Guest House Rentals takes very seriously the fundamental right of natural persons – users regarding the processing of their personal data and the necessary protection thereof and undertakes to protect your personal data as specified in the European Union Regulation 2016/679 – hereinafter the “GDPR”.
The data controller of your data is the company with the trade name “Φ. Πουλημάς Γ. Σωτηρόπουλος Ο.Ε” (hereinafter referred to as “Guest House Rentals” or the “Company”), with registered offices in 22 Agias Triados St., Agia Paraskevi, 15343, Athens Greece.
What is processing of personal data of a natural person?
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The procession of personal data is performed in the context of the Company’s activities, provided that the processing activities are related to the provision of goods or services to said data subjects, whether payment by the data subjects is required or not. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.
The Company processes and stores files with the personal information of the data subjects, for financial, fiscal, accounting, archiving and communication purposes, pursuant to the provisions of article 5 of the GDPR. In the context of continuous improvement of its services and information, it may process for statistical purposes, applying strict confidentiality terms, part or all the data that the data subjects have submitted. The Company keeps a physical or electronic record of its processing. The same record is kept by the data processor performing the processing on behalf of the Company.
How is your personal data collected?
The Company collects information directly from you when you access its services, either in person or electronically by means of its databases. Furthermore, it collects data from publicly available sources, when required (websites, public telephone directories etc.).
The specific personal data requested in our various forms, is determined by your relationship with us, the purpose you are accessing our website and required for the fulfillment of the purposes for which the Company requests said information. This means that if you do not provide your personal data or submit it incorrectly, we are not able to fulfill said purposes.
The Company, depending on its relationship with you, the request you have submitted in the form/forms you fill and your capacity, creates lists/files where it records you and will request exclusively the personal data necessary for each list. Optionally, the data subjects may provide additional information, if they wish. For certain functions and if required by law, it will be necessary to disclose your age to us.
Said data is not published, is accessible only to the data processors on behalf of the Company and is disclosed only for lawful purposes, always in accordance with the provisions of the GDPR. The data subjects are responsible for the accuracy and authenticity of the data they submit.
Why do we process your personal data?
Below you will find a brief review of the purposes for which the Company, with your consent, processes your personal data, depending on the form you filled and your request. In particular:
– For the communication, via newsletter, of the purposes, the activities and the services of the Company.
– In order to be able to process your registration, the requests and reports received through its website, allowing the processing to fulfill your request and the purposes for which your data has been collected.
– For the fulfillment of obligations deriving from laws, regulations and European Union law. The lawful basis for processing is provided by article 6 paragraph 1 of the GDPR.
During the processing of your personal data we ensure their full protection and confidentiality and we use all the required technical and organizational measures and policies. The Company may process your usual and sensitive personal data should it need to defend its rights before any court and in any legal procedure in general.
Furthermore, by registering in the Company’s website you may participate:
– In electronic commerce activities, with your explicit and informed consent, providing payment services for the goods and/or services you purchased, using payment gateways established for this purpose.
– In the purchase of services, through third party platforms.
In particular, for the purchase of services using third party electronic platforms, your will be requested to provide basic personal data necessary for the electronic reservation of tickets. The lawful basis for the processing of said data is the informal but free contract concluded between the Company and the customer for the provision of services.
Furthermore, we may collect data in other cases for your information needs, about which you will be promptly informed at the moment of collection thereof, ensuring the lawfulness of the processing by complying with the principles of lawfulness, fairness, transparency, accuracy, integrity, confidentiality, data minimization and purpose limitation.
Lawful basis for data processing.
The Company will process your personal data with your explicit consent, always in accordance with the GDPR requirements and regarding the purpose specified in the form you have filled. However, if you subsequently wish to withdraw your consent to any data processing, this will not affect the lawfulness of the processing already performed by the Company, or of any subsequent processing required for other lawful procedures in accordance with the GDPR.
