Kalesma Mykonos Hotel Privacy Policy
LAST REVISED ON November 2, 2020
Scope of This Policy
Definitions
Hotel Booking Process
Hotel Guests
Gift Cards
Subscription to Our Newsletters
Mobile Applications
Website Forms
Meetings and Events
Analytics
Social Media and Online Reviews
Your Rights – Under EU Privacy Law
Your Rights – Non-EU Users
Security Measures
What Rules Apply to Children?
How Is Your Personal Data Shared with Third Parties?
International Data Transfers
How Long Will We Keep Your Personal Data?
Does This Privacy Policy Apply to Third Party Websites?
What Happens If We Make Modifications to This Policy?
How to Contact Us
Scope of This Policy
This Privacy Policy describes how the Kalesma Mykonos Hotel, operated by ALOGOMANDRA SUNSET ANONYMI ETERIA, a company incorporated under Greek laws having its registered seat and its offices at 31 Anagnostopoulou str., Athens, Greece, E-mail [email protected] and its Affiliates and Subsidiaries (“we” or “us”) collects, uses, consults or otherwise processes an individual’s Personal Data. This Privacy Policy applies globally but depending on where you live some specific provisions of this Privacy Policy may not apply to you.
For the purposes of EU Privacy Law, depending on the type of Personal Data processing described in this Privacy Policy, and/or Kalesma Mykonos Hotel may be operating as a sole Controller.
If operating as joint Controllers, both entities jointly determine the means and purposes of the processing of your Personal Data. What this means for you is that you can exercise you rightsagainst either of the joint Controllers by contacting either company as set out below.
In some of the situations described in this Privacy Policy, mainly in the need of redirection of guests according to Law 2015/2302and the Presidential Decree 7/2018, the hotel where you made a booking and/or stay will also process your data as a (or sole) Controller. The hotel will be solely responsible for the processing activities for which it is the sole Controller.
We are committed to protecting the privacy of our users and customers.
This Privacy Policy is intended to inform you how we gather, define, and use Personal Data that you provide to us when using our websites and mobile applications or when relying on our hospitality services. Please take a moment to read this Privacy Policy carefully. Please note that if you plan to submit someone else’s Personal Data to us, for instance when making a booking on their behalf, you may only provide us with that person’s details with their consent and after they have been given access to information about how we will use their details, including the purposes set out in this Privacy Policy.
THIS POLICY INCLUDES A DESCRIPTION OF YOUR DATA PROTECTION RIGHTS, INCLUDING A RIGHT TO OBJECT TO SOME OF THE PROCESSING ACTIVITIES WE CARRY OUT.
PLEASE NOTE THAT YOUR RIGHTS AS A DATA SUBJECT MAY VARY DEPENDING UPON WHERE YOU LIVE.
EU PRIVACY LAW REQUIRES US TO BE SPECIFIC ABOUT OUR REASONS AND LEGAL GROUNDS FOR USING YOUR PERSONAL DATA. ACCORDINGLY, FOR THE PURPOSES OF EU PRIVACY LAW ONLY, THE INFORMATION BELOW DESCRIBES
- THE TYPES OF DATA WE PROCESS,
- WHERE WE GET YOUR DATA FROM,
- THE GROUNDS WE RELY ON TO CARRY OUT THE PROCESSING,
- WHO WE MAY SHARE YOUR DATA WITH.
EXCEPT FOR THE “PROCESSED DATA CATEGORIES” SECTIONS SET OUT IN THE INFORMATION BELOW, NOTHING IS INTENDED TO BIND US IN RESPECT OF OUR NON-EU USERS, EXCEPT FOR THE POLICY RELATABLE TO OUR TERMS AND CONDITIONS FOR THE USAGE OF OUR WEBSITE AND OUR SERVICES.
Definitions
Affiliates and Subsidiaries: Any corporation, firm, partnership or other entity which directly or indirectly controls, is controlled by, or is under common control with Kalesma Mykonos Hotel.
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
EU Privacy Law: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (the ”GDPR”), as well as any legislation and/or regulation implementing or created pursuant to the GDPR,considered unequivocally compliant therewith and the e-Privacy legislation, as well as any legislation and/or regulation implementing or created pursuant thereto, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to the processing of Personal Data and privacy.
Processor: A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the controller.
Recipient: A natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a Third Party or not.
