(Issued May, 2022)
1. Who we are
We operate this Website and are the Controller and responsible for your personal data.
Theros All Suite Hotel (or “We”) is a Greek company under the name «Mastrominas Tourism and Hotels Societe Anonyme” and the distinctive title “Lambi Hospitality S.A.” registered with the National Trade Registry (GE.E.MI) under number 071490520000 having its registered address at 4-6 Angelou Sikelianou Street, 11525 Athens, Greece. Our Tax Registration / VAT number is 099269770. 2 You can contact us: phone number [+30] 2242440300 and at firstname.lastname@example.org. Please use these details to contact us for any questions, feedback and comments (including complaints).
2. The data we collect about you
The data we may collect about you are:
- Identity Data such as first name, last name, date of birth
- Contact Data such as email address, address and telephone number
- Financial Data such as payment card details
-Technical Data such as IP address, browser type, operating system and other technology on the devices you use
- Marketing and Communications Data such as your preferences
- Any other information you may provide us with
We do not collect the so called special/sensitive categories of personal data (such as race, religious beliefs etc.) with the exception of any information concerning any special health/disability requirements you may have request us to provide you for.
Minors / Third Party
3. How is your personal data collected
By providing your data
In order to complete your reservation you will need to give your identity data and contact data. Once you give these data you will be able to:
• Manage your Reservation. The system will keep your information so that you don’t need to re - enter it the next time you book with us
• Manage your personal information
• If you wish, subscribe to our Newsletter so as to receive our magazine and follow our updates
• View your Reservation and send it to your friends and family
• View your Reservation history To finalise your Reservation you may also be asked to give your payment details.
By automated technologies - Cookies
First party cookies are cookies set and controlled by the website you are visiting. Third party cookies are cookies set and controlled by parties other than the website you are visiting. 4 Session cookies are cookies, which are deleted when you quit your browser. Permanent cookies are cookies, which are not deleted automatically when you quit your browser but remain in the browser for a certain amount of time. Essential (operational) cookies, whether session or permanent, are cookies which are necessary for browsing a website, for internal security and system management. Statistics cookies are cookies which serve exclusively statistical purposes and collect information in aggregate form. Advertising cookies are cookies which track the preferences of website visitors and serve for advertising and marketing purposes. Essential (operational) cookies have to be included for a website to function. For this reason, the law does not require your consent.
Use of absolutely essential (operational) cookies is automatic in our Website and Apps, while other (non – essential) cookies are by default disabled. We will use other cookies only if you give us your consent.
Our Website includes links to third-party websites and applications. If you click on a third party link, you will be directed to that party’s site. We do not control these websites and are not responsible for their cookies policies. We advise you to review the cookies policy of every website you visit.
Our Website and Apps use the following cookies:
How you can manage cookies
Our website provides the possibility to enable other than essential cookies by consenting / selecting and managing your cookies preferences. To manage your cookies preferences, please select “Cookies Settings” button which is found at the left bottom of our Website.
In addition to managing cookies in our Website you can:
- delete all cookies on your device by clearing the browsing history of your browser each time you complete your navigation
- change the settings of your browser/mobile device in order to block cookies being placed on your device
Please be aware that, if you delete cookies, you may lose some saved login details or preferences and, if you block installation of cookies, you may not be able to use functions, applications and services of our Website. For more info please contact as email@example.com
4. Why we collect and How we use your personal data
Personal data you provide us with will be used only when the law allows us to.
Most commonly we will use them for the purposes of:
- processing your reservations (e.g. to handle reservations, issue receipts)
- attending to your requests
- communication to you of information about our services including sending commercial communications by e-mail or by any other equivalent electronic communication means, if you have given us your consent. You can withdraw your consent in respect of receiving such communications by clicking on the “UNSUBSCRIBE” button at the bottom of any e-mail you might have received (in case you have not initially refused such use) or by contacting us at any time
- improving our services and website in order to keep it updated and relevant.
- compliance with our legal obligation and our mutual interest to keep network security
We will only use your personal data for the purposes we collected it. If we need to use your personal data for another purpose, we will notify you before such use and will explain the legal basis which allows us to do so.
5. Disclosure of your personal data
We need to disclose certain data of yours to third parties we use as service providers (e.g. booking administrator providers, payment process providers, banks) All third parties we use for the provision of our services are contractually obligated to secure the confidentiality and protection of your data and will use it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with the law. By providing information in this Website or otherwise to us you expressly authorise us to disclose and process your information as described above in order to enable us provide our services to you. We do not disclose your information to any other third parties unless required by law, by court or any governmental body.
6. International transfers of personal Data
We may transfer your data to our data processors and/or sub-processors based outside the EU territory (“EEA”) and in the USA in particular, where EU or Member State legal framework does not apply. In such a case we ensure that the level of protection provided by the GDPR is not undermined; we use international data transfer tools (e.g. Standard Contractual Clauses or other designated by the EU) to achieve adequate safeguards for the security and protection of your data.
