1. ATHENS STAY’S COMMITMENT TO PROTECTING PRIVACY
Because we consider you an important guest, our first priority is to offer you exceptional times and stays throughout our group of apartments.
Your complete satisfaction and confidence in ATHENS STAY are absolutely essential to us.
That’s why, as part of our commitment to meeting your expectations, we have set up a customer privacy protection policy. This Charter formalizes our commitments to you and describes how ATHENS STAY uses your personal data.
The main rules are founded on seven principles.
“Personal data” means any information collected and logged in a format that allows you to be identified personally, either directly (e.g. name) or indirectly (e.g. telephone number) as a natural person. Before providing us with this information, we recommend that you read this document describing our customer privacy protection policy.
This Personal Data Protection Charter forms part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you expressly accept the provisions of this Charter.
3.ATHENS STAY’S SEVEN PRINCIPLES FOR PROTECTING YOUR PERSONAL DATA
The seven principles below are applicable throughout our group of apartments.
Transparency: When collecting and processing your personal data, we will communicate all information to you and inform you of the purpose and recipients of the data.
Legitimacy: We will collect and process your personal data only for the purposes described in this Charter.
Relevance and accuracy: We will only collect personal data that is necessary for data processing. We will take all reasonable steps to ensure that the personal data we hold is accurate and up to date.
Storage: We will hold your personal data for the period necessary for processing the same in compliance with the provisions of the law.
Access, rectification, opposition: You may access, modify, correct or delete your personal data. You may also oppose the use of your personal data, particularly to avoid receiving sales and marketing information. The details of the department to contact in this respect are via email@example.com
Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.
Sharing and international transfer: We may share your personal data within ATHENS STAY or with third parties (such as commercial partners and/or service providers) for the purposes set out in this Charter. We will take appropriate measures to guarantee security when sharing or transferring such data.
For any questions concerning the seven principles of ATHENS STAY GDPR, please contact us by our mail address firstname.lastname@example.org
4. SCOPE OF APPLICATION
This Charter applies:
To all data processing implemented in our subsidiary and managed hotels, i.e. those operating under ATHENS STAY (Athens Supreme Luxury Suites, Athens Premium Homes,Athens Homely Apartments,Supreme Luxury Apartments,The Aristotelian Suites,Thisean Modern Suites and Urban City Apartments ) This list is regularly updated.
To all ATHENS STAY reservation websites, including www.athens-stay.com
5. WHAT PERSONAL DATA IS COLLECTED?
At various times, we will be obliged to ask you, as an ATHENS STAY customer, for information about you and/or members of your family, such as:
Contact details (for example, last name, first name, telephone number, email)
Personal information (for example, date of birth, nationality)
Information relating to your children (for example, first name, date of birth, age)
Your credit card number (for transaction and reservation purposes)
Your arrival and departure dates
Your preferences and interests (for example preferred floor, type of bedding, etc.)
Your questions/comments, during or following a stay in one of our establishments.
The information collected in relation to persons under 18 years of age is limited to their name, nationality and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent, you can contact the Data Privacy department to arrange for this information to be deleted.
We do not deliberately collect sensitive information, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs, union membership, or details of health or sexual orientation.
Moreover, depending on applicable local laws, other information could be considered sensitive, such as your credit card number, your leisure activities, personal activities and hobbies, and whether or not you are a smoker. We may be obliged to collect such information in order to meet your requirements or provide you with an appropriate service, such as a specific diet.
In this case, depending on the laws in force in certain countries, your prior consent may be required with regard to the collection of sensitive information.
6. WHEN IS YOUR PERSONAL DATA COLLECTED?
Personal data may be collected on a variety of occasions, including:
Booking a room
Checking-in and paying
Eating/drinking from the vendor machines during your stay
Requests, complaints and/or disputes.
Participation in marketing programs or events:
Signing up for loyalty programs
Participation in customer surveys (for example, the Guest Satisfaction Survey)
Online games or competitions
Subscription to newsletters, in order to receive offers and promotions via email.
Transmission of information from third parties:
Tour operators, travel agencies, GDS reservation systems,online travel agencies,destination management companies,event organizers and others.
CCTV is in operation throughout the accommodation for the purposes of, including but not limited to:
Security of property, employees and guests; Health & Safety, and; Public Liability.
