General Privacy Statement
At “West East Suites”,
we are committed to respecting and protecting your privacy.
Our general privacy notice is set out below and tells you how we use and protect the personal data that you provide to us or that we collect about you, including when you use our web site or our app, when you ask us for information, when you make a booking, as well as when you stay at our hotel. We also notify you of your rights under the data protection legislation and the relevant General Data Protection Regulation (GDPR).
More specific privacy policies apply to services available by us or through our partners directly to you on our physical or electronic sites, e.g. our WiFi internet connection system, our 'booking engine' on our website, the CCTV system etc. Read these specific privacy policies and corresponding cookie policies where appropriate before using them.
By using our site or our app, and the services provided through these, you agree to the application of this policy.
WHO WE ARE
Under GDPR terminology, we are the "data controller" for the personal information we collect and process. This means that we are responsible for deciding how to process (i.e. collect, preserve, use and disclose) your personal information.
We are “A. Pantazis & Co. Anonymous Tourist and Technical Company” based in 27, Pentelis Str, Paleo Faliro, 17564 Athens, Greece, tax registration number 800539947, which owns and manages West-East Suites.
You can reach us using the following details:
84 700 Santorini island,
Tel.: +30 22860-36279, +30 22860-25765
You can contact the person in charge of Data Protection issues at firstname.lastname@example.org.
WHAT INFORMATION WE HOLD ABOUT YOU
“West-East Suites” is committed to protecting the privacy and security of your personal data. By personal data we mean information which, either alone or in combination with other information available to us, can be used for your identification. Information where the identity has been removed and cannot be identified by these or others owned by or accessible from “West-East Suites” are not considered personal (anonymous information).
The exact categories of Personal Data that are processed vary depending on the type of each Individual and his relationship with the group as indicatively:
- For visitors of the corporate website, information necessary for the communication of the devices, website use and navigation through cookies and other related mechanisms is collected
- For guests, Personal information may include, but is not limited to, your name, contact information (your home address, your telephone numbers), your date of birth or age, your profession, tax information (e.g. Tax ID number), booking and corresponding payment details, and also other information about your stay at our hotel, such as food allergy information, health and physical issues, photos and video footage as in CCTV system. Videos and photographs may have also been captured during marriage ceremonies or other events and may be part of the personal data we hold.
- For partners like contractors, suppliers, etc. personal information will include the name and other identification information, contact information and other information related to the subject of the partnership
- Videos captures of any kind of visitors may also have been taken by the video surveillance circuit of our facilities.
- Records of the transactions carried out in relation to providing you information, services or simply replies to your queries or complaints are also likely to be part of the personal data set we retain about you.
This information is stored in our archiving systems, which may include electronic files, letters, emails, customer satisfaction forms, photos and video recordings.
We may hold your personal information because you supplied it to us, or because we learned it from someone else (e.g. a booking agent), either in the context of providing our services to you or in the context of our business more generally, or because it is publicly available.
Subscribe to NEWSLETTER (Marketing Terms)
When you select to receive from us emails / sms / newsletters / letters about programs / offers / discounts and or other promotional actions, "West-East Suites" as Data Controller may use your personal data for marketing purposes and provide you information about products and services that may be of interest to you. This can happen directly from " West-East Suites" or through other third parties that can provide relevant marketing services on its behalf. In this case "West-East Suites" may share your personal data with these partners.
For security related reasons, the company monitors and records directly or indirectly the activities of its employees, guests, facilities and properties, such as through surveillance cameras.
Surveillance cameras are generally located in high-risk areas or work sites and are designed to physically protect the company's premises and its guests, employees, third parties and material assets. Generally, recorded images are overwritten and thus destroyed after a few days, while access to them is very limited and only when a specific need (theft, security incident, etc.) occurs.
WHAT WE USE YOUR PERSONAL INFORMATION FOR
We process your personal information in line with the provisions of the EU General Data Protection Regulation (GDPR) and all other applicable legislation:
- to manage and process reservations and prior related inquiries such us while exchanging information about products and services
- to provide accommodation and related services during your hotel stay
- to manage your access to rooms and other places
- to manage your participations in likely entertainment, sport, leisure activities
- to process your inquiries and complaints, as well as other requests and preferences
- to act as an intermediary to other services provided by third parties that you additionally requested from our staff
- to organize specific events such as conferences, weddings, parties etc
- to help us improve the quality of our products and services, e.g. by performing and analysing satisfaction surveys
- to efficiently handle and respond to incidents you may be involved in during your stay
- to process your payments (this may involve tracking your use of services like telephone, bar, pay TV programs, etc.).
- to serve in group’s promotional & communications purposes by publishing (with your definite consent) videos and pictures related to weddings in websites, pamphlets etc.
- to meet our legal obligations (e.g. tax laws, accounting obligations, etc.)
