer necessary for the purposes for which they are collected
when deletion is necessary in order to comply with our legal obligations
at your request, provided that there are no compelling legal reasons requiring its maintenance.
Your rights regarding Personal Data Protection
Under certain conditions set forth in the Personal Data Protection Legislation, you have the following rights regarding your personal data:
Right to transparency information: You have the right to know who is processing your data, how they are being processed, which are those and for what reason.
Right to access. You have the right to access your personal data for free.
Right to correction. You have the right to ask for the correction of any inaccurate data and to fill in any incomplete information.
Right to deletion. You have the right to request the deletion of your personal data under certain conditions, such as when the data are no longer necessary in relation to the purposes for which they were collected, if you have revoked your consent and there is no other legal basis for processing, if the data were illegally processed, etc. The deletion may not be possible when processing is necessary for, inter alia, the Hotel’s observance of a legal obligation, to carry out a public interest duty, for the exercise of a public authority entrusted to the Hotel, for reasons of public interest associated with public health, for the establishment, exercise or support of legal claims, etc.
Right to processing limitation. You have the right to request the limitation of the processing of your personal data when their accuracy is questioned, when the processing is illegal, when the data are no longer needed by the data controller or if you have objections to the automated processing.
Right to data portability. You have the right to request the transfer of your data to another data controller, when this is technically feasible.
Right to object. You have the right to object to the processing of your personal data, provided that the public interest is not compromised. The right to object to certain forms of processing of your personal data, so as not to be subject to the legal consequences of automated processing or formatting.
Moreover, in case we process your personal data based on a legitimate interest or for public interest purposes, you have the right to express your disagreement at any time regarding your personal data use, in accordance with applicable law.
If you have given your consent to the use of some of your data, you also have the unlimited right to revoke it at any time. Revoking your consent means that we will stop processing the data you previously allowed us to process. The Hotel reserves the right to determine what information should continue to maintain, in order to fulfill its tax and legal obligations in general. There will be no consequences for the revocation of your consent, beyond the Hotel’s inability to perform this processing.
You may exercise your rights by contacting the Hotel either by sending an email at dpo@hhotels.gr. If you exercise any of your rights via a written request, we will make every possible effort to process your claim within thirty (30) days of receipt and we will inform you either of your satisfaction or of the reasons that prevent its implementation. If you do not receive a response within 30 days or are not satisfied with our response, you have the right to complain to the Data Protection Authority.
You have the right to submit a complaint to the Data Protection Authority, which enforces data protection laws, if you have concerns about how the Hotel is processing your personal data or if you are dissatisfied with our response to your complaint or request.
Data Protection Authority
1-3, Kifisias Avenue, Zip Code 115 23, Athens
Tel.: +30-210 6475600
Fax: +30-210 6475628
e-mail: contact@dpa.gr
http://www.dpa.gr
Protection of your Personal Data
We have established a series of technical and organizational security measures to prevent the unauthorized or illegal use or access of/to your personal information, accidental loss or damage to their integrity, their alteration or disclosure. Moreover, access to your personal data is limited to those who need to know on a professional level. They will only process your personal data in accordance with our instructions and are subject to a confidentiality obligation. Your Personal Data will be processed by a Third Processor only if he agrees to comply with the specific technical and organizational data security measures.
In case of a breach of data security, we will notify you and the relevant regulatory bodies we are legally obliged to.
Questions, Concerns or Complaints
If you would like to make a request or objection, if you have questions about this information or if you would like to make a complaint about how your personal data is processed by the COMPANY or its associates or if you wish to exercise your rights you can contact us.
dpo@hhotels.gr
Data Protection Officer
Our contact details can be found in the Data Controller section of this Notice
Amendments to this Notice
The Company reserves the right to modify this Privacy Policy and its related practices at any time in order to respond to any changes in the regulatory environment, business needs, or to meet the needs of the subjects, properties, strategic partners and service providers, without notice. Such changes, amendments, additions or deletions to the Privacy Policy shall replace any previous ones and shall be valid immediately after their disclosure.