Connection to ATHENS STAY websites (IP address, cookies)
Online forms (online reservation, questionnaires, ATHENS STAY pages on social networks, network login devices such as Facebook login etc.).
7. FOR WHAT PURPOSES?
We collect your personal data for the purposes of:
Meeting our obligations to our customers.
Managing the reservation of rooms and accommodation requests:
Creation and storage of legal documents in compliance with accounting standards.
Managing your stay at the apartments:
Monitoring your use of services
Managing access to rooms
Internal management of lists of customers having behaved inappropriately during their stay at the apartments (aggressive and anti-social behavior, non-compliance with the accommodation contract, non-compliance with safety regulations, theft, damage and vandalism, or payment incidents).
Improving our accommodation service, especially:
Processing your personal data in our customer marketing program in order to carry out marketing operations, promote brands and gain a better understanding of your requirements and wishes
Adapting our products and services to better meet your requirements
Customizing commercial offers and the promotional messages we send to you
Informing you of special offers and any new services created by ATHENS STAY or one of its subsidiaries.
Managing our relationship with customers before, during and after your stay:
Managing the loyalty program
Providing details for the customer database
Segmentation operations based on reservation history and customer travel preferences with a view to sending targeted communications
Predicting and anticipating future behaviors
Developing statistics and commercial scores, and carrying out reporting
Providing context data for the offer push tool when a customer visits a Group website or makes a reservation
Knowing and managing the preferences of new or repeat customers
Sending you newsletters, promotions and tourist, accommodation or service offers, or offers from ATHENS STAY partners, or contacting you by telephone
Managing requests to unsubscribe from newsletters, promotions, tourist offers and satisfaction surveys
Taking into account the right to object
Using a dedicated telephone service to search for persons staying in ATHENS STAY aparthotels in the event of serious events affecting the accommodation in question (natural disasters, terrorist attacks etc.).
Use a trusted third party to cross-check, analyze and apply certain devices to your collected data at the time of booking or at the time of your stay, in order to determine your interests and your customer profile, and to allow us to send you personalized offers.
Improving ATHENS STAY services, especially:
Carrying out surveys and analyses of questionnaires and customer comments
Offering you the benefits of our loyalty program.
Securing and enhancing your use of ATHENS STAY websites, especially:
Implementing security and fraud prevention.
Conforming to local legislation (for example, storing of accounting documents).
8. CONDITIONS OF THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
a. In order to offer you the best service, we can share your personal data and give access to authorized personnel and external service providers from ATHENS STAY, including:
Reservation staff using ATHENS STAY reservation tools
External Service provider of sales & marketing management – SC Iconik Hospitality SRL
Commercial partners and marketing services
Medical services if applicable
Legal services if applicable
Generally, any appropriate person within ATHENS STAY entities for certain specific categories of personal data.
b. With service providers and partners: your personal data may be sent to a third party for the purposes of supplying you with services and improving your stay, for example:
External service providers: IT sub-contractors, international call centers, banks, credit card issuers, external lawyers, dispatchers, printers.
Commercial partners: ATHENS STAY may, unless you specify otherwise to the Data Privacy department, enhance your profile by sharing certain personal information with its preferred commercial partners. In this case, a trusted third party may cross-check, analyze and apply certain devices to your data. This data processing will allow ATHENS STAY and its privileged contractual partners to determine your interests and your customer profile, and will allow us to send you personalized offers.
Social networking sites: In order to allow you to be identified on the website without the need to fill out a registration form, ATHENS STAY has put the Facebook & Google login system in place. If you log in using the Facebook or Google login system, you explicitly authorize ATHENS STAY to access and store the public data on your Facebook and Google account, as well as the other data mentioned during use of the Facebook and Google login system.ATHENS STAY may also communicate your email address to Facebook or Google in order to identify whether you are already a Facebook or/and Goolge user, in order to post personalized and relevant ads on your Facebook and Google account if appropriate.
c. Local authorities: We may also be obliged to send your information to local authorities if this is required by law or as part of an inquiry and in accordance with local regulations.
9. PROTECTION OF YOUR PERSONAL DATA DURING INTERNATIONAL TRANSFERS
For the purposes set out in Clause 7 of this Charter, we may transfer your personal data to internal or external recipients who may be in countries offering different levels of personal data protection.
