Book Online

PRIVACY POLICY

Table of contents
I. Introduction
  1. Preamble
  2. Who we are and what we do
  3. The aim of this Privacy Policy
II. Personal Data and Special Categories of Personal Data – Processing
  1. Types of data collected
  2. Special categories of data collected
  3. Source of data
  4. Use of the collected personal data – Identification of legal basis
  5. Use of the personal data for purposes different than those originally collected for
III. Transfer of personal data
  1. To third parties – Description and legal basis
  2. International Transfers of Personal Data
IV. Data Subjects’ Rights
  1. Take a moment and explore your rights
  2. This is how you can exercise them and our obligations to respond
  3. How you can file a complaint
V. Technical and organizational measures put in place to safely process your data
  1. How we protect your data
  2. Retention period
VI. Children’s privacy
VII. Changes to this Policy

Last modified: 25.05.2020
Effective date: 25.06.2020

I. Introduction

1. Preamble

Thank you for visiting our website www.apertosuites.com which is dedicated to providing accommodation services of the highest quality to the island of Thira (Santorini) Greece. Through our Website you can review our services and remotely visit the wonderful island of Santorini while our hotel and staff are anxiously waiting for you to visit us and have a memorable stay.

2. Who we are and what we do

Our hotel is operated by Evangelos Vardakostas and our contact details can be found below:

While providing our services and/or offering them via the Website we need to collect certain personal data and our primary goal is to keep it safe and secure and protect your privacy. We regard your wish to spend some time on our premises and relax with the highest respect and therefore all necessary measures are in place to safeguard your ultimate right to personal and private time.

Offering our services means that except for the Website, where you can directly access and book the services you wish for, we engage and cooperate with third parties, such as online booking engines, tour operators and travel agencies through whom you may request and receive our services.

3. The aim of this Privacy Policy

As of May 2018, our Accommodation has fully aligned its policies and operation with the requirements of GDPR (General Data Protection Regulation) and only works with people and entities who share the same views and high sense of responsibility towards the need to lawfully and safely process personal data.

Personal data refers to any information related to an identified or identifiable person and basically refers to all information that may identify you as an individual.

As mentioned above, you have the ability to review and book our services through third parties (e.g. third parties’ online platforms/applications or other service providers). When doing so, information provided by you to these third parties may be separately collected and processed by them, so you need to be mindful of their privacy policies.

Once we receive your personal data by these third parties, then it shall fall under this privacy policy and we will be more than happy to assist you with any clarifications you may need.

On the other hand, should you wish to follow links that our Website may include to third parties’ websites or applications (except for online booking directly via the Website), we strongly advise you to review their privacy policy. Our Accommodation cannot be held and is not liable for the processing of any personal information you may share with these third parties.

The present Privacy Policy applies to all services offered by us to you, either while simply visiting our website, making use of its services or while providing accommodation and related services to you. It will also apply to any future services we may decide to provide unless we inform you on updated privacy terms and conditions in a timely and proper manner.

II. Personal Data and Special Categories of Personal Data – Processing

1. Types of data collected

1.1. Site visitors

Persons browsing through our Website and interacting with it and any features and/or applications operated by the Website are considered as Visitors.

(a) data we collect while you browse our Website

When visiting our Website, we collect the following information (i) IP address, (ii) device and browser type as well as the device operating system, (iii) the pages you visited on our Website, and (iv) the time you spent on our Website.

(b) data we collect while using the Contact Us form

When you choose to contact us via our online Contact form you will be requested to fill in your full name, a valid e-mail address (required field) and optionally your phone number, your country of origin, possibly requested arrival and departure dates.

(c) data we collect while using the Book Now platform

In order to make a booking you will have to provide us with your name and last name, your country of origin as well as a valid e-mail address and a mobile phone number. You are free to provide any requests or additional information you may consider important so that we can provide additional services requested (if possible).

Additionally, you will be requested to fill in your debit/credit card details in order to proceed with your transaction as per the terms of your booking.

1.2. Guests

If you decide to receive our accommodation services either via our Website Online Booking Platform or through third parties, then you are considered a Guest.

(a) data we collect while using the Book Now platform

Please see in the above section.

(b) data we collect upon check-in

Once you arrive at our Accommodation, we will ask you to fill in a check-in form where you will have to provide us with the following data: Full name, e-mail address, date of birth, Passport Number, Nationality, Profession, Company (Employer if applicable), full address details (city, street and number, ZIP code), telephone number (home or mobile) and fax number. You will also be requested to present the credit/debit card used for payment/guarantee while it is noted that the holder of the card must also be present during check-in. As per legal requirements, we will also ask and receive a photocopy of the passport of all other guests staying with you.

(c) data we collect from third parties (e.g. online booking platforms/tour operators/employers):

As already mentioned you may as well request third persons to intervene for making a booking in our Accommodation. In such instances we shall receive all personal data already provided by you and especially those mentioned under 1.2.(b).

(d) data we collect during your stay

Kindly note that our premises are monitored by closed circuit television systems (installed as per legal requirements) while certain data may be collected if you choose to use our wired or wireless networks (data about your device or your location). Data shall also be collected through the use of card keys and other security and/or technology systems.

