Company STELLA BEACH S.A., with Trade Name STELLA GROUP OF HOTELS is committed to protect your personal data which are disclosed to the company by any source such as emails, fax, business cards, company’s site and other sites, databases etc. according to the law 2472/1997 as it is modified and valid and also according to the General Data Protection Regulation (GDPR – EU 2016/679).

COLLECTED PERSONAL DATA

Identifiable and contact information such as:

Your name, surname, phone number, address details (Country, Town, State, Postal Code), email address, information related to your reservation (arrival/departure date), voucher/reference number and for companies we collect extra details like VAT and tax office. Personal characteristics, nationality, passport details (number, sex, date of birth, place of birth, issue date, expiry date and issue office and for European Citizens id details). Payment information, such as your payment card number and other card information Guest preferences, marketing and communication preferences If you let us know we collect sensitive information, such us information concerning allergies, nutritional habits, dermatological diseases and sexual orientation etc. Moreover, depending on applicable local laws, other information could be considered sensitive, such us your leisure activities, personal activities and hobbies, if you are a smoker or not. We may also use closed-circuit television and other technologies that record video for the protection of our staff, guests and visitors to our properties where permitted by law.

PERSONAL INFORMATION WE COLLECTE FROM PERSONS UNDER 18 YEARS

We collect personal information from individuals under 18 years of age, such as name and age/or date of birth, passport number/ID details. We also have activities for kids and we need to collect information such as name, personal phone number from parents, room number, arrival/ departure time, and health information about your child (such allergies, nutritional habits, dermatological diseases and other) for the safety of child. We accept teenagers between 16-18 years old to stay in our hotels (with or without guardian) and we need parent’s contest in order to gather all the above information for our services. As a parent or legal guardian, please do not allow your children to submit personal information without your permission.

PERSONAL INFORMATION WE COLLECTE FROM THIRD PARTIES

We may also collect information about you from third parties, including information from our other partners (tour operators, travel agencies, web sites, and online forms), from your social media services consistent with your settings on such services and from other third-party sources that are lawfully entitled to share your data with us.

USE OF PERSONAL DATA

We collect your personal data for the purpose of:

  • Accounting reasons (for example contracts, cooperation agreements, invoices, etc.)
  • Financial information (information on services cost, account balances, etc.)
  • Sending you newsletters, promotional reasons, contests, customer satisfaction surveys, etc.
  • Room reservation and provision of hotel services (weddings, special events etc.).
  • Spa and beauty treatments services, gym services, etc.
  • Participation in activities and excursions.
  • We may use your personal information to provide you with information about meeting and event planning.
  • We may use your personal information to improve our services and to ensure that our site and services are of interest to you. We also use your personal information to provide you with the expected level of hospitality in-room and throughout our properties
  • Internal use by our company.

STELLA GROUP OF HOTELS ensures all legal and appropriate measures are being taken for the protection and confidentiality of personal data collected, in order (among other reasons) to prevent any non-authorized access to those data as well as to the equipment used for their processing and archiving. For the purposes of this policy, the term ¨data subject¨ includes all the individuals or single member companies, whose personal data we possess (data subject is the individual related to the term ‘personal data’) Our company guarantees that your personal data will not be used for other purposes, except the ones that are mentioned in this policy, without prior notice and without your approval, when such is required. We do not share personal data with third parties who are not related to us unless it is required by our legal professional purposes and needs, in order to fulfil your demands or/and it is imposed by law.

TIME PERIOD OF CONSERVATION AND USE OF PERSONAL DATA

We are committed to keep your personal data in a safe space with controlled access for as long as it is required. You may submit a deletion request within a shorter time, which we will satisfy upon checking on the legal basis of the processing and our legal obligations, as well as on the provisions of our binding contract.

DISCLOSURE OF PERSONAL DATA

We may disclose your personal information to third parties who are processing data on behalf of our Company, including, but not limited to, providers of data processing systems support. We may partner with other companies to provide you with services or offers based upon your experiences at our properties and may share your information with our business partners accordingly. For example, we may help you move to the airport station with taxi or other transfer services from our business partners, and share personal information with our business partners in order to provide those services. We may also share your collected information with third parties, such as hotel and payment card partners, in case of over booking. We may also share your collected information to our partners, such us tour operators/ travel agencies for expand or change yours information details about date stays. We rely on third parties to provide services on our behalf and may share your personal information with them as appropriate. Generally, our service providers are contractually obligated to protect your personal information and may not otherwise use or share your personal information, except as may be required by law. However, our fraud detection service providers may use, but not share, your personal information for fraud detection purposes. We may use service providers to communicate news and deliver promotional and transactional materials to you on our behalf, including personalized online and mobile advertising in accordance with your preferences and applicable law. Transfer to processors will take place only upon meeting the legal requirements provided for in articles 24 and 28 of Regulation. In case of data transfer to non-European countries, Company shall inform the data subject in advance and ensure that adequate precautions are taken, so that all the appropriate (by means of expertise, reliability and recourses) technical and organizational measures are implemented, in such a way that the processing is legal and that the rights of the subjects are being protected.

SAFETY AND PROTECTION OF DATA

Our company applies all the necessary policies and processes of technical and organizational safety in order to protect your personal data from being lost, changed, damaged, misused or accessed by a non-authorized person. Our Company executives who have access to the data are obliged to respect the confidentiality of these data. We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you. For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. For your own privacy protection, please do not send payment card numbers or any other confidential personal information to us via email. We will not contact you by mobile/text messaging or email to ask for your confidential personal information or payment card details. We will only ask for payment card details by telephone when you are booking a reservation or promotional package. If you receive this type of request, you should not respond to it. If we printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.

RIGHTS ON PERSONAL DATA

You have the possibility to apply for:

  • Access to your data
  • Review of the personal data that we possess
  • Rectification of false/inaccurate information and completion of incomplete information
  • Erasure of your personal data
  • Portability of your data
  • Restriction to the processing of your data
  • Opposition to your data processing as long as the conditions of 21 Article of GDPR are met.

We handle your requests with the utmost care to ensure that your rights are protected. We may ask for your identity to make sure we do not share your personal information with someone else. You should be aware that in certain cases (for example, due to legal obligations), we may not be able to respond to your request immediately. However, we will notify you of the progress of your request within one month after submitting your original request. You should be aware that during our contractual relationship, personal data required by law or by our contract, are legally complied with and cannot be objected to. Consequently, the rights of objection, limitation and deletion should concern data processing for other purposes and not for the legal or contractual ones. Furthermore, in some cases (for example due to legal obligations), we may not be able to satisfy your request immediately. However, you will receive a response to your request at the latest within one month after submission. You have always the right to submit complains by contacting the Data Protection Officer of the company STELLA GROUP OF HOTELS either by sending a letter at company’s office Analipsis, Hersonissos , Crete or by email at [email protected] , mentioning your full personal details and the reason you contacted STELLA GROUP OF HOTELS .

WITHDRAWL OF CONSENT

You may, at any time, withdraw the consent you have granted to our company for the processing and disclosure of your Personal Data. However, you must understand that this withdrawal will not affect the legitimacy of the processing, based on your consent for the period before your withdrawal. Furthermore, your right to withdraw your consent is subject to the above-mentioned law or contract. In case you want to withdraw your consent, please send a signed declaration at the Data Protection Officer of the company STELLA GROUP OF HOTELS either by sending a letter at company’s office Analipsis, Hersonissos , Crete or by email at [email protected] , mentioning your full personal details and the reason you contacted STELLA GROUP OF HOTELS