Our data processors and sub-processors are contractually obliged by us, who continue to be responsible as Data Controller of your data, to process your data in a way to ensure that all provisions provided by relevant Chapter V of the GDPR are applied.
7. Data Security
We strive to ensure your personal data is secure. We take appropriate technical and operational security measures to prevent unauthorised use or access to your personal data, destruction, accidental loss or damage. Our employees, agents, contractors will only have access or process your personal data on our instructions and are subject to a duty of confidentiality.
8. Data Retention
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it or to satisfy any legal, accounting or reporting requirements.
9. Your Rights
You have the following rights in respect of your personal data under General Data Protection Regulation (EU) 2016/679 (“GDPR”) and national data protection laws:
a) Right to request access to your personal data: You have a right to be informed if and how we process your personal data
b) Right to request rectification of your personal data: You can inform us of any changes to your personal data or ask us to correct any of them
c) Right to request erasure of your personal data: You can ask us to erase any data initially collected by us which that are not necessary anymore or if you wish to withdraw your consent and there is not any other legal basis for process.
d) Right to object to processing of your personal data:
e) Right to request restriction of processing of your personal data: if you contest the accuracy of your data or the legality of the processing, you can ask for its restriction
f) Right to data portability: You have a right to receive your personal data which you have provided to us, in a structured, commonly used and machinereadable format and to transmit those data to another controller without hindrance from us
g) Right to withdraw your consent at any time where your consent is the legal basis for the processing of your data
All the above rights are subject to applicable law.
If you wish to exercise any of the above rights please contact us.
h) Right to lodge a complaint with a supervisory authority for data protection issues: If you think that the processing of your personal data infringes the GDPR, you are entitled to file a complaint with a supervisory authority. The competent supervisory authority in Greece is:
Hellenic Data Protection Authority
Kifissias 1-3, PC 115 23, Athens, Greece
Telephone: +30-210 6475600
We would, however, appreciate the chance to deal with your concerns and assist you before filing the complaint so please contact us in the first instance.
10. Third – party links
If you wish to reserve suites and/or other services in our Hotel via this Website, you are directed to our Booking Service Provider WebHotelier Technologies, which is certified PCI –DSS Level 2 Service Provider. Please also review the respective Privacy Notice before your booking.
11. Processing of Personal Data via a Video Surveillance System
We use a video surveillance system in our Hotel for the protection of persons and goods. Our legitimate interest as Data Controller is to protect the premises and facilities of our Hotel as well as the safety, health and assets of our staff, hotel guests and other persons who are found in the supervised area
Purpose and Legal Basis of Processing
Our legitimate interest as Data Controller is to protect the premises and facilities of our Hotel as well as the safety, health and assets of our staff, hotel guests and other persons who are found in our supervised area (article 6 para. 1 (f) of the GDPR)
Analysis of our legitimate interests
We collect only image data in places where there is an increased likelihood of illegal acts (e.g. robbery, theft), such as in the entrances and exits of our Hotel and in cash registers. We do not focus on areas where the collection of images may excessively restrict the privacy of persons.
When you enter our Hotel there is an information sign that a video surveillance system has been installed. Similar signs are also found in the areas where cameras are located.
Only our authorised personnel and/or security companies have access to the images we collect. Our personnel and security companies are contractually bound by us to ensure the confidentiality and safety of your personal data. We do not disclose the collected material to any third parties with the following exceptions:
- To competent judicial, police authorities during an investigation of a criminal act involving persons and/or goods in our Hotel
- To competent judicial, police authorities when requesting information according to the law
- To the victim or the perpetrator of a criminal act when the data in question may serve as evidence.
We maintain the data collected by our cameras for a period of seven (7) days, after which they are automatically deleted. If during this period we find that an illegal act has taken place, the relevant parts of the video concerned are kept for one (1) more month for the investigation of the incident and initiation of criminal proceedings. If this incident concerns a third person, we may keep this video for up to 3 more months.
For your information on your rights as data subject please refer to section 9 above. If you wish to exercise any of the above rights please contact us.
In order to provide you a copy of your image please indicate when approximately you were found in the range of our cameras and give us a photo of yours; alternatively you may come to our Hotel to have us show you the images in which you appear. Moreover, please be informed that the exercise of 12 your right to object or erasure does not entail immediate erasure or amendment of the processing. In any case we will respond to your request in detail as provided by the GDPR.
This Information on Processing of Personal Data by a Video Surveillance System is updated from time to time and posted on our Website (https://www.therosallsuitehotel.com/privacy-policy) and is also available in a printed form at the Reception desk of our Hotel.
12. Updates and changes to this policy