Almyra Villas Privacy Policy – November 2020
The following Privacy Policy is applicable to all websites of Almyra Villas that belong and operate under it and to all subdomains of almyravillas.com, hereinafter and for the purposes of the privacy policy mentioned as ” Almyra Villas “, “we”, “us”, or “our”.
In « Almyra Villas » we respect the privacy of our website’s visitors, therefore we seek to protect your personal data, by keeping them confidential and secure.
The purpose of this Privacy Policy is to be coherent with the National and European legal framework governing personal data protection and therefore provide you in a lawful fair and transparent way, necessary information about the way we collect and use personal data but also about your rights and how to exercise them. This policy applies only to online interaction with us and is aimed at customers, potential customers, employees and potential employees thus it should be read carefully in addition to our Terms & Conditions and is by no means applicable to any offline interaction you may have with us in the premises of our establishment.
“Almyra Villas” in terms of the General Data Protection Regulation 679/16 and for the purposes this policy, represents the “Data Controller”, meaning that it determines the processes to be used when using your personal data, and can be contacted at Kanouli Halikounas, Corfu 49084, Greece.
Definitions
Some of the terms used in this policy are of legal significance and are governed by applicable law. In order for you to be able to better comprehend this policy here is a brief definition of terms that you may encounter below:
– personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
– processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
– consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Principles governing the collection and processing of your data
The processing of your personal data by us is governed by the GDPR following principles.
Personal data shall be:
– processed lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness and transparency)
– collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (purpose limitation)
– adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimization)
– accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy)
– kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (storage limitation)
– processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality).
Therefore, whenever you find yourself in doubt that a violation of these principles may has occurred please feel free to contact us at Kanouli Halikounas, Corfu 49084, Greece or at info@almyravillas.com. Of course you can always lodge a complaint at the Hellenic Data Protection Authority http://www.dpa.gr/. We are however keen on to our customers and would appreciate solving any misunderstanding in an immediate and friendly manner.
More information about the GDPR Principles can be found here :
https://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en#d1e1797-1-1
Personal Data Collection, Purposes & Legal Basis
In order for the processing, that takes place upon visiting our site, to be coherent with the European and National legal framework and the above principles, it should result in a transparent and clear way, which of your personal data is being processed, why and on what grounds or legal basis. Therefore, we have constructed a brief table containing potential processes that may take place during your visit on our website:
Type of personal data | Purpose of processing | Legal Basis |
Name, Surname, date of birth, place of birth,
home address, nationality, gender, ID type (ID card or passport) and ID number, email address, mobile phone number |
Reservation & Registration to competent authority |
Legal Obligation
|
Name, Surname, date of birth, place of birth, home address, nationality, gender, ID type (ID card or passport) and ID number, email address, mobile phone number |
Contractual Obligation |
Performance of Contract & Legitimate Interest
|
Name, Surname, Postal address, mobile phone number, email address
|
Communication & Promotional Purposes (Subscription to Newsletter)
|
Consent
|
More information on article 6 of the GDPR can be found here:
https://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en#d1e1888-1-1
More information of article 9 of the GDPR can be found here:
https://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en#d1e2051-1-1
Minors Data
Our services are not directed to individuals under the age of sixteen (16), therefore we do not collect personal data from Minors, unless such action is performed from their legal guardian. We would never autonomously process personal data of a minor without obtaining explicit consent from its’ guardian. However, as it is impossible to always determine the age of a person who accesses and uses our website, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.
Cookies
In our website we use “cookies”, a technology that saves data on your computer by using your browser’s functionalities. Under no circumstances will cookies cause any damages on either the user’s computer or the files stored in them. Some of the information stored in cookies, with your consent, are being used for identification purposes. Some of the information collected are not identifiable and are limited to minimum information required for optimizing efficiency. Certain cookies serve for our visitors to enjoy and use the full operability of our website. We use a cookies control system which allows you to accept the use of cookies and to check the cookies stored in your device/ computer. Certain cookies will be stored for certain periods of time while others will last indefinitely.
