COLLABORATOR PERSONAL DATA PROTECTION CHARTER
Valid from: 21/5/2018
GRECOTEL SA and its affiliates holds as its highest priority the protection of your personal data. We make every effort to carefully store and process the information you share with us.
GRECOTEL SA and our affiliates protect your personal data through technical data security measures, internal management procedures, and physical data protection measures. We continually strive to improve our systems and procedures so that they stand out above all others.
Thank you for your continued interest and support.
"Personal data" means any information that is collected or recorded in a way that may allow direct (e.g. surname) or indirect (e.g. phone number) identification of a natural person.
This "Collaborator Personal Data Protection Charter" is a part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you explicitly accept the provisions of this Charter.
For what purposes do we collect data?
We collect and use personal data to manage your relationship with GRECOTEL SA and to offer our Services to you. Certain personal data is collected to provide you with personalized and improved services.
We collect personal data with the following purposes:
a) To provide you with useful information for offers or other promotional messages and inform you about special offers and new Services.
b) To create and store legal documents in accordance with applicable law.
c) To collect data to meet requests relating to your stay (e.g. room preferences).
d) To improve our hotel services
• Tailor products and Services to better meet your requirements.
• Process your personal data using marketing programs for marketing and promotional purposes.
• Provide you with useful information for offers or other promotional messages.
• Inform you about special offers and new Services.
• Provide customized content and recommendations based on your previous activities.
• Collect information to better interpret the status of our professional relationship
e) To manage our relations with you
• Manage loyalty programs.
• Manage customer databases.
• Evaluate and analyze the market, our customers, our products, and Services.
• Create statistical data and reports.
• Gain knowledge and manage the preferences of new and recurring customers.
• Send newsletters, promotion products and offers, or to contact you by telephone.
• Manage requests for deletion from update lists.
• Create and manage questionnaires and statistics.
• Organize lotteries, contests and offers.
f) To improve system security
• Record data to ensure security and to prevent fraud.
g) To comply with Greek and European law
h) To conduct market research/analysis of questionnaires and customer comments.
i) To conduct focused marketing campaigns, direct marketing and sales promotion activities.
What personal data do we collect?
Information provided directly by you
We are obliged to request the following details about you and/or your family members:
• Contact details (e.g. surname, given name, father’s name, passport number, ID-card details, telephone, home address, email)
• Personal data (e.g. date of birth, nationality, place of birth)
• Information regarding your children (e.g. given name, date of birth, passport number)
• Billing details (e.g. credit card number, VAT number)
• Loyalty program member number (member number for loyalty program of GRECOTEL SA or other parties, such as airline operators)
• Date of arrival and departure, flight number, and room number
• Preferences and interests (e.g. non-smoking room, preferred floor, type of bed, sports, cultural interests)
• Health Data, such as medical reports and certificates, medical test results, data on pathological diseases, etc.
• Questions and comments submitted during or after your stay in one of our Hotels.
Information from third parties
We may receive information about you from available public and commercial sources. This, we may combine with other information that we receive directly from you or in relation to you. We may also receive information about you from third party social networking services when you choose to connect to such services.
You may choose not to provide certain types of information, but this may limit your access to certain Services.
When do we collect personal data?
We collect personal data in various cases, such as:
a) Hotel activities:
• Room reservation
• Phone contact
• Check-in and payment
• Reservation of seat and/or use of hotel services, such as catering, spa, and recreational services
• Various requests, complaints, and/or disputes
b) Participation in marketing programs or events:
• Registration in loyalty programs (e.g. Privilege)
• Participation in online and offline surveys (for example, customer satisfaction survey)
• Participation in contests and games
• Participation in marketing events or conferences
• Subscription to mailing lists in order to receive offers and other promotions by email
c) Transmission of information from third parties:
• Tourist agencies, tourist offices, GDS reservation systems, online reservation systems (e.g. booking.com, expedia.com, etc.), and other reservation systems
d) Actions through electronic devices
• Login on our websites
• Connection to our WiFi network of our hotels
• Completion of online forms (e.g. reservation forms, precheck-in forms, satisfaction survey forms, etc.)
• Through social media promotional activities
• Through e-mail upon contact
e) Actions through interpersonal communication
• Face to face contact during business meeting or in the framework of communication during presentations or exhibitions
Third party access terms to your personal data
GRECOTEL SA and its affiliates do not disclose your information to third parties for their own business or marketing purposes without prior your consent.
However, we may disclose your information to the following entities:
• Affiliates. Your information may be shared between affiliates of GRECOTEL SA.
• Business associates. We may also share your information with trusted business partners. These entities may use your information to provide you with services you have requested, make provisions relating to your interests, and offer you promotions, advertisements, and other material.
• Service providers and/or any third parties that may process information on our behalf. We may also share your information with companies that provide services on our account or behalf, such as IT contractors, bulk mailers, banks, credit card institutions, law firms, mail service companies, printing services companies, etc.
