KalamataArtRooms processes all of your personal data in compliance with the General Data Protection Regulation (Regulation 2016/679 – GDPR), as well as national and community legislation in force today or to be enacted in the future, offering a safe environment.
1. Personal information we collect
Personal is any information relating to an identified or identifiable individual, a person that is, whose identity can be directly or indirectly ascertained. Not included are data which cannot lead to the identification of a specific individual (anonymous data).
We collect the following types of personal data:
Visitors / Customers:
Identification data: Full name, user name or similar identifier, birth date and sex, Tax Identification Number, signature, identity card or passport details, VISA status information, professional and family status, CCTV images and videos and, generally.
Contact information: invoice address, e-mail address, residential address and phone numbers, contact information and other related data.
Booking information: room number and type, number of visitors, vehicle information, arrival and departure time.
Financial information: bank account and payment card information.
Transaction data: details relating to payments from and to you and details regarding booking or other offers you have purchased from us.
Sensitive information*: Possible disabilities/special needs, medical conditions and special medical or dietary requirements which could affect your stay at our accommodation.
Communication and promotional materials: your preferences relating to promotional materials from us or third parties, such as the other members of Anatolia Hospitality Group (e.g. informational material – newsletter), as well as your preferred method of communication with us.
Our correspondence with you: included in this is your views on our accommodation (for example, possible complaints or observations made by you over the telephone, e-mail or social networking websites or e-mail, personal or written correspondence and interaction files between us).
Data from your activity on the Internet / mobile network: data such as your IP address, the type and version of your browser, language and location setting, as well as settings relating to appearance/screen, geographic position data, data relating to the platform or other technology in the devices you use to access our website or applications, data relating to the manner by which you use or interact with our website and applications, data relating to your profile (e.g. user name and password, preferences, comments and responses to surveys), as well as data from the use of social networking media (e.g., comments, photographs, video).
Data from questionnaires we could eventually ask you to fill.
* Kalamata Art Rooms collects sensitive information (as such are defined in article 9 of the General Data Protection Regulation), only if such are provided with your express consent or if we are required to do so, in compliance with laws or regulations in force. We may use the health data you have provided us with to ensure your well-being or to improve our services and upgrade your experience.
The information we may collect from prospective employees includes the following:
Full name, address, telephone number(s) and e-mail address.
Qualifications, skills, experience and employment history.
- Possible additional information contained in a prospective employee’s CV.
The Data Protection Officer shall process this information, to assess whether to conclude an employment contract with a particular prospect, while may also process personal data in order to comply with his legal responsibilities and obligations.
We have a lawful interest to process personal information during the hiring process and to maintain records of the process. We may also need to process the data of prospective employees to defend against legal claims.
We shall not disclose the data of a prospective employee to any third parties, save if said prospective employee grants his/her consent for this, in case where his/her job application is successful and a job offer is made.
2. How do we collect your personal information?
We utilise different methods to collect data from you, including:
- Directly from you: you may give us your identity details, contact and financial information by filling out a form or by contacting us over the post, telephone or/and by e-mail. You may also provide your personal information to us when making a booking over e-mail, phone, social media, fax or/and via our website or/and on-line booking platforms or engines (for example, booking.com), as well as when you register or check in our facilities. Finally, you can provide us with your personal information regarding your interests and preferences through your interaction with the accommodation.
- From third parties or publicly available sources: it is possible for us to receive your identification details from a reservation made in your name by your relatives, a travel agency / travel agent, the company you work for, booking websites or social networking pages.
- Information provided by you on your relatives: you can provide to us personal information on members of your family, your friends, dependents or other third parties for the purposes of a booking. In such cases, you are responsible to inform them with respect to this Policy and their rights ensuing from it.
- Competition, Coupons, Offers, Surveys: it is possible for us to receive your personal data should you choose to participate in competitions, make use of coupons and offers, or take part in surveys.
- Website / Application / Social Media: we may collect your personal data when you visit and interact with our accommodation’s website, when you download and use our application, as well as when you contact our accommodation via social media pages or use Internet connections via our social media. More specifically, we may collect your personal data via:
- (a) automated technologies or interactions and
- (b) social media pages. For example, we collect personal information using cookies and similar technologies.