Consequently, in addition to implementation of this Charter, ATHENS STAY employs appropriate measures to ensure secure transfer of your personal data to an ATHENS STAY entity or to an external recipient located in a country offering a different level of privacy from that proposed in the country where the personal data is collected.
Other than those that are required to carry out your reservation, dataflows to countries having different levels of personal data protection are regulated by standard contractual manager-to-subcontractor clauses defined by the European Commission. Dataflows to the United States are made to entities that belong to Safe Harbor.
10. DATA SECURITY
ATHENS STAY takes appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, accidental alteration or loss, and unauthorized access or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.).
When you submit credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction.
These tracers may be installed on your device depending on the preferences that you expressed or may express at any time in accordance with this policy.
1. Why have a cookies policy?
With a view to provide information and ensure transparency, ATHENS STAY established this policy so that you can learn more about:
The origin and purpose of the information processed when you browse ATHENS STAY website
Your rights with regard to cookies and other tracers used by ATHENS STAY.
2. What is a cookie?
Cookies and other similar tracers are packets of data used by servers to send status information to a user’s browser and return status information to the original server through this same browser.
The status information can be a session identifier, a language, an expiration date, a response field or other types of information.
During their validity period, cookies are used to store status information when a browser accesses various pages of a website or when the browser returns to this website at a later point.
There are different types of cookies:
Session cookies, which are deleted as soon as you exit the browser or leave the website
Persistent cookies, which remain on your device until their expiration or until you delete them using the features of your browser
Cookies strictly necessary for browsing the ATHENS STAY website and the ability to use all of their features, and intended in particular to:
Manage authentication of website visitors and the associated security measures, and ensure proper functioning of the authentication module
Optimize the user experience and facilitate browsing, in particular determining “technical routes” for browsing
Store information regarding the “cookies” information banner seen by website visitors who then continue to browse the website after agreeing to accept cookies on their device
Implement security measures (for example, when you are asked to log in again for content or a service after a certain period of time, or to ensure basic operation of ATHENS STAY website and use of their major technical features, such as monitoring of performance and browsing errors, management of user sessions, etc.)
Cookies for features intended in particular to:
Adapt ATHENS STAY website to the display preferences of your device (language, currency, display resolution, operating system used, configuration and settings of the display of web pages based on the device you are using and its location, etc.)
Store specific information that you enter on ATHENS STAY website in order to facilitate and customize your subsequent visits (including displaying the visitor’s first and last names if the visitor has a user account)
Allow you to access your personal pages more quickly by storing the login details or information that you previously entered
Cookies for visitor tracking are aimed at improving the comfort of users by helping us understand your interactions with ATHENS STAY website (most visited pages, applications used, etc.); these cookies may collect statistics or test different ways of displaying information in order to improve the relevance and usability of our services.
Advertising cookies are intended to (i) offer you, in advertising spaces, relevant, targeted content that may be of interest to you (best offers, other destinations, etc.) based on your interests, browsing behavior, preferences, and other factors, and (ii) reduce the number of times that the advertisements appear.
Affiliate cookies identify the third-party website that redirected a visitor to ATHENS STAY websites.
Social network cookies, set by third parties, allow you to share your opinion about and content from ATHENS STAY website on social networks (for example, the “Follow” application buttons for social networks).
The social network applications on ATHENS STAY website as mentioned above can in some cases allow the social networks concerned to identify you even if you did not click on the application button. This type of button can allow a social network to track your browsing on ATHENS STAY website, simply because your account in the social network concerned is enabled on your device (open session) while you are browsing.
We recommend that you read the policies of these social networks to familiarize yourself with how they use the browsing information they may collect, especially with regard to advertising. These policies must specifically allow you to make choices on these social networks, particularly by configuring your user accounts for each of them.
The installation of certain cookies is subject to your consent. Also, when you first visit the ATHENS STAY website, you are asked whether you agree to the installation of this type of cookie, which is only activated after your acceptance.
This process is supported by means of an information banner on the homepage of the ATHENS STAY website, which informs you that by continuing to browse, you are agreeing to the installation of cookies that require consent on your device.
You can change your mind at any time using the various methods described in section “Deleting and/or blocking cookies”.