Third Party: A natural or legal person, public authority, agency or body other than the data subject, controller, Processor and persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.
Supervisory Authority: An independent public authority which is established by a Member State, for the primary reasons of this Policy, Greece, pursuant to Article 51 of the GDPR, for the reasons of this Policy, DPA.
Personal Data: Any information relating to an identified or identifiable natural person (”Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Privacy Shield: The EU-U.S. and Privacy Shield legal framework, designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring Personal Data from the European Union to the United States in support of transatlantic commerce.
Kalesma Mykonos Hotel: Kalesma Mykonos administrative entities, including but not limited to Kalesma MykonosHotel but also to the hotel operating under the Kalesmabrands (including but not limited to Kalesmaetc.) and their affiliated entities.
Standard Contractual Clauses: Sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of Personal Data.
Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Hotel Booking Process
1. Hotel booking process
In the context of the hotel booking process – whether this takes place online on our website, through an online booking channel (as Booking.com, Expedia.com etc.), via a travel agent, through a call center, without undesired call recording, operated at the company’s establishment or directly at the hotel – we process your Personal Data for the purpose of (i) enabling you to reserve a room in the hotel of your choice; (ii) verifying the availability of the hotel and to administer the booking; (iii) sending you a booking confirmation; and (iv) sending you informative pre-arrival emails.
Processed data categories
Address, Booking details (including reservation number), Date of arrival and departure, Email address, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date, Telephone number, Type of Room, Pet, Single/Double bed.
Source of data
Depending on the booking mechanism used:
– Directly from you through the online booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– From the Kalesma Mykonos hotel you made a direct booking with
Ground for processing
Processing is necessary to take steps to enter and perform a contract.
Recipients of data
– The Kalesma Mykonos hotel
– IT service providers involved in the (online) booking process
– Email communications service provider
2. Guest satisfaction surveys
We may provide you within the TV-set interface or in hard copy guest satisfaction survey requests by email during or after your stay to enable us to measure the performance of our hotel. You may unsubscribe from our guest satisfaction survey emails at any time by clicking on the unsubscribe link in the emails sent to you.
Processed data categories
Country of residence, Date of arrival and departure, Email address, First name / Last name, Nationality, Stay details
Source of data
Depending on the booking mechanism used:
– Directly from you through the booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– From our call center
– From the Kalesma Mykonos hotel you made a direct booking with
Ground for processing
Processing is necessary to ensure and follow up on the good performance of the contract you have with us combined with GDPR compliant business interests establishedin Dir. 2002/58 and art. 11 Law 3471/2006.
Recipients of data
– Internal Customer Satisfaction Audit body as well as the Reservation and Front Office Managers.
– Guest satisfaction survey provider/marketing agent
3. Service emails Analytics
In the context of service emails, which includes guest satisfaction survey emails, we may process and collect your Personal Data, and notably whether you have opened and actioned a service email, for analytical purposes in order to measure the click-through rate and improve the content of our service emails. You may unsubscribe from our service emails at any time by clicking on the unsubscribe link in the service emails sent to you.
The information below describes the types of data we process for this purpose, where we get your data from, the ground we rely on to carry out the processing, and who we may share your data with.
Processed data categories
Email address, Email clicking behavior, Email opening behavior, First name / Last name, Kalesma Mykonos Rewards membership number
Source of data
From our email analytics service provider
Ground for processing
Processing is necessary to ensure and follow up on the good performance of the contract you have with us.It is in Kalesma Mykonos Hotel’s legitimate interest as a business to understand the email clicking behavior of its guests in order to determine whether improvements are needed, combined with GDPR compliant business interests establishedin Dir. 2002/58 and art. 11 Law 3471/2006.
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
– Email analytics service provider
Hotel Guests
1. Hotel check-in and check-out
When staying at the hotel, we will collect and process your Personal Data for the purposes of (i) registering your arrival and departure at the hotel; (ii) assigning you a key card to your room; (iii) obtaining a credit card guarantee or hotel deposit to ensure payment of your stay; (iv) managing (and archiving) your hotel registration card; (v) creating or updating your profile in our hotel management system; (vi) assessing your eligibility for a room upgrade and managing this if applicable, if interest thereto has not been excluded; (vii) managing payment of your stay; (viii) establishing, printing or sending an invoice for your stay; and (ix) paying a commission to your travel agent (if applicable).
