Our approach to the protection of your personal data
We treat your personal data protection with responsibility and we believe that it should be collected and processed only when absolutely necessary. Therefore, all of our ASTRA SUITES’s systems and the website are designed with the appropriate operational and internal systems and comply to the applicable European and Greek legislation regarding data protection {mainly General Data Protection Regulation EU 679/2016 (hereinafter «GDPR») and Law 4624/2019}.
The present privacy policy has been adopted by the ASTRA SUITES «GEORGE KARAYIANNIS & SIA O.E.», having its legal seat in Santorini, Imerovigli, Thira, tel. (0030)2286023641, e-mail: info@astrasuites.com (hereinafter «ASTRA SUITES»), which is the Controller of the personal data that you provide us with and which shall to provide you with all the necessary information for their processing, in accordance with articles 12, 13 and 14 of the GDPR.
Personal Data is any information that relates to you, or may be attributed to you and allows us to identify you. Such data is, for example, your name, surname, father’s name, address, telephone number, e-mail etc. Additionally, personal data also includes some technical data relating to you, such as your IP address or the websites from which you entered our site, etc. Moreover, as special categories of personal data (sensitive data) are namely treated data that related to your health condition, your food allergies etc.
a. The personal data we collect include only necessary information we need for specific purposes, as described below. We may mainly process the following types of personal data related to you and/or your family members:
b. During the course of our business, we may collect special categories of personal data, such as medical conditions for passengers who have special medical requirements and/or dietary requirements. We shall process such data only if you provide us with your explicit consent or based on a legal obligation (e.g. mainly regarding our employees), and always in accordance with the relevant provisions of the applicable legislation.
c. Moreover, for security reasons and in order to protect our visitors, employees and premises, we have installed security cameras systems (CCTV) in commonly used areas of our hotel. In any case, we ensure that any recording is not directed to any of our employee’s working space and we only collect image data and not sound data.
d. The data we collect on persons under the age of 16 are restricted to name, surname, nationality, and date of birth and can only be provided by an adult or guardian. Should any information of this type be sent to us in any other way, you can communicate with us to delete them.
e. We shall only process your information when:
We may process your personal data mainly in the following cases:
More specifically:
Following your request for a reservation, we shall collect and process your and your companion(s) personal data in order to provide you the accommodation services that you require from us and book your room, facilitate check-in and payment processes, help you book and make use of the services that our hotel provides (such as room service, wi-fi, restaurant, massage etc), as well as process any other kind of request or complaint.
a. When booking your accommodation or establishing a supplier relationship via us, we require certain financial information (like your bank account or credit card information) in order to process payments and comply to the applicable legal provisions. If you are either a visitor or a supplier, we may require additional information such as your ID/passport or VAT number (where permitted by applicable law) and other proof of identification, in order to provide the payment services to you and comply with applicable legal provisions. Moreover, if you are a visitor, we may retain your financial information to assist you with booking related experiences and activities during your stay. We shall only process such data according to your explicit consent and based on your written authorization.
b. Moreover, you may be asked to or choose to pay online for our services by credit, debit or prepaid card. In this case, you will be automatically transferred to a safe banking transaction environment. There, for the purpose of your payment, you will have to provide your card type and number, expiration date and CCV number, by filling all the relevant blanks on the secure form. Card transactions are protected by the most effective online protection systems, which guarantee a safe transaction environment to the majority of the world’s largest businesses. ASTRA SUITES does not obtain or retain the card’s details, which you may use online, to which we do not have access, except for the confirmation of the success or failure of the transactions, for obvious purposes related to the provision of our services.
In case you have explicitly requested and/ or consented (opt-in) to receiving such actions from us, we may use your personal details (e-mail) in order to send you information on offers relating to our services that may interest you, as well as greeting and festive messages.
a. Website Visitors – general information: ASTRA SUITES may collect information about visitors of our website, where this is voluntarily provided to meet a request from those individuals (for example when you fill the contact form and request any information on our services), or where someone wants to apply for a vacant position with the ASTRA SUITES. Through the use of cookie-based technologies, ASTRA SUITES may collect various data linked to virtual identities allocated to visitors when they access our website (IP address). This data is used for various purposes, including site analytics and first party marketing.
b. IP addresses: When you access our website or open any electronic communications from us, our servers may record data regarding your device and the network you are using to communicate with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.
