For what purposes do we collect data?
We collect and use personal data to manage your relation with Erivolos Apartments and to offer our Services to you.
We collect personal data with the following purposes:
a) To manage reservations: Create and store legal documents in accordance with applicable law. We also collect data to meet requests relating to your stay (e.g. room preferences).
b) To manage your stay: We use your personal data to provide customer service during your stay with us.
c) To improve our services: We may use your e-mail address in order to inform you about new services and offers as also better meet your requirements. We may use your contact data to invite you by e-mail to write a guest review after your stay. This can help other travelers to choose the accommodation that suits them best. We use only your e-mail address to send information material and we do not use your e-mail content, conversations, etc for advertising purposes at all.
d) To improve system security: Record data to ensure security and to prevent fraud.
Lawfulness of Processing Personal Data
In view of purposes a and b, we rely on the performance of a contract. The use of your data may be necessary to perform the contract that you have with us. We retain the data we collect for as long as necessary to comply with our legitimate obligations. In view of purposes c and d, we rely on our legitimate interests: We use your data for our legitimate interests, such as providing you with the best appropriate content for the website, e – mails and newsletters, to improve and promote our products and services and the content of our website, and for administrative, fraud detection and legal purposes. When using personal data to serve our legitimate interests, we will always balance your rights and interests in the protection of your information against our rights and interests.
We inform you that we collect data only for the above purposes. The data we process are absolutely necessary for your service and the improvement of the quality of services we offer you. At your reservation we will ask you to update the data we store. The time period for the retention and processing of data is set out in the national legislation, the E.U. Treaties and the purpose of processing.
What personal data do we collect?
Information provided directly by you
We are obliged to request the following details about you and/or your family members:
- Identification details (e.g. surname, given name, father ‘s name, passport number, ID – card details)
- Contact details (e.g. telephone, home address, e-mail)
- Information regarding your children (e.g. given name, date of birth, passport number)
- Billing details (e.g. credit card number, type of card, expiration date, security code, VAT number)
- Date of arrival and departure, flight number and room number
- Preferences and interests (e.g. non – smoking room, preferred floor, type of bed)
- Questions and comments submitted during or after your stay in our Apartments.
Our services are not addressed to people under the age of 15. Data we may collect can only be provided by an adult or guardian.
Data we collect automatically
When using our website, we also collect information automatically, some of which may be personal data. This includes data such as language settings, IP address, location, device settings, device OS, log information, time of usage, URL requested, status report, user agent (information about the browser version), operating system, result, browsing history. We may also collect data automatically through cookies.
You may choose not to provide certain types of information, but this may limit your access to certain Services.
When do we collect personal data?
We collect personal data in various cases, such as:
- Hotel Activities
- Room reservation
- Check-in and payment
- Various requests, complaints, and/or disputes
- Participation in marketing programmes
- Subscription to mailing lists on order to receive offers and other promotions by e-mail
- Transmission or information from third parties
- Tourist agencies, tourist offices, online reservation systems (e.g. booking.com, expedia.com, etc) and other reservation systems.
- Actions through electronic devices
- Login on our website
- Completion of online forms (e.g. reservation forms)
Third party access terms to your personal data
Erivolos Apartments do not disclose your information to third parties for their own business or marketing purposes without your prior consent.
However, we may disclose your information to the following entities:
- Business associates: These entities may use your information to provide you with services you have requested (i.e. taxi reservation).
- Services providers and/or third parties that may process information on our behalf: We may also share your information with companies that provide services on our account or behalf such as reservation platform management firms, Information system support services, law firms, banks, accountants.
- Competent authorities: We disclose personal data to law enforcement and other governmental authorities insofar as it is required by law and the EU treaties or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.
Also, when third party installations (such as booking.com, expedia.com, travel agencies) have been installed and interconnected, you should contact them for their data protection policy. As far as our data concerns, we make the best possible effort to secure them, keep them safe and remain with us.
Data Transfers to non E.U. Countries
What we do to keep your information safe?
For the secure processing of personal data we implement appropriate technical and organizational measures to ensure the protection of data. Those include:
- Physical Security and Access Control in every part of your Company where data is stored.
- We demonstrate every possible effort to use products and services (electronic or not) that by design create friendly conditions for the protection of their subjects’ data. We also demonstrate a continuous and systematic effort to use appropriate technical and organizational measures, which ensure that, by default, only those data that are necessary for the purposes of the process are processed.
- Software and hardware access is possible only by passwords from authorized persons and we use updated firewall and antivirus systems.
- All sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
Like many companies, we may use a technology called “cookies” to enhance your experience in our site. Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owner of the site. To get the most of our website, your computer, tablet or mobile phone will need to accept cookies. However, you can restrict, block or delete cookies at any time by changing the cooking preferences in your browser. If you decline cookies, some features of our website may not work properly and may not be able to access certain areas. For this reason we recommend that you accept cookies.
We take reasonable measures to ensure that your personal information will be stored no longer than needed for the purpose which it has been collected and no longer than required by the contract or the applicable legislation.
Insofar as we process your personal data based on your consent, you are entitled to revoke your consent towards as at any time, Art 7 Sec. 3 EU – GDPR. Upon request, you are entitled to the right to request from us to access to and rectification or erasure of your personal data, or to the restriction of processing concerning the data subject or to object to processing, as well as the right to data portability. Deletion may be barred by statutory regulations, especially where required for settling, accounting or taxation purposes.
Your requests are submitted by e-mail (firstname.lastname@example.org), or postal letter to our address GR 71500, Lygaria, Axlada, Crete, or personally at reception.
In order to comply with such a request, you should submit along with your request a photocopy of your id card or other official document that proves your identity. We reserve the right to decline your request, if it is not possible to verify the identity of the requesting party.
Questions and Complaints
If you have questions or concerns about our processing of your personal data or if you wish to exercise any of the rights you have under the notice, you are welcome to contact our data controller Mr. V. Theodorakis via email@example.com
This policy may be amended from time to time. To ensure that you are aware of any changes, please check this policy on a regular basis, especially before submitting a reservation request.