CITY GREEN HOTEL, a Hotel owned and operated by HOTELS 2PLAN E.E., (hereinafter referred to as “Hotel”, “We”, “Us”, “Our”), collects and processes your personal data in accordance with the applicable EU and national data protection legislation.
‘Personal data’: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Special categories of personal data’: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
‘Processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Anonymization’: the processing of personal data in such a way that data can no longer be attributed to a particular data subject;
‘Pseudonymization’: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘Controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Processor’: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘Consent’: of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘Personal data breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘Existing legislation’: The provisions of the existing Greek, EU or other legislation which is applicable to CITY GREEN HOTEL which regulates matters of data protection, such as: Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, Greek Law 3471/2006, Directive 2002/58/EC, as well as any other Decisions, Opinions, Directives, Guidelines and Recommendations issued by the European Data Protection Board, the European Data Protection Supervisor, the Hellenic Data Protection Authority (HDPA) and any other competent supervisory authority, as in force from time.
Data Protection Officer
Information We collect – Purpose of processing – Legal Basis
We ensure that We collect, store and process only the necessary information in order to provide you high quality services. More specifically, We collect:
When you wish to make a booking at CITY GREEN HOTEL or make an inquiry
When you wish to make a booking reservation at CITY GREEN HOTEL, either through Our Website or by contacting Us by email/ through a travel agent, We may ask you to provide certain personal information including your full name, email address, contact number, postal address, payment details, such as your bank account and payment card information (i.e. credit card type and number, credit card holder name, expiration date). This information is required to process and complete your reservation (including the sending of a confirmation email of the booking to you). We may also collect and store to Our systems Our communication and relevant documentation you send to Us prior to your visit, in order to organize your stay and provide you the services agreed.
We collect the above information in order to arrange your booking reservation at CITY GREEN HOTEL, as well as to process and perform the relevant payment for the purchased services. The legal basis of processing is the performance of the contract with you, as well as Our legitimate interest to recover any issued claims in case of disputes.
When your stay with Us at CITY GREEN HOTEL
During your stay at CITY GREEN HOTEL We collect information including the data provided during the registration process (full name, date of birth, id/ passport number, visa data, nationality home address, e-mail address, phone number, companion full name, postal code, number of children and their ages). Moreover, We record your itemized spending to properly assemble your folio, which sets out your room rate and other expenses billed to your room. We may also collect allergies and/or special requirement preferences (i.e. mobility requirements, payment difficulties, special requests, service issues, amenities requests, interests, activities, hobbies) but only if you voluntarily provide them to Us by signing the relevant forms and providing Us your explicit prior consent. Moreover, We may collect information related to accidents that may take place while you visit Our Hotel. Finally, We may collect personal data of its guests in line with the applicable from time to time health protocols, as issued by the competent public authorities (e.g. vaccination certificates etc).
We collect the above information in order to: a. complete the check-in process, serve your stay and offer you Our agreed services: Our legal basis of processing is the performance of Our contractual obligations, as well as to Our legal obligations. b. to offer you personalized services (regarding preferences etc): Our legal basis is your prior consent, c. for communication, promotional, research and marketing purposes: Our legal basis is your consent, d. to assess and investigate an accident/incident in accordance with Our internal procedures, for the proper handling of any respective legal issues: Our legal basis is Our legitimate interest as a service provider and Our defense of any legal claims, e. the protection of the health of Our guests and staff: Our legal basis of processing is reasons of protection of public interest in the area of public health.
When you wish to make a F&B reservation, We collect your full name, room number, as well as any other special preferences/allergies you may have. We collect and process such information only for the duration of your stay and up to the end of the operating season that you have visited CITY GREEN HOTEL.
We collect such information in order to manage your reservation and provide you with F&B services. Our legal basis is the fulfillment of Our contract and Our legitimate interest to provide you Our high-quality services.
We collect and process CCTV images through Our video-surveillance systems in order to ensure your safety and security, alongside Our premises and staff.
Our legal basis of processing is the legitimate interest to protect the safety of Our guests, employees and premises.