In the event you have booked a room in our hotel but do not show up – without cancelling – on the date of arrival communicated, we will process your Personal Data for the purposes of (i) cancelling your stay; and (ii) managing, processing and settling any outstanding payment that may be due.
Processed data categories
Address, Bookings (hotel, restaurant, event, etc.), Date of arrival and departure, Email address, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date, Telephone number, Title, Passport number
Source of data
Depending on the booking mechanism used:
– Directly from you through the booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– From the Kalesma Mykonos hotel you made a direct booking with via telephone, e-mail or comparable means.
– Directly from you through the hotel registration card in case of unexpected partial stay
Ground for processing
Processing is necessary to perform the contract you have with us.
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
– Your travel agent (if applicable)
2. Credit limit reports
To ensure payment for all guests staying in a hotel room, each hotel guest is asked for a credit card or deposit upon arrival. In order to ensure that you do not exceed your credit limit during your stay, we produce a credit limit report once a day for the purposes of verifying whether your credit limit has been exceeded. These credit limit reports may contain your Personal Data. Please note that in limited circumstances these credit limit reports may be subject to one of our internal financial audits, and may therefore be accessed by members of our internal audit department, in order to ensure that our hotel follow the Kalesma Mykonos Hotel internal guidelines and policies.
Processed data categories
Date of arrival and departure, First name / Last name, Payment card type, number and expiration date
Source of data
Depending on the booking mechanism used:
– Directly from you through the booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– From the Kalesma Mykonos hotel you made a direct booking with
– Directly from you through the hotel registration card
Ground for processing
Processing is necessary to ensure the performance of the contract you have with us.
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– IT service provider
3. Hotel stay
When you stay in one of our hotel, we endeavor to make your stay as pleasant as possible. This requires processing your Personal Data for the purposes of providing specific services during your hotel stay. These services include (i) housekeeping and maintenance; (ii) returning declared as lost or forgotten items to you; and/or (iii) managing your and your co-guests’ explicitly given preferences that you have expressed, such as dietary requirements, mattress softness, co-habiting nurse, stair avoidance preference and pillow preferences, allergies, birthdays, anniversaries, in order to provide you with a better service during your stay with us.
Processed data categories
Address, Consumption habits, Date of arrival and departure, Dietary requirements, Email address, First name / Last name, First name / Last name of adult co-guest(s), Other preferences, Payment details (for the purpose of returning lost or forgotten items), Telephone number,
Source of data
Depending on the booking mechanism used:
– Directly from you through the booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– From the Kalesma Mykonos hotel you made a direct booking with
– Directly from you during your stay at the hotel
Ground for processing
It is in both counterparties’ interest to perform the contract in a tailor-made way with high specificity as well as in Kalesma Mykonos Hotel’s legitimate interest as a business to organize its day-to-day hotel maintenance activities, to personalize the services it provides, and/or to be able to identify the owner of a lost or forgotten item. Taking into account the limited Personal Data collected consensually, processed and shared for such purpose(s), Kalesma Mykonos Hotel’s business interests prevail over yours.
Recipients of data
– Hotel personnel, including housekeeping, maintenance, front desk, and/or other hotel personnel concerned
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
– Delivery or courier service providers (for the purpose of returning lost or forgotten items)
4. Hotel guest additional services and facilities
In many of our hotel you can benefit from additional services and facilities, such as breakfast, room service, minibar, pool, restaurants and bars, spa treatments, laundry services, parking, taxi requests, free Wi-Fi, Concierge Services: Car, Moto, Boat, Helicopter rentals, Restaurants, Clubs, Beach bookings etc. In the event you make use of additional services or facilities, your Personal Data may be processed to (i) manage the booking and use of such additional in and out ofhotel services and/or facilities; (ii) administer any advance bookings of additional services and/or facilities to your file; (iii) personalize returning guests’ arrival to the hotel and the choice of room amenities and room features; and (iv) manage the expenses incurred for such additional services and/or facilities,possibly in the benefit of third parties who have provided the service.
