“ASTIR.GR” DATA PROTECTION POLICY
In ASTIR PALACE VOULIAGMENIS S.A. (hereinafter referred to as the “Company” or “we”) we are committed in ensuring your privacy and complying with applicable data protection laws. We are sharing with you this Privacy Notice to inform you on the processing of your data in the following cases:
(a) Processing of data of the visitors of the website www.astir.gr (“Website”). You may find relevant information under section “Website Privacy Notice”;
(b) Processing of data of Customers and Business Partners in the course of Company’s business activities. You may find relevant information under section “Privacy Notice for Customers & Business Partners”.
Processing of your personal data is governed by these terms, by the relevant provisions of Greek and EU legal framework on data protection, including the General Data Protection Regulation (2016/679) and the relevant decisions, guidelines and regulations issued by the Hellenic Data Protection Authority.
The term "personal data", hereinafter referred to as "Personal Data or Data", as used in this Policy, refers to personal information of individuals or professionals, such as name, postal address, e-mail address, contact telephone number, credit card information, etc., which can be used to identify them.
I. Website Privacy Notice
This Website Privacy Notice explains how we collect, process and/or use the information we receive via our website (hereinafter the “Website”) that link to this Notice, as amended from time to time.
1. Information we collect
1.1 Information You Provide Us With
When you submit your data in order to receive newsletters or other updates and/or in order to make a reservation or/ register to offered programs, we collect and maintain your data exclusively for the purposes mentioned below. In this context, we collect data you submit, such as the name, residence, email, telephone number, etc.
1.2 Information We Collect Automatically
When you use the Website, your device is automatically providing information to us, so we can respond and customize our response to you. The type of information we collect by automated means generally includes technical information about you, such as your IP address or other device identifiers, the type of device you use, and operating system version. The information we collect may also include usage information and statistics about your interaction with the Website. That information may include URLs of our web pages that you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, location data (if you have enabled access to your location on your mobile device), and other information about how you used the Platform.
2. Why we collect your information
We process your data exclusively for the below purposes:
2.1 Provision of services
When you make reservations or apply for a service through our Website, you must provide your Personal Data. We collect your Personal Data in order to offer you the services you request, to ensure that we meet your needs when you use our services and/or to contact you on issues related to the provision of our services.
2.2 Keeping you up to date with developments
If you provide your consent by registering your email in the subscription box, we will use your email to send you Newsletters, offers and updates about our services.
2.3 Improvement of services
We keep statistical data regarding your navigation to our Website to better assess the visits and navigation of users through our Website and improve its content and structure.
2.4 Personalized Advertising
If you provide your consent to receive personalized advertising based on your preferences or customer segmentation, we will use automated means to process the information you provide and the history of your transactions through our Website in order to send you news, special offers and promotional material that is relevant to your profile and preferences.
For the use of Data collected via Cookies, please see our Cookies Policy.
For the use of Data collected when you submit your CV for evaluation through our Website, please see our Terms for submitting your Curriculum Vitae.
3. Recipients of your data
Access to your data may only be provided to (a) our duly authorised employees and/or (b) business partners who act on our behalf and offer us i) IT services for the registration and storage of your data and for the operation of our Website, ii) customer care services and iii) marketing and advertising services. Our partners are committed:
- to maintain confidentiality,
- not to send data to third parties without the Company's permission,
- to take appropriate security measures,
- to comply with the legal framework for the protection of personal data, especially with the GDPR Regulation.
4. Data of minors
If you are under the age of 15, you MUST have the consent of your parents before signing up for the site services or e-mail newsletter. If we find out that we have collected minor's Data (under the age of 15 years old) without the above condition, we will delete these data as soon as possible.
5. Duration of processing
Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. We will retain your data for 5 years from the last incident of the use of our services. Consequently, your data will be deleted, unless you renew your consent for their processing. You can request that we stop communicating marketing material to you and/or that we delete your data at any time.
Specifically for Google Analytics, user and event data retention is set to 50 months.
6. Safety of your data
We are committed in protecting your Personal Data. We have taken appropriate organizational and technical measures to secure and protect your Data from any form of accidental od fraudulent processing.
We use a Secure Socket Layer (SSL) to ensure secure data exchange between your site and your browser.
These measures are reviewed and amended as necessary.
II. Privacy Notice for Customers & Business Partners
1. Personal Data that we collect
We collect and process the following Personal Data of our Customers and Business Partners:
(a) Identification data (name, surname, signature, if applicable);
(b) Contact information (address, telephone number, email);
(c) Data necessary to make and collect payments (including but not limited to tax registration number, bank account number, beneficiary);
(d) In the case of legal entities, information related to their legal representatives (name, surname, signature);
(e) Any other information that you disclose to the Company and is necessary for the performance of our contractual relationship.
Your Personal Data are collected directly by you. For Customers using our hotel facilities, we may collect Personal Data regarding outstanding payments form the managers of our facilities.
2. Why do we process your Data
We will process your Data for the following purposes:
(a) For the execution of our contractual relationship;
(b) To organize and execute our business operations, including making payments, collecting debts, communicating and managing our relationship with you;
(c) To comply with our statutory obligations, including internal due diligence procedures;
(d) For auditing Company’s procedures by independent auditors to ensure compliance with tax requirements;
(e) To reply to official requests from the authorities;
(f) To establish, exercise and defend legal claims.
3. Recipients of your data
For the above purposes, your Data will be processed by Company’s authorized employees.
We may transfer your data to other companies or persons related to the Company, when this is necessary for the purposes of this processing. In these cases, these parties either act as controllers, determining the means and the purposes of the processing, or act as processors on behalf of the Company. In both cases, this privacy statement applies.
Data which are necessary for the purposes of each processing are transferred to the following categories of recipients:
- to third parties providing services to the Company, such as IT companies, telecommunication companies, credit institutions, tax and legal advisers, insurance companies and other service providers;
- to national or international regulatory, tax or other authorities or public bodies or courts or other legal authorities, where required by law or regulation or upon an official order;
- to other business partners when required to execute requested transactions;
- to third parties who carry out audits on the Company.
Your Data are not transferred outside the European Economic Area (EEA).
4. Data Retention
Data retention period may vary according to the category of Data. Your Personal Data will be retained for a maximum period of 10 years after termination of our contractual relationship or after the end of the fiscal year during which a transaction with you took place. Your Data are stored with safety in hard copy at Company’s premises and in digital format in data centers located inside the European Union.
III. Your rights
1. How to exercise your rights?
You may exercise the following rights with respect to your Data:
- Access to your personal data;
- Rectification of your personal data if it is inaccurate or incomplete;
- Deletion of your personal data, unless their processing is necessary for the exercise of legal rights of ASTIR PALACE VOULIAGMENI S.A. or third parties, for the fulfilment of a legal obligation, for public interest reasons or for defending our legal rights before judicial or other Authorities;
- Restriction of processing of your personal data only for specific purposes;
- To withdraw at any time your consent to the processing of your personal data for marketing purposes and/or targeted advertising by sending an email or written request to ASTIR PALACE VOULIAGMENI S.A. using the contact details below. In such case, the processing of your Data will be suspended, nevertheless, this will not impact the legitimacy of the processing performed before withdrawal.
In order to exercise any of the above rights, we advise you to email us or send us a written request, using our contact details below.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority.
2. When do we respond to your Requests?
We will respond to your Requests for free without delay, and in any case within (1) one month after we receive your request. However, if your request is complex or there is a large number of requests, we will notify you within one month if we need to take another (1) one month extension within which we will respond to you.
If you Requests are unfounded or excessive due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing information or executing the requested action, or refusing to respond to Request.