The Company under the name “I. PAPAKALIATIS BROTHERS HOTEL MANAGEMENT COMPANY COMMERCIAL SOCIETE ANONYME ” and bearing the distinctive title "ZEUS HOTELS S.A.", located in Heraklion, Crete (L. Vyronos street, No 1), with VAT Registration No.: 999745004, Tax Office Heraklion, with Hellenic Business Registry Registration No.: 077895127000, as Personal Data Processing Officer, hereafter referred to as the "Company", in the framework of the General Data Protection Regulation (EU) 2016/679, which enters into force on 25.05.2018 (hereinafter referred to as "GDPR"), as well as the national and Community legislation, as applicable, is bound to its customers, respecting their privacy and being vigilant to ensure the confidentiality and security of their personal data. Our Company, ZEUS HOTELS SA, has six (6) hotels located in Heraklion Crete and Rhodes, named as: Blue Sea Beach, Cook's Club Hersonissos, Marina Beach, The Village, Neptuno Beach, Cosmopolitan.
This information is addressed to any and all natural and legal persons who carry out any transaction with the Company, as indicatively to its customers who make use of the services offered by the Company.
The processing of personal data consists in collecting, registering, organizing, structuring, storing, changing, retrieving, seeking information, using, transmitting, restricting or deleting personal data that have or will come to the knowledge of the Company either within the context of your dealings with it or within the context of information received by the Company from a third natural or legal person or public sector entity in the exercise of a legal right therein or of the Company itself.
The Company, in compliance with the applicable legal framework, has taken all necessary actions by implementing the appropriate technical and organizational measures for the lawful adherence and processing, committed to keep ensuring and protecting in every possible way the processing of your personal data from loss or leakage, alteration, transmission or otherwise unlawful processing thereof.
In order to make the collection, use and exchange of personal data transparent and to disclose the purpose and means of processing, "ZEUS HOTELS S.A." provides its customers with the following information:
The Company processes personal data that you have or will notify to the Company, you or your legal representatives, which are necessary for the initiation, maintenance and execution of your business relations and dealings with the Company, existing or future depending on the product or service provided and its applicable procedures and policies. Personal data that you provide to the Company shall be complete and accurate and up-to-date with your due diligence immediately, in every case of change or whenever deemed necessary by the Company for the purpose of maintaining your business relationships or fulfilling an obligation of the Company deriving from the national law and the regulatory provisions in force.
In addition, the Company processes your personal data which it receives or comes to know from a third party, whether natural or legal person or public body, and which is necessary either to achieve the legitimate interests of the Company or a third person, or the fulfillment of its tasks in the public interest (e.g. tax and insurance bodies).
In order to initiate and maintain/continue on having a business relationship with its clients and/or in particular to start providing hotel services to you, our Company collects and processes the following minimum personal data: first name, surname, father's name, identity card/passport or other official identification document, permanent residence, home address, correspondence address, business and work address, telephone (fixed and/or mobile), e-mail address. If necessary, you may be asked to provide additional information if this information is a prerequisite for initiating or maintaining our business relationship, targeting to the best possible service provided to you.
The collection and processing of the above personal data by the Company is necessary for the commencement, execution and maintenance of our business relationships [as defined in article 2 of the Regulation of the relations between hoteliers and their clients (article 8 of law 1652/30.10.1986, Greek Government Gazette 167 Α')]. Possible objection on your behalf to the provision or processing of your personal data - information may lead to the failure to initiate or maintain/continue your already existing partnership with the Company (for example, failure to provide the necessary data for booking a room will lead to inability to make the reservation).
The Company does not process “sensitive personal data” (data of specific and special categories), such as data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership of a trade union, genetic or biometric data in order to identify you as a processing Subject, as well as health data or data related to your sexual life, sexuality or sexual orientation unless:
The Company has in any case taken all needed technical and organizational measures to maintain safety and process appropriately your personal data which belong to the above specific categories.
The processing of personal data of minors, which is necessary for the commencement, execution and maintenance of our trading relationships (e.g. room reservation and stay - lodging of a minor in the hotel, etc.) is performed on the condition of the previous consent of parents or those who exercise parental responsibility, unless otherwise specified by law. For the purposes of this, minors are considered to be those who have not reached the age of 18.
Additionally, when processing of personal data is based on consent (in accordance with Article 6.1.a GDPR), in relation to the provision of information society services directly to a child, the consent provided by the minor and therefore processing is lawful if the minor is at least 16 years old. In the case where the minor is under 16 years of age, this processing - treatment is lawful only if and to the extent that such consent is granted or approved by the person having parental responsibility for the minor (as said in Article 8 of GDPR).
The Company lawfully processes personal data when:
The processing of your personal data concerns:
The Company can process your personal data, subject to your prior consent, in order to inform you about its provided products and services. For this purpose, it processes information about the services you use targeting to present products, services or offers that best serve your needs.
In any case, you are given the right to oppose the processing of your personal data for the above purpose of direct commercial marketing of the Company's products/services, including profile training, by submitting your request to the Company in any convenient manner or by unsubscribing from newsletters.
