This Statement for Privacy and Protection of Personal Data (hereinafter the “Statement”) applies to Elatos Resort & Health Club in Eptalofos, Mt. Parnassus, its subsidiaries and all of the properties within the ELATOS portfolio of Brands (collectively, “the Hotel” “Elatos”, “ERHC”, “we”, or “us”).

Statement for Privacy and Protection of Personal Data

Our Hotel respects the personal data of every visitor of the website www.elatosresort.gr (hereinafter the “Website”) and every client/guest of our property/hotel. We recognize that privacy is an important issue.

The present statement explains in clarity how we process the personal data that we collect from you and/or you provide to us.

Please review this Statement to learn more about the information we may collect about you on the Website or via our apps, through written or verbal communications with us, when you visit our property/properties, or from other sources or in any other way and how we collect, store, use, share and protect the information/personal data that we obtain.

 

In general:

At every touch point or guest interaction, and in conducting every aspect of our business, we may collect personal data.

In compliance with the obligation to protect the confidentiality and privacy of information entrusted to us by our guests, we hereby commit to protect and use the personal data that are collected either online through the present website or following communication/co-operation/interaction with our guests.

Our Hotel obtains only personal data that are voluntarily provided by you in order to satisfy your requests, to provide information for services and to serve you in the best way. Whenever additional information is requested you will be notified accordingly. We keep in our records and process the following data:

Personal data, e.g. first and last name, date of birth, passport Number and date and place of issue.

Contact information, e.g. home address, phone number and e-mail address.

Visitor’s card information as required by the Greek Law for hotel enterprises,

Payment/Credit card information, e.g. credit card number, the name of the cardholder and period of validity

Our Hotel collects additional personal information during registration/check-in at our property (including but not restricted to, stay or visit to a property; participation in a marketing program; information related to the purchase and receipt of products or services; personal characteristics; nationality; guest preferences; marketing and communication preferences; room preferences; information about vehicles a guest may rent during their stay at the Hotel; hotel, airline and rental car packages booked; groups with which a guest is associated for stays at hotels; and other types of information that a guest chooses to provide to us or that we may obtain, including such information as may be required by Greek law. We may also use closed circuit television and other security measures at our property that may capture or record images of guests and visitors in public areas, as well as information related to your location while on our properties (via keycards and other technologies). We may also use closed-circuit television and other technology that record sound or video for the protection of our staff, guests and visitors to our property where permitted by law. In addition, we may collect personal information in connection with on-property services, such as concierge services, excursions, activities, sports, child care services, equipment rental etc.

In detail:

  1. Collection and purpose of use of personal data

The collection of personal data takes place only if you select voluntarily to provide them – for example, if you communicate through email or if you register as customer of the services of our Hotel or you visit our Website and/or our property.

The use of the booking services provided through the Website necessitates the Hotel’s ability to communicate with you in return. Therefore, during your registration on the website’s booking engine it is necessary to declare the true contact details that will be requested.

With your registration to the services provided by the Website and/or our property you also consent to the storing and use of your personal data, according to this Statement. Your personal data are not used for other purposes, apart from what it is described in this Statement, except if we receive your prior permission, or except if something like that is required or is allowed by the law.

 

The purpose of the collection, use and processing of your personal data, is:

(a) the provision of the services you request through the Website and/or our property, for the receipt of which their use or / and process is required, e.g. booking requests and the consequent implementation of the contractual obligations, in order to execute, deliver and invoice under the best conditions and with the most effective way,

(b) the promotion and marketing of the services provided by our Hotel either through the Website or through our property

(c) the administration of the business relationship

(d) the provision of personalized services and the facilitation of the booking process, aiming to the facilitation of the user and / or ensuring that the content of the Website is presented to the most effective way for each computer.

Our Hotel collects “sensitive” personal data only when you offer voluntarily those data or when these data are required or their collection is allowed by the law. The term “sensitive personal data” refers to information related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, or sexual orientation, genetic information, criminal background, and any biometric data used for the purpose of unique identification. We advise you to abstain from providing sensitive data, except if this is required for the purpose of providing personal data or if you hereby consent with the use of these data from our Hotel for its purposes. For example, we may use health data provided by you to serve you better and meet your particular needs (i.e. dietary preferences).

Our Hotel does not intentionally collect personal information from individuals under 18 years of age. As a parent or legal guardian, please do not to allow your children to submit personal information without your explicit permission.

Our Hotel may use your personal data to provide or offer you newsletters, promotions and featured specials, informative messages related to services as well as other marketing messages in accordance with any communications preferences you have expressed. We use your data to provide in-stay messaging, account alerts, and reservation confirmations; to send you marketing messages; and to conduct surveys, prize draws, and other contests. We may provide these communications via email, postal mail, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app messaging, and other means (including on-property messaging, such as your in-room television).

Our Hotel may also request your permission for particular use of your personal data and you may either consent or deny these uses. If you want particular services or communications, such as an electronic newsletter, you will be able to unsubscribe from the relevant recipients list at any time following the guidelines included in each communication. If you decide to unsubscribe from a service or communication, we shall try to delete your data as soon as possible, although we may need some time or / and information before we will be able to process your request.

 

  1. Access to personal data and Rights thereto

If you wish, you may request at any time to get informed about your personal data that are maintained by our Hotel, their recipients, the purpose of their maintenance and processing, as well as their modification, correction or deletion, by sending an email to the address info@elatosresort.gr from the email address you have declared, attaching a copy of your identity card. You also have the right to review your personal data we maintain and, in general, to exercise any right foreseen by the law for the protection of the personal data.