- to manage registration in loyalty or membership programs, as well as obtaining and redeeming points
- to send to you with your consent, promotional emails about new products, special offers or other information which we think you may find interesting,
- to send to you newsletters when you subscribe to this service of ours
- to establish the underlying infrastructure connectivity while browsing to our site
- to make business with you when you are a partner of ours,
- for internal record keeping and enabling us to recognise you as a returning guest
- to ensure network and information security
HOW WE PROCESS YOUR PERSONAL DATA
In line with the provisions of the GDP Regulation, we process your personal data in accordance with the following data protection principles:
- Lawfully, fairly and transparently
- We collect them only for valid purposes that you know or purposes we explained to you and do not use them in a way that is incompatible with these purposes
- We process them according to the above purposes only
- We collect and process the least and absolutely necessary information for the fulfillment of the above purposes
- We keep these data accurate and up-to-date as long as you keep us informed of any changes
- We only keep them for as long as necessary based on the purpose
- We keep them safe. We take all reasonable steps to ensure your personal data from loss, unauthorized access or change.
LEGAL BASIS OF PROCESSING
According to the GDPR, processing must be based on a legitimate basis, a sound reason for collecting, storing, using and disclosing your personal information.
The basis we process your information may be one or more of:
- To fulfill an agreement we have with you and provide to you the highest possible quality of hotel, accommodation and event organizing services. In that respect, we may process some of your personal data in order to ensure that you and all guests have a safe stay in our hotels, e.g. by preventing and clarifying criminal acts (CCTV monitoring)
- To safeguard our legitimate interests by ensuring secure IT Operation, preventing fraud, identifying credit risks, establishing and defending against legal claims and safeguarding our interests in legal disputes
- For the compliance of our company with a legal or regulatory etc. duty
- When you consent or agree with it, such as when you choose to receive from us informational emails, newsletters, app notifications, or you explicitly and in written give to us the authorization for use of pictures/video captured with the opportunity of a wedding.
16 and BELOW
It is not our purpose to collect personal information from children without the consent of their parents. If you are under 16, please get the consent of your parents or parental responsibility holder before giving any information.
WITH WHO DO WE SHARE YOUR PERSONAL DATA
Your personal data is shared internally within our company, between its various departments, so that you receive the service you expect from us. Any internal disclosure within the hotel is done securely and on a need to know basis.
We may also share and receive your personal data from organizations and individuals outside of the organization. This category includes the affiliate booking agents.
Additionally, your personal information may be provided to a third party by our company in order to provide a service to us or directly to you. These service providers are known as data processors and have also a legal obligation under GDPR and towards “West-East Suites” to take care of your personal data and use it only for the provision of the agreed services.
We cooperate with such third parties for services that you use, such as to operate our website, manage your reservations, connect to the internet through our wireless WiFi network during your stay, customer satisfaction surveys. Please check the more specific data protection and cookie policies of these services before using them.
Your personal information may also be disclosed to external third parties such as insurance organizations or companies and other regulatory / statutory authorities.
Beyond the above, your information will not be transferred, leased or communicated to third parties for marketing or other purposes.
TRANSFER OF PERSONAL DATA IN OTHER COUNTRIES
Your personal data may be transferred outside of the European Economic Area. While some countries have been identified by the European Commission as having adequate level of protection for personal data, in other countries it will be necessary to take extra measures in order to ensure adequate safeguards for the information. These may be in the form of imposed contractual obligations, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘ Privacy Shield’ scheme).
FOR HOW LONG DO WE MAINTAIN YOUR DATA
We will retain your personal information only for as long as it is necessary to fulfill the purposes for which we have collected it, and for as long as it is required to satisfy any legal, accounting, etc. obligations.
Where feasible, we can make your personal details anonymous so that they can no longer be associated with you. We can then use them without further notice.
Once you no longer require services from us, we will maintain and safely destroy your personal information in accordance with our retention schedule.
AUTOMATED DECISION MAKING
In some areas, in order to improve the efficiency of our services, our company may use automated decision-making processes, including profiling. When an automated decision that is taken for you is important (one that may have legal impact or otherwise may significantly affect you), you will be warned about this from us, along with your rights to challenge this decision.
DATA ACCURACY AND YOUR RESPONSIBILITIES
It is important that the personal information we keep for you is accurate and up-to-date. For this reason, in case some of your information changes or is in error, please let us know as soon as possible, so as to proceed to the necessary rectifications.
Under the Regulation, you have the following rights:
- To be informed about the processing of your personal information. This is the purpose of this statement.
- To correct your personal information if it is inaccurate and have it in full if it is incomplete
- To oppose to the processing of your personal data
- To restrict the processing of your personal information
- To have your personal information deleted ("the right to be forgotten")
- to move, copy or transfer your personal data ("data portability")
- to be informed about, question or oppose to any automated decisions taken for you, including profiling
- Ask for access to your personal information and information about how we process them
- withdraw at any time any consent you have given to the processing of personal data. This withdrawal does not affect processing already performed.
If you wish to exercise any of these rights, please contact our Data Protection person in charge.