FOR THE PROTECTION OF PERSONAL DATA
Data Controller and DPO
The Data Controller is the S.A. company with the corporate name “MARBELLA Hotel and Tourist Enterprises S.A.” and the distinctive title “MARBELLA S.A.” (hereinafter the Company), which is seated in Agios Ioannis Peristeron Corfu and is the owner of and is operating the Hotel “MARBELLA NIDO SUITE HOTEL & VILLAS”.
You may contact the Data Protection Officer (hereinafter the DPO) at the following address: email@example.com
Which are the Personal Data that we process and for which reasons
The collection and processing of personal data by the Company is necessary and absolutely associated with the provision of the Hotel’s services. With your consent, we process the personal data required in order for us to provide to you our hotel services on the basis of the contract that you have concluded with us either directly or through a tourist agent. These data in principle contain the first and last name, the identity or / and passport information, the residence address, the contact information (address and email), the overnight stays in the Hotel and the dates of the stay, as well as additional personal data, which the Company may obtain within the framework of conducting its business activity, e.g. from the use of the Hotel’s additional services (participation in excursions or sports activities, use of the fitness center or spa etc.) or in order to satisfy a special request of yours (e.g. special meal plan, avoiding consumption of specific foods, any eventual allergies etc.).
In order for us to provide to you the hotel services that you have requested by the room reservation in our Hotel, to respond to your personal requests (e.g. special diet) and to offer you high quality hospitality services, both upon your arrival at the Hotel as well as during your participation in activities and other services, you are asked to sign specific forms and to consent to the processing of the personal data mentioned each time. Without these personal data we cannot offer you the hotel services that you have requested or that you wish that are offered to you on our part.
Upon your arrival, as well as during your stay in the Hotel, you are asked to fill out forms, through which the Company collects and registers your personal data required by the law or which are necessary for the fulfillment of the Company’s obligations towards its customers. If you do not agree with the collection and the registration of these personal data, we shall not be able to offer you our Hotel services and you shall not be able to stay in the Hotel.
For the data or information not required by the law or the registration of which is not necessary for the fulfillment of the Company’s contractual obligations towards you, we ask from you your consent in each relevant form for their collection and processing. The processing of these personal data is realized by the Company within the framework of the hotel services that it offers to you and in its effort to constantly improve their quality and to satisfy your personal needs, which are different for each customer.
In the event that you have requested a payment via credit card, its data are stored until the date of your departure from the Hotel. Following the repayment of your stay and your departure all the data pertaining to your credit card are erased.
In order for you to participate in sports activities organized by the Hotel, to work out in the fitness center or to follow Spa treatments, we request your consent for the collection and the registration of personal data necessary for your protection from participation in non suitable activities. Without these personal data or without your consent, you shall not be able to participate in sports activities, in the Hotel’s fitness center and in the Spa.
The Hotel videotapes the areas in which this is permitted by the law, in order to prevent offenses against persons and goods, by observing all the measures for the protection of your image, pursuant to everything imposed by the relative legislation on the videotaping of areas for security reasons.
The Company takes all the necessary measures so that a photograph of yours does not appear on the Website, on social networks, in advertising, promotional or other relevant brochure, if you have not given your explicit consent in advance, in which also the time period for which your consent is valid shall be determined at the same time, following the lapse of which your image shall be deleted.
In any case, even without your prior consent, the Company, as Data Controller, may process your personal data in order to conform with the obligations that derive from the National Legislation, the regulations and the European Union law, in order to exercise rights in court proceedings, to consolidate or defend its legal claims, to protect its own legal interests, as well as in all the cases that are provided for, where appropriate, in the articles 6 and 9 of the GDPR Regulation.
How do we store the personal data and for how long
Minors’ Personal Data
The Personal Data of minors staying at the Hotel are always submitted by the parents / guardians accompanying them, with the consent of whom their every eventual processing is realized. Upon the departure of the minors from the Hotel, their data are erased, except from those that are required to be kept by the provisions of the legislation.
