Hotel Imathoessa (we) , as a company operating in Hospitality Industry we have to operate under the General Data Protection Regulation(GDPR) (Regulation (EU) 2016/679) and its obligations on us and our customers.
Therefore we would like to inform you about the following topics concerning data collection:
Data information’s we collect and for what reasons :
Hotel Imathoessa in order to provide Hospitality Services will request the following information:
Full Name, full Address, phone number, email address, payment details (cards details, bank account number, IBAN),document to prove personnel ID for security reasons(ID, Passport, driving license) tax details (in case of cash payment with 200 € or 500€ notes), company tax details (in case a company invoice will be requested). Sensitive data may be given to us by clients in case of custom requests (for example if you request a baby coat, you provide us with the information you are a parent)
In case of reservations via Third parties you have authorized the third party to provide us with the information stated above. We have the right to request any missing information from the Third party or directly from the client.
We also collect contact information for marketing purposes via direct email or phone marketing. We do not process any data other than contract information for targeted marketing purposes.
We may use the information for legal purposes
Under which legal bases we collect, use and share your personal data:
We rely on a large basis of legal matters to collect, use or share your information, including:
Information we collect in order to provide hospitality services.
Information we collect, use and share under Tax Law provisions, such as information required for invoices.
Location Details based on GDPR provisions.
Data collected for security reasons, for example Id document
A reservation in our hotel is considered as affirmative consent to use your contact information for marketing purposes. If you decline our consent please contact us.
As it is necessary for our legitimate interests, if only those legitimate interests are not overridden by your rights or interests.
For contact and digital storage of data and service provider we cooperate with Google Inc, Hellenic Telecommunications and Sunsoft. Those companies comply with GDPR provisions.
For reservations via online or offline agencies you have to check whether your agency of choice complies with GDPR.
In case of business transfer, merge or sale of our company, your information may be disclosed to the third party.
We may disclose your information with third parties in compliance with laws. i)To respond to legal or governments requests. ii) To enforce our legal agreements. iii) To prevent illegal activities. iv) To protect rights, property and safety of our customers.
However, we may also be required to keep your information for legal and regulatory reasons, for marketing purposes, to resolve disputes and to enforce our agreements.
Moving your data outside EU:
Hotel Imathoessa, does not physically store any information outside EU. However data that are stored in digital form by our third party cooperatives may be stored outside EU.
In case of reservation via third parties you have to ask the third party about any date stored outside EU.
In case your data stored outside EU in the future you will be informed.
Your rights :
Access. You may have the right to access and receive a copy of the personal information we hold about you, by contacting us using the contact information stated above.
Change, restrict, delete. You may have the right to change restrict or delete your personal data stored by us. Absent of exceptional circumstances your request will be satisfied.
Object. You may have the right to object to the use of data by us, under the following circumstances :
i) process of information by us, based on our legitimate interests.
ii) Process of information by us, for marketing purposes.
Complaint. If you reside in EU, or are a citizen of EU, and wish to raise a concern about our use of your information (and without any prejudice to any rights you may have) you have the right to do so with your local data protection authority.
Data Controllers, Data Processors and Data Protection O.
For the purposes of EU law, I, Georgios A. Diakoumis, am joint Data Controller of your personal information. Our company’s owners, secretary’s receptionists share joint control of data. Our accountant has access to your data and they process information based on the instructions of Data Controllers, therefore our accountant is Data Processors.
How to contact us for GDPR matters
For the purposes of EU law, if you have any questions, requests or concerns you may contact us:
via E-mail at firstname.lastname@example.org
via Phone at +302723022000
via FAX at +302723022001
via mail at address
For reservations made by Third parties please contact the third party you made the reservation with.
Storage and protection of your personal data:
We store part of your personal information in physical form, in our Hotel premises, and only I the Data Controllers and our Data Processor have access to the data. This premise is protected by CCTV cameras system.
We also store information online, only I the Data Controllers and our Data Processor have access to this database. The online database is protected by passwords and we make sure that we access the database using devises that have the most resent devise security software. We also posses data leakage prevention Software.
I as the Data Controller acknowledge that in case of data leak have to inform local data protection authorities within 72 hours. We will also make sure that the data will be restored.