This Notice applies to the processing of your personal data (hereinafter referred to as “Personal Data”) when you book travel services using the Triparound platform, such as spa treatments, excursions, sports activities, restaurant reservations, transfers, rentals and other similar travel / travel activities (hereinafter “Experiences”), as a customer of the hotel or a visitor of our Website (hereinafter “Customer” or “Visitor” or “you”), carried out by the company “IOANNIS HATZILAZAROU & SONS SA” (hereinafter referred to as “Company” or “Hotel” or “us”). The Triparound platform is provided by TripAround, Inc. (hereinafter referred to as “TripAround”) is based in the United States of America.
The provision of travel services is done either by the Hotels or by third parties (hereinafter “Third Parties” or “Providers” or “Partners”) who are responsible for the processing of your personal data which is done by them.
As a hotel customer or visitor to our Website who book through the Triparound platform you have the right to the protection of your Personal Data. The Company respects your privacy and your personal data and always acts in compliance with the Personal Data Protection Legislation. The Company also undertakes to act transparently regarding the way data is processed in the context of fulfilling its obligations.
By the term “Personal Data Protection Legislation” (hereinafter “Legislation”) we mean all laws, regulations, directives, etc., Greek or European relating to the processing of Personal Data, their privacy and security.
Basic but not exclusive legislation are the General Data Protection Regulation (GDPR), the ePrivacy Directive for the protection of privacy in electronic communications, as well as any other Opinion or Guideline issued by the Greek Personal Data Protection Authority.
It is important that you carefully read and keep this information which explicitly explains how and why we collect your Personal Data, what we do with it, how long we keep it, with whom we share it, how we protect it, as well as the options you can have about them. This way you will always be fully aware of the ways and the reasons for which we use this data as well as your rights in accordance with the Legislation.
The company IOANNIS HATZILAZAROU & SONS S.A. in accordance with the General Data Protection Regulation, acts as “Data Controller”. This means that the Hotel is responsible for deciding on the ways and purposes for which it collects and uses (hereinafter “processes”) your personal data.
Our contact details are:
IOANNIS HATZILAZAROU & SONS S.A.
Princess Andriana Resort & Spa
Kiotari, Rhodes, 85109, Greece
Tel: +30 22440 39000
Fax: +30 22440 39001
In the context of complying with the Data Protection Legislation, we make every possible effort to:
• Process your Personal Data in a fair, legal, legitimate, clear, objective and transparent manner.
• Collect your data only for specified, explicit and legitimate purposes that we consider appropriate and that have been adequately explained to you. Assure you that they will not be used in any other way, except for these purposes.
• Collect and maintain the least possible data, which are appropriate, relevant and indispensable for processing purposes.
• Confirm that the data are correct and kept up-to-date and accurate.
• Retain your data for as long as we need them to fulfill every processing purpose.
• Make sure that the data are securely stored.
• Process your data in such a way so as to ensure that they will not be used unlawfully or against your will.
Legal Basis for Personal Data Processing
We process your Personal Data according to at least one of the legal bases specifically listed below:
• The processing of your Personal Data is necessary for the execution of our contract.
• Processing is based on your consent, which is given for one or more specific purposes.
• Processing is necessary for the purposes of the legitimate interests sought by the Hotel or a third party, unless your interests, fundamental rights and freedoms associated to your Personal Data protection prevail.
Personal Data we collect and process
Personal Data is any information that relates to you as an identifiable person.
The Personal Data we collect and process are described in detail below:
• Information about your identity (name, surname, nationality)
• Contact details (phone number, email address)
• Information related to your stay (date of arrival, date of departure, room number, reservation number).
• Driving license number
• Information related to the services you are booking (date, preferences) or the services provided through the platform you are interested in.
• Information about your preferences provided through the platform and related to the services provided
• Information on the consumption of products (food, drinks), provision of services (transportation, spa, leisure, etc.), participation in activities at the hotel.
• Financial information such as payment details, payment details, detailed expenses and transaction history with any related charges and bills.
• Special requests, and other preferences regarding your stay to meet special circumstances (professional, health, social, entertainment, religious, etc)
• Username and password that you may have created when creating an account in order to access the platform’s services.
• Information you provide about your preferences regarding the hotel’s ability to contact you eg for sending informative mail.
• Details regarding your level of satisfaction with our services and in general your experience during your stay.
When you use our website, we also automatically collect information, some of which may be personal data. These include details, such as language settings, IP address, location, device settings, device OS, time of use, redirection URL, etc. We may also collect data through cookies. Cookies are small files stored by a website on a visitor’s PC and to which the website has access to analyze user behavior. In detail, both the types of Cookies that exist and the type of processing that is carried out are described in the Cookies Policy.
We also use Google Analytics to analyze the use of our website. Google Analytics generates statistics and other site usage information that is used to create reports. More specifically, the types of processing that takes place through Google Analytics are described in the Cookies Policy.
In case of registration and/or access via third-party systems (Social Media Login), we may collect and access specific information about the user’s profile from the corresponding social network, only for internal administrative purposes and/or for the purposes mentioned above.
We do not process minors’ data without the consent of their parent or guardian.