Reservations for Our restaurant
Should you wish to make reservation for Our restaurant, We will collect information such as your full name, your phone number, your email, as well as any other special food preferences or requests you may have.
We collect and process such information only for the duration of your stay and for the purpose of understanding your needs and providing you with a better service at the restaurant.
B. Information of minors
We do not seek to collect personal data directly from minors. We do not knowingly collect personal data from anyone under 18 without parental/legal guardian consent. As it is impossible to determine the age of persons who use Our Websites, If you are a parent and you have a concern about information that may have been provided by your child to us, please contact Us as abovementioned.
If you are a job applicant
We may apply for one of Our vacancies which are published either to Our Website, or third- party platforms. We may collect and process only the necessary personal information in order for Us to assess your suitability for a job opening (e.g. full name, contact details, working experience and CV details). Our legal basis of processing is Our legitimate interest to assess your suitability for Our vacancies, as well as to comply with Our pre-contractual obligations. Should you provide Us with your consent, We may keep your CV for future openings.
If you are an employee
We may collect and process only the necessary information to manage Our employment relationship, either at the pre-contractual stage (eg full name, Social Security Numbers, Bank details, contact details, working permit, information on education and training, family status etc), or during the performance of the contract (e.g. evaluations, trainings, leaves etc). We always ensure to provide Our employees with a relevant privacy notice as an annex to the employment agreement.
We collect such data in order to comply with Our contractual obligations and fulfill Our legal obligations as an employer. Our legal basis is the need to process your data in the context of Our contractual obligation or during the pre-contractual stage, as well as to comply with Our legal obligations.
D. If you are a business partner or supplier/contractor
We may collect and process personal information from Our vendors, only as necessary to fulfill Our contractual and/ or legal obligations (e.g. full name, TIN number, Bank account details, full address and contact details). Our legal basis of processing is the performance of Our contractual agreement and Our compliance with Our tax obligations.
E. If you visit Our Website and digital environments:
F. When you register to Our Newsletter
Should you wish for, you may subscribe to Our Newsletter, in order to receive the latest news and offers from CITY GREEN HOTEL and HOTELS 2PLAN. We may collect and process only your email address and your full name. Our legal basis is your prior explicit consent. You may always withdraw your consent, either by choosing the relevant unsubscribe option which is available in all Our emails, or by sending an email to: firstname.lastname@example.org
Who do We share your information with?
We keep your personal data secure and safeguarded. Only authorized employees and/or external partners will have access and process your personal data according to the purpose of their processing. We may share your personal data within HOTELS 2PLAN E.E., any third parties (legal entities or individuals) as well as the competent public services for the abovementioned purposes.
More specifically, your personal data may be shared with:
Third party service providers (eg. Legal consultants, it & information security services, technical support, insurers and/or professional advisors insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, marketing agencies, Our payment services provider, companies and organizations for the purposes of fraud protection and credit risk reduction). We endeavor to ensure by relevant data processing agreements that any personal data processing is made in full compliance with the data protection legislation.
Competent Public Services (Police, prosecuting authorities, tax authorities etc.) in the context of performing their duties, or upon relevant request.
In any case of data transfers, We ensure to limit the extent of information that is being disclosed, to the strictly necessary for the performance of the specific purpose of the transfer.
International Data Transfers
We may transfer your personal data outside the European Economic Area (“EEA”), such as to Switzerland, or another country. Such transfer is considered as international data transfer for the lawful performance of which, there are special legal requirements. Before any international data transfer, We will ensure that an adequate level of protection is provided by confirm that one of the following requirements is met:
Personal data will be transferred to organizations that participate in data transfer mechanisms for transfers from the EEA or Switzerland to the U.S.
Personal data will be transferred to countries that have privacy laws that have been recognized as providing adequate protection for the data.
Personal data will be transferred to countries that are subject to an adequacy decision by the European Commission,
Personal data is adequately protected by appropriate safeguards, such as by standard contractual clauses signed with the third parties to which the data will be transferred.
We will keep your personal data for as long as needed to fulfil the purposes for which it is collected unless We are required or permitted by Law to keep the personal data for a longer period of time.