Processed data categories
Consumption habits, Date of arrival and departure, transporter services destinations, Dietary requirements, Email address, First name / Last name, First name / Last name of adult co-guest(s), Payment card type, number and expiration date,
Source of data
– Directly from you through the online booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– Directly from you through the hotel registration card
– Directly from you when making your additional service/facility request with the hotel front desk or the concierge
– Through the online booking platform for additional services and facilities
Ground for processing
Processing is necessary to take steps with a view to entering into a contract and/or to perform the contract.
Recipients of data
– Hotel personnel, including front desk, room service, and/or other hotel personnel concerned
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
Subscription to Our Newsletters
1. Newsletters and marketing communications
If you have explicitly consented to receive our newsletters or marketing communications, including in relation to Kalesma Mykonos Rewards, we may, from time to time, contact you with information about our services and latest offers and process your Personal Data for this purpose.
If you no longer want to receive our newsletters or marketing communications, you can unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you.
Processed data categories
– Address, Date of birth, Email address, First name / Last name, Gender, Telephone number, Hotel stay history, Country of residence
Source of data
– Directly from you when subscribing to our newsletter or later when completing your account
Ground for processing
– Ad hoc consent obtained during the subscription to our newsletteror the performance of a service in our premises, itself a legitimate interest basis according to art. 95 GDPR, EU Directive 2002/58 and art. 11 para. 3 Law 3471/2006
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
– Email communications service provider
2. Newsletters and marketing communications analytics
In the context of our newsletters and marketing communications, we may also process and collect your Personal Data, and notably whether you have opened and interacted with one of our communications, for analytical purposes in order to measure the click-through rate and improve the content of our newsletters and marketing communications.
Processed data categories
– Email address, Email clicking behavior, Email opening behavior, First name / Last name,
Source of Data
– From our email analytics service provider
Grounds for Processing
– Ad hoc consent obtained during the subscription to our newsletter or the performance of a service in our premises, itself a legitimate interest basis according to art. 95 GDPR, EU Directive 2002/58 and art. 11 para. 3 Law 3471/2006. It is in Kalesma Mykonos Hotel’s legitimate interest as a business to understand the click-through rate of its emails in order to determine whether improvements are needed. In this context and regarding only the Processed data categories, Kalesma Mykonos Hotel’s business interests prevail over yours.
Recipients of Data
– IT service providers
– Email analytics service provider
Website Forms
Should you have a particular query or feedback, including the exercise of one of your rights under the GDPR, you may contact us through the contact forms available on our website. In such context, we may process your Personal Data for the purposes of handling and providing an answer to your query or request or to follow up on your feedback.
The information below describes the types of data we process for these purposes, where we get your data from, the ground we rely on to carry out the processing, and who we may share your data with.
Processed data categories
– Address, Email address, First name / Last name, Kalesma Mykonos Rewards membership number, Stay details, Telephone number, and any other data you may decide to share with us in open comment boxes.
Source of data
– Directly from you through the form
Ground for processing
– Ad hoc consent obtained through the contact form
Recipients of data
– IT service providers
Meetings and Events
1. Meetings and events organization and feedback
If you wish to organize a meeting or event in one of our hotel or if you would like more information on this possibility, you can reach out to us by directly contacting the hotel or by contacting us by other means. The Personal Data collected will be processed for the purposes of fulfilling your request to organize a meeting or event.
We may also send you meeting satisfaction surveys after your meeting or event to enable us to measure the performance of our hotel as meeting venues.
Processed data categories
– Address, Date of meeting or event, Email address, First name / Last name, Profession and employment, Kalesma Mykonos Rewards membership number, Telephone number, Type of meeting/or event, number of dates, number of participants, guest list
Source of data
Directly from you through:
– the online contact form
– a request communicated by other means
Ground for processing
Depending on whether you contract directly with us or on behalf of your company:
– Processing is necessary to take steps at your request with a view to entering into and to perform a contract
Recipients of data
– The hotel
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
– Meeting satisfaction survey provider
2. Meetings and events marketing communications
If you have opted for receiving updates on our news and offersor are eligible for receiving relevant updates following performance of the contract you have or have recently had with us,you will receive commercial communications in the context of the organization of a meeting or event and we will also process your data to contact you with information about our services and latest offers.
Processed data categories
– Address, Email address, First name / Last name, Profession and employment, Telephone number
Source of data
Directly from you through:
– the online Request a Proposal form
– the online contact form
– a request communicated by other means
Ground for processing
Ad hoc consent obtained through:
– the Request a Proposal form online
– the contact form
combined with GDPR compliant business interests established in Dir. 2002/58 and art. 11 Law 3471/2006, following the concluded performance of an already agreed upon contract or provision of service.
