Effective as of : 16/07/2018
TOURISTIKES EPICHIRISEIS APOLLON A.E. (Tourism Enterprises Apollo S.A.) has placed the protection of your personal data high on our list of priorities, as part of our philosophy to build on a relationship of trust we mean to maintain with our guests and customers.
We therefore make an express commitment to respect your privacy as well as observing applicable legislation in the matter of protection of personal data and privacy.
This Personal Data and Privacy Protection Policy reflects the terms and conditions of the General Regulation on Private Data Protection (EU) 2016/679 – GDPR in the sense of and in accordance with the provisions of Article 13 thereof (Transposed in the Greek Legal Order by virtue of Law 2016/679 – GDPR).
Fully conscious as we are of the critical character of your personal data, we commit ourselves to spare no effort in carefully storing and processing whatever information you may be brought to share with us.
Your trust in us is something we highly appreciate: this is why we have come up with the present Data Protection Policy, so that you are kept informed on the ways whereby we collect, use and eventually disclose data concerning you. Our collecting, using and/or notifying data shall at all times be conditional on your consent unless otherwise prescribed under the applicable legislation.
At TOURISTIKES EPICHIRISEIS APOLLON A.E. we have chosen to enhance the efficiency of the protection of your personal data through technical security modules, internal data administration processes as well as by adopting physical safety measures. Our firm has been relentlessly developing its systems and procedures in an effort to safeguard whatever personal information you may at times furnish us with.
The term “Personal Data” is understood to designate whatever information eventually collected or otherwise recorded in a format allowing a direct (e.g. surname) or indirect (e.g. passport number) identification of yours as a physical person.
2. SCOPE OF EFFECT
TOURISTIKES EPICHIRISEIS APOLLON A.E. is fully aware of the importance our guests and customers place on the protection of their privacy, hence our endeavour at being unequivocally clear as to the ways whereby we are eventually brought to collect, use, notify, cause to transfer and/or store your data. This policy should be seen as a summary of the practices we have been adopting with respect to data.
3. WHAT IS THE PURPOSE OF OUR COLLECTING DATA?
Our firm may be brought to collect personal data as part of our activity of managing of your stay at our establishment(s) as well as monitoring your exchange with TOURISTIKES EPICHIRISEIS APOLLON A.E., the ultimate purpose being for us to be in a position to cater to be of service to you in the best and most efficient way possible.
We may therefore be collecting personal data in order to:
(a) Manage room and other hospitality services reservations. This may include:
drafting and storing legal documents in accordance with applicable legislation locally in effect;
collecting information bound to help us anticipate and eventually cater any requests relevant to your stay (e.g. room preferences)
(b) Manage your stay at the Hotel, by way of:
drawing up and managing customer personal data lists for operational reasons: such are, for instance, lists of guests expected to check-in/check-out within the day etc.
(c) Improve the quality of our hospitality services, by:
processing your personal data, albeit solely upon your consent, for marketing purposes, as explained in detail in the consent form you are invited to endorse.
(d) Manage our exchanges and interaction with you before, during and subsequent to your stay with us. This we endeavour to attain by:
managing requests for removal of a customer’s address from our marketing lists;
drawing up and managing questionnaires and whatever statistical data are collected through answers thereto.
(e) Bettering our services, by:
efficiently managing customer claims and eventual complaints.
(f) Ensuring system safety, by:
taking such targeted actions as may be necessary to warrant safety and prevent fraud
(g) Conformation with applicable Hellenic and European legislation
(h) Making sure that our customers and guests make safe use of our SPA services and fitness facilities.
4. What type of Personal Data is our firm bound to collect?
Although personal data are typically collected by having you furnishing them to us, there may be cases when such information is provided to us by a business partner, tourist agencies as well as through online reservation platforms (such as booking.com, expedia.com ea.), conditional on your having previously authorized such systems to act on your behalf in arranging for a stay at our establishment.
