PRIVACY POLICY

Date: 15/4/2022

This Privacy Policy aims to inform you about the information we collect and process during your visit to our website.

In collecting this information, we are acting as data controllers and, according to the European Union’s General Data Protection Regulation (GDPR) and Greek Law 4624/2019, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

To view our Online Booking Privacy Policy, please click here.

Who we are

We are Kritika Xenodoxeia private company, with the trade name Pepper Sea Club Hotel.

We are located at Kavros Apokoronou – Georgioupolis, 73 007 Chania – Crete, Greece.

You can contact us through one of the following options:

- Telephone: +30-28250-61739

- E-mail: dataprotection@pepperhotel.gr

What are Personal Data

According to Article 4 of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person. This includes your full name, postal address, e-mail address, telephone number, and any piece of data which can be used to, directly or indirectly, identify you (the data subject).

What is Data Processing

According to the GDPR, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What personal data do we collect

The personal data we collect from you and process are the minimum required to achieve the purposes of processing activities. For processing activities that require your consent, we will not process your personal data without said consent. All processing activities are compliant with Greek and European legislation and security requirements.

Personal data we collect may include:

- Your personal information (full name, e-mail address, telephone number, postal address)

In case you do not wish to disclose some of your personal information, this may have an effect in some of our interactions with you.

Purpose of processing your personal data

Our processing of your personal data takes place mainly for one or more of the following purposes:

- To respond to your query, including providing you with any requested information about our services.

- To follow-up to any prior communication or declaration of interest in our services, and to ensure that your query has been answered to your satisfaction.

- To send you our newsletter with updates, announcements, and information about our services, after you have provided us with your consent.

- Marketing and Analytics: based on your consent with our website’s cookies, we may process your personal data to measure customer preferences and browsing behavior on our website.

Who will receive your data

The recipients of your personal data may include:

- The appointed staff of our company, within the framework of their responsibilities and on the basis of commonly accepted rules of confidentiality.

- Service companies, which will process your personal data strictly on our behalf. These service providers shall be contractually bound by confidentiality agreements and conditions.

- National and European Supervisory and Administrative Independent Authorities, as well as the Prosecuting and Judicial Authorities.

How we protect your data

Our company has taken all necessary and recommended organizational and technical measures to ensure the security, protection, and confidentiality of your personal data, including protection from accidental or malicious processing, theft, or accidental loss. Our company has implemented appropriate business systems and procedures, and security procedures, restricting access through technical and physical measures. Access to your data is limited to authorized persons who handle the information under full confidentiality and as part of the performance of their duties.

These measures are subject to regular review.

In the event that we use third parties to process your personal data, this is done strictly according to written instructions, and third parties are contractually bound by confidentiality agreements and the obligation to implement appropriate technical and organizational measures to ensure the security of the data to which we allow them access.

For how long are your personal data retained

Your personal data are retained by our company for the period necessary to fulfill the purposes for which we have collected them, unless a longer retention period is permitted by law.

All your personal data collected by us are subject to the present Privacy Policy. In case you object to the processing of your personal data, this does not affect the legality of previously carried out processing activities.

After the retention period has elapsed, your data will be safely deleted and removed from our systems.

Legal basis of processing

The processing of your personal data is carried out on a case-to-case lawful basis, depending on the purposes of the processing activity in question. Specifically:

- When you sign up for our newsletter, on the basis of your consent, which you can withdraw at any time.

- When you communicate with us, and when we follow-up on your query, on the basis of our legitimate interest.

- For Marketing and Analytics purposes, on the basis of your consent, which you can withdraw at any time.

- We may also process your personal data in response to requests from public and government authorities, on the basis of a legal obligation, to protect your vital interests, or in the service of public interest.

Your rights as data subject

Your rights as a ‘data subject’ include the following:

- The right to be informed. Our company is transparent in informing you about our use of your personal data and your rights over them. You can contact us at any time, so we can answer your questions.

- The right of access. You have the right to ask us, at any point, for access to your personal data, to learn and control the legality of the processing activities. Requests of access will be responded to within one (1) month from receiving your request.

- The right to rectification. You have the right to request the correction of inaccurate or incomplete personal data.

- The right to erasure. You have the right to request that we erase personal data about you, without undue delay, when there is no lawful basis for the continuation of processing and storage of your personal data.

- The right to restrict processing. You can exercise your right to restrict the processing of your personal data, if the data’s accuracy is contested, as an alternative to erasure in the circumstances that the processing is unlawful, where you need the data for legal claims but it is no longer required by us, or whilst a decision on an objection to processing is pending.

- The right to data portability. You have the right to request your data to be provided in a structured, commonly-used and machine-readable format, and to transfer your data to another party (e.g. service provider). This applies to personal data for which processing is based on your consent and the processing is carried out by automated means.

- The right to object. You have the right to object to processing based on the lawful basis of the legitimate interests of the controller, or of a task carried out in the public interest or in the exercise of official authority vested in the controller.

- Rights in relation to automated decision-making and profiling.

To submit a request regarding your personal data, you can contact us in the postal address or telephone number provided in the ‘Who we are’ section of this consent form, or by email at dataprotection@pepperhotel.gr.

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Hellenic Data Protection Authority, via their website at www.dpa.gr or by telephone at +30-210 6475600, or write to them at:

Data Protection Authority Offices
Kifissias 1-3, 115 23
Athens, Greece

Reviews to the present Privacy Policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.