This Privacy Notice provides you with detailed information on the protection of your personal data from KALYVES BEACH S.A. located in Greece, Crete, Chania, hereinafter referred to as "KALYVES BEACH", acting as a data controller, is responsible for the processing of your personal data which are relevant to our activities. The purpose of this Privacy Notice is to inform you about which of your personal data we use in case you are a guest of our hotel or an employee of a corporate client or a representative of a corporate client, for the reasons we use and share these data, for the period we keep them and how you can exercise your rights in relation to your data. The protection of your personal data is important to KALYVES BEACH.
1. WHICH PERSONAL DATA WE USE
A. In case you are a guest, we collect and process your personal data to the extent which is necessary for our activities. In particular, KALYVES BEACH may collect and process the following data:
a) Your identity (name, surname, birth date, ID card no/passport), b) Contact details (contact tel. number, email address, postal address of your headquarters), c) Tax information (competent tax office, Tax Reg. number), d) Banking information (credit/debit card number, security code, expiry date, IBAN).
B. In case you are a supplier of KALYVES BEACH: We collect and process your personal data to the extent which is necessary for our activities. In particular, KALYVES BEACH may collect and process the following data:
a) Your identity (name, surname), b) Contact details (telephone number, email address), c) Tax information (competent tax office, Tax Reg. number), d) information relevant to your professional status, e) banking information (IBAN)
C. In case you are a legal representative or an employee of a corporate client: We collect and process your personal data to the extent which is necessary for our activities. In particular, KALYVES BEACH may collect and process the following data:
a) Your identity (name, surname), b) Contact details (telephone number, email address).
The above mentioned personal data are provided to KALYVES BEACH directly from you: a) when you visit our hotel, b) when you call us, c) when you visit our website and fill in our brochure, d) via our Facebook page, e) via tourist operators, f) from publications / databases available from official authorities (eg Government Gazette, General Commercial Registry).
At KALYVES BEACH, we never process sensitive personal data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning your health and genetic data, biometric data for the purpose of uniquely identifying you, data concerning your sex life or sexual orientation.
2. WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA
We collect your data because this is necessary to perform our contract with you or to act upon your request prior to the conclusion of a contract or during the performance of the contract and for purposes that serve the legitimate interests of KALYVES BEACH as a data controller.
i. To execute a contract upon your request or to take action before entering into a contract with you. That is, to: a) Assess if we can offer you a product or a service and under what conditions, b) Provide you with information regarding our products and services, c) Manage the settlement of disputes (eg for collecting debts), d) Issue bills, invoices, and manage returns.
ii. To exercise our every legitimate interest. In particular, we use your personal data to: a) research and develop our products; b) manage the contractual
relationship with our clients; c) avoid or improve risk management and defend our rights; d) To provide tailor made offers to you by advertising products or services that suit you.
3. KIDS CLUB
In case that you are a parent and you wish for your child to participate in our Kids club activities, we will collect the child's full name, date of birth, age, your phone number and any Illnesses or Allergies of your child upon your prior written consent. Collection and processing of such data is necessary to protect the vital interests of your child. Your child's data will be kept up until the end of the vacation season and then will be destroyed.
4. DATA SAFETY
Your data are stored either in hard copy at the KALYVES BEACH accounting department or in electronic form in the KALYVES BEACH database which meets all security standards. Only the employees of the Accounting department of KALYVES BEACH and the relevant Managers have access to the hardcopies and electronic records.
5. SHARING YOUR PERSONAL DATA
In order to fulfill the abovementioned purposes, we share your personal data only with the following persons and only to the extent which is necessary to fulfill our obligations:
• Companies and competent employees of KALYVES BEACH and its affiliated companies
• Service providers who perform services on our behalf.
• Independent agents, intermediaries or brokers, banking and commercial partners with whom we have an ongoing cooperation
• Financial or judicial authorities, government agencies or public authorities, upon request and to the extent which is required by law.
• Certain approved professionals / partners such as lawyers, notaries or auditors.
6. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
In the case of international transport from the European Economic Area (EEA), where the European Commission has recognized that a non-EEA country provides an adequate level of data protection, your personal data may be transferred on this basis.
For transfers to non-EEA countries whose level of protection has not been recognized by the European Commission, we will either rely on a derogation applicable to that situation (for example, if the shipment is necessary to carry out our contract with you, international payment) or we will apply one of the following safeguards in order to ensure the protection of your personal data:
• Standard contract terms approved by the European Commission or
• Binding corporate rules, if any.
To obtain a copy of these safeguards or details of where they are available, you can send a written application as defined in Article 7.
7. HOW LONG WE WILL KEEP YOUR PERSONAL DATA
We will keep your personal data for the longest period of time which is required so as to comply with the applicable laws and regulations or with any other period regarding our business requirements, such as proper account maintenance, customer relationship management and compliance with our legal or regulatory requirements.
For example, most customer information is kept for the duration of the contractual relationship and after termination of this contractual relationship, for the time required in order to ensure the exercise or defense of our legal rights.
8. WHICH ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM
You have the following rights:
• To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
• To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly.
• To erase: you can require the deletion of your personal data, to the extent permitted by law.
• To restrict: you can request the restriction of the processing of your personal data.
• To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes.
• To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
• To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If you wish to exercise the rights mentioned above, please send us an email at email@example.com .
Under the current regulation, in addition to your above rights, you are also entitled to file a complaint with the competent supervisory authority
(Greek Data Protection Authority, 1-3, Kifisias Avenue, 115 23 Athens, tel. 210 6475600, e-mail firstname.lastname@example.org ].
10. CHANGES TO THIS PRIVACY NOTICE
In a world of contiguous technological change, we may need to update this Privacy Notice regularly. We invite you to review the latest version of this Privacy Notice online and we will notify you of any major changes through our website.
11. HOW TO CONTACT US
If you have questions about the use of your personal data by virtue of this Privacy Notice, please email us at email@example.com .
12. ENTRY INTO FORCE
This Privacy Notice enters into force on 25/05/2018.