The Company implements and applies appropriate technical and organizational measures and policies in order to protect your personal data from risk of loss or erroneous processing, in full compliance with the provisions of the European General Data Protection Regulation (GDPR). Furthermore, we request from our service providers to comply with the strict requirements for the security of your personal data. In case of breach of your personal data, the Company will promptly inform you in accordance with the definitions of the Regulation.
Requests and complaints
Your requests may be sent to the e-mail address: [email protected] The Company will examine your request as soon as possible after the receipt of your request. If the Company rejects your request, we will provide you a relevant reasoned response about the reasons.
1. Processing of personal data in the Company’s webpages.
1.1. Categories of personal data
During your visit in the Company’s webpages, the Company may process personal data that may be used for your identification or to contact you:
(a) The data entered by you during your registration in the webpage and the offered services (full name, contact telephone, email, company name, address).
(b) Personal data collected automatically during your browsing (IP address, device type, browser application, redirect pages, pages of the company that you visited, date and time of visit).
1.2. Purposes of processing
Your personal data is processed for the following purposes:
(a) In order to receive custom information and responses to your requests, to have access to your personal files as well as to allow the Company to contact you, if you so wish.
(b) To establish any lawful claim or defense of the Company against any fraud attempt, cyberattack or other unlawful activity.
(c) To generate anonymized traffic and accessibility statistics for the main webpage and the following pages, so we can create your transaction profile, based on your preferences and transaction habits, in order to provide targeted and personalized offers of products and services and improve your browsing experience.
(d) To inform you about new products and services provided by the Company.
1.3. Lawful basis for processing.
The processing of your personal data is necessary for the achievement of the aforementioned purposes. Unless otherwise stated during the collection of the personal data, the lawful basis for the processing thereof is one of the following:
(a) Processing is necessary for the performance of a contract to which you are a party (Article 6 (1)(b) of the GDPR);
(b) processing is necessary for the purposes of the legitimate interests pursued by the Company (Article 6 (1)(f) of the GDPR);
(c) you have given express consent to the processing of your personal data (Article 6 (1)(a) of the GDPR).
1.4. Recipients and transmissions
Third party IT companies (data processors) may manage some of our webpages. In these cases, with contractual terms and regular audits, we ensure that, if and when there is access to personal data, the legislation for the protection thereof is adequately complied with.
Cookies are small text files stored in your computer or mobile device when you visit a webpage. We use the term “cookies” as a common term to describe techniques such as cookies, Flashcookies and web beacons. Cookies are used mainly to ensure that your visit to our webpages is as easy as possible, as well as for advertising purposes during your future visits to other webpages. The cookies policy provides further details for the types of cookies we use, their use, as well as methods to delete or prevent the storage of certain cookies in your computer or mobile device.
1.6. Personal data of minors.
The Company and its webpages are intended for persons who are at least eighteen (18) years of age. The Company accepts no liability whatsoever for underage users that willingly visit our websites. If during the collection of the data it is detected that the user is underage, the Company will not process the personal data.
2. Processing of personal data related to your contractual relationship with the Company.
2.1. Categories of personal data and sources.
In the context of a future or existing contractual relationship with the Company, the Company may process the following categories of your personal data.
(a) Identity and contact information, such as full name, T.I.N., Tax Office (ΔOY), address, phone number, mobile phone number, email provided by our counterparty or representatives thereof for identification and contact purposes, information related to classification, by the dedicated administrators, in special customer categories (e.g. customer or associate), copies of connection contracts with the relevant administrators, attestation of business activity commencement by the Tax Office (in case of trade, vendor or dealer agreements for professional use), special characteristics that document the issuance of a specific invoice (e.g. contract with a specific third party).
(b) Specifically for the business activities of the Company, information about the establishment of the prospective or current customer, about which a commercial agreement has or will be entered into, bank account numbers disclosed by you, information about transactions and payments performed in the context of a contractual relationship with the Company, information related to contact of the prospective or current customers with the Customer Service Department of the Company (including requests, complaints etc.).