Recipients of data
– IT service providers
– Email communications service provider
3. Meetings and events marketing communications analytics
In the context of our marketing communications concerning meetings and events, we may also process and collect your Personal Data, and notably whether you have opened and interacted with one of our communications, for analytical purposes in order to measure the click-through rate and improve the content of our marketing communications.
Processed data categories
– Email address, Email clicking behavior, Email opening behavior, First name / Last name, Profession and employment, Kalesma Mykonos Rewards membership number
Source of data
– Your e-mail interaction behavior and our relevant input our email analytics service provider
Ground for processing
– It is in Kalesma Mykonos Hotel’s legitimate interest as a business to understand the click-through rate of its emails in order to determine whether improvements are neededcombined with GDPR compliant business interests established in Dir. 2002/58 and art. 11 Law 3471/2006, following the concluded performance of an already agreed upon contract or provision of service.
Recipients of data
– IT service providers
– Email analytics service provider
Analytics
We may use any data you provide to us for analytical purposes to optimize your experience, enhance our marketing, business and operational efficiency, create segments of our customers based on their Personal Data and tailor our offers and promotions to your preferences and consumption habits. In the context of such analytics, we analyze and may combine different data we hold about our guests, including (i) responses to guest satisfaction surveys; (ii) communications guests have with us; (iii) click-through rates for our marketing communications; (iv) our guests’ behavior on our websites, tracked by agreed-upon cookie-based applications; (v) bookings.
Please see also our dedicated sections on:
Meeting and Events
Marketing Communications Analytics and
Newsletter and Marketing Communications Analytics.
Processed data categories
– Hotel stay details, Address, Bookings (hotel, restaurant, event, etc.), Date of arrival and departure, First name / Last name, First name / Last name of adult co-guest(s), Email address, Telephone number, Payment card type, number and expiration date, Kalesma Mykonos Rewards membership number, redemption history
Source of Data
– Directly from you when signing up to Kalesma Mykonos Rewards or claiming or redeeming Kalesma Mykonos Rewards points
– Directly from you through the online booking form
– Through the online booking channel you used to make the booking
– From your travel agent
– From our call center
– From our email analytics provider
– Directly from you when making your additional service/facility request with the hotel front desk or the concierge
Ground for processing
– Your consent on in-site or e-mail content behavior tracked as well as input gathered on e-mail interaction behaviour in line with GDPR compliant business interests established in Dir. 2002/58 and art. 11 Law 3471/2006, following the concluded performance of an already agreed upon contract or provision of service so asfor Hotel Kalesma Mykonos to understand its guests’ preferences and consumption habits.
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– IT service providers
– Analytics service provider
– Providers of targeted advertisements
Social Media and Online Reviews
We may process your Personal Data obtained through social media platforms (including Facebook, Instagram and LinkedΙn) or online reviews (including on TripAdvisor) concerning our Kalesma Mykonos brands for the purposes of (i) addressing your questions or complaints; (ii) monitoring our online reputation; and (iii) improving our services and identifying opportunities on which we can focus.
Some of our social media pages allow users to submit their own content. Please remember that any content submitted to one of our social media pages can be viewed by the public, and you should be cautious about providing certain personal information (e.g., financial information or address details) via these platforms. We are not responsible for any actions taken by other individuals if you post personal information on one of our social media platforms (e.g., Facebook or Instagram and LinkedΙn). Please also refer to the respective privacy and cookie policies of the social media platforms you are using.
Processed data categories
– Any Personal Data you may decide to share with us or published on social media or in other online reviews about us
Source of Data
– Directly from you through publicly accessible (i) social media pages, (ii) online booking channels or (iii) other (review) websites
– From our online reputation monitoring service provider, further based on publicly accessible (i) social media pages, (ii) online booking channels or (iii) other (review) websites
Ground for processing
– It is in Kalesma Mykonos Hotel’s legitimate interest as a business to process the Personal Data you have chosen to address to us or make publicly available on social media platforms, online booking channels or other (review) websites in order to improve our services and identify business opportunities. In this context, Kalesma Mykonos Hotel’s business interests prevail over yours..
