Privacy Policy

1. INTRODUCTION- OUR COMMITMENT TO PROTECT YOUR PRIVACY

We, the Company, IKYES Development E.E., consider you an important customer. Our priority is to offer you an exceptional stay.

Your complete satisfaction is essential to us and as part of our commitment to meeting your expectations, we have set up a customer personal data protection charter. This charter formalizes our commitments to you and informs you of our policies regarding the collection, use and disclosure of your personal data, fully complying with the current legislative framework for the protection of personal data and in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR), Law 4624/2019 and Law 3471/2006. 

Please read the terms of this policy carefully. Your use of our online services or provision of information to us constitutes your acceptance of the terms of this Privacy Policy. Any information provided by you, i.e. the user can and/or may be used/shared to third parties as per par. 5 and 6 of this Policy.

2. DEFINITIONS

For the purposes stated herein, the following terms shall have the following meaning in accordance with the GDPR:

• “Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

• “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data which are processed for the purpose of indisputably personal identification, data relating to health etc.

• “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

• “Restriction of processing”: means the marking of stored personal data with the aim of limiting their processing in the future;

• “Profiling”: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

• “Anonymization”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.

• “Filing system”: means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

• “Controller”: means the natural or legal person, public authority, agency, or other entity which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the purposes of the present, Ikyes Development E.E. acts as the Data Controller;

• “Processor”: means the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller;

• “Recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

• “Data subject”: the natural person whose personal data is processed;

• “Third Party”: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

• “Consent” of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

• “Personal Data Breach”: the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.

• “Automated individual decision-making”: a decision made solely based on automated processing, including profiling, which produces legal effects that concern or similarly significantly affect the data subject.

• “Applicable Legislation”: the current national and European legislative framework on the protection of personal data and in particular the GDPR, Law 4624/2019, Law 3471/2006, the jurisprudence of the Court of Justice of the European Union, as well as the decisions, directives, recommendations and opinions of the European Data Protection Board and the Personal Data Protection Authority (hereinafter the Data Protection Authority”).

3. DATA COLLECTION 

We will collect and process information about you if it is voluntarily provided to us as follows:

• by filling out a form or making comments on our website

• by completing a registration form by hand 

• by contacting us by phone or in person

• by sending a letter, e-mail, or personal message on social media

• by signing up to receive a service from us (e.g., a newsletter, blog or following us on social media)

• by asking us for promotional information (e.g., information about any of our products or services, including gift vouchers);

• by participating in a survey

• by submitting content to us

4. WHAT PERSONAL DATA IS COLLECTED

We may ask you to provide us with certain personally identifiable information (personal data) that can be used to contact or identify you and/or the persons accompanying you, including the following:

-Contact details (for example: last name, first name, telephone number, email)

-Personal information (for example: gender, date of birth, nationality, preferred language(s))

– Information relating to others, including your children (for example: first name, date of birth, age). By providing us with personal information about others, you certify that you have permission to provide that information to us for the purposes described in this Privacy Policy and you have shared this Privacy Policy with them beforehand.

-Payment information, for transaction and reservation purposes (such as payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, PayPal email address, IBAN information, your address, and other related transaction details)

– Information contained on a form of identification (such as ID card, passport, or drive license)

-Your arrival and departure date and time.

-Your preferences and interests (for example, smoking or non-smoking room, preferred floor, type of bedding)

-Your questions/comments, during or following a stay in one of our rooms

-Technical and location data you generate as a result of using our website, named Log Data (such as Internet Protocol (IP) address, location, time zone, browser type and version, operating system, device name and manufacturer, device IMEI code, application version in use, login details, browser/usage program, browser/usage details, usage and advertising data, such as login details, visit duration, number of website views, website navigation paths, information about the time, frequency and pattern of use of the services, referral source, the sending or receiving of promotional material hardware, the user’s preferences, the analysis of his behavior within the online platform (such as recent searches, frequency of use, frequency of purchase of similar services, his clicks, time per screen, origin page through whose online platform is visited)).

The information collected in relation to persons under 16 years of age is limited to their name, nationality, and date of birth, which can only be supplied to us by an adult. We would be grateful if you could ensure that your children do not send us any personal data without your consent (particularly via the Internet). If such data is sent, you can contact the Data Privacy Controller at –add e-mail- (as per par. “Your rights” below) to arrange for this information to be deleted.

In every case of collecting your personal data as stated above, we do so on the Legal basis that it is necessary for the purposes of the legal interests pursued by the Company. We do not sell, rent or in any other way commercially distribute your personal data to third parties. We may keep this data until the fulfilment of the processing purposes, a period which cannot exceed two (2) years.  

5. PROCESSING OF DATA

Typically, we will use and process your information:

• to improve our website and social media pages and ensure that their content is presented in the most effective way for you.

• to access and understand general trends and patterns in our business.

• to ensure the safety of our guests and visitors.

• to manage general record keeping.

• to compile anonymous aggregate statistics that will enable us to understand how users use our website and help us improve the structure of our website and the provision of our services or products.