We offer you the option to manage and adjust all of your cookie settings regarding our website. Your browser should also offer you the option for management and deletion of the cookies from your device. Please refer to your browser’ settings. Exemption available cookie- Google Analytics: https://tools.google.com/dlpage/gaoptout. Corfu North uses cookies in order to provide for its users/subscribers information and in order to process the services provided by our website.
Your Rights
As a data subject, according to the 3rd Chapter of GDPR you are entitled to the following rights:
– The right to access the personal data concerning you that is being processed by us.
– The right to rectification of inaccurate data and to erasure your data.
– Τhe right to restriction of processing of your data.
– the right to receive the personal data you provided us in a structured, commonly used and machine readable format. And the right to request us to transmit this data directly to another Data Controller.
– The right to object to the use of your data at any time if the processing is done for purposes of direct marketing.
– The right to lodge a complaint at the supervisory authority (www.dpa.gr)
You may exercise your rights freely and in any moment simply by contacting us at at Kanouli Halikounas, Corfu 49084, Greece or at info@almyravillas.com
More information about Data Subject Rights can be found here:
https://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en#d1e2161-1-1
However please note that the General Data Protection Regulation also predicts a series of restrictions to these rights, more details about the restriction you can read at the article 23 :
https://eur-lex.europa.eu/legal-content/en/TXT/HTML/?uri=CELEX:32016R0679&from=en#d1e2884-1-1
Retention Period of Personal Data
We will retain your Personal Data for the strictly necessary period for the fulfillment of the above mentioned processing purposes, or the compliance with the applicable law, or restriction agreements, or terms of this Policy, unless a longer retention period is required by law.
The retention period of personal data varies depending on the legal basis and/or purpose:
Whenever personal data processing is imposed by the provisions of applicable law, your personal data will be stored for the period of time required.
Whenever personal data processing is taking place because of a contract, stipulated between us, your personal data will be stored for the necessary period needed for the execution of this contract, and furthermore for exercising and supporting eventual legal claims based on the contract.
Whenever personal data processing is taking place for promotional and marketing reasons, we shall process this data upon your explicit content until its’ withdrawal.
Whenever personal data processing is taking place because of information provided freely by you upon making use of our contact form, we will retain your this data for the time needed to reply or fulfil your request.
Online Payments
The Hotel will not rent or sell your personal information to others and it will not share (except from the reasons stated at the present notice) your personal data to third parties. If you choose us to provide you a service, the third party payment processors will collect your payment data.
Our company does not collect any data regarding your payment, e.g. account number, debit or credit card number and other information about our client’s card, as well as other information concerning the account, identity check, charge and contact information when they made their reservation and payment of a room or a service. We use a third provider of this service, except our website, named WEB HOTELIER- LOVELY HOTELS Ltd, OnLine Hotel Booking system – Tourist Accommodation, av. Dimarchou Matexa Agelou 21, Glifada, 16675, ATTICA
Subscription, Marketing messages and Newsletter
According to the GDPR, with your explicit consent we may forward messages to any registrant to our newsletter or to our marketing correspondence list. We retain these kind of data for as long as we have your consent. We only collect a specific amount of data about you, as it is described in detail in the relevant section above. Any emails we forward are realized so via an email marketing software service provider (EMS). An EMS provider is a third party software/application service company, which allows businesses to forward multiple emails to a specific list of users.
Wherever they are used, these marketing messages may record a number of data, such us dates, addresses, IP addresses, clicks, forwards, geographical and demographical data. These data, within their limits, will show the registrant’s activity regarding this email campaign.
These forwarded emails are in accordance with the GDPR. We offer you an easy method to withdraw your consent (deletion) or to manage your preferences/ the information we store for you anytime. See inside the marketing emails for instructions concerning the deletion or the handling of your preferences.
We store the following data about you in the EMS system:
Email address
Name
Duration and date of subscription
Updates to the Privacy Policy
We may amend this Privacy Policy from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, properties, strategic marketing partners, and service providers. Updated versions will be uploaded to our website so that you are always aware of our Privacy Policy.