Preamble

At the HALEPA HOTEL hereinafter referred to as the “Hotel” we are committed to protecting and respecting your privacy. Our Data Protection Policy (“DPP Policy”) sets out the basis on which Personal Data (“PD”) is collected about you. The Policy has been developed based on the Data Protection Impact Assessment ( DPIA) Assessment ), which is provided for by the GDPR and Law 4624/2019. The PD is either provided to us by you with your free consent directly or is provided to us through third parties, who have already obtained your free consent and are always processed in accordance with the GDPR. Please read the following carefully to understand the use of the PD.

Information and Personal Data we collect about you

We collect information and personal data from you that you provide with your free consent, either directly or through third-party services with which you interact and have already asked for your free consent.

We may process data, including the following, during the provision of hosting services and use of our facilities by you, which could contain PD or be considered as PD:

• Full name, residential and/or work address, email address, telephone numbers (landline or mobile), ID or passport number, nationality, date of birth. In the event that you are accompanying minors (under 16 years of age), you will be asked to declare their details as an official guardian or chaperone. Please note here that all of the above information is required by Greek law for the provision of hospitality services in tourist accommodations.
• Financial information about you, including your bank account details, credit or debit card details or other payment details.
• Information about your profession, or your participation in professional or other organizations.
• Medical data (for the provision of accommodation services or to address emergency health needs) , dietary habits and possible allergies
• And finally, any other information that you ask us to process on your behalf or which is necessary in order for us to be able to offer you the best possible accommodation, fitness, entertainment, conference and reception services.

We also inform you that:

• The hotel has a video surveillance system (CCTV) in areas designated by the relevant Greek legislation and the Greek Authority for the Protection of Personal Data. The video surveillance system operates for reasons of protecting the health and safety of our employees and customers as well as for reasons of protecting property.
• When you visit our hotel website, your device’s browser provides us with information such as your current IP address, browser type, access time and the pages of our website you visited which are collected and used to compile statistical data. This information can be used to help us improve our website, the services we offer and to design new services for you.
• We may use cookies and similar technologies to help provide our website data and to offer you a more personalized user experience tailored to your needs and requirements. In this case, you have the option to not accept the proposed cookies.

Purpose of processing personal data

We process your Personal Data for the following purposes:

• To offer you the hospitality and leisure services at our accommodation that you have requested through your reservation.
• To inform you about all our services and possible offers (e- mail) marketing / sms marketing ) as long as we have your consent
• To inform you about changes to our policy

Legal Basis of Processing

The legal bases of the processing are, as the case may be:

• a/ the legitimate interest we pursue (operation of our company)
• b/ our compliance with obligations arising from the law
• c/ the execution (formation, operation, termination) of the contract between us
• d/ your consent.

Security of the PD

The hotel is committed to making every reasonable effort to protect your Personal Information. For this reason, we use a variety of security technologies and procedures to protect your Personal Information from unauthorized access and use. However, please note that no physical or electronic security system is completely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that the information you provide to us via the Internet will not be intercepted. However, we are committed to continuing to review and improve our security policies and to implementing additional technical and organizational security measures as new technologies become available.

The transmission of information over the Internet is not completely secure and may involve the transmission of data to countries outside the European Union. This is due to the use of cloud solutions for website hosting, email hosting or proprietary software solutions delivered to us via the cloud. However, in any case, we do not allow third parties to use your personal data for their own purposes. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us. Therefore, any transmission of personal data is at your own risk. When receiving personal data, we use appropriate security measures to avoid unauthorized access.

Preservation of the PD

The time that the personal data is retained at the hotel is determined by the provisions of Greek law for the protection of state interests and the hotel’s data retention policy for the protection of the legitimate interests of the business.

Personal data that is necessary for the conclusion or execution of the contract between us is kept throughout the duration of the contract and 5 years after its termination. In the event of claims, this data is kept until an irrevocable decision is issued.

Transmission of the PD

We ensure that your personal data is subject to lawful processing, which is limited within the Hotel, while their confidentiality is ensured and we are committed to not transferring the PII to third parties other than those to whom you have already given your consent, without our intervention. However, they may be transferred to our partners, who act as processors on our behalf, to the extent that the aforementioned processing purposes are served and subject to the observance of confidentiality to protect them within the framework of our contractual commitments, the service of our legitimate interests and with the right to control them.

Your rights and how you can exercise them

• Know which personal data we hold and process, their origin, the purposes of their processing, as well as the time they are held ( right of access ).
• Request the correction and/or completion of your personal data so that it is complete and accurate ( right to correction ). You must provide any necessary document from which the need for correction or completion arises.
• Request the restriction of the processing of your data ( right to restriction of processing ).
• To refuse and/or object to any further processing of your personal data that we hold ( right to object ).
• Request that we transfer your personal data that we hold to any other data controller of your choice ( right to data portability ).
• Submit a complaint to the Personal Data Protection Authority (www.dpa.gr), if you believe that your rights are being violated in any way ( right to complain to the Authority ).
• Request the deletion of your personal data from the files we keep ( right to be forgotten ).

In relation to the exercise of your above rights, the following are noted:

• The company has in any case the right to refuse to satisfy your requests to limit the processing or delete your personal data or your opposition to the processing, if the processing or retention of the data is necessary for the establishment, exercise or support of its legal rights or the fulfillment of its obligations.
• The exercise of the right to portability does not entail the deletion of your data from our files, which is subject to the terms of the immediately preceding paragraph and the conditions of the Regulation.
• The exercise of the above rights is effective for the future and does not concern data processing already carried out .

To exercise your above rights in accordance with European and Greek legislation and the restrictions set out therein, you may contact the Company in writing at the address of the Company with the name ” Halepa Tourist Enterprises S.A.” and the distinctive title ” HALEPA HOTEL” which is based in Chania, Crete (164 Eleftheriou Venizelou Street, 731 33), with Tax Identification Number 094179382, Tax Office of Chania and GEMI number 122947858000, or electronically at e- mail : [email protected] 

Services covered by this policy

• Accommodation, recreation
• Restaurant, bar and other food-related services.
• Gym, Hammam

Email messages (e- mail )

If you do not wish to receive marketing and promotional emails from the hotel, you may click on the unsubscribe link in the email to unsubscribe and cancel your email and marketing communications. You may also indicate on the relevant hotel registration form that you do not consent to receiving promotional emails, in which case you may opt out of the hotel’s email lists. Please note that even if you opt out of receiving marketing emails from us, we may still need to send you service-related communications, such as confirmations of any future reservations you may make.

WiFi service

WiFi service within the hotel, please see the relevant policy ( WiFi). disclaimer )

Data Controller

The Data Controller is the company with the name ” Halepa Tourist Enterprises S.A. ” and the distinctive title ” HALEPA HOTEL “, as it is legally represented, with which you can contact for GDPR issues at the e- mail address : dpo@halepa.com 

Changes in policy

We reserve the right to change this policy by implementing newer provisions of European and Greek legislation and at our discretion. If we make any changes, we will post the changes here so that you can have immediate access.