“ASTIR.GR” DATA PROTECTION POLICY
The Company ASTIR PALACE VOULIAGMENI S.A. (hereinafter referred to as the “Company” or “we”) tries to offer you an experience that meets the needs of our visitors, by using responsibly the information collected through our website. We are committed to respect your privacy and comply with applicable laws on data protection and privacy.
Processing of your personal data is governed by these terms, by the relevant provisions of Greek and EU legal framework on data protection, including the General Data Protection Regulation (2016/679) and the relevant decisions, guidelines and regulation issued by the Hellenic Data Protection Authority.
This Policy explains how we collect, process and/or use information that we receive via our websites and emails we send (hereinafter the “Website”) that link to this Policy, as amended from time to time. This Policy also describes how we collect, process, use and share the personal information you provide us with. It also describes your choices regarding use, access, transfer, correction and deletion of your personal information.
The term "personal data", hereinafter referred to as "Personal Data or Data", as used in this Policy, refers to personal information of individuals or professionals, such as name, postal address, e-mail address, contact telephone number, credit card information, etc., which can be used to Identify a site visitor.
1. Information we collect
We collect information about you to provide our services. In order for us to best provide our services to you and to fulfil the relationship we have with you, it is essential that we are able to collect and use the information as described in this Policy.
1.1 Information You Give Us
When you submit your data in order to receive newsletters or other updates and/or in order to make a reservation or/ register to offered programs, we collect and maintain your data exclusively for the purposes mentioned below. In this context, we collect data you submit, such as the name, residence, email, phone number, mobile, fax, date of birth and gender.
1.2 Information We Collect Automatically
When you use the Website, your device is automatically providing information to us so we can respond and customize our response to you. The type of information we collect by automated means generally includes technical information about your , such as your IP address or other device identifiers, the type of device you use, and operating system version. The information we collect may also include usage information and statistics about your interaction with the Website. That information may include URLs of our web pages that you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, location data (if you have enabled access to your location on your mobile device), and other information about how you used the Platform.
2. Why we collect your information
We process your data exclusively for the below purposes:
2.1 Provision of services
When you make reservations or apply for a service, card, membership through our Website, you must provide your personal data. We collect your personal data in order to offer you the services you request, in order to ensure that we meet your needs when you use our services and/or in order to contact you on issues related to the provision of our services.
2.2 Keeping you up to date with developments
If you provide your consent by registering your data in the field for the subscription to our Newsletter, we will register your data and send you Newsletters and updates.
2.3 Improvement of services
We maintain your data and the history of usage of our services in order to produce statistics that allow us to better assess the visits and navigation of users through our website in order to improve its content and structure.
2.4. Marketing material
If you provide your consent, we use your contact details to contact you, in order to send you marketing material and inform you of any special offers/discounts or other promotional activities.
2.5. Targeted Advertising
If you provide your consent to receive targeted advertising based on your preferences or customer segmentation, we will use automated means to process the information you provide and the history of your transactions through our Website in order to send you news, special offers and promotional material that is relevant to your profile and preferences.
With respect to the use of Data collected through Cookies, please see our Cookies Policy.
3. Recipients of your data
Access to your data may only be provided to our duly authorised employees or business partners who act on our behalf for the above purposes of processing, by offering us IT services for the registration and storage of your data, for the operation of our website and/or customer care services and/or for the dispatch of marketing messages or the performance of market research. Our partners are committed:
- to maintain confidentiality,
- not to send data to third parties without the Company's permission,
- to take appropriate security measures,
- to comply with the legal framework for the protection of personal data, especially with the GDPR Regulation.
4. Duration of processing
Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. We will retain your data for 5 years from the last incident of the use of our services. Consequently, your data will be deleted, unless you renew your consent for their processing. You can request that we stop communicating marketing material to you and/or that we delete your data at any time.
Specifically for Google Analytics, user and event data retention is set to 50 months.
5. Safety of your data
We are committed to protecting your Personal Data. We have taken appropriate organizational and technical measures to secure and protect your Data from any form of accidental od fraudulent processing.
We use a Secure Socket Layer (SSL) to ensure secure data exchange between your site and your browser.
These measures shall be reviewed and amended as necessary.
6. Your rights
Our company ensures your rights with respect to the processing of personal data and ensures that you may exercise them.
You have the right to request:
6.1 Access to your personal data
6.2 Rectification of your personal data if it is inaccurate or incomplete.
6.3 Deletion of your personal data, unless their processing is necessary for the exercise of legal rights of ASTIR PALACE VOULIAGMENI S.A. or third parties, for the fulfilment of a legal obligation, for public interest reasons or for defending our legal rights before judicial or other Authorities.
6.4 Restriction of processing of your personal data only for specific purposes.
6.5 To withdraw at any time your consent to the processing of your personal data for marketing purposes and/or targeted advertising by sending an email or written request to ASTIR PALACE VOULIAGMENI S.A. using the contact details below. In such case, their processing by us will be suspended, nevertheless, this will not impact the legitimacy of any processing performed until the time of withdrawal.
In order to exercise any of the above rights, we advise you to email us or send us a written request, using our contact details below.
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority.
7. When do we respond to your Requests?
We will respond to your Requests for free without delay, and in any case within (1) one month after we receive your request. However, if your request is complex or there is a large number of requests, we will notify you within one month if we need to take another (2) two months extension within which we will respond to you.
If you Requests are unfounded or excessive due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing information or executing the requested action, or refusing to respond to Request.
8. Do We Process Minor Data?
In general, we do not process data for children under the age of 16. If you are under the age of 16, you MUST have the consent of your parents before signing up for the site services or e-mail newsletter. If we find out that we have collected Minor's Data (under the age of 16 years old) without the above condition, we will delete these data as soon as possible.