Deletions of data, pursuant to properly addressed, valid, and verified GDPR-related requests, will occur without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Our retention periods are based on legal provisions and your information that is no longer needed is either irreversibly anonymized or destroyed securely. Where We don’t need to keep all of your information in full, We will obfuscate or aggregate it, for example, web activity logs and survey responses. This is to ensure that We do not retain your information for longer than necessary.
We take appropriate technical and organizational security measures to keep your personal data safe and accurate as well as to protect them against any loss, misuse, or unauthorized access, alteration, disclosure or destruction. We also have implemented measures to maintain the ongoing confidentiality, integrity and availability of the systems and services that process personal data so that We be able to restore the availability and access to your data in a timely manner in the event of a physical or technical incident.
We respect your rights as set forth by the applicable privacy and data protection laws. Especially, you enjoy the following rights related to the data We collect and process about you, and more specifically you may:
- request access to the personal information We process about you and request to receive a copy thereof;
- request that We correct inaccurate or incomplete personal information about you;
- request deletion of personal information about you, unless special legal provisions require their retention
- request restrictions, temporarily or permanently, on Our processing of some or all personal information about you;
- request transfer of personal information to you or a third party where We process the data based on your consent or a contract with you, and where Our processing is automated;
- object to Our further processing of personal information about you; and
- request to withdraw your consent when processing is based on your consent, bearing in mind that such processing will not affect the lawfulness of the processing before the withdrawal.
You do not have to pay a fee, and We will aim to respond to your request within 30 days upon receipt and identification of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests We handle. We will honor the requests you make related to your rights as the law allows, which means in some cases there may be lawful reasons that will may not enable Us to satisfy the specific request you make related to your rights.
In case of exercising one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient with whom your personal data may have been shared in the context of the pursuance of the aforementioned processing purposes.
In case you consider that We have not handled with your request properly, you can always refer to the competent Hellenic Data Protection Authority at www.dpa.gr/index.php/en/individuals/complaint-to-the-hellenic-dpa.
To make enquires and/or to exercise any of the abovementioned rights, please fill in this form and send it to Our Data Protection Officer at email@example.com
We collect information, which may include personal data, from your browser when you use Our Website by a variety of methods, such as cookies and pixel tags. We use browser session cookies, which are temporary cookies that are erased from your device’s memory when you close your Internet browser or turn your computer off, and persistent cookies, which are stored on your device until they expire, unless you delete them before that time.
The personal data collected may include your (i) IP-address; (ii) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (iii) unique device identifier and device type; (iv) domain, browser type and language, (v) operating system and system settings; (vi) country and time zone; (vii) previously visited websites; (viii) information about your interaction with Our websites such as click behavior; and (ix) access times and referring URLs.
We may use on Our Website cookies that do not require approval (necessary cookies) or cookies that require approval (non-essential cookies)
Cookies that are essential, also known as ‘strictly necessary’ cookies enable features without which you would not be able to use the Website as intended. These cookies are used exclusively by Our Website and are therefore known as first-party cookies. They are only saved on your computer while you are actually browsing the Website. These cookies do not identify you. These cookies are necessary for the Website’s functionality and without them the use of the Website would be unavailable. Your consent is not required for the use of strictly necessary cookies.
Preference cookies: Preference cookies enable Our Website to remember information that changes the way the Website behaves or looks, like your preferred language or the region that you are in.
Statistic cookies: Statistic cookies help Us to understand how visitors interact with Our Website by collecting and reporting information anonymously
Marketing cookies: Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Managing your cookie settings
If you do not want to accept cookies, you can block them by adjusting the settings on your internet browser. Please note that because this is a setting on your browser, this adjustment may also block cookies for any website you visit. You can visit www.aboutcookies.org, which provides detailed information on managing cookies in popular browsers.
Videos and other features on Our Website use Flash cookies to collect and store your preferences, such as volume. Flash cookies are different from browser cookies because of the amount of, type of, and way that data is stored. Cookie management tools provided by your browser will not remove Flash cookies. Some cookies may be placed by third party service providers who perform some of these functions for us.