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– Online reputation monitoring service provider
Social media contests
From time to time, we may organize a contest on one of our social media pages. If you choose to participate in such contest, we will process your Personal Data for the purpose of organizing and managing the social media contest and picking the winner(s).
Processed data categories
– This depends on the data fields in the contest concerned, but almost always includes the following categories of data:
Address, Email address, First name / Last name, Telephone number
Source of Data
– Directly from you through our social media pages
Ground for processing
– Processing is necessary to take steps to enter into and perform a contract as you accept the terms and conditions of the contest.
Recipients of data
– Other Kalesma Mykonos Hotel entities involved
– IT service provider
Your Rights – Under EU Privacy Law
If you are in the EU, EU Privacy Law grants specific rights, summarized below, which you can in principle exercise free of charge, subject to statutory exceptions. These rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. To exercise any of your rights, you can file a request via email at [email protected], to which we will respond within 30 days, unless further process of your request is needed for which you will be informed.
Should you have unresolved concerns, you have the right to lodge a complaint with the Supervisory Authority (Archi Protasias Dedomenon Prosopikou Charaktira, L.Kifissias & L.Alexandras, Athens, +30 210647 5600) in case you believe a breach may have occurred. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Supervisory Authority.
1. Right to withdraw consent
Wherever we rely on your consent, you will be able to withdraw that consent at any time you choose and at your own initiative or by contacting us at [email protected] . The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the moment where you withdraw your consent. Please note that we may have other legal grounds for processing your data for other purposes, such as those set out in this Privacy Policy.
2. Right to access and rectify your data
You have the right to access, review, and rectify your Personal Data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to rectify any information like your name, email address, passwords and/or any other preferences, you can easily do so by logging in to your account on our website (if you have one) or by contacting us [email protected]. You may also request a copy of the Personal Data processed as described in this Privacy Policy.
3. Right to erasure
In accordance with EU Privacy Law, you have the right to erasure of your Personal Data processed by us as described in this Privacy Policy in case it is no longer needed for the purposes for which the Personal Data was initially collected or processed or in the event you have withdrawn your consent or objected to processing as described in this Privacy Policy and no other legal ground for processing applies. Should you wish to have your Personal Data erased, please file a request via email at [email protected].
4. Right to restriction of processing
Under certain circumstances described in EU Privacy Law, you may ask us to restrict the processing of your Personal Data. This is for example the case when you contest the accuracy of your Personal Data. In such event, we will restrict the processing until we can verify the accuracy of your data.
5. Right to object to processing
Under certain circumstances described in EU Privacy Law, you may object to the processing of your Personal Data, including where your Personal Data is processed for direct marketing purposes.
6. Right to data portability
Where you have provided your data directly to us and where the processing is carried out by automated means and based on your consent or the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, commonly used and machine-readable format, and to transmit this data to another service provider.
Your Rights – Non-EU Users
Depending on where you are located you will have different rights in respect of your Personal Data and we will comply with the relevant requirements of applicable laws and this Privacy Policy.
California Privacy Rights
If you reside in California, you have the right to ask us one time each year if we have shared Personal Data with third parties for their direct marketing purposes. To make a request, please send us an email at [email protected] write to us at the address listed below. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
Russian Citizens
In accordance with Russian Federal Law “On Personal Data” No. 152-FZ we collect, record, systematize, accumulate, store, update (renew and modify), and extract Personal Data about Russian citizens using databases located in the territory of the Russian Federation. If you indicate that you are a Russian citizen of the Russian Federation, we will process your Personal Data in compliance with this requirement and your profile will be maintained on databases in the Russian Federation. If you do not indicate that you are a citizen of the Russian Federation, we are not able to process and maintain your Personal Data under these requirements and will not be liable for that. You are solely responsible for indicating the country of your citizenship. Information containing Personal Data of Russian citizens may be transmitted from the Russian Federation to countries that ensure an adequate level of protection for Personal Data, including member states of the European Union and other countries which Russian law recognizes as ensuring adequate to protection, and also to other countries that may not ensure adequate level of protection for Personal Data. By submitting information to us on our sites and apps, submitting forms to us, or registering on our sites, programs and apps, or making reservations, you grant us consent to process your Personal Data.
Security Measures
Appropriate technical and organizational measures are implemented in order to ensure an appropriate level of security of your Personal Data, including but not limited to encryption techniques, physical and IT system access controls, obligations of confidentiality, etc.