Type of data provided directly by you to us
Here’s a list of types of personal data we are our bound to collect directly from you, during your stay at our establishment:
Contact data: (e.g. name and surname, passport number, national identification document number, home address and telephone number)
Personal identification data: (e.g. date of birth, nationality)
Information relevant to your offspring: (e.g. name and surname, date of birth, passport number)
Invoicing-relevant data (e.g. credit card info, fiscal identification number)
Check-in/Check-out dates, flight numbers, room number (e.g. non-smoking room, preferred storey, type of room selected).
Health-relevant data such as information about any allergies you may have reported to be suffering from.
Information collected in the case of persons under the age of 16 may only be supplied to us by an adult / guardian / tutor shall be limited to their Name and Surname, Passport Number and Date of Birth.
We would highly appreciate any action on your side that will ensure that no information is supplied to us by your offspring without your consent (especially while using the Internet). If, despite all, any such data does eventually reach us under the circumstances, you have the possibility to contact our reservations department and arrange for data thus supplied to be removed from our system.
Moreover, any information in the matter of allergies or any other health-related concern you eventually have, may qualify for classification as sensitive. Data of this kind may only be preserved by our enterprise if compelled to do so under the applicable legislation or if you have previously given your express consent thereto (e.g. to the purpose of obtaining that we provide customized services, as is, for example, special meals etc).
What are Cookies about?
Each cookie is meant to be unique to your web browser, featuring certain anonymous data. A cookie usually contains the name of the field from where it has been generated, its “lifespan” as well as a designated figure (usually, in the form of a randomly generated unique number sequence).
Set forth below is a list of the most usual types of cookies web sites are likely to use:
Session (Visit) Cookies
These are temporary cookies meant to remain in your device web browser’s cookie folder solely for as long as your visit may last and which are automatically eliminated once you switch off your browser.
Persistent (Permanent) Cookies
Cookies of this type are meant to remain in the web browser’s cookie folder of your device even after you have switched off your browser. Such persistence may at times extend over a year or more (the exact term of stay of a cookie being conditioned by the particular cookie’s predetermined lifespan). Persistent cookies are used in the case of a particular website administrator eventually needing to know who you are for more than one visits (this could, for instance, imply remembering your user name or your parameter preferences for a particular website).
Such are cookies allowed by a website you may be visiting to install themselves in your web browser and/or on the hard disk of your device. This process includes your being attributed a single identifier enabling the system to monitor your browsing through the specific website. Website administrators frequently resort to First-Party Cookies to monitor visits for identification purposes.
These are cookies applied by third parties – e.g. social networks – to monitor one’s visit of the various websites under which such third parties may be advertised. The website’s administrator has no control over such Third-Party cookies.
Cookies on our Website and how to manage them
You will be interested in knowing that no session, persistent or third-party cookies are used on this website.
Set forth below is some information relevant to first-party cookies (Google Analytics) used on this website, including the way for you to eventually deactivate them as well as how this website’s functionalities may be affected by an eventual deactivation of the such cookies. For further information on how to manage specific types of cookies – including ways to control or remove them – please visit the following address: www.aboutcookies.org
Cookies by Google Analytics
Cookies generated under the Google Analytics service are meant to monitor and analyse performance; as such, they allow us to collect anonymous data about the use visitors make of our website. Cookies of this particular type provide us with information as to how many visitors are using our website, the time and duration of access thereto as well as providing us with insight as to the users’ browsing habits with respect to our website’s various domains. Such information is bound to help us to eventually improve the ways our website is operating. Being of the anonymous type, such data do not contain any personal information.
Data collected through Google Analytics cookies, relevant to our website are transmitted to and stored in Google’s servers, conformant to Google’s confidentiality policy.
For further information on Google Analytics service, please click on this link: http://support.google.com/analytics/answer/6004245
You may deactivate the Google Analytics monitoring module by clicking on this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
Should you chose to deactivate cookies of this particular type, your use of this website will no longer be monitored nor shall it be taken into account by our services as part of our statistical data collection process, aimed to help us improve the quality of services provided through our website. The website’s functionality will not be affected.
