Personal information/data we collect and process
The personal information that we collect about you include:
• Identity information: name and surname, gender, marital status, date and place of birth, nationality, identification data, passport, signature data etc;
• Contact information: home address, zip code, city, country, email address, telephone number etc;
• Data related to your preferences/interest/desires or your lifestyle such as habits, special desires for food, specific dietary, health restrictions, personal needs, important days (birthdays, anniversaries, special occasions), the type of activities you prefer to take part in, your hobbies etc;
• Health information – where disclosed and relevant to the provision of services;
• Reservation information: type of the rooms you reserve and the dates of your reservations;
• Financial information (such as credit and debit card number or other payment data);
• Images, video and audio data via security cameras located in public areas, such as hallways and lobbies, in our properties;
• Employer details (for business-related bookings);
• Data about accompanied persons such as names, dates of birth, passport number of children etc;
• Other data: browse and device data, ID address, app usage data, data collected through cookies, pixel tags and other technologies, geolocation, aggregated data.
For the purposes of General Data Protection Registration (GDPR) (EU) 2016/679 Data Controller is PAROS ROCKS HOSPITALITY SOCIETE ANONYME , Aggelou Vlachou 9, Athens, Attica, Greece.
Purpose of personal data processing
The Company undertakes to keep strictly confidential all records of personal data collected and to keep such records exclusively for one and/or more of the following purposes:
- To fulfill our obligations arising from our agreement to provide services to you.
- To provide superior customer service to you personalizing and enhancing your experience.
- To assist us in making your reservation and providing the services you request.
- To communicate with you regarding the provision of our services and responding to your inquiries.
- For marketing, advertising and promotional purposes such as to send you newsletters or marketing communications or to inform you of offers or other information that may be of interest of you, if you separately provide you consent for us to do so.
- The personal data we collect from you may be used to send you personalized updates subject to your consent and the specific requirements of the applicable laws. For purposes of promotion activities we may carry out you profiling by using combined data. Said processing within the framework of your information and/or participation to promotion activities for new products and or services is based on your consent.
- To operate our business including for internal purposes such as data analysis, statistical and research purposes.
- To conduct surveys and evaluations regarding the quality of the services provided by us in order to improve our services.
- To enable you to use our website.
- To process transactions through our website.
- For billing purposes in relation to your stay with us.
- For the establishment, exercise and defense of legal claims or proceedings.
Legitimate grounds for personal data processing
We collect and process your personal information on the following basis:
- to perform our agreement to provide services to you;
- to comply with legal and regulatory obligations;
- for legitimate business purposes: Using your personal information helps us to operate and improve our business. It also allows us to make our communications with you more relevant and personalized to you, and to make your experience of our services more efficient and effective;
- because you have given your consent;
- to secure and protect both your and our own legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras located in public areas in our properties, in order to ensure the safety of our customers and installations, as well as specialized security software to detect and prevent malicious activities;
- for the establishment, exercise or defense of legal claims or proceedings.
How do we collect your personal information
For each of the categories of personal information and purposes described above, we gather information when you provide it to us, or interact with us directly, for example:
• during your visit or stay at our hotel, including information provided during check – in.
• through your communications with us.
• when you make a reservation over the phone or you communicate with us by email or otherwise.
• when you interact with our online services, by performing such actions as, but not limited to, browsing, making a reservation, communicating with us or otherwise connecting with us or posting to social media pages, or signing up for a newsletter or participating in a survey, contest or promotional offer.
• we collect personal data from internet-connected devices available in our properties
• we collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
• Cookies: We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using.
Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services. We also gather statistical data about the use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions.
Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails.
You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Cookie Settings” located at the bottom of our homepage. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Online Services. For example, we will not be able to recognize your computer, and you will need to log in every time you visit. You also will not receive advertising or other offers from us that are relevant to your interests and needs.
We will retain your personal data for the period necessary to fulfill the purposes mentioned above unless a longer retention period is required or permitted by law or if you revoke your consent in case that your data processing is based on your consent.
The retention period of your data is determined on the basis of the following specific criteria, as appropriate:
- If processing is required under any applicable laws, your personal data will be stored for as long as this is required under the relevant provisions and in any case for the time necessary for the exercise of claims or defense of rights and legitimate interests.
- If processing is conducted on the basis of a contract, your personal data is stored for as long as this is necessary to implement the contract and to establish, exercise, and/or defend any legal claims under the contract.
- The image and location data at the specific and marked points of the company’s facilities, which are monitored by closed circuit television, are deleted in fifteen (15) days after their recording. If an incident is found, we keep in a separate file the receipts related to the event for three (3) months, or in exceptional cases for a longer period, if required for the investigation of the event.
- If the data collection is based on your consent it may be deleted at any time upon the withdrawal of your consent.
Your data may be also deleted in one of the following cases:
- when it is no longer necessary for the purposes collected,
- when the deletion is necessary in order to comply with our legal obligations and
- upon your request, provided there are no overriding legal grounds requiring to maintain it.
In the context of the processing purposes described above, we may disclose or transmit your personal data to third-party service providers including, but not limited to, companies that provide technology services for the operation, protection and security of our electronic systems (such as website hosting, information technology and related infrastructure provision, email delivery etc), payment processing services, marketing, auditing and other services.
In all these situations we remain responsible for the processing of your personal data, defines the particular details of the processing and signs special agreements with any third parties assigned processing duties, in order to ensure that the processing is carried out in accordance with the applicable laws and that all individuals can freely exercise the rights conferred to them under the applicable legislation.
We reserve the right to disclose information that you are interested in, to any administrative, judicial or public authority or legal or natural person if such notification is required by the law or a court order.
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide personal data through the services.
Your Data Processing Rights
According with the existing legislation and the restrictions provided therein, you have the following rights in relation to your personal data:
- To demand to know the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of storage as well as your relevant rights (right of access).
- To demand the rectification or/and amendment to your data completed so that they are complete and accurate (right to rectification) by providing any necessary document justifying the need for rectification.
- To ask for a restriction of the processing of your personal data (right to restriction of processing).
- To object to any further processing of your stored personal data (right to object).
- To obtain the erasure of your personal data from the records we keep (right to erasure).
- To ask for the transfer of your data kept by the Company to any other controller (right to data portability).
- In case of solely automated individual decision making, including profiling which produces legal effects concerning you or significantly affecting you in a similar way, we implement suitable measures and safeguards for the protection of your rights, freedom and legitimate interests and offers you meaningful intervention carried out by humans, the right to express your opinion and ask for a justification οf the decision based within this framework as well as the right to contest such a decision.
- To withdraw your consent at any time. Withdrawal of your consent shall not affect the legality of consent-based processing in the period prior to such withdrawal.
- Right to complain to the Data Protection Authority: You have the right to file a complaint with the Hellenic Data Protection authority in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website (www.dpa.gr – Individuals – Complaint to the Hellenic DPA).
To exercise any of the above rights, you may contact us at the following contact details: email: email@example.com
We implement appropriate organizational and technical measures to ensure the security and confidentiality of your personal data, and their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us.
We want to engage with you in a way that is meaningful to you. We recognize that you may only want to hear from us in a limited way.
You may choose to unsubscribe from our newsletters by clicking the link at the bottom of one of our communications
Please note that even if you choose to opt-out of communications with us, we will continue to send you transactional messages about your specific reservation or stay with us, such as pre-arrival, confirmation and guest satisfaction surveys.
This Policy may be changed whenever necessary. In any case, if you continue to use our services and our website after the modifications that have been made in accordance with the above, you will be deemed to accept these modifications.