In the event Personal Data is compromised as a result of a Personal Data Breach we will make the necessary notifications, as required under applicable laws.
What Rules Apply to Children?
We do not knowingly collect or solicit Personal Data from anyone under the age of 18 or knowingly allow such persons to book a room in one of our hotel. In the event we learn that we have collected Personal Data from a child under the age of 18 without verification of parental consent, steps will be taken promptly to remove that information. If you believe that we have or may have information from or about a child under 18 years of age, please contact us at [email protected]
How Is Your Personal Data Shared with Third Parties?
We only share or disclose information as described herein, including with Third Parties.
Your Personal Data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the Controller(s) legitimate interests in compliance with applicable laws. In addition, we may share your Personal Data and other information with a successor to all or part of our business, where this is in our legitimate interests in facilitating a business sale and in this context our business interests prevail over yours. For example, if parts of our business or assets are sold, we may disclose user information as part of that transaction, subject to applicable law.
International Data Transfers
If you are in the European Economic Area (EEA), the data that we collect from you as described in this Privacy Policy may be transferred to and stored at a destination outside the EEA, including for the purposes of processing that data by selected Processors, in order to facilitate the Kalesma Mykonos Hotel’s business. Countries outside the EEA may not have laws which provide the same level of protection to your Personal Data as laws within the EEA. Where this is the case we will put in place appropriate safeguards to ensure that such transfers comply with EU Privacy Law, either by putting in place Standard Contractual Clauses approved by the European Commission as ensuring an adequate protection or by ensuring that the transfer is done to an organization that complies with Privacy Shield in case the transfer is made to the United States of America.
In this respect, please note that Kalesma Mykonos adheres to the E.U.-U.S. and Swiss-U.S. Privacy Shield Framework, to the extent that these are considered valid or superseded by instruments of equal normative effect. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. The Federal Trade Commission shall have enforcement jurisdiction over Kalesma Mykonos Hospitality, Inc’s compliance with the Privacy Shield. Kalesma Mykonos Hospitality, Inc. may have potential liability in cases of onward transfer to third parties. To learn more about the Privacy Shield program, and to view Kalesma Mykonos certification page, please visit https://www.privacyshield.gov/. In compliance with the E.U.-U.S. and Swiss-U.S. Privacy Shield Principles, Kalesma Mykonos Hospitality, Inc. commits to resolve complaints about your privacy and our collection or use of your Personal Data, to the extent that these are considered valid or superseded by instruments of equal normative effect.
Kalesma Mykonos Hospitality, Inc. has further committed to refer unresolved privacy complaints under the E.U.-U.S. and Swiss-U.S. Privacy Shields to the American Arbitration Association, http://go.adr.org/privacyshield.html. Finally, in certain limited circumstances and as a last resort, it may be possible for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission to the extent that these are considered valid or superseded by instruments of equal normative effect.
Please note that if you are not a European Union or Switzerland resident, then Privacy Shield requirements regarding the handling of complaints may not apply to you and Privacy Shield enforcement mechanisms may not be available to you.
In case you wish to obtain more details about our data transfer safeguards and the mechanisms in place, you may contact [email protected].
How Long Will We Keep Your Personal Data?
We retain your Personal Data for as long as is required to fulfil the activities set out in this Privacy Policy, for as long as otherwise communicated to you or for as long as is permitted by applicable law. For example, we may retain your Personal Data if it is reasonably necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this Privacy Policy and prevent reasonably expected fraud and abuse.
To determine the appropriate retention period for the information we collect from you, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Does This Privacy Policy Apply to Third Party Websites?
If you click on a link to a Third-Party website, you will be taken to a website we do not control, and our Privacy Policy will no longer be in effect. Your browsing and interaction on any other website are subject to the terms of use and privacy and other policies of such Third-Party website. Read the privacy policies of other websites carefully. We are not responsible or liable for the information or content on such Third-Party websites.
What Happens If We Make Modifications to This Policy?
We reserve the right to modify and update this Privacy Policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.
How to Contact Us
Questions, comments, remarks, requests or complaints regarding this Privacy Policy are welcome and should be addressed to [email protected].
If you have questions about an individual hotel’s practices or the information it has, please contact the hotel directly.