- Accommodation’s Wi-Fi Service: when you use the Wi-Fi services at our accommodation, your personal access and identification data may be collected and used.
3. Information about or from minors
4. How do we use your personal data?
- Bookings: we may use your data in order to make a booking for any of our services on your behalf (stay, restaurant/bar reservation).
- Payments: in order to make a booking or any other purchase, your payment details are required.
- Services: to be able to provide and charge any services relating to our accommodation; to facilitate possible special requests or assistance you may have asked for, as well as to personalize and tailor our services to better respond to your personal preferences and to thus optimize your experience.
- To improve our products and services: during your stay we may ask for your opinion on our services, which will be later used towards their further improvement.
- Marketing/Promotion: We may use your personal data in order to share with you products or services we feel that you may want or need or be interested in.
- Subject to the condition that we will have received your prior express consent and provided that you have not withdrawn this consent, we reserve the right to send you messages with promotional/advertising content, either by email, by telephone, or by personal message (sms), or through various communication applications (e.g. viber / whatsapp), so that you are informed on our news and occasional offer packages.
- To comply with our legal obligations: your data may be used for our compliance with orders imposed by our auditors for the purposes of the submission of financial reports and statements, by government authorities and to collaborate with police authorities, regulatory authorities and/or courts.
5. Legal grounds for processing
Performance of contract: The use of your personal data may be required for the performance of a contract you may have concluded with us (for example, the making of a booking).
Legitimate interest: Processing is necessary for our legitimate interests or the legitimate interest of a third party, save if the grounds for the protection of your interests supersede those of our legitimate interests. For example, it is a legitimate interest of ours to process your data in order for us to improve our services and the contents of our website or to protect the health and bodily integrity of our staff.
Vital interest: In cases where it is impossible to obtain your consent, we may need to process your personal data, including sensitive personal data you provided us with at the rendering of our Services, where such processing serves your vital interest or the vital interest of a third party (for example in the case of a medical emergency).
6. Data Disclosure
Our company explicitly states that it will not proceed with any unlawful or illicit use of your personal data and will not in any way or on any grounds transmit your personal data and the user/visitor/client information to any third parties.
However, we may share the personal data you have given us with your express consent, with exclusively the third parties cited below, for the purposes referred to below and always subject to the condition that your personal data do not undergo any unlawful processing:
To the accommodation’s associates: in order for us to be able to help you cater for your needs during your stay at our accommodation and to provide you with promotional material to your preference.
- To external associates: It is possible for us to disclose your Personal Data to other third parties, our associates, including technical experts and consultants offering their services to us. These other third parties include credit card issuers, financial institutions, external auditors and legal consultants.
To travel agencies/our corporate travel associates: We may disclose your Personal Data to associates engaged in the provision of travel-related services. Such may be travel agencies, airlines and car rental companies, in order to facilitate them to offer you the unique opportunity to purchase travel-related services.
- To government authorities: In order for our business to comply with legal requirements.
- International Data transfers: Subject to specific conditions, the need to transmit personal data and other information collected from you to so-called “third” nations outside the European Union (EU) / European Economic Area (EEA), may ensue. It is possible, for example, for your personal data to be processed by personnel operating in third nations which works for us, or by other entities which act as those carrying out the processing, who process data on our behalf.
Every transmission of personal data to countries outside those for which the European Commission has adopted an adequacy resolution with respect to the level of data protection, will be carried out based on contractual agreements and by using standardized contractual clauses approved by the European Commission or other appropriate assurances in accordance with the legislation in force, in order for us to provide suitable and adequate guarantees for your personal data.
7. How long do we keep your personal information for?
We shall keep your personal information only for as long as it is necessary in order to fulfill the purposes for which they were collected and principally for the satisfaction of any legal or accounting obligations or liabilities or obligations to file reports with regulatory authorities. Parallel to this, we limit access to your personal information only to those individuals who must use them to the corresponding purpose on a case-by-case basis.