• allow you to make reservations and make payments on your behalf.

• administrative, legal or security purposes

• to provide the products or services you request from us

• to improve our products and services and to ensure that our products and services are of interest to you.

• to contact you with relevant newsletters, marketing or promotional materials and other information regarding our services.

  We may process your personal information both automatically and manually. We may use your information in other ways for which we provide specific notice at the time of collection.

Please also note that for the processing of your personal data as described above, we rely on the following legal bases:

a. that the processing of personal data is necessary for the performance of a contract, in particular for the completion and management of your booking. If the required personal data is not provided, we will be unable to complete the  booking, nor provide customer service.

b. on the legitimate interest in providing and improving services and preventing fraud and other illegal acts.

6. DISCLOSURE

-We do not sell, otherwise disclose or share information we collect and maintain about you, except as described in this Policy. We may use third-party services to help manage or deliver our services, such as cleaning services or property managers. We may share information with these service providers, as the above mentioned, who perform services on our behalf. These third parties will be appointed as data processors and are provided only with the information required to perform the services on our behalf (such as check-in and check-out time, Guest name, Guest phone number) but are not authorized to use that information for any other purpose.

-The User declares to be aware that the Company may be required to reveal personal data upon request of public authorities. We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities, authorized third parties, or in the stages leading to possible legal action arising from improper use of our Website or the related Services, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to: (i) comply with our legal obligations, (ii) comply with a valid legal request, (iii) respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our users to legal or regulatory liability (iv) enforce and administer our agreements with clients,  or (v) protect the rights, property or personal safety of the Company, its employees, its Members, or members of the public. 

Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon or harm to the Company, our Members, or expose the Company to a claim of obstruction of justice.

-We use third parties to process payments, manage chargebacks or provide payment collection services. In the event that a refund is requested for your booking either by you or the holder of the credit card used to make your booking, we will need to share some details of the booking with the payment service provider and the relevant financial institution in order to manage the refund. These may also include a copy of your booking confirmation or the IP address from which your booking was made. We may also share information with relevant financial institutions where we deem it absolutely necessary for fraud prevention and detection purposes.

-Other professional third parties: In some cases (such as disputes, legal claims or in the context of audit procedures) we may need to share your personal data with professional advisors. These consultants may be law firms or auditors. We only share your personal data to the extent necessary and such third parties process such data in accordance with their own professional obligations.

-If the Company undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy. After such sale or transfer, you may contact the new ownership to which we transferred your information with any questions/requests regarding the processing of that information.

7. YOUR RIGHTS

Users may exercise certain rights regarding their Data processed by the Company. In particular, users have the right to do the following:

1.Withdraw their consent at any time: Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.

2.Object to processing of their Data: Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Company or for the purposes of the legitimate interests pursued by the Company, Users may object to such processing by providing a ground related to their particular situation to justify the objection. 

3.Access their Data: Users have the right to learn if Data is being processed by the Company, obtain disclosure regarding certain aspects of the processing, and obtain a -copy of the Data undergoing processing.

4.Verify and seek rectification: Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

5.Restrict the processing of their Data: Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Company will not process their Data for any purpose other than storing it.

6. Have their Personal Data deleted or otherwise removed: Users have the right, under certain circumstances, to obtain the erasure of their Data from the Company.

7. Receive their Data and have it transferred to another controller: Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.

8. Lodge a complaint: Users have the right to bring a claim before their competent data protection authority.

Any requests to exercise the above-mentioned rights can be directed to the Company through the contact details provided herein. These requests can be exercised free of charge and will be addressed by the Company as early as possible and always within 25 business days.

8. SECURITY

Information you send or get through the site is private. You can check the validity of the certification by clicking on the web address. We also use multiple authentication methods to safeguard your data. We carry regular penetration tests and assessments on our website and our cloud service providers. The security of your Personal Information is of paramount importance to us, but the user shall be aware that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

9. LINKS TO OTHER WEBSITES

Our website may provide links to or include links from other websites. These websites operate independently of us. You access such linked websites at your own risk. These websites are not subject to this Policy. Linked websites may have their own privacy and data protection policies, which we recommend you review. To the extent that the linked websites you visit are not owned or controlled by us, we are not responsible for the content of the websites, any use of the websites or the privacy practices of the websites.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time in accordance with the applicable law. You should review this Privacy and Data Protection policy frequently. If we make material changes to this policy, we will change the “Last Updated” date at the beginning of this Privacy and Data Protection Policy. We may also – as far as technically and legally feasible –notify you by email. The method we choose is at our discretion. Any changes we have made to the Privacy Policy are effective as of this last Updated date and supersede all previous Privacy and Data Protection Policies.

Should the changes affect processing activities performed on the basis of the User’s consent, the Company shall collect new consent from the User, where required.

If you believe that your data protection rights have been violated, you may contact the Personal Data Protection Authority (www.dpa.gr).

If you have any questions about this Privacy Policy, please contact us legal@ikyes.gr