Credit approval: Upon submission of a credit approval claim, personal data are utilized and disclosed to designated third parties according to applicable legislation in order to decide on the credit approval and its subsequent level.
• Other third parties, if so required by law or in order to protect our Services. Situations may arise in which we share your information with other third parties:
o To comply with the law or mandatory legal procedure (such as search warrants or other court orders)
o To confirm or implement our compliance with the policies governing our Services
o To protect the rights, ownership or security of GRECOTEL SA or any of our affiliates, business partners, or customers
• Other third parties in relation to corporate transactions. We may share your information with third parties within the context of a merger or transfer, or in the event of bankruptcy.
To provide you the best possible service, we allow access to your personal data or to certain categories to competent, authorized members of our personnel. This includes:
• Reservations departments
• IT department
• Marketing/Guest Relations department
• Legal Services department, if and when required
Protection of personal data during international transfers
For the purposes set out in Article 3 of this Charter, we may transfer your personal data to internal or external recipients who may be located in countries that offer different levels of protection for personal data.
Please note that data protection and other laws in the countries to which your information may be transferred may not be as protective as those in your country. To protect your privacy, the transfer will take place according to the legislation governing the processing of personal data.
GRECOTEL SA takes all reasonable measures to safeguard the transfer of personal data to an external recipient in a country that offers a different level of privacy than the country where the personal data is collected.
What we do to keep your information safe
We have taken organizational and technical measures to protect the information that we collect in relation to our Services, especially sensitive personal data. Our IT department implements international standards and practices to ensure the safety of networks and the encryption of data.
However, please bear in mind that despite the reasonable measures that we take to protect your information, no website, internet transmission, computer system or wireless connection is ever completely safe.
We take reasonable measures to ensure that your personal information will be stored no longer than needed for the purpose which it has been collected and no longer than required by the contract or the applicable legislation.
Cookies, beacons and similar technologies
Cookies are small files that store information on your computer, mobile phone, or other device. They allow the entity who places these files on your device to identify you across different websites, services, devices, and/or browsing times. Cookies serve a range of useful purposes. For example:
• Cookies can remember your login credentials, so you do not have to enter them again each time you connect to a service.
• Cookies help us and third parties to understand the most popular parts of our Services; they help us see which pages and features are visited by the users and how much time is spent on each. By studying this kind of information, we can customize our Services and provide you with a better experience.
• Cookies help us and third parties to understand which advertisements you have viewed so you do not receive the same advertisement each time you access the Service.
• Cookies help us and third parties provide you with relevant content and advertisements by collecting information about your use of our Services and other websites and applications.
When you use a website to access our Services, you can make settings in your browser to accept all cookies, reject all cookies or notify you when cookies are sent. Each browser is different. Refer to the “Help” menu of your browser to find out how you can change your cookie preferences. The operating system of your device may offer more control settings for cookies.
However, please note that certain Services may have been designed to work with cookies and that deactivating cookies may affect your ability to use those Services or part of those Services.
Other local storage
We and certain third parties may use other kinds of local storage technologies, such as Local Shared Objects (commonly called “Flash cookies”) and local HTML5 storage (HTML5 Web Storage) in conjunction with our Services. These technologies are similar to the cookies mentioned above as they employ storage on your device and can be used to store information concerning your activities and preferences. However, these technologies may use different parts of your device than typical cookies, and therefore may not be controlled with the standard tools and browser settings.
We and certain third parties may also use technologies called “beacons” (or “pixels”) that send information from your device to a server. Beacons can be embedded in internet content, videos, and emails to allow a server to read certain types of information from your device. Beacons can also be embedded to determine when you have viewed specific content or a specific email message, the time and date on which the beacon was viewed, and the IP direction of your device. We and certain third parties use beacons for a variety of purposes, such as to analyze the use of our Services and (in combination with cookies) to offer you more relevant content and advertisements.
By accessing and using our Services, you agree to the storage of cookies, other local storage technologies, beacons, and other information on your devices. You also allow us and the aforementioned third parties to access these cookies, local storage technologies, beacons, and information.
Access and correction of your data – right to erasure (‘right to be forgotten’)
In addition to existing lawful user rights, according to the legislation in certain jurisdictions, you may also be entitled to request details on the information that we collect and to correct any inaccuracies that may be contained in such information. If provided by law, we may charge you a minor fee for the provision of this possibility. We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardize the privacy protection of others, are extremely impractical, or involve access that is not otherwise required by domestic law. If you wish to submit a request for access to your data, please contact the Data Privacy department.
You have the right to obtain the erasure of your personal data from the controller.
Questions and contact
If you have any questions regarding this policy or the protection of data at Grecotel SA and our affiliates, please contact the Data Private Department at the following address:
Data Privacy Department - Attn. Mr Arsenis
64b Kifissias Ave., 15125 Maroussi, Athens, Greece
Telephone: +30 210 3743 600
Fax: +30 210 7219544