NOTICE TO OUR CLIENTS REGARDING OUR POLICY ON THE PROTECTION OF THEIR PERSONAL DATA
At SAY Hotel we have absolute respect for our clients and hold the protection of their privacy as one of our top priorities.
1. What personal data do we collect?
The types of personal data we collect from you depend on the services you want us to provide you. In particular, in the context of fulfilling the terms of the agreement between us regarding the booking and renting of a room, we collect from you, either by means of the form that you complete or by means of direct communication between you and a member of our staff, such personal data as are absolutely necessary for performing our services under the terms of the agreement, including (a) personal details (e.g., your name, gender, date of birth, ID number, VAT number or other ID particulars); (b) other more specific personal data, such as information regarding your health (e.g., diabetes, special dietary requirements); (c) your contact details (e.g., phone number, postal address, e-mail address, fax number), and (d) credit or debit card details, or details of other billing cards (including cardholder name, card number, billing address, expiry date), provided, of course, that you have chosen to pay by card.
Our Company processes your personal data throughout the duration of the contract between us and after the cessation or termination of such contract for as long as is prescribed by the applicable legal and regulatory framework, or until the end of the applicable time bar on any claims that may arise from the said contract between us.
2. Why do we collect and process your personal data?
We hold and process the personal data that you have provided to us so that we can provide you with the services you have requested, issue your bill(s), and manage, provide, adjust and improve our services and business activities. In addition to the above, our Company collects your personal data for the following purposes, in the context of fulfilling our part of the contract between us, i.e. (a) to notify you of significant changes or developments in relation to services that we already provide to you, and to communicate with you by e-mail, fax, telephone or other means on any matter arising in the course of performing the contract between us, such as, for example, answering questions or complaints you may have about the services provided, (b) to defend our rights before any Court and any authority, and for the purposes of executing and complying with court rulings or legal provisions, directives, regulations and circulars, and (c) with your consent, to update you about, and promote, our services via SMS and telephone.
3. To whom do we disclose or forward your personal data?
In order to meet effectively the purposes outlined above, we may transmit, disclose, grant access to or share your personal data with third parties, solely in the context of the above mentioned purposes, while always observing the principle of proportionality and data minimization. In this case, third parties may be: (a) any third party that provides customer services or customer satisfaction services and solely in the context of providing these specific services to our Company; (b) affiliates providing our company with data centers, servers or software solely in the context of providing such services; (c) financial institutions solely in the context of clearing the financial transactions conducted between us by virtue of our contractual relationship; (d) lawyers and law firms, in order to handle potential legal disputes between us, (e) insurance companies, in case of occurrence of insurance risks; (f) government services, legal entities of public law, legal entities of private law, judicial authorities, regulatory bodies and agencies, irrespective of their jurisdiction or level; (g) auditors, accountants, notaries, bailiffs or other economic or professional advisers, (h) other Companies of our Group of Companies and (i) our specific or universal successors, in the event of sale, disposal, merger or liquidation of our business.
4. What are your rights?
Under Regulation (EU) 2016/679, as a “data subject” you have the following rights:
i. Right of access: You, our customer, as data subject, have the right to obtain from us, as data controller, confirmation as to whether or not personal data concerning you are being processed, and, when that is the case, to access to such personal data, and obtain a copy of said data. If you wish to obtain a copy of part or all of your personal data in our records, please contact us.
ii. Right to rectification: We shall always endeavor to make sure that the personal data we hold regarding you is accurate. Accordingly, if you find that some of your personal data are inaccurate or incomplete, please do not hesitate to ask us to rectify or complete said data.
iii. Right to erasure (“right to be forgotten”): We want you to be aware that you are entitled to ask us to erase your personal data, if (a) these data are no longer needed in the context of our contractual relationship, (b) these data were submitted for processing illegally and used beyond the purposes specified hereinabove, and (c) such erasure is required by law.
iv. Right to data portability: When exercising your right to data portability, you are entitled to ask us to send your personal data from our Company to another company, when this is technically feasible.
v. Right to object: You are entitled to revoke (in whole or in part) your consent regarding the collection and processing of your personal data by our Company. In this case, you should be aware that any revocation of your consent could result in the termination of our contractual relationship, if said consent is required for it to continue.
vi. Right to lodge a complaint with a supervisory authority: Notwithstanding any other administrative or judicial recourse, after the exercise of its rights to our Company, every data subject is entitled to lodge a complaint with a supervisory authority, specifically in the member state in which he has his habitual residence or place of work or the place where the alleged infringement is committed. In any case, you have the right to have recourse to the Personal Data Protection Authority if you believe that you are adversely affected by the processing of your personal data and you consider that the processing of your personal data is in violation of Regulation (EU) 2016/679 or Law 4624/2019.
I hereby declare that I have read this notice, and that I am aware of the processing of my personal data, and that I consent to such processing for the purposes specified hereinabove.