Making a reservation/completing forms
PRIVACY POLICY
A. Introduction
The company under the distinctive title “DIMARGIO ENTERPRISES”,
with G.E.MI. No. 147042527000, based in Heraklion, Crete, with phone number
(+30) 2810.242960 and e-mail info@dimargiohotel.com which maintains a hotel on
17, Katehaki Street, which operates under the distinctive title “Dimargio
Hotel” (hereinafter the “Company”), considers the protection
of your personal data as extremely important.
Therefore, the Company takes all appropriate measures to ensure that the
processing of your personal data is always carried out in accordance with the
obligations and safeguards set by the relevant legal and regulatory framework.
B. Data Controller
The Company processes your data under the capacity of data controller, in
accordance with Regulation (EU) 2016/679 (hereinafter the “GDPR”)
and the relevant provisions of the Greek legislation on the protection of
personal data, as applicable, from time to time.
C. Type of data and sources thereof
The personal data that may be collected and processed by the Company and
pertain to its customers are the following:
C.1.Identification Data: name and surname, father’s name, identity
card or passport number, nationality.
C.2.Billing & Payment Data: tax identification number (TIN) and
competent tax office, payment information, payment card number, amounts paid or
owed.
C.3.Contact Data: telephone number (landline and/or mobile), postal
and e-mail address.
C.4.Booking Data: arrival and departure dates, type of reservation,
any special preferences or requests.
C.5.Specific health data: any allergies or disabilities.
The above mentioned under points C.1.-C.4. personal data, is provided to
the Company directly by customers (you), as data subjects. The provision of
your data is a requirement for the conclusion and execution of the contract
between us, which will not be possible if you refuse to provide the same. Your
payment and debt information is generated during the course of your contractual
relationship with the Company and is maintained by it. The provision of the
data under point C.5. above is not mandatory, and should you refrain from
providing the same we will not proceed to making the respective arrangements
(e.g. special diet or access to rooms for people with special needs).
D. Purposes and legal basis of processing
The Company collects and processes the above-mentioned personal data for
the following purposes and legal bases:
D.1. Provision of
hospitality services or other similar services
Your personal data mentioned above are processed for the purpose of
providing hospitality services, or similar and/or supplementary services to
you, including identifying you, communicating with you, etc. Legal basis for
the processing of data under items C.1. and C.3.-C.4., is the execution of the
contract between us, in accordance with article 6 paragraph 1 item b) of the
GDPR. To the extent that you also provide us with data of special categories,
such as health data (any allergies and disabilities) under item C.5. above, the
legal basis for the relevant processing is your consent, in accordance with
article 9 paragraph 2 item a) of the GDPR.
D.2. Pricing of services
The data under items C.1., C.2. and C.3. above that are related to your
payments, as the case may be, is subject to processing for the purpose of
invoicing the Company’s services, and the legal basis for their processing is
the fulfillment of the Company’s legal obligations arising from tax
legislation, in accordance with article 6 paragraph 1 item c of the GDPR.
D.3. Direct promotion by
electronic means
Your electronic contact information under item C.3. above is processed for
the purpose of promoting our similar services by electronic means (e-mail/sms),
upon your explicit consent, being the relevant legal basis, in accordance with
articles 6 paragraph 1 item a) GDPR and 11 paragraph 1 of Greek Law 3471/2006.
E. Transmission of the data – Recipients
In order for the Company to support its operational needs and functions,
and to comply with its obligations, it might share personal data to categories
of persons or entities (recipients – processors). The recipients have access
only to such personal data that is absolutely necessary for the fulfillment of
the tasks or the provision of the services they have undertaken towards the
Company.
The recipients’ categories are the following:
(a) Processors: the Company cooperates or may cooperate with the following
processors in order for them to assist the Company in fulfilling its legal or
contractual obligations, subject to maintaining the confidentiality of your
data, and specifically: with accounting service providers, IT system support
service providers, hosting service providers, cloud computing providers,
physical security service providers and marketing and promotion service
providers.
(b) Financial institutions.
(c) Tax authorities, in accordance with the applicable tax legislation.
(d) Lawyers, if this is necessary for the protection or exercise of the
Company’s rights and legal interests.
(e) Bailiffs, notaries, judicial, prosecutorial and police authorities, as
well as auditing authorities, as long as this is required by applicable legal
provisions or court decisions, or following relevant lawful requests made in
the exercise of such authorities’ duties.
F. Data Retention Time
Your data is kept by the Company throughout the period of provision of its
services to you and with a maximum period of twenty (20) years, as the statute
of limitations for civil claims between the parties (Article 937 Civil Code).
If legal proceedings are in progress, in which the Company is involved and
which directly or indirectly concern you, the retention time for your data is
extended until the issuance of an irrevocable court decision.
Upon the lapse of the appropriate time periods, personal data will be
deleted/destroyed based on the Company’s destruction policy.
G. Transfer of Data outside the EU.
The Company does not transmit personal data to countries outside the EU.
H. Your Rights
You have a series of rights, in accordance with the provisions of articles
15-22 of the GDPR, regarding your personal data, which are processed by the
Company.
Specifically, you have the right to:
(a) find out if the Company is processing your personal data and/or gain
access to your personal data (right of access);
(b) rectify your personal data (right to rectification);
(c) request that we delete your personal data, when – among other things –
the processing of your personal data is no longer necessary for the purpose for
which we initially collected it and there is no compelling reason justifying
its continued storage or processing (right to erasure);
(d) restrict the processing of your data, provided that the conditions set
by the relevant legal framework are met (right to restriction);
(e) confirm that you wish to withdraw your previously provided consent
(revocation of consent); or
(f) request the transfer of your data (right to portability).
You can exercise the above rights by completing the corresponding
application that you can find at the Company’s premises (Dimargio Hotel, 17
Katehaki Street, Heraklion Crete), or by sending a relevant application by post
(Dimargio Hotel, 17 Katehaki Street, Heraklion) Crete, 71202) or by e-mail to
dpo@dimargiohotel.com.
In case there are reasonable doubts about the identity of the data subject,
the Company may request the provision of additional information to confirm your
identity.
It is pointed out that the Company has in any case the right to partially
or fully refuse to satisfy your request for restriction of processing or
deletion of your data, if the processing or keeping of the personal data
concerning you is necessary for the establishment, exercise or support of its
legal rights or the fulfillment of its legal obligations.
The Company must respond to your request within one (1) month of its
receipt. This deadline may be extended by two (2) more months, if required at
the discretion of the Company, taking into account the complexity of the
request and the number of requests, and in this case the Company will inform
you within one (1) month from the receipt of your request about the extension
in question, as well as the reasons thereof.
For any concern regarding the protection of your personal data, you can
contact the Company’s Data Protection Officer:
Full name: Eleni Babaletaki
Phone: (+30) 2810.242.960
Email: dpo@dimargiohotel.com
If the Company does not act on your request when exercising the above rights or after its response you consider that your above-mentioned rights are being violated, you have the option to submit a complaint to a supervisory authority (Personal Data Protection Authority, Kifisias 1-3, 11523, Athens, https://www.dpa.gr/, tel. 2106475600).