(c) Data that was processed in the context of a project, a purchase of products or services, or rendered by the business partner, such as personal data related to orders, payments made, requests and reports in the context of the implementation of a project or collaboration in general.
2.2. Purposes of processing:
The aforementioned personal data is processed for the following purposes:
(a) Management of the contractual relationship, such as receipts, delivery of products, provision of services, performance of works, collections, payments, accounting audits, operational and IT support, performance, support and monitoring of the contract, fulfillment of contractual obligations, etc.;
(b) Ensuring compliance of the Company with statutory requirements (fiscal, insurance, customs, accounting, etc.), the conduction of compliance audits of the business partners, the prevention of financial crimes as well as ensuring the overriding legitimate interests of the Company, such as the transmission of data to law firms or competent authorities;
(c) The provision of digital services.
2.3. Lawful basis for processing
Unless otherwise stated during the collection of the personal data, the lawful basis for the processing thereof is one of the following:
(a) Processing is necessary for the performance of a contract to which you are a party (Article 6 (1)(b) of the GDPR);
(b) you have given express consent to the processing of your personal data (Article 6 (1)(a) of the GDPR).
(c) processing is necessary for compliance with a legal obligation to which the Company is subject, or for the purposes of the legitimate interests pursued by the Company (Article 6 (1) (c) or (f) of the GDPR respectively).
2.4. Recipients and transmissions.
The Company may transmit personal data to other subsidiaries or third parties, but only if and to the degree that said transmission is strictly necessary for the aforementioned purposes.
The Company may transmit personal data to court, administrative, tax, customs, arbitration authorities or other public authorities, regulatory bodies and lawyers, if required for compliance with the law and/or the establishment, exercise or defense of legal claims.
Furthermore, the Company may assign the aforementioned processing, in whole or in part, to third parties (data processors) including the managers and employees thereof:
– parties that have entered into a contract with the Company for the promotion of the Company’s services, for the provision of postal services, IT support services, record keeping services, research services, IT services, advertisement services, banking and financial institutions, chartered accountants;
– debtor notification companies, for the purposes of notifying the customer pursuant to Law 3758/2009 as amended and in force (the managers and employees of said companies), lawyers and law firms.
In these cases, with contractual terms and regular audits, we ensure that the legislation for the protection of personal data is adequately complied with.
The recipients of the personal data may be established outside the European Economic Area. In these cases, the Company takes measures in order to implement sufficient and appropriate guarantees for the protection of personal data with other means, mainly using the EU approved standard contractual clauses.
3. Personal Data Retention Period
The Company shall retain your personal data for the period required for the achievement of the purposes described in this policy, unless applicable legislation imposes or allows a longer period. The criteria that govern the determination of the personal data retention period include the following: (a) the term of the contract between us, (b) the period required in order for the Company to comply with a legal requirement to which it is subject, (c) the period required in view of legal proceedings in which the Company is involved (e.g. defense of rights before courts, regulatory authorities’ audits, etc.).
4. Technical and Organizational Measures
The Company, both when determining the processing methods and during processing, implements effective, appropriate technical and organizational measures, such as pseudonymization, designed to implement data protection principles, such as the minimization of data and the incorporation of the required guarantees in the processing, in order to fulfil the requirements of applicable legislation and protect the rights of natural persons.
5. Right to withdraw consent.
If you gave your consent for the processing of specific personal data by the Company, you are entitled to withdraw said consent at any time, with proactive effect. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In case of withdrawal of consent, the Company may further process the personal data only in cases of other legal purposes for the processing.
6. Rights of the data subject
According to currently applicable data protection legislation, and provided that all relevant legal requirements are met, you have the following rights:
6.1. Right of access
You have the right to be notified if the Company processes your data, to access the data and receive additional information on the processing thereof.
