The site https://www.nautiluxhotel.com shall constitute the website of “RETHYMNO RESORTS MONOPROSOPI AXTE FOR THE EXPLOITATION OF HOTELS AND TOURIST FACILITIES” and the distinctive title “RETHYMNO RESORTS AXTE.” (hereafter the “Company”) and it shall be rendered the “Controller” for the purposes of processing mentioned in this policy. The content of the site shall be mainly informative, and reservations regarding the Company’s benefits shall be provided.
I. This Policy
This Policy shall apply to the operation of the Company and the Nautilux Hotel (hereinafter referred to as the “Hotel”) which it manages.
The Company shall be the sole administrator of the site https://www.nautiluxhotel.com, shall be responsible for the personal data you submit to us and for the management of your personal data in accordance with the applicable General Regulation 679/2016 on the protection of personal data.
This Policy shall apply to any service or function provided by us and is mentioned in the Policy or refers to this Policy (hereinafter referred to as our “Services”), to this website, to any website or online application, any promotional action of the Company for the Hotel online and offline, to access our Services, whether by any electronic means or other device are used, as well as during the provision of our Services without the use of the above electronic means.
The Company has appointed a Data Protection Issues Coordinator.
II. Definition of Personal Data:
“personal data”: means any information relating to an identified or identifiable individual (“data subject”). An identifiable individual is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier, such as a name, an ID card number, location data, an online identifier or one or more factors that constitute a characteristic the physical, physiological, genetic, psychological, economic, cultural or social identity of such an individual).
III. Processing Purposes – What Personal Data Do We Collect and On What Legal Basis?
The Company may process personal data through its website for the following purposes:
1. In case you voluntarily provide personal information (e.g. name, address, telephone number or e-mail address) through the forms of:
A. communication ( https://www.nautiluxhotel.com/contact/ )
The legal basis for such processing shall be your consent.
2. In case of a room reservation and other related services (such as keeping required documents in accordance with the applicable law, requests related to accommodation) and the stay at the Hotel (room access, use of mini bar services, room phone etc.), we may process, based on the legalization basis of the implementation of our contract, the following personal data:
A. Basic data of an individual (e.g. name, surname, address, phone, email, dates of stay, date of birth etc.).
B. Unique identifiers (e.g. ID Card number, Passport number, etc.)
C. Financial data (card number, CVV, IBAN).
D. Health data (e.g. allergies)
E. Social welfare data (e.g. disability, etc.), 7.
F. Preference data (e.g. vegetarian, room type, etc.), 8.
G. Identification data (reservation number)
We emphasize that in case of collection of fees from reservations when using online booking platforms (On Line Agents), information on remote credit card billing shall be provided by the respective online platforms.
In the event of a remote billing of your card, in order to manage the business relationship between us and optimize our services, we will provide you with a special form to complete your card details, which shall be used exclusively for the agreed billing process between us. Such personal data may only be processed by our absolutely necessary personnel, which has been bound by confidentiality clauses.
3. For organizational reasons (e.g. list of clients arriving / departing during the day, customers with special offers) we may process the above mentioned personal data, based on the legalization basis of the implementation of contract between us.
4. In order to comply with the applicable Greek and European legislation, we may process the personal data referred to above, based on the legalization basis of our compliance with legal obligations.
IV. Recipients of your personal data
These personal data shall only accessible to the company’s absolutely necessary personnel, which shall be bound by confidentiality clauses.
We shall process the personal data we collect on our own, and recipients of your data may be affiliated with us companies such as reservation management companies and website support companies. Finally, third parties, i.e. official state and supervisory bodies (e.g. law enforcement and prosecutor, supervisory authorities, etc.) may also be the recipients of your data when we are required to comply with the law.
Please note that all of our affiliated companies have made sure that they take the appropriate technical and organizational measures to protect your data.
V. Time of keeping personal data
Your personal data shall be kept by us only for as long as it is imposed under the terms of our contractual relationship.
VI. Transmission of personal data outside the EEA
Any transmission of personal data to third countries (ie countries outside the EEA) will be carried out with your prior knowledge and, where appropriate, with your consent. Any transmission of personal data to countries other than those for which there is an adequacy decision by the European Commission as regards the level of data protection, shall take place following the use of standard contractual clauses approved by the European Commission or through other safeguards in accordance with applicable law.
VII. Your rights
We shall protect and safeguard your rights as regards the use of your personal data. Specifically, you can:
- be informed by us, if we process your personal data and to receive a copy of them,
- correct the personal data you have provided to us,
- restrict the processing of your personal data (a) when you question the accuracy of your personal data and until we verify them, (b) when you object to the deletion of personal data but do not wish to delete them, (c) when personal data are not necessary for the purposes of processing, however, they are necessary for the foundation, exercise, support of legal claims, and (d) when you object to the processing and until the verification that there are legitimate reasons that concern us and prevail over the reasons for which you oppose to the processing.
- request that your personal data be transmitted to another Controller,
- object at any time to the processing of your personal data when necessary for legitimate interests, as well as to the automated individual decision-making including profiling,
- delete your personal data (please note that if their deletion is impossible in order to comply with regulatory requirements, we shall inform you accordingly)
- revoke the consent you have provided to us at any time, without prejudice to the legality of the processing that was based on your consent, before you revoke it.
You can exercise your rights through a request to the following address: info@nautiluxhotel.com
Our response to your request will take place within one (1) month from receiving it. If we require an extension of two (2) months to respond to your request, due to its complexity or due to large number of requests we will notify you as soon as possible.
You have the right to appeal to the Hellenic Data Protection Authority for issues concerning the processing of your personal data. For the competence of the Authority and how to submit a complaint, you can visit its website (www.dpa.gr – My Rights – Submission of a complaint), where detailed information is available.
VII. Other Information
We shall not make an automated individual decision-making including profiling.
Our website shall not address minors under 16 years old. In case of usage of products or services we offer to you, from a minor under 16 years of age, we require the explicit consent of the parent prior to processing the minor’s personal data.
This Privacy Policy was posted on the Company’s website on 13/12/2019 and shall replace an earlier post / release.
We have posted a relative Cookies Policy regarding the cookies we collect through our site.