In order for us to determine the period we need to keep your personal data, we take account of the quantity, nature and sensitiveness of your personal data, the potential risk of harm from unauthorized use or/and disclosure of your personal data, the purposes for which we process them and whether we can attain such objectives using other means, as well as our current legal obligations and responsibilities.
You can, under certain circumstances, request that we delete your data (cf. 11 below). We may keep your data anonymized in certain cases (for example, statistical or demographic data), in such a format that they will no longer be able to be associated with you or/and to identify you. In such a case, we may use them without further reminder or warning, since such data may originate from your personal data but are no longer considered as personal by the Law, as they do not directly or indirectly lead to your identity.
8. The safety of your personal data
The data you provide to us are protected using SSL (Secure Socket Layer) technology. SSL technology is the principal method utilized in the field of personal data and credit card information encryption, in order to ensure their safe transmission over the Internet.
9. Your rights
You are entitled to a series of rights with respect to the personal information – data you have disclosed to KalamataArtRooms.
In more detail:
- The right of access: Your right to obtain a copy of the personal information we keep on you, as well as information relating to how your personal data is being used.
- The right to rectification: You reserve the right to request the rectification of the data we keep on you, where such are erroneous or incomplete.
- The right to erasure: Known also as the right to be forgotten, this right grants you the ability to demand the deletion of your personal data from our files and systems. In this case, our business is obliged to delete your data, without undue delay and where one of the following grounds applies:
- (a) the personal data are no longer necessary in relation to the purposes for which they were collected by our company or were otherwise processed;
- (b) you have withdrawn your consent for the collection, processing and storage of your personal data by our company and there is no other ground for the processing and to the extent where no such other legal grounds subsists;
- (c) you object to the processing of your personal data and there are no overriding and lawful grounds for the processing;
- (d) the personal data have been unlawfully processed;
- (e) the personal data need to be erased for compliance with a legal condition in the National or Union law our company is subject to;
- (f) the personal data have been collected in relation to the offer of information society services directly to a child, as such are more specifically referred to in article 8§1 of the General Data Protection Regulation.
- The right to restriction of processing: This right allows you to limit the processing of your personal data by us. Should you exercise this right, our accommodation may store your personal data, but any other use thereof is prohibited, save for specific and limited cases.
- The right to object: You reserve the right to object to the use of your personal data by use in certain circumstances. However, it is possible that we will continue to use your personal data, despite your objection, in cases where there are urgent legal reasons to do so or where we have to use your personal data with respect to possible legal claims of ours.
- The right to data portability: This right allows you to acquire your personal data in a format permitting you to transfer them to some other company/organization, in cases where we process your personal rights based on your consent or the performance of a contract and provided processing is carried out using automated means. You reserve the right to the portability of your personal data directly from us to some other company/organization, provided this is technically feasible.
- The right to lodge a complaint with a supervisory authority: You reserve the right to lodge a complaint with the Hellenic Data Protection Authority should you believe that we do not process your data in compliance with the legislation on data protection, and
- The right to withdraw your consent: You reserve the right to withdraw your consent to the processing of your personal information by us at any time. This will not affect the legality of our processing before the revocation.
Provided you exercise any of the aforementioned rights, we shall take every necessary step to satisfy your request within a deadline of thirty (30) working days from the receipt of your relevant request. Occasionally, it may take more than one month to satisfy it, should your request be very complex or in case you have submitted more requests. In such a case, we shall inform you and keep you updated. In any case, we will immediately inform you either with respect to the satisfaction of your request or the objective reasons hindering it.
We may require additional information from you, to help us verify your identity and ensure your right to gain access to your personal information (or to exercise any of your other rights).This is a security measure to safeguard against the unintended or accidental disclosure of your personal information to unauthorised parties. We may also contact you in order to ask for additional information to expedite our response.
10. Data Protection Officer’s (DPO’ s) Contact Information
You can contact us regarding your personal data treatment and any relevant inquiries in one of the following ways:
Address: KalamataArtRooms, Mitropetrova 12, Kalamata 24100, Greece
Tel.: +30 27210 27151
11. Amendments to this policy
We may occasionally revise this Policy by posting a new version on our website. You can visit our website on a regular basis to note possible changes.
Last edit of the current document : August 11, 2023