The Company maintains your personal data for as long as it is provided for by the applicable legal and regulatory framework per case, and generally for a minimum of five (05) years to a maximum of twenty (20) years from the last calendar day of the year in which your (each time) business - trading relationship with the Company expires. In the event of litigation, personal data that concerns you will be respected, secured and kept in any case until the end of the lis pendens, even if the above period of twenty (20) years is exceeded. In the event of any form of claim, your data will be kept to a minimum period of time, for as long as the claim is maintained.
In the event that any request for your cooperation with the Company is not accepted and the conclusion of the contract is not completed, the data will be kept for a maximum of five (5) years, in order to safeguard the interests of the Company in the event of a claim being made, after this period of time, will be erased in a non-recoverable way.
The company may also keep your personal data for longer, if it has a legal obligation to act so.
Access to your personal data is provided to the employees of the Company's business and operating units, within the scope of their responsibilities, as well as the companies of the Group (e.g. "ZEUS TECH"), within the context of the proper execution and fulfillment of their contractual, legal and regulatory obligations.
The Company does not transmit or disclose your personal data to third parties unless it concerns:
You can learn more about the names of our associates, upon your request.
The Company has legally ensured that the Performers of the Processing on its behalf meet the prerequisites and provide sufficient assurances that appropriate technical and organizational measures will be in place to ensure that your personal data processing will keep their rights protected.
Transmission or disclosure - notification required by the applicable legislative and in general regulatory framework or court decision (such as transmission to judicial authorities, tax authorities, supervisors, intermediaries), in compliance with the confidentiality provisions.
Judicial Authorities and public bodies within the extent of the exercise of their responsibilities.
ZEUS HOTELS S.A. does not transmit your personal data directly to third (non-EU) countries or international organizations, unless the transmission is required by the applicable regulatory or legislative framework or you have been informed of this and consented in advance and explicitly to such transmission (in cases in which this is required).
In any case, you have control over the processing of your personal data. In particular, you have the following rights:
For the exercise of the above rights you can address in writing to the Company's address (Heraklion Crete 1, Lordou Vironos street, PC 71202), or you can contact the e-mail address or by phone at +30 2810 398608.
Please let your relevant requests be accompanied by the appropriate proof of identification of your person, with the explicit reservation of the Company to request the provision of additional details to identify and confirm your information.
ZEUS HOTELS S.A. will make every effort to respond to your request(s) within thirty (30) days of submission of the relevant request or requests. The Company's denial or unjustified delay in meeting your claims in the exercise of your rights entitles you to appeal to the Data Protection Authority, as the competent supervisory authority for implementing the GDPR.
The Company may revise or modify this current update, on the basis of its applicable data protection policy and in accordance with the applicable laws and regulations. The updated information will always be available on the Company's website (www.zeushotels.gr).
The Company is taking care to enforce adequate and necessary technical and organizational measures to safeguard both technological and natural security according to article 32 GDPR (indicatively: encryption and regular testing, restricted accesses, special codes given to authorized persons for access to its databases, etc.) and observes the principles of the processing according to the GDPR, meaning the principle of legality, the principle of objectivity and transparency, the principle of purpose limitation, the principle of data minimization, the principle of accuracy, the principle of storage limitation and the principle of integrity and confidentiality (Article 5 of the GDPR).
With a view to safeguarding your privacy, we apply the best practices possible to safeguard and secure your personal data, by implementing the necessary technical and organizational measures set out in the GDPR. Data is secured by the loss of availability, integrity and confidentiality of information.
The Company is in constant harmonization and compliance with the terms of General Regulation (EU) 2016/679 on the protection of individuals - natural persons against and with regard to the processing of personal data and on the purpose of the free movement of data, and is constantly making every effort to comply with the above Regulation.
Although the Company has due diligence in relation to the processing of your personal data, it is on hand to deal promptly and in time with any potential violation (of it) for the best possible assurance. In the event of a violation of your personal data that may put your rights and freedoms at high risk, the company will take all appropriate technical and organizational measures and, if required by law, will inform you immediately.
In case you realize the violation of your personal data, you shall without delay contact and inform ZEUS HOTELS S.A., as soon as you become aware of such a possible violation of personal data, by notifying us of the nature of the violation of personal data. Indicative examples:
Check whether the breach has come from your own responsibility and collect all necessary information that ZEUS HOTELS S.A. will use to deal with the incident.
Useful Phone Numbers and Contact Information:
L. Vironos 1St., GR 71202
Tel.: +30 2810 398 634
Fax: +30 2810 398 589
GR 70007 Stalis
Tel.: +30 28970 31372-3
Fax: +30 28970 31375
Eleftheriou Venizelou 122 st., GR 70014
Limenas Chersonissou, Crete, Greece
Tel.: +30 28974 40700
Fax: +30 28974 40720
GR 71500 Kato Gouves
Tel.: +30 28970 41112
Fax: +30 28970 43442
GR 70014 Chersonissos
Tel.: +30 28970 26160-8
Fax: +30 28970 26169
Vagias 3 st., GR 71414
Amoudara, Crete, Greece
Tel.: +30 2810 370227
Fax: +30 2810 250888
Av. Iraklidou 175 st., GR 85101
Ixia, Rhodes, Greece
Tel.: +30 22410 75422-5
Fax: +30 22410 32823