Latest Update: 01 December 2019
Latest Update: 01 December 2019
Α. Introduction
Our Company, CHANDRIS HOTELS (HELLAS) S.A., (hereinafter the Company), who is the owner of the hotels “Athens Marriott Hotel”, “The Met Hotel Thessaloniki” and “Chios Chandris Hotel”, takes under serious consideration the protection of visitors’, customers’, suppliers’, partners’ and its employees’ privacy. Therefore, we strictly comply with this present Personal Data Protection Policy (hereinafter the Policy), which ensures a high level of the services offered and is based on the legislative framework in force. The personal data related to you are being collected and maintained, for predetermined, explicit and lawful causes, during the absolutely necessary and lawful time periods, and they are being processed lawfully and legitimately in a lawful, fair and transparent manner, in accordance with the legal framework in force and are subject to integrity and confidentiality. Each time, these data are proper, relevant, appropriate and not more than those required, in view of the above lawful and clear purposes, they are precise and, if needed, they are being updated.
Β. Particulars of the Company CHANDRIS HOTELS (HELLAS) S.A.
The particulars of the Company, in which you may address or with which you may transact in any way, are as follows:
Trade Name: CHANDRIS HOTELS (HELLAS) S.A. Seat: 377 Syggrou Avenue – 175 64 Palaio Faliro
Tax Number: 094025227 Tax Office: Piraeus Tax Authority for SAs [F.Α.Ε. PIRAEUS]
SA registration number 6146/01ΝΤ/Β/86/670
Athens Prefecture
General Commercial Registry Number 121811801000
and the particulars of the Data Protection Officer for the hotels of the company CHANDRIS HOTELS (HELLAS) S.A. are:
Angeliki Sougle, 377 Syggrou Avenue – 175 64 Palaio Faliro, 210 9484720, dpo@chandris.gr.
C. Purpose
Pursuant to this Policy, the terms and conditions observed by our company are being defined, which are solely related to the protection of visitors’, customers’, suppliers’, partners’ and our employees’ privacy, as well as of any other person’s privacy who does transactions with us in any way, the personal data of whom are being processed in order for hotel services to be provided and of the privacy of the websites www.chandris.gr, www.themethotel.gr, www.chioschandishotel.gr users.
It is noted that the Athens Hotel and the Website of “Αthens Marriott Hotel” are subject, as far as the protection of Personal Data is concerned, to the Global Group Privacy Declaration of the Marriott companies, and you are entitled to require access to, rectification or erasure of your Personal Data or to you may object to their processing, by sending an e-mail at the address privacy@marriott.com or by mail at the address: Global Compliance, Privacy, 10400 Fernwood Road, Bethesda, MD, 208717, U.S.
This Policy aims at informing you about the way of collecting, maintaining and processing of the information related to you, like the personal data that you provide to us.
The Company maintains the right to amend and adjust this Policy, whenever it deems necessary, whereas these amendments come into force from the time they are uploaded to the Websites www.chandris.gr, www.themethotel.gr, www.chioschandrishotel.gr.
In any case we suggest that you check this Policy from time to time, because it is possible that we have performed amendments in order to improve it.
D. Definitions
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person,
‘special categories of personal data’ are among others genetic, biometric, data concerning health, racial or ethnic origin etc.,
‘personal data processing’ means any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data,
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Ε. Personal data protection legal framework
The ‘personal data protection legal framework’, out of which this Policy derives, is the General Data Protection Regulation no. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the Law 4624/2019 Government Gazette Issue Α’ 137/29-08-2019 and every Law or Regulation that has been issued following or for the implementation of the above General Regulation, as well as any national law which is in force and applies and relates to the processing and to the protection of personal data in general.
F. Means of collecting your information
We collect and process your personal data each time you use our services (either those services are provided directly by us or by other companies or agents acting on our behalf), when you stay at the Hotel, when you visit our restaurants, in general when you interact with us, when you use our sites, or when you use our call centers or our mobile and tablets apps. Also, information about you is collected by us:
G. Purposes of data collection
We collect your data, on the one hand, so that we can provide the services you have requested, and on the other hand, in order to improve them. In particular, we collect data for the following purposes:
Η. Data that we collect
Depending on the purpose of your visit and the service that you wish to obtain through our Websites, the nature of the personal data that we collect shall include information, such as name/last name, address, e-mail address, telephone number, vehicle plate number, as well as additional information such as airline company, flight number etc.