Processing of Special Categories of Personal Data
The General Regulation on Personal Data Protection defines specific categories of data that must be processed according to stricter procedures such as health data. The processing of such data is done only when given to us by you, possibly in the context of a request of yours (eg food allergies) and provided that explicit consent has been given for the processing of these for one or more specific purposes.
Manner of collection and source of Personal Data
The collection of your personal data is usually done by you yourself when you make a reservation through the Triparound platform, but your Personal Data may also be collected from other sources such as the following:
• From the hotel management system (with your consent transfer to the Platform)
• Upon check-in at one of the hotels
• When you choose to contact us by phone or using digital services
Purpose of Collection and Processing of your Personal Data
We process and use your personal data for one or more of the following purposes:
• For the presentation of the services provided
• To book a service from a provider
• For the execution of the contract between us and in order to fulfill our contractual obligations such as the provision and completion of a reservation, including payment management, as well as additional services that you requested.
• To manage the requests you have submitted.
• To respond more effectively to special requests, and other preferences regarding your booking to meet special circumstances (professional, health, social, entertainment, religious, etc)
• To defend the legal interests of the Company (or a third party) provided that against these interests does not prevail the interest or the fundamental rights and freedoms of the Visitors.
• To manage your communication requests through the channels provided for this purpose.
• To comply with the legal framework that obliges the Company to maintain and process specific categories of personal data such as compliance with lawful requests from law enforcement authorities such as the police or tax authorities.
• To be able to contact you or other relevant contact in case of emergency.
• To provide personalized information, offers and services during your stay.
• For direct Marketing actions such as newsletters and promotions for new products and services or other offers that we believe may be of interest to you via physical mail, email, mobile devices or social media (with your consent).
• To evaluate the effectiveness of promotion and advertising campaigns.
• To detect, investigate and prevent fraud and other illegal activities. For these purposes, personal data may be disclosed to third parties, such as law enforcement authorities, and to external consultants.
• To improve the visitor experience, the operation of our business and our business partners, the development of new products and services and the review and improvement of current products and services and promotional activities through information provided to us by your comments and ratings .
• For your safety, your protection and in order to avoid illegal actions against you.
• For the fulfillment of any other purpose for which they are provided to us
• For any other purpose with your consent
Some of the above processing cases overlap to some extent and as a whole constitute legal bases and legitimate purposes within which we process your personal data.
Your personal data will be used solely for the purposes for which it was collected or for other purposes compatible with the original. If your personal data is required to be used for any other purpose, you will be informed and informed of the legal basis on which the processing will be based or your consent may be sought.
In any case, the processing of your personal data is done in accordance with the principles hereof and the rules of the Personal Data Protection Legislation.
Automated decision making, including profiling
We do not make decisions that may have a significant impact on you, including profiling, in an automated manner (decision-making using only an electronic system without human involvement)
When and how we share Personal Data we receive with others
We work with the Triparound Platform to offer you online booking services in travel services. Although we provide the content on the platform and you make a reservation directly to us, the reservations are processed by Triparound. The information you provide is stored in one or more databases hosted by Triparound. Triparound does not use or access your personal information for purposes other than booking.
In cases where the provision of travel services is done by third party providers, the details of the reservations are also accessible by the partners in order to process the reservations.
The transmission of data will be done by ensuring (where possible) that these third parties process your data with the utmost confidentiality, taking appropriate security measures to protect them in accordance with our policies and not using your personal data for your own the purposes or any purpose other than those agreed upon.
In addition to the above, the Company will not transfer personal data to any third party unless it is legally obliged to do so or when it must comply with its contractual and legal duties (the tax authorities or the police fulfill our audit duties)
The Company will not sell your personal data to third parties under any circumstances and will not allow third parties to sell the data it has transmitted to them.
Personal Data Disclosure
We will use and disclose personal data, if we believe it is necessary or appropriate:
• To law authorities and other governmental authorities to the extent required by law or when strictly necessary to prevent, detect or prosecute criminal offenses and fraud.
• To comply with the applicable law, including laws outside your country of residence.
• To comply with the legal process.
• To respond to requests from public and state authorities, including authorities outside your country of residence, and respond to national security or law enforcement requests.
• To deal with emergencies.
International Transmission of Personal Data to Third Countries
Sometimes your personal data may be transmitted to third countries outside the EU for the purposes described in this policy. The transmission of personal data to a third country or international organization may take place if the European Commission has determined that these third countries have an adequate level of protection or appropriate safeguards and guarantees (e.g. standard contractual clauses approved by the European Commission) and provided that there are enforceable rights and effective remedies for you.
For how long do we retain your data
We will retain your Personal Data for the period necessary to fulfill the purposes described in this Privacy Notice if necessary to meet our contractual and legal obligations, unless an extended retention period is required or permitted by law or if the User requests their withdrawal from us, opposes or withdraws his consent.
The criteria used to determine the retention periods include:
• The time we have a continuous relationship with you and we provide you with our Services
• If you have a reservation that has not yet been completed
• If there is a legal obligation (for example, some laws require us to keep records of your transactions for a certain period of time before deleting them)
• Whether the maintenance is appropriate taking into account our legal and tax situation
• As long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as someone could sue us.
