Our company respects the right to privacy and acknowledges the importance of protecting personal information. That is why we ensure your privacy and protect your personal data. Our intended objective is to be transparent as regards the processing of your personal data. In this context, we adhere to this policy that defines how we process and protect your data while you are browsing our website, www.ikaria-olivia.gr. We use all personal data you provide us in accordance with the General Data Protection Regulation (EU 2016/679) and the applicable personal data protection laws, for the purposes set out in this policy.
1. Who is responsible for the collection, handling and processing your personal data?As the data controller, “Exploitation of Furnished Tourist Residences” is responsible for the processing of your personal data via the website “www.ikaria-olivia.gr” and for the security of your data under the applicable personal data protection laws.
DETAILS OF DATA CONTROLLER Corporate Name: “Exploitation of Furnished Tourist Residences” Address: Agios Dimitrios, Rachnes, Ikaria, PC 83301 T.I.N. : 124687429 Telephone: +306942982646 Email: email@example.com Tax Office: Samos
2. What personal data do we collect?A. Personal Data The following table presents the personal data our company collects through its website, depending on the type of each user’s activity. Website browsing Technical Data: IP address, login details, browser type and version, time zone and location, types and versions of additional browsers, operating system and platform and other technology on the devices used to access the website. Contact Contact Data: name and email. Marketing Data:include your preferences for receiving promotional material from us. My Reservation Email and reservation code (personal). Our News email Use of “Cookies” Cookie ID, IP Address, Website user browsing history and behaviour.
B. Sensitive Personal Data Through its website, our company does not ask you to disclose sensitive personal data, i.e. data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data or data concerning your health or sex life or sexual orientation.
3. Why do we process your personal data?Your personal data is processed by our company in the framework of legitimate purposes and provided that the law permits it. Specifically, we process your personal data: For the performance of a contract or in order to take steps prior to entering into a contract, For complying with our legal obligations, For pursuing our legitimate interests or the interests of third parties, provided that your interests and fundamental rights do not override our own interests. When you have given us your explicit consent to the processing. Our company relies on your explicit consent as the legal basis for processing your personal data only for sending updates and promotional material and for using certain cookies (see Cookies Policy). In these cases, you always have the right to withdraw your consent at any time, by contacting us. Where your consent is the sole legal basis for the processing of personal data, we will stop the processing following its withdrawal.
4. How long do we store your data for?We retain your data for no longer than is necessary for the purposes for which the personal data are collected. To determine the necessary retention period of your personal data, we check the purposes for which we process your data, the ability to fulfil these purposes with other, less restrictive means, our applicable legal obligations, the quantity, nature and sensitivity of the data, as well as the potential risk of harm from their unauthorised use or disclosure. Different retention periods apply for different types of personal data. However, the maximum retention period of your personal data is twenty (20) years. For more details on the retention periods for each category of personal data, please contact us.
5. Who has access to your personal data?In order to better serve you and ensure the uninterrupted provision of our services, we reserve the right to share some of your personal data with our partners who provide us with support services or help us promote our services. These third-party partners are (natural or legal) persons that process your personal data on our behalf. Our partner which manages the website and the online booking system for us. We will never transfer, sell, lease or exchange your personal data to other companies or organizations for marketing purposes. It is possible that we may disclose your data to state organizations, regulatory bodies, law enforcement authorities, courts, banking institutions, but only when it is necessary, specifically: to ensure compliance with our legal obligations. to exercise our legal rights. to prevent, identify, investigate crimes or prosecute offenders. Note that in case of a change in our company (e.g. acquisition or merger with another company), the new owners have the right to use your personal data in the same manner as set out in this privacy statement.
6. Do we transfer your data to non EU countries?Our company does not transfer the personal data it collects via its website to non EU or non EEA countries.
7. How do we protect your data?We implement appropriate technical and organizational measures to ensure your personal data is always protected and safe, preventing any accidental loss, change, disclosure, use or access thereof in an unauthorized manner. Our safety measures include data encryption, regular cyber-safety assessments by all service providers who may handle your personal data, safety audits protecting our overall technical infrastructure against external attacks and unauthorised access and internal policies setting out the method that ensures your personal data protection and the training of our employees. Our company has adopted a policy and procedures for addressing personal data breach incidents, ensuring that you and the supervisory authority are immediately notified, when required by law.
8. What are your rights?
- Right to access:you have the right to access your personal data. By applying for access, you can be informed of the purposes of the processing, the categories of personal data concerned, the recipients to whom your data have been or will be disclosed, its retention period, the existence of your right to rectification or erasure of data or restriction of processing or to object to processing, information on the origin of data and the existence of automated decision making, including profiling, and meaningful information about the logic involved.
- Right to rectification: You have the right to obtain the rectification of inaccurate data and to complete incomplete personal data.
Right to erasure (“right to be forgotten”): when you no longer wish your personal data to be processed and kept, you have the right to obtain its erasure, provided that the data is not kept for a specific lawful and stated purpose.
- Right of restriction of processing: You have the right to obtain restriction of processing of your data, when specific reasons are applied (e.d. if you contest our legitimate interest or if your personal data is incorrect or if you think that the processing is unlawful or if we no longer need your data).
- Right to portability: you have the right to receive a copy or obtain to transmit your data, in a machine – readable format, to another controller, if you wish to. This right includes only the personal data you have provided us yourself.
- Right to object to the processing under legal interest: You have the right to object, at any time, to the processing of your personal data that is based on our legitimate interest. We will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests and rights or we have legal claims.
- Right to object to direct marketing: You have the right to object to direct marketing, including profiling made for direct marketing purposes. You have the option to opt out from direct marketing.
- Right to consent withdrawal: in case we have your explicit consent for the processing of your personal data, you have the right to withdraw it at any time. Where your consent is the sole legal basis for the processing, we will stop processing your data following its withdrawal.
9. How can you exercise your rights?If you wish to exercise any of your above rights, contact us using our contact information. You are not required to pay us any fee or charge to exercise any of your rights. However, we reserve the right to charge a reasonable fee, if your request is manifestly unfounded, repeated or excessive. In these cases, we also reserve the right to refuse to comply with your request. In case you exercise any of your rights, our company is required to respond within a period of one (1) month from the submission of your request. If your request is particularly complex or you have submitted a number of requests, we may need more time to respond. In this case, we will inform you. If you think that our company processes your personal data incorrectly, please contact us. You also have the right to lodge a complaint with a supervisory authority. Noted that the Greek supervisory authority is the Hellenic Data Protection Authority, seated in Athens, at 1-3 Kifissias Street, P.C. 11523, www.dpa.gr.
Contact details If you have any questions regarding the way in which we collect or use your personal data that was not answered here or if you want to exercise your rights regarding your personal data, please contact us by e-mail firstname.lastname@example.org.