What is GDPR?
GDPR forms a common framework for the protection of our private life of individuals and as a binding legal act with a compulsory implementation to all member countries of the EU, since the 25th May 2018.
Who is the person Responsible and Processing Officer?
You can always contact us at the details listed below:
Dana Villas & Infinity Suites
Firostefani, Santorini, 84700
Telephone +30 22860 22566
Why do we collect and process your Personal Data ?
A legal reason for the collection and processing of Personal Data constitutes the provision of hospitality services to our guests, together with the following mentioned reasons set by the requirements which are stated in article 6 of the GDPR regulation.
The Personal Data are strictly processed within the context of the regulations and are not submitted to further processing, which is somehow incompatible with the initial purpose of their collection and processing. The additional processing of personal data for archiving purposes, emerging from serving our guests, during their stay at our hotel, is not considered inconsistent to the reason why we collected their data in the first place, for which we have already received their written consent.
Specifically, Dana Villas Hospitality Company will collect and use your personal data for the following purposes:
• For the instruction, execution and completion of the provision of hospitality services to you.
• For the provision of catering services of food and drink to you, upon request.
• For the provision of specific experiential services such as Spa, Yoga sessions and Personal Training to you.
• For communicating with you with promotions, informing you on new product and services, special offers, research and development of services that we offer you.
• For the communication with you for various other reasons, such as the management of a query you may have.
• For the invoicing of services provided to you by us.
• For the safety of individuals and their personal belongings, either of our guests who stay at our hotel, or of our employees, as well as the monitoring of our premises as an act of prevention, research, detection or even the combating of criminal activities. For this reason, throughout our public spaces of our premises we operate a closed circuit monitoring cameras (known as CCTV- Closed Circuit Television).
• For the protection and the assurance of your health during your stay at our hotel, exceptionally and in case of emergency, regardless of whether you have given us your consent or whether you are in no position to provide it, such as in case of an accident.
• For the compliance of our hospitality company to its legal obligations, such as the management and the resolution of potential legal dispute or complaint.
What Personal Data do we collect and use?
Dana Villas will collect and process the type of Personal Data that are absolutely necessary within the context of servicing the purposes that have been stated herein. Specifically, we may collect and process the following:
• Personal data of our guests, identity and contact details: the details that describe a person, such as name and surname, Identity number, passport number, VAT, home address, telephone number, photograph, email address (personal IP), hardware identifiers, online profile, social media profiles and credit card numbers.
• Sensitive personal guest data: Details that describe special personal information such as religious beliefs, health status, medical history or other special needs and dietary habits of a person.
• Data relating to behavior, personal preferences of our guests: personal preferences relating to their stay at the hotel such as room preference.
How do we collect your Personal Data?
Ways in which we collect your Personal Data are indicated below:
• Either directly from you: by filling in a form or by forwarding them via post or email or fax, by making an electronic booking on our booking engine, powered by our supplier Webhotelier, on the re-directed URL https://danavillas.reserve-online.net/, via our website danavillas.com.
• Either via 3rd party suppliers or agents: to whom you turn to book rooms, such as travel agencies, electronic engines/platforms of large OTAs and other worldwide distribution systems, or GDS.
How do we forward your Personal Data ?
The primary consideration for Dana Villas is the protection and confidentiality of your Personal Data. For this reason your Personal Data are used solely by appointed members of our in-house employees and strictly in the context of executing their daily duties.
Occasions when we shall need to collect and forward your Personal Data to third party suppliers or other organisations- within or outside the boundaries of Greece or inside or outside the EU- will occur when it is absolutely necessary, exclusively in the context of guest service, as follows:
• To companies and professionals who operate as Official Processing Officers and are responsible autonomously conforming to the legal processing of your Personal Data, according to their own privacy policies and information. For example, banks via certified online systems for the payment of services that we provide to you, to hotel agents or intermediaries, to lawyers, to chartered accountants, to insurance companies and health providers for the protection of your vital security interests, such as in case of an accident.
• To outsourced providers collaborating with our Company, who operate on behalf of our company as Processing Officers and are committed to safeguard confidentiality of data, to whom we transfer data which are necessary for executing tasks we have appointed to them, for example providers of IT services and accountants.