5. At what moment in time are Personal Data collected?
Personal data are bound to be collected under a variety of circumstances, for instance:
(a) In the event of participation in activities hosted on our facility premises, namely:
Booking a room with us
Customer check-in and payment
Booking /using a service on the premises, for example booking a table, ordering a meal, getting access to our SPA facility or participating in animation/entertainment activities
Management of complaints/problem reports, attending to claims etc.
(b) In the event of a customer participating in marketing campaigns:
Such is the case of your details being put on a mailing list – albeit only upon your consent – to the purpose of our business being in a position to send you a wishing card or forward promotional material to you, by mail.
(c) In the event of such data provided to us through a third party:
Such is the case of data supplied to our company by tourist agents, tourist offices, online booking platforms (in the likes of www.booking.com , www.expedia.com ea.) or other reservation systems.
6. Terms and Conditions under which Third Parties may have access to your Personal Data.
Part of our philosophy – and indeed a fundamental principle in our practice – at TOURISTIKES EPICHIRISEIS APOLLON A.E. – is making sure that no personal data of yours be notified to third parties for any business purpose of theirs or for marketing reasons, unless you have previously provided your consent thereto.
Still, there is a possibility that we disclose such data of yours to any of the agencies or organisations and under such circumstances as quoted below:
Service providers and/or any third party eventually involved in data processing on our account. In that sense, it may be that we are brought to disclose personal data of yours to businesses providing services on our account or in our name, such as IT companies, banking corporations, credit card issuers, law offices, postage/mail firms e.g.
Credit Approval: Upon requesting for a credit approval, your personal data shall be disclosed to and used by third parties, in accordance with applicable legislation, within the process of granting or maintaining a credit limit to your benefit.
Other third parties, whenever so required by law or as part of our duty to safeguard our services. There may, indeed, be circumstances under which our company shall be compelled to notify personal data of yours to third parties. This may, for instance, happen in those cases when we have to conform to applicable legislation or to abide with a specific, compelling legal procedure (for instance, a search/investigation warrant or any other kind of judicial decree whatsoever) or whenever our enterprise may be called upon to make good of its commitment to conform with established policies meant to govern our services or to the purpose of safeguarding our rights, protecting our property and consolidating the safety of TOURISTIKES EPICHIRISEIS APOLLON A.E. or any of our business partners and no less of our customers.
For us to be in a position to be of better service to all of our customers and guests, we need to allow for our expressly, ad-hoc authorized personnel to have access to certain types of your personal data. Such staff includes:
Front Office Department
Medical services staff, on an as-need basis.
7. Actions our firm takes to the purpose of warranting the safety of your Personal Data
You will be relieved to know that our company has taken all measures, both at the organizational and at the technical level, bound to safeguard information collected from our guests as well as to actively protect any sensitive personal data of yours, in possession of which we may come to be. Our IT Manager has had specialized training in the matter of investigation digital crime as well as in digital forensics. We moreover assure you of our adoption of all international standards and practices aimed at protecting networks and having data encrypted whenever so is required.
You are nevertheless kindly requested to consider that however meticulous we may be in adopting whatever measures may reasonably be expected to safeguard your personal data, there is no transmission over the Internet nor any information system capable of warranting faultless safety at all times.
8. Data storage
Our company has adopted all measures reasonably expected to warrant that your personal data shall solely be stored over such period of time as may be required to serve the specific purpose for which such data have originally been collected or over such term as so is provided for under the respective agreement or under the applicable legislation, as the case may be.
9. About Video Surveillance (CCTV)
Set forth in this particular section are the terms and conditions of the policy under which our company is handling the activity of security camera footage (alias Video Surveillance – CCTV) with respect to personal data of persons likely to be video-recorded. When it comes to security camera footage, our policy is aimed at comforting the following aspects:
Monitoring and further handling of security camera footage-generated material shall at all times conform with all relevant legislative prescriptions, included but not limited to the GDPR of the European Union.