6.2. Right to rectification
You have the right to request to update, rectify or supplement your personal data.
6.3. Right to erasure
You have the right to submit a request for the erasure of your personal data, which will be granted provided that there is no other lawful basis for processing (including but not limited to an obligation to process data imposed by law).
6.5. Right to restrict processing
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data, and until the verification thereof; (b) when you oppose the erasure of the personal data and request the restriction of their use instead; (c) when the personal data is not required for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims and (d) when you object to processing pending the verification whether our legitimate grounds override the grounds on which you oppose the processing.
6.5. Right to object the processing
You have the right to object at any time to processing of your personal data based on point the lawful basis of Article 6(1)(e) or (f) of the GDPR, which shall be granted unless the Company demonstrates compelling and legitimate grounds for the processing.
6.6. Right to data portability
You have the right to receive the personal data in a structured, commonly used and machine-readable format or to request, if technically feasible, to transmit said data directly to another controller.
6.7. Right to object to automated individual decision-making
You have the right to request your exclusion from decision making based solely on automated processing, including profiling.
7. Right to lodge a complaint with a supervisory authority
The competent authority is the Hellenic Data Protection Authority. You have the right to lodge a complaint with the Data Protection Authority regarding matters related to the processing of your personal data. Before lodging a complaint with the competent Authority you must attempt to exercise your rights with the Company. For detailed information on the competence of the Authority and how to lodge a complaint you can visit its website (www.dpa.gr > citizen rights > Complaint to the Hellenic DPA).
1. What is a cookie?
Cookies are small text files stores by a website to an internet browser during the visitor’s browsing and subsequently identify visitors when they visit the website again. Cookies do not contain personal information that could allow anyone to contact the website’s visitor e.g. via email, etc.
2. Types of cookies
These the cookies required for the functioning of a website.
These are cookies necessary for an improved visitors’ experience when browsing the website. For example, a persistent cookie stores the choices of the visitor so that he does not have to repeat them, such as the choice to accept the cookies policy.
Third party cookies
Third-party cookies are necessary for the visitor’s understanding and use of the site. Cookies help to improve the website, in order to match the users’ needs. Furthermore, said cookies enable the display of targeted ads to the visitors, based on the pages visited when browsing the platforms of said third parties. The third party cookies used are:
GOOGLE ANALYTICS / ADOBE ANALYTICS, through which information is collected. Said information helps the Company to better understand the use of the website by the visitors and to optimize it based on their preferences;
GOOGLE REMARKETING / FACEBOOK REMARKETING, which display targeted ads based on the pages visited when browsing pages that host Google ads or when browsing Facebook;
3. Accepting the installation of cookies
4. How to delete cookies
Usually you can delete cookies from the privacy or history section available in the “settings” or “preferences” menu of the browser.
The steps involved in the deletion of the cookies vary significantly, depending on the internet browser.
5. Links to social media
The Company’s website may contain links to social media. In order to protect the personal data of the Company website’s visitors, no social media plug-ins are used. Instead the website incorporates links that enable easy sharing in social media platforms. The incorporation of a link prevents the direct connection to various social media servers when a page is opened from the Company’s website.
6. Important notice
Emails and social media posts of visitors should not include special categories of personal data (racial or ethnic origin, religious or philosophical beliefs, health data, etc.). Since social media posts are not 100% private, the visitors must be particularly careful because all users will have access them.
7. No liability clause
The Company curates the content of the pages of this website and updates it regularly. However, the Company does not guarantee that the information in this website is valid, accurate and complete or accessible at all times. In case of links to third party websites, the Company does not assume any liability regarding the content and the accuracy of the information provided in the linked pages.
8. Intellectual Property Rights
The IP rights of all texts, photographs and other content published in the Company’s webpages belongs to the Company, unless otherwise stated. It is prohibited to copy, distribute, store, communicate, publish and reproduce or transmit the content without the prior written consent of the Company.