Processing of Personal Data from browsing the Website
If you visit the Website without using any of its available services and functions, the processing of your personal data is limited to the browsing personal data, to wit to the data that are necessary to be sent to the Website for its operation on the Internet (e.g. IP addresses), as well as to the data collected through the cookies monitoring system. The Company collects these data (e.g. the number of visitors on the Website, average duration of stay) from its partner (third party), who has undertaken the operation of the Website, only for receiving statistical data with respect to the Website’s use and its correct operation. The Company does not have any possibility to access data that may lead to the identification of a specific individual (e.g. MAC address or IP). Only the third party to whom the operation of the Website has been assigned by the Company has this ability, which third party has fully complied with the provisions of the GDPR Regulation and who, in any case, does not collect this information for the users’ identification. Nevertheless, given the fact that there is a possibility to trace the user through the connection with data possessed by third parties, the above data may be eventually stored by the third party associate of the Company for the tracing and the identification of the perpetrators of criminal and civil offenses committed either against the Website and the Company or against third parties, through the Website or by using the Hotel’s Wi-Fi. Without prejudice to this ability, the browsing data described above are temporarily stored for the purpose for which they were collected and always pursuant to the provisions of the legislation.
Links to other websites
How do we ensure the security and the quality of your personal data
The Company has taken all the necessary, appropriate, advisable and provided for by the GDPR Regulation organizational and technical measures, for the security of your personal data. The Company keeps the filled out forms in an area with protected and controlled access and uses advanced computer security technology for the protection of your electronically recorded personal data, in order for your personal data, in whatever manner these may be recorded, to be protected from accidental or illegal destruction or loss, from their illegal or unlawful use, from unauthorized access to them, as well as from disclosure without consent.
Which persons have access to your personal data
The Company’s employees and the Hotel’s personnel, who must process your personal data for the performance of their service duties and the provision of the hotel services that you have requested during your stay in the Hotel, have access to your personal data.
Your personal data may be eventually shared with third parties, which provide to the Company commercial, business or other services required for the Hotel’s operation and the support of the Company and the Hotel in providing the services you requested (e.g. tourist agencies, excursion organization agencies, sports activities organization agencies, Website support agencies, agencies for the provision of IT services) for the purposes that are mentioned above. The third parties receive only the necessary personal data for their respective operations and they undertake their processing only for the purposes mentioned above, pursuant to the provisions of the GDPR Regulation, with which they fully comply.
Your personal data may be also eventually notified to recipients determined by the legislation in force from time to time, with which the Company is obliged to comply. Please note that the Company is obliged to transmit your personal data to any competent Police, Prosecuting and Judicial Authority, if a relative request is submitted to it or a relative order is given to the Company.
Personal data transfer outside the E.U.
The Company informs you that, with respect to the transfer of your personal data outside the European Union, the transfer shall be solely and exclusively realized pursuant to the provisions of the GDPR Regulation and only to countries that participate in international programmes for the free movement of data or that are considered safe by the European Commission.
What are your rights
You may at any time exercise the rights that are provided for by the relative provisions of the GDPR Regulation. Inter alia, you may: confirm the existence or not of your personal data, control their content, their origin, their accuracy and their location, request a copy of these and demand any eventual corrections of these, request the limitation of their processing or and their deletion, as well as oppose to direct communication and direct marketing activities (which are limited also to specific communication means). You may also, whenever you wish so, withdraw your consent, submit remarks with respect to the procedures for processing your personal data, if you consider them erroneous or unjustified within the framework of your relationship with the Company, as well as submit a complaint to the Hellenic Data Protection Authority. You may communicate with the Data Controller or / and with the DPO at the Addresses indicated above, in order to submit requests with respect to the processing of your personal data by the Company and to exercise your legal rights.
You can also manage your preferences regarding cookies that help on the process of tailoring the messages and the content that you see during and after your visit in our website by clicking here.