The personal data you disclose to our Hotel through the Website, either during your registration or at a later stage, are collected, used and processed in accordance with the applicable personal data protection provisions. In particular, according to the provisions of the Law 2472/1997 and the Law 3471/2006, as in force, as well as the new European General Data Protection Regulation (EU) 2016/679 and the Directive 95/46/EC, related to the protection of personal data.

In detail, you retain the following rights:

Right to be informed on your personal data and right of access thereof: upon your request, we will provide you information about the personal data we maintain about you.

Right to correct and complete your personal data – “right to rectification”: If you notify us, we shall correct any inaccurate personal data that relate to you or we shall fill in incomplete data, provided that these data are necessary for the purposes of processing your data.

Right to erase your personal data – “right to erasure /to be forgotten”: upon your request, we will erase the personal data we maintain about you. However, some particular data will be deleted only after a specified holding period, for example because in some cases we are legally obliged to maintain your data, or because these data are required to fulfill our contractual obligations towards you.

Right to block your personal data – “right to restrict processing”: in some cases foreseen by the law, we shall block your personal data, if you request this. Further processing of blocked data occurs only to a very limited extent.

Right to withdraw your consent: at any time in the future, you may withdraw your consent for the processing of your personal data. The lawfulness of the processing of your data remains unaffected by this action, up to the point where your consent is withdrawn.

Right to object to the processing of your data: at any time in the future, you may object to the processing of your personal data, if we process your data on the basis of one of the legal grounds foreseen in the Article 6 (1e or 1f) of the Regulation (EU) 2016/679. If you object, we shall stop processing your data, provided that there are no legitimate reasons for further processing. The process of your data for advertisement purposes is not a legitimate reason.

  1. Transmission of Personal Data

Our Hotel does not share or transmit personal data to third parties, unless this is required for legitimate professional purposes and business needs in order to meet your requests and/or this is required or permitted by Law and/or this is necessary for the implementation of our contractual obligations towards you. In any case, the access to your personal data is minimized only to authorized persons that are required to have access in order to be able to complete the purposes of the collection, the use and the processing of them, as this is disclosed in the present Statement. Our Hotel may share your personal data with various companies (third parties in connection with corporate deals) or service providers who we collaborate with it, in order to respond to your requests, or to natural or legal persons that are assigned with the process implementation. Whenever we share your data with the above-mentioned parties, we will ensure that your data are protected by a data processing agreement entered to by us and the party in question. People who have access to the data are obliged to maintain the confidentiality of the data.

Our Hotel reserves the right to use the information you provide in such a way that it is not possible to identify or disclose the person they refer to, for statistical, promotional, research or advertising purposes, by providing them and to third parties, e.g. market analysis firms responsible for the completion of the above purposes.

Our Hotel may transfer particular personal data outside the geographical boundaries to other companies that collaborate with it or / and store personal data in a jurisdiction other than that in which you are located to. By providing their personal data via the internet, the visitors consent to this transfer or / and the storage of their personal data abroad. Although the data protection laws of these various countries may differ from those in your own country, we will take appropriate steps to ensure that your personal data is handled as described in this Statement and in accordance with the Law.

Our Hotel may store your personal data in a cloud. This means that the process of your personal data may be conducted by a cloud service provider on behalf of our Hotel, and your personal data may be stored in different locations around the world.

The Hotel uses organizational and contractual measures for the protection of the personal data and to impose similar, yet less restrictive, requirements to our cloud service providers, including requirements regarding the exclusive processing of your personal data, for the aforementioned purposes mentioned in this Statement.

 

  1. Data retention

Our Hotel retains your data for as long as it is needed to achieve various data-processing objectives. We take into account the following criteria when storing personal data:

We store the data as long as it is needed to provide our services.

If a person has a user account or a membership card tied to us, we will store their information for as long as the account/card is valid or for as long as such information is needed to provide services to them.

If we have an obligation imposed by law, a contractual obligation or other such commitments to retain a client’s data, we will retain it until the obligation is met.

After the termination of a contractual relationship, we will retain certain data for as long as the data subject or company has the right to make claims against the other party under a contract.

  1. Security of Personal Data

Our Hotel will take reasonable measures to: (i) protect personal data from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal data accurate and up-to-date, as appropriate.

Our Hotel applies particular procedures for technical and organizational security, in order to protect personal data and information from loss, misuse, alteration or destruction. We seek to require our partners and service providers with whom we share personal data to exercise reasonable efforts to maintain the confidentiality of personal data about you.

Our Hotel makes every reasonable effort to maintain the personal data collected only for the period of time it needs these data for the purpose they are collected or until their removal is requested (if this occurs earlier), unless it continues to maintain them according to provisions of the applicable legislation.

 

  1. Revisions of the Statement

Our Hotel reserves the right to modify or periodically revise this Statement, in its sole discretion. If changes occur, Our Hotel will record the date of modification or revision in this Statement and the updated Statement will apply for you from that date on. We encourage you to periodically review this Statement to explore whether there are any changes to the way we manage your personal data. Use of the Website, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.

 

This Statement was last updated September 2020

 

  1. Contact point

If you have questions, comments or complaints about our handling or protection of your personal data or you wish to amend your personal data or to exercise any and all your rights as a data subject, please contact us at info@elatosresort.gr.