We may use IP addresses for system administration, investigation of security issues and compiling anonymized data regarding usage of our website.
c. Cookies: Cookies are data files that are placed by a website operator on the hard drive of a visitor to their site. We may use cookies to ensure that our website functions properly, to remember repeat visitors; to know your experience navigation, to collect anonymous statistical information, such as which sections you have visited, and how long you have been in our environment. Your online relationship with ASTRA SUITES may be managed by using settings available on most internet browsers. For example, most browsers allow a visitor to choose which cookies can be placed on his/her computer or to delete or disable cookies. Please note that disabling cookies may prevent a visitor from using certain features on our website.
d. Moreover, we may use third-party web analytics services on our website, such as Google Analytics. The analytics providers that administer these services use technologies such as cookies to help us monitor and understand more about how our website is used and accessed, which in turn lets us optimize the user experience and build a website that suits the needs of our users.
ASTRA SUITES collects personal information from potential employees, including personal private contact information, professional qualifications and past professional experience, in order to make recruitment decisions. Upon recruitment, we collect information about our employees in the context of our contractual relationship and for purposes related to it, such as for evaluating their performance, for payroll and tax purposes. These employee data are collected and stored in our safe database, in accordance with our business practices. We may also process similar information about freelancers, consultants and other third parties who provide products or services to ASTRA SUITES.
a. We do not sell, lease or exchange your personal data, nor will we do so at any time in the future. We may disclose your personal information to a third party or use it for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual, only if you consent to such further processing, or if it required by law.
b. In particular, we may transfer (share, send, or otherwise disclose) your personal data to third parties only under the terms of the present Privacy Policy and mainly in the following cases:
c. In any case, our employees who have access and process your personal data are specific and trained regarding the appropriate manner of any processing, are bound by confidentiality terms and process only on a need-to-know basis, to meet stated legitimate business purposes, as described.
Your data may be transferred to countries outside the EU or the EEA (e.g. to Google). In this case, where such transfer is mandated by any applicable law or for the execution of our contract or cooperation, we shall maintain appropriate contractual and technical measures, as mandated by the GDPR or any other applicable law.
a. We are committed to safeguarding and protecting your personal information. We implement and maintain appropriate technical and organizational measures to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information collected, stored or otherwise processed by us or by our partners.
b. More specifically, at ASTRA SUITES we implement various procedures and security measures to our physical and electronic files, in order to protect the personal information we hold. Regular and systematic controls are implemented on workstations, such as automatic computer locking, regular software and hardware updates and configuration, in order to minimize the possibility of gaining unauthorized access and exploiting crucial data which are stored in our systems.
c. We regularly review security technologies and will strive to protect your personal information as we protect our own confidential information. We are not responsible though for any third party’s actions or their security controls with respect to information that these third parties may collect or process via their websites, services or otherwise.
a. We will not retain your data longer than the period necessary to fulfil the purposes for which they were collected or as required by applicable laws and regulations. The information you provide us may be archived or stored periodically, according to backup security processes and will only be retained for as long as is it required for the purposes for which it was collected, unless the law requires us to hold your personal information for a longer period (e.g. tax related documents), or to delete it sooner, or unless you exercise your right to have your information erased or to restrict the processing thererof (where it applies).
b. For example, we shall retain the CVs we receive, without eventually hiring the person concerned, for a period of six (6) months, unless the individual haσ consented to his/her data being held longer for any relevant future purpose. Moreover, according to Directive 1/2011 of the Hellenic Data Protection Authority, records of security cameras that are legally installed in our offices or stores should be kept for a specified period of time in accordance with the purpose for which processed. Unless otherwise required by law or in case an infringement occurs, these records are being destroyed every 15 working days.
a. We shall provide you with the ability to exercise all of your rights in relation to your personal data that we hold and process. According to GDPR, you have the right of access to, receive information and correction of your data, to withdraw consent at any time, to request data deletion, to restrict the extent of data processing, to object to data processing, to request copy of your data the transmission of personal data in a common digital format (e.g., pdf) to you or to another provider you may indicate to us, according to the provisions of the GDPR.
b. Indicatively, at your request, we will:
c. Moreover, within the EU, individuals have the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
In case you wish any clarification or information regarding the terms of this Privacy Policy, you want to exercise any of your rights or if you have any complaint, you may contact ASTRA SUITES at the details provided at the top of the present Privacy Policy.
This Privacy Policy may change from time to time according to legislation or industry developments, without prior notice. For this reason, we invite you to check this webpage regularly.