Making a reservation/completing forms
The company under the distinctive title “DIMARGIO ENTERPRISES”, with G.E.MI. No. 147042527000, based in Heraklion, Crete, with phone number (+30) 2810.242960 and e-mail email@example.com which maintains a hotel on 17, Katehaki Street, which operates under the distinctive title “Dimargio Hotel” (hereinafter the “Company”), considers the protection of your personal data as extremely important.
Therefore, the Company takes all appropriate measures to ensure that the processing of your personal data is always carried out in accordance with the obligations and safeguards set by the relevant legal and regulatory framework.
B. Data Controller
The Company processes your data under the capacity of data controller, in accordance with Regulation (EU) 2016/679 (hereinafter the “GDPR”) and the relevant provisions of the Greek legislation on the protection of personal data, as applicable, from time to time.
C. Type of data and sources thereof
The personal data that may be collected and processed by the Company and pertain to its customers are the following:
C.1.Identification Data: name and surname, father’s name, identity card or passport number, nationality.
C.2.Billing & Payment Data: tax identification number (TIN) and competent tax office, payment information, payment card number, amounts paid or owed.
C.3.Contact Data: telephone number (landline and/or mobile), postal and e-mail address.
C.4.Booking Data: arrival and departure dates, type of reservation, any special preferences or requests.
C.5.Specific health data: any allergies or disabilities.
The above mentioned under points C.1.-C.4. personal data, is provided to the Company directly by customers (you), as data subjects. The provision of your data is a requirement for the conclusion and execution of the contract between us, which will not be possible if you refuse to provide the same. Your payment and debt information is generated during the course of your contractual relationship with the Company and is maintained by it. The provision of the data under point C.5. above is not mandatory, and should you refrain from providing the same we will not proceed to making the respective arrangements (e.g. special diet or access to rooms for people with special needs).
D. Purposes and legal basis of processing
The Company collects and processes the above-mentioned personal data for the following purposes and legal bases:
D.1. Provision of hospitality services or other similar services
Your personal data mentioned above are processed for the purpose of providing hospitality services, or similar and/or supplementary services to you, including identifying you, communicating with you, etc. Legal basis for the processing of data under items C.1. and C.3.-C.4., is the execution of the contract between us, in accordance with article 6 paragraph 1 item b) of the GDPR. To the extent that you also provide us with data of special categories, such as health data (any allergies and disabilities) under item C.5. above, the legal basis for the relevant processing is your consent, in accordance with article 9 paragraph 2 item a) of the GDPR.
D.2. Pricing of services
The data under items C.1., C.2. and C.3. above that are related to your payments, as the case may be, is subject to processing for the purpose of invoicing the Company’s services, and the legal basis for their processing is the fulfillment of the Company’s legal obligations arising from tax legislation, in accordance with article 6 paragraph 1 item c of the GDPR.
D.3. Direct promotion by electronic means
Your electronic contact information under item C.3. above is processed for the purpose of promoting our similar services by electronic means (e-mail/sms), upon your explicit consent, being the relevant legal basis, in accordance with articles 6 paragraph 1 item a) GDPR and 11 paragraph 1 of Greek Law 3471/2006.
E. Transmission of the data – Recipients
In order for the Company to support its operational needs and functions, and to comply with its obligations, it might share personal data to categories of persons or entities (recipients – processors). The recipients have access only to such personal data that is absolutely necessary for the fulfillment of the tasks or the provision of the services they have undertaken towards the Company.
The recipients’ categories are the following:
(a) Processors: the Company cooperates or may cooperate with the following processors in order for them to assist the Company in fulfilling its legal or contractual obligations, subject to maintaining the confidentiality of your data, and specifically: with accounting service providers, IT system support service providers, hosting service providers, cloud computing providers, physical security service providers and marketing and promotion service providers.
(b) Financial institutions.
(c) Tax authorities, in accordance with the applicable tax legislation.
(d) Lawyers, if this is necessary for the protection or exercise of the Company’s rights and legal interests.
(e) Bailiffs, notaries, judicial, prosecutorial and police authorities, as well as auditing authorities, as long as this is required by applicable legal provisions or court decisions, or following relevant lawful requests made in the exercise of such authorities’ duties.
F. Data Retention Time
Your data is kept by the Company throughout the period of provision of its services to you and with a maximum period of twenty (20) years, as the statute of limitations for civil claims between the parties (Article 937 Civil Code).
If legal proceedings are in progress, in which the Company is involved and which directly or indirectly concern you, the retention time for your data is extended until the issuance of an irrevocable court decision.
Upon the lapse of the appropriate time periods, personal data will be deleted/destroyed based on the Company’s destruction policy.
G. Transfer of Data outside the EU.
The Company does not transmit personal data to countries outside the EU.
H. Your Rights
You have a series of rights, in accordance with the provisions of articles 15-22 of the GDPR, regarding your personal data, which are processed by the Company.
Specifically, you have the right to:
(a) find out if the Company is processing your personal data and/or gain access to your personal data (right of access);
(b) rectify your personal data (right to rectification);
(c) request that we delete your personal data, when – among other things – the processing of your personal data is no longer necessary for the purpose for which we initially collected it and there is no compelling reason justifying its continued storage or processing (right to erasure);
(d) restrict the processing of your data, provided that the conditions set by the relevant legal framework are met (right to restriction);
(e) confirm that you wish to withdraw your previously provided consent (revocation of consent); or
(f) request the transfer of your data (right to portability).
You can exercise the above rights by completing the corresponding application that you can find at the Company’s premises (Dimargio Hotel, 17 Katehaki Street, Heraklion Crete), or by sending a relevant application by post (Dimargio Hotel, 17 Katehaki Street, Heraklion) Crete, 71202) or by e-mail to firstname.lastname@example.org.
In case there are reasonable doubts about the identity of the data subject, the Company may request the provision of additional information to confirm your identity.
It is pointed out that the Company has in any case the right to partially or fully refuse to satisfy your request for restriction of processing or deletion of your data, if the processing or keeping of the personal data concerning you is necessary for the establishment, exercise or support of its legal rights or the fulfillment of its legal obligations.
The Company must respond to your request within one (1) month of its receipt. This deadline may be extended by two (2) more months, if required at the discretion of the Company, taking into account the complexity of the request and the number of requests, and in this case the Company will inform you within one (1) month from the receipt of your request about the extension in question, as well as the reasons thereof.
For any concern regarding the protection of your personal data, you can contact the Company’s Data Protection Officer:
Full name: Eleni Babaletaki
Phone: (+30) 2810.242.960
If the Company does not act on your request when exercising the above rights or after its response you consider that your above-mentioned rights are being violated, you have the option to submit a complaint to a supervisory authority (Personal Data Protection Authority, Kifisias 1-3, 11523, Athens, https://www.dpa.gr/, tel. 2106475600).