Privacy Policy
Personal data
protection policy
The protection of personal data is very important to our Company. We ensure full compliance with Law 2472/1997, as in force at any given time, and with all laws in force now or in the future on the protection of personal data, as well as with Regulation (EU) 679/2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”, and we process Personal Data in accordance with the applicable basic principles.
This personal data protection policy (the “Protection Policy”) – and the Terms of Use – explain how we use your personal data (i) when you register to or visit our website www.casamediterraneohotel.com (ii) when you communicate with us or ask us for information.
Registered office and scope of operations
The Company has its registered office in Kastellorizo 851 11, Greece, and has the following scope of operations: The exploitation of tourist facilities, in general, and the provision of hotel-related services.
Lawful processing of personal data
The Company, in compliance with the provisions of the related EU and national legislation, manages the Personal Data with which it is provided with the greatest possible care, ensuring, in any case, their protection and confidential nature. In order to ensure the confidentiality and security of the Personal Data, the Company has adopted all necessary organizational and technical measures, establishing internal security policies, using suitable electronic means, adequately informing and training its personnel.
The Company shall lawfully process Personal Data, as it collects and processes such data exclusively for specific, explicit and legal purposes and only to the extent that such processing is necessary for the fulfilment of such purposes. The Company ensures that the data it keeps are accurate and updated, seeking for this purpose the assistance of the data subjects, i.e. of the natural persons whom these data concern; it shall retain such data for the time necessary for the fulfilment of the specific purposes.
Personal data being processed
The Company collects and processes Personal Data, i.e. information concerning a natural person who is identified or may be identified by such information, regardless of whether the identification is direct or indirect. The term “data processing” shall mean any operation performed concerning such data, whether automated or not.
Making a booking
When you make a booking or use the Company’s services, the Company must collect the data that are necessary to identify you and communicate with you for the completion of the transaction. Such data usually include the following:
• name and surname
• home address
• telephone number
• e-mail address
• credit card number
• credit card expiry date
• preferred communication language
• dietary habits
• possible health-related data (e.g. allergies, specific conditions, necessary for us to offer you better hospitality)
• age of the persons who will stay in the rooms
If you choose to share the specific data with us, we will also know your preferences regarding the type of room, the type of bed and other related information. Further, special discounts linked to details, such as age, are provided in the context of specific promotional actions. In such cases, so that we may check that you eligible for the discount, we will record your date of birth at the time of the booking, always on the condition that you will consent thereto. For the same reason, on arrival you may be asked to produce an official identity document, ID card, passport, etc. that mentions your date of birth.
The data are requested exclusively when a visitor contacts the Company through the general or more specific contact forms available on our Website or if he/she fills in his/her details to make a booking.
Collection of technical information
In addition, and for technical reasons, additional data are collected during a visit to the Company’s website, such as:
• IP address (Internet Protocol address) of the computer of access
• website from which you are visiting us (recommendation)
• our web pages that you visit
• time of visit to the website
• date and time of the visit
• type of browser and browser settings
• operating system
• device
• Geographical Area of the visit
• ISP
Such technical information may, in individual cases, constitute personal data. As a general rule, however, we use technical details only to the extent necessary for technical reasons, for the operation and protection of the website and its application from attacks and malicious use, as well as in pseudonymous or anonymous form for statistical reasons.
Newsletter
For the more specific purposes of Personal Data processing, i.e. information on products, services, promotional actions, offers and events, the Company collects and processes the e-mail address through a special form (Newsletter) available on the home page of our Website and which the Visitor may fill in if he/she wishes to receive such information.
Use of personal data
The Company collects, processes, and uses the Personal Data that concern you mainly when you visit the Company’s websites. On a case-by-case basis, Personal Data are processed in accordance with the applicable legislation and this policy or in conformity with your consent. In certain cases, the data are used only in a pseudonymous or anonymous form.
The Company stores and uses the Personal Data that concern you whenever you contact the Company over the phone, by e-mail or via the booking or contact form the Company makes available, or when you wish to send us information by some other means and you, therefore, transmit you data to us for such purpose. Such personal data will be used exclusively for the purpose of handling your request at any given time and/or to provide you with a service by executing the booking that you made, and for the issuance of all necessary tax and other documents.
Furthermore, we store and use personal data and technical information to the extent necessary for the prevention and handling of any malicious use or other illegal behavior on your website, e.g. to keep the data secure in case of an attack on our IT systems. Lastly, we store and use your data to the extent that we are legally obliged to do so, e.g. as foreseen by specific provisions of the related legislation or a court judgment or another decision by the Authorities, as well as to safeguard our rights and claims, and to defend the Company before the courts.
Third parties to whom the personal data will be transferred
The Company may transfer these data to companies with which it collaborates, within the European Union, which will process the data on behalf of the Company, as data processors, exclusively for the purposes mentioned above. When transferring the data, the Company shall adopt all necessary measures to ensure the highest possible security level.
The Company assures that such companies provide all the necessary guarantees for the protection of the Personal Data and that they adopt suitable technical and organizational measures so that the processing is lawful and that the protection of the Personal Data and the rights of the natural persons they concern are safeguarded. The Company states that it has entered contract with the companies in question in advance, which contracts include terms related to the adoption of security measures thereby and the monitoring of such measures by the Company.
Data security
The security of your personal data is a high priority for the Company. We, therefore, protect your data which are stored by us by adopting technical and organizational measures for the efficient prevention of loss or abuse thereof by third parties. In particular, our employees who are in charge of the processing of personal data undertake to keep such data secret. The data you send us via the Website are transferred encrypted for the protection of your personal data. To ensure the long-term protection of your data, the technical security measures are monitored regularly and, if necessary, are adjusted to the relevant technological standards.
Cookies policy
The use of cookies is regulated by the related Cookies Policy, while the personal data that are collected by that means enjoy the same protection level as other personal data.
Consent and rights of the subject of the personal data
By choosing to agree with and consent to the processing of the Personal Data that concern you, you grant your consent for the processing of the data for the aforementioned purposes, either by the Company or by a company with which it collaborates. You may withdraw your consent at any time, as well as exercise one of your legal rights, i.e. access to your data and the receipt of a copy thereof, the correction of inaccurate information, the erasure of your data or the restriction of their processing, the portability of the data in a structured, commonly used and machine-readable format and their transfer to another data controller, the right not to be subject to a decision which is based solely on automated processing, including the drawing up of a profile, and which produces legal effects concerning you or similarly significantly affects you.
The Company handles your requests with due care, to safeguard the security of your data and the protection of your rights. For this reason, in case of doubts regarding the person who requests the disclosure of Personal Data, we may ask you for additional information that is necessary for your identification.
In case the Company is unable, due to the large number of requests, to fulfil your request immediately, it will inform you as soon as possible and in any case within one month from the submission of your request of its progress and of the reason for any delay in its fulfilment. If your requests are clearly unfounded or excessive, in particular because of recurrence, the Company may either impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or refuse to follow up on your request.
In case of a data breach which may put your rights and freedoms at high risk, if this does not fall under one of the exceptions provided for in the law, the Company undertakes to inform you of the breach without unjustifiable delay.
Amendments to the information contained in this policy
Any future related regulations that may take effect will form part of this announcement. In any case, the Company shall reserve the right to change the terms related to the protection of personal data in accordance with the applicable legal framework.
Therefore, these Personal Data protection terms may be revised and updated at any time without prior notice. The users of the website are invited to observe the examined terms for changes at regular intervals, since the continuous use of the website suggests that they accept all possible modifications thereof.
The current version of the Personal Data Protection Policy entered into force on July 2019.