• To the local police, administrative, tax, judicial, or other authorities, in cases of emergency for your own security and protection.
Dana Villas does not intent and will not transfer your Personal Data to third parties for use in commercial promotional activities.
How and where do we store your Personal Data?
Your Personal Data are kept by Dana Villas in an electronic or/and paper format, in one or more archive files and are stored in a private server, as well as in physical secured storage areas at the central premises of Dana Villas at Firostefani of Santorini and our offices in Athens, Greece.
For how long do we keep your Personal Data?
Your Personal Data are stored by Dana Villas for the duration needed to fulfill hospitality services to you and for twelve (12) additional years in our database. In case you have given us your Personal Data but never used our services, we shall still keep them, provided that we have received your consent. In certain circumstances, your Personal Data may be kept beyond the above stated duration, due to possible legal obligations, or matters of compliance related to Dana Villas.
How do we protect your Personal Data?
Dana Villas will take all technical and organisational security measures for the protection of your Personal Data from misuse, loss, non -authorized access, disclosure or destruction. Taking into consideration best practices of modern technology, we have invested in a complete software for securing data, amongst others, including a software shield for our website and our IT systems with firewalls, a password secured user access for the abstraction of information from our database, as well as applying regular penetration and accessibility inspections to our network. You may have to take into consideration that due to the special nature of the world wide web it is not feasible to completely control the risk involved when using the internet, hence we draw your attention to the presence of potential risks relating to the use and operation of the internet.
What are your rights with respect to your Personal Data ?
At any moment of time and according to the relevant prerequisites that are anticipated by the Greek and European legislation, you can exercise the following rights relative to your Personal Data:
-Rights of accessing: You have the right to be informed of the type of Personal Data we keep and process, to receive a copy of these, as well as any other information about their processing.
-Rights of rectification: You have the right to request rectification or/and completion of inaccurate Personal Data so that they are accurate in our database.
-Right to erasure (right to be forgotten): You have the right to ask for erasure of your Personal Data, that are not required anymore for the initial purpose for which they were collected, or if their erasure is directed by law.
– Right to restriction of processing: You have the right to ask for the restriction of processing of your Personal Data in the circumastances when a. There is a dispute on the given data accuracy, b. Data processing is unlawful and instead of erasure you wish to proceed with the restriction of its use and c. Data are not required anymore for the initial purpose for which they were collected.
-Right to portability: You have the right to receive your Personal Data in a structured electronic readable format, as well as forwarding these directly to third parties, that you have pointed out.
-Right to objection: You have the right to object submitting your Personal data for further processing by us.
-Right of Notification obligation regarding rectification or erasure of personal data or restriction of processing : You have the right to be notified by our Processing Officer for every correction or erasure or restriction of processing of your Personal data, unless this is impossible or equals to an ineffectively large effort to achieve. Moreover, you have the right to request updates on information regarding the parties which receive your Personal Data.
-Right not to participate in Automated individual decision-making, including profiling : You have the right to request that we do not use your Personal Data in decision making processes that we may complete by exclusively using automated processing, that include customer profiles.
How to apply for your Rights
To receive the application for exercising your rights, click here
Exercising the above rights requires the completion of the downloadable application which is sent either by post to the postal address:
Dana Villas S.A. Firostefani Santorini, Postal Code 84700, or via email firstname.lastname@example.org.
Hellenic Data Protection Authority
Also, you have the right to submit an inquiry or a complaint with the Hellenic Data Protection Authority, which is based in Athens, on No.1 Kifissias Avenue, contact number +30 210-6475600 or on email address email@example.com
Data Protection Officer
In case you have any query regarding the processing of your Personal Data, or for the purpose of exercising your rights, you can contact our Data Protection Officer, our official DPO of our company Mr. Yannis Spourdoulas, via email at the address firstname.lastname@example.org and by sending a letter via post to the address Dana Villas & Infinity Suites Firostefani, Santorini, Postal code 84700, Greece for the attention of our DPO Officer or call on +3022860-22556.