The Management and the personnel of St Nicolas Bay are committed to protecting and safeguarding your personal data. Our top priority is our guests to be satisfied and to build trust between our guests and ourselves. As part of our philosophy, we try to create an experience for you which would meet your needs making responsible use of your personal data. To this end, we have invested time and allocated resources to comply with the current legal framework on data protection and in particular with the General Data Protection Regulation - GDPR 679/2016 of the European Union.
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
- the specific website (www.stnicolasbay.gr)
INFORMATION THAT WE COLLECT
We collect only information which is needed so that we can provide services and meet your needs.
Such information includes:
- contact details (name and surname, e-mail address, postal address and mobile number)
- Personal Data (e.g. date of birth)
- credit card details (type of card, credit card number, name written on the credit card, expiry date and security code number)
- Date of arrival and departure, flight number and room number
- Preferences and interests (e.g. non-smoking room, preferred floor)
- Information allowing us to provide better services such as dietary habits, entertainment preferences
- Special categories of data (sensitive), such as allergies, which require special attention from us.
- Questions, commentaries, complaints that you made during your stay in our hotel or after it
All information which is collected by us and concerns children under the age of 16, is limited to name, surname and date of birth and may be obtained only from an adult - guardian.
WHEN WE COLLECT INFORMATION
Your personal data collection takes place during:
- Room reservation
- Check in payment
- Use of our services such as seat reservation in our hotel’s restaurants, spa centre or various entertainment activities
- Participation in online - offline researches such as questionnaires on client satisfaction
- Signing up to newsletters intended to send you information and newsletters via e-mail
- Information submission by a third party: tour operators, travel agencies, reservation systems, online reservation systems (e.g. booking.com)
- Connection to our website
- Filling out a form online
Use of our hotel’s Wi-Fi network
ACCESS TO INFORMATION BY A THIRD PARTY
We will not disclose your personal data to any third party whatsoever without your prior consent. However, we may disclose your personal data in the following cases:
•To service providers processing information on our behalf such as information technology subcontractors, companies which send e-mails on our behalf, banks, credit card issuers, law firms, mail delivery companies etc.
•Other third parties when required by the law in order for us to comply with the legislation in force or to respond to a compulsory legal procedure, such as a search warrant or other judicial order.
We have allocated resources in order to adopt all necessary organisational and technical measures to protect the collected information and especially any sensitive personal data. Our IT Department and out IT Manager follow international standards to ensure our network security and data encryption.
All information collected which is related to you is stored only for a limited period, that is, until the purpose for which it has been collected has been achieved or according to the law in force. We store all personal data related to the fulfilment of our clients’ reservation for five years following check-out date.
Your personal data will be destroyed with the utmost dispatch and in such a way which will not allow for their retrieval or restructuring.
If such data are stored in hard copy format, all personal information will be destroyed in a secure way, that is, with a use, for example, of a paper shredder or other suitable means. If they are stored in digital format, they will be destroyed with the use of technical means which will not allow for their retrieval or restructuring.
COOKIES AND RELATED TECHNOLOGIES, INFORMATION COLLECTED WHEN YOU CONNECT TO OUR WEBSITE
We make use of Google ADWORDS. In particular, advertisements related to our hotel (www.stnicolasbay.gr) on the Internet, as plain text in Search Engines or as display banners in various webpages which work with Google to this end (advertisements displayed on their site). By clicking on them, the user is redirected to our webpage www.stnicolasbay.gr. We do not host advertisements on our webpage nor do we store data from Google Ads.
Nevertheless, the computer of each user stores various cookies while browsing certain webpages and while using (also) ADWORDS, based on which Google displays tailors advertisements. This is called remarketing (you may access additional information at: https://policies.google.com/technologies/ads?hl=el).
You have the option, if you wish, to declare that you do not want to receive relevant messages and to be excluded from future relevant remarketing actions by changing your relevant Ads Settings on Google Display Network https://adssettings.google.com/u/0/authenticated or by activating the Google Analytics Opt-Out Browser Add-On at https://tools.google.com/dlpage/gaoptou (you may access additional information at https://support.google.com/chrome/answer/187443?hl=en)
Those cookies enable us to evaluate the effectiveness of our webpage and thus to keep enhancing the experience we offer you.
Application cookies enable core functionality or anonymous usage information. The website may not function properly without these cookies, and can only be disabled by changing your browser preferences.
Performance cookies help us improve our website by collecting and reporting information on its usage.
Marketing Cookies help us tailor the messages and the content that you see during and after your visit in our website.
If we receive a request by you which will be communicated to us by filling out an online communication form, we will respond by email or by a means indicated by you.
TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
No personal data is transferred to third countries by us. In cases of personal data being transferred to non-EU countries, such data are carefully examined before transfer in order to ensure full compliance with the General Data Protection Regulation and the legislation in force. This depends, in part, on the opinion of the European Union on the adequacy of the safeguards regarding the protection of personal data which apply in the country to which personal data are transferred. This may change over time.
All transfers of personal data to third countries which take place within our company and also by third parties which process personal data on our behalf, if such transfers ever take place, will be governed by legally binding agreements which are mentioned as binding corporate rules and confer enforceable rights to the data subjects.
According to the General Data Protection Regulation - GDPR 679/2016 you have the following rights:
- Right to information, in order to receive all information concerning the collection and processing of your personal data.
- Right of access, to learn which data of yours re being processed, for what purpose and to whom these data are sent
- Right to rectification, to correct all inadequacies or inaccuracies in your personal data
- Right to erasure – Right to be forgotten (deletion of your personal data from our files, however only when their processing in so no longer necessary)
- Right to restrict processing in case of doubt of the accuracy of your personal data
- Right to data portability. You may receive your personal data in a structured, commonly used format
- Right to object. You have the right to object, at any time, to the processing of your personal data
P.O. BOX 47, GR-72100
TEL: (+30) 28410-90200
FAX: (+30) 28410-24556
or you may contact us at: firstname.lastname@example.org