Privacy Policy

Our approach to the protection of your personal data

01 Privacy Policy

Our approach to the protection of your personal data

3.5. Employees and partners’ data

ASTRA SUITES collects personal information from potential employees, including personal private contact information, professional qualifications and past professional experience, in order to make recruitment decisions. Upon recruitment, we collect information about our employees in the context of our contractual relationship and for purposes related to it, such as for evaluating their performance, for payroll and tax purposes. These employee data are collected and stored in our safe database, in accordance with our business practices. We may also process similar information about freelancers, consultants and other third parties who provide products or services to ASTRA SUITES.

Who are the third party recipients of your data?

a. We do not sell, lease or exchange your personal data, nor will we do so at any time in the future. We may disclose your personal information to a third party or use it for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual, only if you consent to such further processing, or if it required by law.

b. In particular, we may transfer (share, send, or otherwise disclose) your personal data to third parties only under the terms of the present Privacy Policy and mainly in the following cases:

  • to external partners (such as accountants, auditors, consultants etc);
  • to suppliers and service providers, including suppliers of IT based solutions that assist us in providing services to you
  • to marketing, market research and communication providers
  • to tour operators, tour offices, online booking systems (such as booking.com, expedia. com)
  • to car rental companies, massage and other related service providers
  • to financial institutions and credit card providers;
  • to any third party to whom we may sell or transfer all or a portion of our business or assets.
  • as required or authorized by any applicable law, and to comply with our legal obligations;
  • to government agencies and public authorities, regulatory bodies and enforcement agencies, to comply with a valid and authorized request, including a court order or other valid legal process, to protect against fraud and for related security purposes.

c. In any case, our employees who have access and process your personal data are specific and trained regarding the appropriate manner of any processing, are bound by confidentiality terms and process only on a need-to-know basis, to meet stated legitimate business purposes, as described.

5. Is your personal information transferred outside EU and EEA?

Your data may be transferred to countries outside the EU or the EEA (e.g. to Google). In this case, where such transfer is mandated by any applicable law or for the execution of our contract or cooperation, we shall maintain appropriate contractual and technical measures, as mandated by the GDPR or any other applicable law.

6. Information Security

a. We are committed to safeguarding and protecting your personal information. We implement and maintain appropriate technical and organizational measures to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information collected, stored or otherwise processed by us or by our partners.

b. More specifically, at ASTRA SUITES we implement various procedures and security measures to our physical and electronic files, in order to protect the personal information we hold. Regular and systematic controls are implemented on workstations, such as automatic computer locking, regular software and hardware updates and configuration, in order to minimize the possibility of gaining unauthorized access and exploiting crucial data which are stored in our systems.

c. We regularly review security technologies and will strive to protect your personal information as we protect our own confidential information. We are not responsible though for any third party’s actions or their security controls with respect to information that these third parties may collect or process via their websites, services or otherwise.

7. Data retention period

a. We will not retain your data longer than the period necessary to fulfil the purposes for which they were collected or as required by applicable laws and regulations. The information you provide us may be archived or stored periodically, according to backup security processes and will only be retained for as long as is it required for the purposes for which it was collected, unless the law requires us to hold your personal information for a longer period (e.g. tax related documents), or to delete it sooner, or unless you exercise your right to have your information erased or to restrict the processing thererof (where it applies).

b. For example, we shall retain the CVs we receive, without eventually hiring the person concerned, for a period of six (6) months, unless the individual haσ consented to his/her data being held longer for any relevant future purpose. Moreover, according to Directive 1/2011 of the Hellenic Data Protection Authority, records of security cameras that are legally installed in our offices or stores should be kept for a specified period of time in accordance with the purpose for which processed. Unless otherwise required by law or in case an infringement occurs, these records are being destroyed every 15 working days.

8. Your rights

a. We shall provide you with the ability to exercise all of your rights in relation to your personal data that we hold and process. According to GDPR, you have the right of access to, receive information and correction of your data, to withdraw consent at any time, to request data deletion, to restrict the extent of data processing, to object to data processing, to request copy of your data the transmission of personal data in a common digital format (e.g., pdf) to you or to another provider you may indicate to us, according to the provisions of the GDPR.

b. Indicatively, at your request, we will:

  • grant you access to copies of your personal data, within a reasonable time period
  • correct personal information, when inaccurate
  • withdraw your prior consent to the processing of your data etc.

c. Moreover, within the EU, individuals have the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

9. Contact us

In case you wish any clarification or information regarding the terms of this Privacy Policy, you want to exercise any of your rights or if you have any complaint, you may contact ASTRA SUITES at the details provided at the top of the present Privacy Policy.

Privacy policy changes

This Privacy Policy may change from time to time according to legislation or industry developments, without prior notice. For this reason, we invite you to check this webpage regularly.