5. Deleting and/or blocking cookies
You have several options for deleting cookies and other tracers.
Although most browsers are set by default to accept cookies, you can, if you desire, choose to accept all cookies, always block cookies, or choose which cookies to accept based on their senders.
You can also set your browser to accept or block cookies on a case-by-case basis before they are installed. Your browser also allows you to regularly delete cookies from your device. Remember to configure all the browsers in your different devices (tablets, smartphones, computers, etc.).
Regarding management of cookies and your preferences, configuration varies for each browser. This is described in the Help menu of your browser, as well as how to edit your preferences with regard to cookies. For example:
For Internet Explorer™: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
For Safari™: http://www.apple.com/legal/privacy/en-ww/cookies
For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
For Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
For Opera™: http://help.opera.com/Windows/10.20/en/cookies.html
Saving a cookie to your device depends on your wishes, which you can exercise and change at any time and free of charge using the settings offered by your browser software.
If your browser is set to accept cookies on your device, the cookies embedded in the pages and content that you view may be temporarily stored in a dedicated space on your device. They can only be read by their issuer.
However, you can set your browser to block cookies. Keep in mind that if you set your browser to block cookies, some features, pages and spaces on ATHENS STAY website will not be accessible, and we cannot be held responsible in this case.
Specialized advertising platforms
Several professional advertising platforms also give you the option to accept or block cookies used by companies that are members. These centralized mechanisms do not block the display of ads; they simply prevent the installation of cookies that tailor ads to your interests.
For example, you can visit the website http://www.youronlinechoices.com to prohibit the installation of these cookies on your device. This website is offered by digital advertising professionals brought together within the European Digital Advertising Alliance (EDAA) and managed in France by Interactive Advertising Bureau France.
12. STORAGE OF DATA
We retain your personal data only for the period necessary for the purposes set out in this Charter or in accordance with the provisions of applicable law.
13. ACCESS AND MODIFICATION
You have the right to access your personal data collected by ATHENS STAY and to modify it subject to applicable legal provisions.
You may also exercise your right to object by writing to the address below.
In the event of difficulty exercising your rights, we have designated responsibility for data protection compliance to a suitable individual within the organization. Mr. Vagelis Stomis has been appointed as Data Protection Officer (DPO). If you have any questions about our preparation for the GDPR, please contact email@example.com
Or mail at the following address:
Tel: +30 6978 121 149
For the purposes of confidentiality and personal data protection, we will need to identify you in order to respond to your request. ATHENS STAY’s may request a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If ATHENS STAY is dissatisfied with the quality, further information may be sought before personal data can be released.
If your personal data is inaccurate, incomplete or not up to date, please send the appropriate amendments to the Data Privacy representative as indicated above.
You can request the following information:
– Contact details of the data protection officer, where applicable.
– The purpose of the processing as well as the legal basis for processing.
– If the processing is based on the legitimate interests of ATHENS STAY or a third party such as one of its clients, information about those interests.
– The categories of personal data collected, stored and processed.
– Recipient(s) or categories of recipients that the data is/will be disclosed to.
– How long the data will be stored.
– Details of your rights to correct, erase, restrict or object to such processing.
– Information about your right to withdraw consent at any time.
– How to lodge a complaint with the supervisory authority (Data Protection Regulator).
– Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
– The source of personal data if it wasn’t collected directly from you.
– Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
All requests will receive a response as swiftly as possible and in accordance with applicable law.
Under GDPR you have ‘The Right to be Forgotten’ where you as a customer can, at any time, request that we remove all your personal information from our system. However it is important to remember that any Right to be Forgotten request does not override requirement to hold information under any other legislation, for example, you cannot request for financial records to be destroyed that you undertook in the last 7 years within ATHENS STAY accommodation.
At any point whilst ATHENS STAY is in possession of or processing your personal data, all data subjects have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
You may also exercise your rights in respect of your personal data that is stored and processed by a hotel following a stay. To do this, you must contact the hotel directly.
We may modify this Charter from time to time. Consequently, we recommend that you consult it regularly, particularly when making a reservation at one of our hotels.
15. QUESTIONS AND CONTACTS
For any questions concerning the ATHENS STAY’s personal data protection policy, please contact firstname.lastname@example.org .