[13. July 2018]
1. General terms and Data Controller
1.3 Data Controller for the Website is Spirit of the Knights (please find contact information in item 6 below)
1.4 As a general rule our policies are in alignment with the European General Data Protection Regulation.
2. Categories of personal data, that we collect, purpose and legal basis
2.1 When visiting the Website, we collect information about you and your usage of the Website. E.g., when you book rooms at our hotel, subscribe to our newsletter etc. We also collect cookies. You can read more about cookies below.
2.2 When you use our services we register some or all of the following information about you:
When you create an account with us we ask for your email. This is the basis and unique identifier for your account. Based on your consent only, we will also use this email for sending emails about the our service and marketing offers. If you contact us, we will also use your email in order to look up your booking info and supply you with the best customer support experience possible.
This is required for using our booking service. Your name along with certain credit card information is required for billing purposes.
When creating a booking, we will need your full address in order to create a VAT compliant invoice. We also need the address for other related billing purposes (refunds, paying for extras etc.).
This is optional. If provided, we may use your telephone number as an additional means by which we can contact you regarding services you have booked with us.
Credit Card Information
When making a purchase you need to supply your credit card information. This information is stored by us in a secure database and is encrypted for security. If you have a current booking with us but do not want us to retain your credit card information then we will delete the information as soon as your current booking and any incidental expenses incurred related to your booking and stay with us have been paid for.
Cookies and tracking technologies
2.3 The purpose for processing the above listed information is to deliver the service and to fulfill our legal obligations according to our agreement with you, administering your rights. We are also processing the information about your purchase to meet legal requirements including bookkeeping and accounting. The legal basis for the processing of your personal data is based on the agreement with you and legal requirements.
2.4.1 When you subscribe for our newsletters, we are, with your consent, collecting personal data about your name, e-mail and address.
The purpose is to deliver offers, targeted marketing, information and service e-mails to you. We will use profiling of your information, your purchase history, and relevant cookies, if any, to provide targeted advertising of products etc. of interest to you.
2.5 Contact via web or chat
2.5.1 When you contact us e.g., concerning an order, a request or a complaint, we process your identification information e.g., name, e-mail and other personal data about you, that you provide when you are contacting us. The purpose is customer service, replying inquiries, handling complaints etc. Our legal basis can be in our agreement with you as a customer, our legitimate interest in defending ourselves in case of legal claims and/or legal obligations.
3. Data protection of children
3.1 We are aware of the special need for data protection involving children.
3.2 The only information we collect regarding children is how many you may have for room sizing and service delivery such as providing cots for babies.
3.3 We do not purposefully collect personal data about children below the age of 18. If you believe, that we may have unknowingly collected personal data about minors, we kindly ask you to contact us with a view to delete this information.
4. With whom do we share your personal data
4.1 Data Controllers
4.1.1 We are transferring your personal data, when necessary to be able to deliver the ordered service to you. These are typically Hosting Providers . In that case, your IP-address will be transferred to one or more hosting providers handling the communication required to delivery the service.
4.2 Data Processors
4.2.1 We transfer personal data to data processors that are solely processing personal data on our behalf and are not allowed to use this data for their own purposes. We have entered into agreements with all data processors regarding a written data processing agreement and ensured that they are subject to confidentiality.
4.2.2 Data processors can be based in EU/EØS or other countries, provided that we can ensure that your personal data has been given sufficient level of processing security. We use data processors for technical operation and improvement of the Website, hotel booking services, distribution of newsletters and targeted marketing.
6. Your rights as Data Subject
6.1 You have the right to get access to your personal data
6.1.1 You can, at any time, get information about what personal data we are processing about you, from which source the personal data originate and what we use them for etc. You can ask for a copy of this personal data. The access may be limited in consideration of other data subjects’ rights, trade secrets and/or intellectual property protection.
6.1.2 You have, to some extent, the right to get a copy of your personal data delivered as an electronic copy or by transfer to another data controller, when the processing is taking place on the legal basis of a consent or a contract (so-called data portability)
6.2 You have the right to have incorrect personal data corrected or deleted.
6.2.1 If you believe, that the personal data, we are processing about you, is incorrect, you have the right to have it corrected.
6.2.2 You have the right to correct and delete information collected in connection with your sign-up and at your login to your user profile at the Website. Irrespective of such actions, we may process your information in a short period to establishment, exercise or defense against legal claims.
6.2.3 In some cases, we are obliged to delete your personal data, e.g., if you withdraw your consent. If you believe that your personal data is no longer necessary to meet the purpose, we collected them for, you can request to have them deleted. You can also contact us, if you believe, that your personal data is being processed in violation with legislation or other legal obligations.
6.2.4 When you are contacting us with a request to have your personal data corrected or deleted, we look into whether the legal basis has been fulfilled and will in that case update or delete your personal data as soon as possible.
6.3 You have the right to object to our processing of your personal data.
6.3.1 You have the right to object to our processing of your personal data and to block it. You also have the right to object to our processing of your personal data for marketing purposes. If your objection is justified, we will see to it, that we terminate the processing of your personal data
6.4 The right to withdraw your consent
6.4.1 You have the right to withdraw a consent you have given us for any processing of personal data at any time. If you want to withdraw your consent,
6.6 How do you use your rights?
6.6.1 You can use your rights by contacting us at firstname.lastname@example.org.
6.7.1 If you want to complain about our processing of your personal data, you may also use the contact information below.
7. Contact information
7.1 If you have any questions or want to claim your rights, you can contact us on:
Spirit of the Knights Boutique Hotel
Tel: (+30) 22410 39765
8. Deletion of personal data
8.2 If you withdraw your consent to receive our newsletter, we will register your un-subscription and you will not receive any further communication. We will store information about your un-subscription, as long as such documentation is required by law.
8.3 Information collected in connection with a purchase, you have completed on the Website, will be retained by us to the extend required under Greek Laws on Bookkeeping.
9.1 We have of course taken technical and organisational measures to avoid that your personal data, by mistake or illegal conduct, is deleted, published, lost, deteriorated or come to the knowledge of third-party, being misused or, in general, processed in a manner against the law.
9.2 Only employees, with a relevant need to have access to your personal data in order to be able to perform their job, will be granted access to your personal data.
10.2 The current policy is available on the Website and relevant services.