• Retention periods in accordance with legal and regulatory requirements or instructions.
If the data collection was based on your consent, it may be deleted at any time after your consent has been withdrawn.
Your data may also be deleted in one of the following cases:
• when they are no longer necessary for the purposes for which they are collected
• when deletion is necessary in order to comply with our legal obligations
• at your request, provided that there are no compelling legal reasons requiring its maintenance.
The data will be securely corrupted when it is no longer needed. The company may need to maintain some financial data for legal purposes (eg accounting matters).
Your rights regarding Personal Data Protection
Under certain conditions set forth in the Personal Data Protection Legislation, you have the following rights regarding your personal data:
• Right to transparency information: You have the right to know who is processing your data, how they are being processed, which are those and for what reason.
• Right to access. You have the right to access your personal data for free.
• Right to correction. You have the right to ask for the correction of any inaccurate data and to fill in any incomplete information.
• Right to deletion. You have the right to request the deletion of your personal data under certain conditions, such as when the data are no longer necessary in relation to the purposes for which they were collected, if you have revoked your consent and there is no other legal basis for processing, if the data were illegally processed, etc. The deletion may not be possible when processing is necessary for, inter alia, the Hotel’s observance of a legal obligation, to carry out a public interest duty, for the exercise of a public authority entrusted to the Hotel, for reasons of public interest associated with public health, for the establishment, exercise or support of legal claims, etc.
• Right to processing limitation. You have the right to request the limitation of the processing of your personal data when their accuracy is questioned, when the processing is illegal, when the data are no longer needed by the data controller or if you have objections to the automated processing.
• Right to data portability. You have the right to request the transfer of your data to another data controller, when this is technically feasible.
• Right to object. You have the right to object to the processing of your personal data, provided that the public interest is not compromised. The right to object to certain forms of processing of your personal data, so as not to be subject to the legal consequences of automated processing or formatting.
Moreover, in case we process your personal data based on a legitimate interest or for public interest purposes, you have the right to express your disagreement at any time regarding your personal data use, in accordance with applicable law.
If you have given your consent to the use of some of your data, you also have the unlimited right to revoke it at any time. Revoking your consent means that we will stop processing the data you previously allowed us to process. The Hotel reserves the right to determine what information should continue to maintain, in order to fulfill its tax and legal obligations in general. There will be no consequences for the revocation of your consent, beyond the Hotel’s inability to perform this processing.
You may exercise your rights by contacting the Hotel either by sending an email at email@example.com. If you exercise any of your rights via a written request, we will make every possible effort to process your claim within thirty (30) days of receipt and we will inform you either of your satisfaction or of the reasons that prevent its implementation. If you do not receive a response within 30 days or are not satisfied with our response, you have the right to complain to the Data Protection Authority.
You have the right to submit a complaint to the Data Protection Authority, which enforces data protection laws, if you have concerns about how the Hotel is processing your personal data or if you are dissatisfied with our response to your complaint or request.
Data Protection Authority
1-3, Kifisias Avenue, Zip Code 115 23, Athens
Tel.: +30-210 6475600
Fax: +30-210 6475628
Protection of your Personal Data
Data are stored in a range of different resources, including physical files, the website, the Hotel’s Property Management System, and other IT systems (including email). Data are stored as a whole, and in the format they were submitted, without compromising their content.
We have established a series of technical and organizational security measures to prevent the unauthorized or illegal use or access of/to your personal information, accidental loss or damage to their integrity, their alteration or disclosure. Moreover, access to your personal data is limited to those who need to know on a professional level. They will only process your personal data in accordance with our instructions and are subject to a confidentiality obligation. Your Personal Data will be processed by a Third Processor only if he agrees to comply with the specific technical and organizational data security measures.
In case of a breach of data security, we will notify you and the relevant regulatory bodies we are legally obliged to.
Questions, Concerns or Complaints
If you would like to make a request or objection, if you have questions about this information or if you would like to make a complaint about how your personal data is processed by the COMPANY or its associates or if you wish to exercise your rights you can contact us.
Data Protection Officer
Our contact details can be found in the Data Controller section of this Notice
Links to other websites and Social Media
Third party service providers.
In detail, the third party service providers are the following:
|DONKEY CRUISES||TOUR SERVICES|
|CITY CLUB||CAR & MOTO RENTALS|
|ELITE VIP TRAVEL||LAND TRANSFER SERVICES|
|SAMAROPOULOS MINI VANS||CAR RENTALS|
|IMPRESS HOLIDAYS||GENERAL TOURISM OFFICE|
|RODOS TRANSFER||LAND TRANSFER SERVICES|
|SABINAS WATERSPORTS||WATER SPORTS|
|HIKING RHODES||OUTDOOR LEISURE ACTIVITIES & SERVICES|
|SAFARI QUAD KIOTARI||MOTO RENTALS|
|LOUKAS TRANSFERS||OPERATION OF TOURIST BUSES|
Amendments to this Notice
Updates will be posted on the Hotel’s website at the following address and will be marked with a publication date, so you always know when the policy was last updated.