FOR THE PROTECTION OF PERSONAL DATA
The S.A. company with the corporate name “VASILEIOS KYRIAKAKIS-MARIA KYRIAKAKI ΤOURIST ENTERPRISES S.A.” and the distinctive title “OKEANIS S.A.” (hereinafter the Company), which is seated in Alexandroupoli (K.Palaiologou 20) acknowledges the severity of the issue of ensuring the protection of personal data and informs you that the processing of your personal data, which are collected either through the website or from other sources when you visit the Hotel, is realized pursuant to the legislation in force on data protection (Regulation (EU) 2016/679) – hereinafter the “GDPR Regulation”) and the present Privacy Policy.
The Privacy Policy provides you with information with respect to the manner of processing of your personal data, which are collected by the Company, either through the Website “www.hotelokeanis.gr” or from other sources, when you visit the Hotel, and constitutes an informative notice to the data subjects, pursuant to the provisions of the GDPR Regulation.
Data Controller
The Data Controller is the S.A. company with the corporate name “VASILEIOS KYRIAKAKIS-MARIA KYRIAKAKI Tourist Enterprises S.A.” and the distinctive title “OKEANIS S.A.” (hereinafter the Company), which is seated in Alexandroupoli (K. Palaiologou 20).
You may contact the Data Protection Controller at the following address: okeanis1@otenet.gr
Which are the Personal Data that we process and for which reasons
The collection and processing of personal data by the Company is necessary and absolutely associated with the provision of the Hotel’s services. With your consent, we process the personal data required in order for us to provide to you our hotel services on the basis of the contract that you have concluded with us either directly or through a tourist agent. These data in principle contain the first and last name, the identity or / and passport information, the residence address, the contact information (address and email), the overnight stays in the Hotel and the dates of the stay, as well as additional personal data, which the Company may obtain within the framework of conducting its business activity.
Upon your arrival, as well as during your stay in the Hotel, you are asked to fill out forms, through which the Company collects and registers your personal data required by the law or which are necessary for the fulfillment of the Company’s obligations towards its customers. If you do not agree with the collection and the registration of these personal data, we shall not be able to offer you our Hotel services and you shall not be able to stay in the Hotel.
In the event that you have requested a payment via credit card, its data are stored until the date of your departure from the Hotel. Following the repayment of your stay and your departure all the data pertaining to your credit card are erased.
In any case, even without your prior consent, the Company, as Data Controller, may process your personal data in order to conform with the obligations that derive from the National Legislation, the regulations and the European Union law, in order to exercise rights in court proceedings, to consolidate or defend its legal claims, to protect its own legal interests, as well as in all the cases that are provided for, where appropriate, in the articles 6 and 9 of the GDPR Regulation.
How do we store the personal data and for how long
The processing of your personal data is realized by printed or by automated means, by ensuring the necessary security, confidentiality and legality level. Pursuant to the provisions of the GDPR Regulation, the Company has taken the appropriate measures so as to limit the use of the personal data and the identification information to the minimum. Your personal data are subject to processing only to the degree required for achieving the purposes mentioned in the present Privacy Policy and they shall be kept for as long as it is necessary for achieving the purposes for which they were collected. In any case, the criterion used for the determination of that time period is based on the observance of the time limits that the legislative provisions either permit, for the protection of the Company’s legal interests, or impose, therefore the Company is obliged to comply with these, as well as with the principles of minimization of the personal data, of the time limitation of the storage and of the rational management of the records.
Minors’ Personal Data
The Personal Data of minors staying at the Hotel are always submitted by the parents / guardians accompanying them, with the consent of whom their every eventual processing is realized. Upon the departure of the minors from the Hotel, their data are erased, except from those that are required to be kept by the provisions of the legislation.
Processing of Personal Data from browsing the Website
If you visit the Website without using any of its available services and functions, the processing of your personal data is limited to the browsing personal data, to wit to the data that are necessary to be sent to the Website for its operation on the Internet (e.g. IP addresses), as well as to the data collected through the cookies monitoring system. The Company collects these data (e.g. the number of visitors on the Website, average duration of stay) only for receiving statistical data with respect to the Website’s use and its correct operation. The Company does not have any possibility to access data that may lead to the identification of a specific individual (e.g. MAC address or IP). Nevertheless, given the fact that there is a possibility to trace the user through the connection with data possessed, the above data may be eventually stored by the third party associate of the Company for the tracing and the identification of the perpetrators of criminal and civil offenses committed either against the Website and the Company or against third parties, through the Website or by using the Hotel’s Wi-Fi. Without prejudice to this ability, the browsing data described above are temporarily stored for the purpose for which they were collected and always pursuant to the provisions of the legislation.
Links to other websites
The present Privacy Policy applies only to the Company’s Website, which is mentioned above.
The Website may contain links to other websites (third parties’ websites), which may eventually obtain access to your personal data, in order to serve the provision of the service that you have requested. In order to have direct knowledge and information for the recording, the collection and the processing of your personal data from any one of them, you are kindly requested to be informed with respect to the Privacy Policy of the third parties’ websites with which you select to be linked.
How do we ensure the security and the quality of your personal data
The Company has taken all the necessary, appropriate, advisable and provided for by the GDPR Regulation organizational and technical measures, for the security of your personal data.
Which persons have access to your personal data
The Company’s employees and the Hotel’s personnel, who must process your personal data for the performance of their service duties and the provision of the hotel services that you have requested during your stay in the Hotel, have access to your personal data.
Your personal data may be eventually shared with third parties, which provide to the Company commercial, business or other services required for the Hotel’s operation and the support of the Company and the Hotel in providing the services you requested (e.g. tourist agencies, excursion organization agencies, Website support agencies) for the purposes that are mentioned above. The third parties receive only the necessary personal data for their respective operations and they undertake their processing only for the purposes mentioned above, pursuant to the provisions of the GDPR Regulation, with which they fully comply.
Your personal data may be also eventually notified to recipients determined by the legislation in force from time to time, with which the Company is obliged to comply. Please note that the Company is obliged to transmit your personal data to any competent Police, Prosecuting and Judicial Authority, if a relative request is submitted to it or a relative order is given to the Company.
Personal data transfer outside the E.U.
The Company informs you that, with respect to the transfer of your personal data outside the European Union, the transfer shall be solely and exclusively realized pursuant to the provisions of the GDPR Regulation and only to countries that participate in international programmes for the free movement of data or that are considered safe by the European Commission.
What are your rights
You may at any time exercise the rights that are provided for by the relative provisions of the GDPR Regulation. Inter alia, you may: confirm the existence or not of your personal data, control their content, their origin, their accuracy and their location, request a copy of these and demand any eventual corrections of these, request the limitation of their processing or and their deletion. You may also, whenever you wish so, withdraw your consent, submit remarks with respect to the procedures for processing your personal data, if you consider them erroneous or unjustified within the framework of your relationship with the Company, as well as submit a complaint to the Hellenic Data Protection Authority. You may communicate with the Data Controller at the Addresses indicated above, in order to submit requests with respect to the processing of your personal data by the Company and to exercise your legal rights.
Change in the Privacy Policy
The present Privacy Policy may change, in order to comply with the legislation in force from time to time and to be in agreement with the mandates and the decisions issued each time by the competent institutions for the protection of personal data. Ergo we advise you to read it regularly, so that you are fully informed on any eventual changes in its content.