In some cases, it is also possible that we need to collect personal data of a sensitive nature, such as medical data, so that we are in the position to meet your particular needs e.g. potential allergies. We keep this kind of information only if we are so obliged pursuant to the applicable legislation or if you grant to us your explicit consent, in the context of the provision of our services, e.g. to provide a specific diet.
We preserve the right to collect, store and process different kinds of personal data relating to you. In particular:
I. Time period of storage of Personal Data
Our Company maintains your personal data solely as long as needed so that the purposes for which they have been collected are fulfilled (e.g. completion of legal/tax procedure). In addition, depending on the quantity, the nature and the sensitivity of the personal data, as well as the purposes for which we process them, we decide the appropriate time period of their storage.
We are entitled to anonymize your data, so that they cannot be associated with you, for the purpose of being used for research or statistical purposes, so we may use this information indefinitely, without further notice to you.
The CVs collected by the competent Human Resources Departments, are kept for one year and then they are destroyed, in accordance with the Destructions Policy followed by our company.
J. Access of third parties to your Personal Data
Our primary principle is not to disclose your information to third parties for their own independent business or commercial promotion activities without your consent.
However, aiming at the optimum provision of services to you, we grant access to your personal data or part thereof, to our properly trained personnel (hotel’s personnel, IT department, commercial promotion department, legal department, medical services, if deemed needed). The employees who have access to your personal data, use encrypted codes, which are regularly updated. In addition, we may disclose your personal data to business associates that we trust who comply with the requirements of the GDPR, as well as to the competent Authorities, in order to comply with the accounting and tax regulations and, in general, with the legislation in force, to confirm that we comply with the policies governing our services, as well as to achieve the highest level of security of the Company and of the Hotels.
Κ. Your rights in relation to data protection
The legislation relating to the protection of your Personal Data provides you the following rights, which you may, in principle, exercise for free and in accordance with the provisions of the legal framework:
iii. when the Company no longer needs your Personal Data for the purposes of processing, but these Personal Data are required by you for the establishment, exercise or defence of legal claims.
The above rights may be limited in case that another law must be applied, as for example in case that you request the erasure of data, whereas we are obliged to keep them pursuant to the law.
For all the above and for the resolution of any query you may have in relation tο the applicable legislation on personal data, you may communicate with our company as follows:
L. Right to lodge a complaint
In case that you think that your rights related to the Protection of your Personal Data are breached, you are entitled to lodge a complaint with the Data Protection Authority (1-3 Kifisias Avenue, P.C. 115 23, Athens, tel.: +30 2106475600, email : contact@dpa.gr).
Moreover, you are entitled to a remedy before the competent judicial authorities for the protection of your personal data.
Μ. Security measures
The Company has taken appropriate technical and organizational measures so that the application of Legislation and the proper level of security of your personal data are observed and has trained its personnel and the entire network of its partners properly, by means of Personal Data Policies and Procedures, and it bounds all its partners, who act on its behalf in the capacity of Processors through contractual agreements that are guaranteed and safeguarded. If for any reason you think that the interaction between us is not safe, please let us know.
Ν. Newsletter
Our Company sends e-mails in order to advertise and directly promote our products or/and our services by means of a newsletter. In any such e-mail, we clearly and explicitly disclose our identity and allow you to object and request, in an easy manner and free of charge, termination of communication and erasure of your data from that database.
O.Cookies
Cookies are small files that are stored on your computer, tablet and mobile phone, and generally on the device you are browsing. Each cookie contains information, such as the name of the site it comes from, its lifetime, and a value, which are usually letters and numbers. Cookies allow us to store various anonymous information, such as your browsing preferences or if you have visited our site again.
In addition to our own website we also use 3rd Party Services such as Google Analytics.
– Google Analytics Cookies: they are used to collect and view statistics from Google such as the browser used by users, how many times they have visited the site, and from which site they were directed to ours. For more information on how Google uses your data, see https://policies.google.com/privacy?hl=el#infocollect” target=”_blank” https://policies.google.com/privacy?hl=el#infocollect