2. Special categories of data collected

Under normal circumstances we will not ask, nor will we hold special categories of personal data i.e. health data, religious beliefs. Any such data will only be provided by you and/or under your explicit consent by third parties (e.g. online platforms) if you wish us to adapt our services to specific requests (e.g. meal preferences, food allergies, use of spa services) and subject to availability of such custom services.

3. Source of data

Personal data are provided to us either by you personally either by third parties acting on your behalf and under your explicit authorization (e.g. online booking platforms, tour operators, etc.).

4. Use of the collected personal data – Identification of legal basis

Our Accommodation shall use your personal information only for purposes described in this privacy policy. In line with EU and national legislation we may use information collected for purposes including:

4.1. Provision of services and experiences

This shall include using data to:

Kindly note that if you provide us with special categories of data in order to receive personalized services, such data will not be used for any other purposes.

4.2. Safety and security

We use personal data to maintain the safety of our facilities, services, guests and personnel (e.g. CCTV data, data collected from the use of room card-keys).

4.3. Customer support

Our Accommodation may use your personal data to provide customer support, such as:

4.4. Legal proceedings and requirements

We may use personal data to investigate or address claims or disputes relating to services or as otherwise allowed by law or as requested by public, police or other authorities. Additionally we shall process personal data to detect and prevent fraud.

4.5. Statistical purposes

Greek authorities issue annual reports referring to the number and nationality of foreigners visiting Greece and we shall disclose in anonymized and aggregate form the aforementioned details (if provided by the guest).

5. Use of the personal data for purposes different than those originally collected for

Under normal circumstances we shall not use your data for purposes other than those originally collected for. However, should that be the case we shall inform you in a proper and timely manner for any new processing of your personal data along with all details set out by law.

III. Transfer of personal data

1. To third parties – Description and legal basis

In order to perform our contractual obligations and provide the best possible service we shall share personal data with:

(a) Business associates such as:

(b) For legal reasons or in an event of a dispute

We may disclose personal information if that is required by EU or national legislation or in compliance with a ruling, order, mandate received from any authority or court. Legislation may also require collection and disclosure of personal data e.g. passport information to police authorities, guests’ information in line with Covid-19 measures. We may also share personal data in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.

(c) Investors, to the extent that the expansion of business activity requires a due diligence by an interested investor, taking any measures necessary to secure and protect confidentiality of personal data.

2. International Transfers of Personal Data

Our Accommodation does not transmit personal data in countries or international organizations outside the EEA.

IV. Data Subjects’ Rights

1. Take a moment and explore your rights

We would like to draw your attention that in the event you do not allow us to collect personal information from you, we may not be able to deliver certain products and services, while some of our services may not be able to take account of your preferences. If collection of personal information is mandatory, we will make that clear at the point of collection so that you can make an informed decision whether you shall proceed with visiting our Accommodation and making use of our services.

2. This is how you can exercise them and our obligations to respond

For the exercise of your rights, you can contact us via our Contact Form on this Website under the subject “Exercise of Data Subject Rights” or send an e-mail at info@apertosuites.com and we shall proceed with any required action to respond in a timely manner and within the time limits set by law. Exercising the aforementioned rights is free of charge unless requests are repeated in an unreasonable way or excessive.

3. How you can file a complaint

Law provides you with the ability to lodge a complaint to the competent data protection authority in your country of residence or the country of our main establishment. Please find below the contact details for the competent authority in Greece:

Hellenic Data Protection Authority
1-3 Kifisias Avenue
115 23 Athens
Tel: +30 210 6475600
Fax: +30 210 6475628
Website: www.dpa.gr

V. Technical and organizational measures put in place to safely process your data

1. How we protect your data

Our Accommodation has taken all necessary technical and organizational measures for the safety of your personal data. We have applied all required procedures, such as encryption and pseudonymization, in order to prevent unauthorized and/or unlawful access or transmission to third parties. Our standard procedures include periodic review of security measures but it must be considered that despite our best efforts, these are not perfect or unbreachable.

2. Retention period

We retain personal data for the period necessary to fulfill processing purposes unless legislation requires or allows retention for a longer time period. We retain information in our reservation system for at least five (5) years following a guest’s departure in order to process your booking and provide invoicing and recordkeeping.

VI. Children’s privacy

Our and services, as well as the website www.apertosuites.com do not address to children under 15 years old. Therefore, we do not knowingly collect personal data belonging to minors that do not meet the required age criteria. In that case minors are not allowed to make use of our Website and not provide any personal data.

In case you realize, acting under your capacity as guardian or parent that a minor has notified personal data to us, please send us immediately an e-mail through Contact Form.

VII. Changes to this Policy

Our team shall review this policy periodically and may proceed with changes in order to meet new best practices and changes in law and technology. Such amendments shall be promptly and timely notified to you by posting them on our website. Therefore you are kindly advised to review our Privacy Policy for possible amendments even though we shall place a visible notice to our Home Page.