Information collected through such footage shall solely and exclusively be used for security purposes as well as for the protection of our members of staff and of our customers and guests.
Our facility has set up a CCTV security camera footage network for prevention and detection purposes as well as to the purpose of the protection of property. Whenever footage concerns a subject of data, such footage shall be treated as constituting personal data.
Our establishment wishes to inform you of the operationality of our CCTC system, a fact also notified to our guests through relevant signs in various points of relevance throughout the network. Such notices are also reinforced by further alert signs within the video-monitored area.
Disclosure of information collected through CCTV systems is always monitored for strict conformity with and accordance to the purposes the system is meant to serve. Images recorded through the video-surveillance system are bound to be projected within a monitored space – for instance, in the establishment’s Computer Room, access to which is also limited by license. Moreover, the right to project and watch footage of this type is limited to authorized members of staff.
The establishment is meant not to preserve footage for more than the period of time required – whether under the applicable legislation or/and under the system configuration – for the purposes such security camera footage has been commissioned in the first place.
Confidentiality and Safety of the Processing
Our establishment has put in place and is implementing all appropriate organisational and technical measures for the protection of privacy and personal data from any form of illegitimate processing.
More specifically, this establishment is committed to warranting:
The safety of the recorded material as well preventing that such material be unduly taken hold of by unauthorized parties.
Monitoring access to camera-generated material
Appropriate training of the staff entrusted with the operation of the CCTV system, with special emphasis on an ongoing familiarization of such members of staff with any and all aspects relevant to the personal data protection.
Safe transmission of video-taped incidents to lawfully implicated addressees.
Restriction of notification of recorded material which shall expressly be limited to third parties holding a statutorily legitimate interest thereto. For instance, records of this kind might be of use to the police authorities as part of their investigating into a given incident.
10. Your rights under the General Data Protection Regulation
As persons concerned by the personal data thus collected, you are entitled to specific rights and prerogatives, namely:
To request to be informed each time personal data of yours are collected (Right to be Informed).
To have access to and receive a copy, upon request, of any personal data of yours thus collected (Right of Access to Data)
To request and obtain that any imprecisions in your personal data thus collected be amended as well as that whatever incomplete personal data of yours, eventually collected, be duly completed (Right to Amend).
To revoke your consent to the collection of your personal data as well as requesting that any personal data of yours, eventually stored in our system, be eliminated or that processing thereof be discontinued, unless there is any legal justification that such storage and processing be pursued. Such request of yours shall, for instance, be granted if data thus stored are no longer relevant, in the light of the purpose for which they had originally been collected (Right to Oblivion).
To request that your data be transferred – whether by you or directly by us – to any other party in charge of processing thereof, conditional on this being technically feasible (Right to Portability).
To oppose yourself to your personal data being processed by our company, provided we have no longer a legitimate claim upon such processing or to request that such processing being henceforth limited to specific circumstances (Right to Opposition).
Our company may decline to grant requests found to be unreasonable or requiring a disproportionately intense technical effort, requests deemed likely to undermine confidentiality or found to be impractical or requests relevant to access not imposed by law.
Should you wish to lodge a request for access to your personal data under any circumstances, please e-mail our Reservations Department (contact details under the “Contact us” rubric).
11. Data Tampering
We wish to assure you that all necessary measures have been put in place to make sure that all and any personal data of yours are stored in our data base are kept safely.
Any cases of tampering / leakage of data eventually to occur shall immediately be notified both to the subjects of such data and to the competent authorities within 72 hours from the moment such tampering/leakage has been detected, conditional to the obviousness of personal data stored in a readable form having been illegally extracted.
12. Updates and Notifications
13. Contact us
Details of Controller:
TOURISTIKES EPICHIRISEIS APOLLON A.E.
FALIRAKI GR-85105, RHODES