CUSTOMER PERSONAL DATA PROTECTION CHARTER
TOXOTIS S.A. and its affiliates holds as its highest priority the protection of your personal data. We make every effort to carefully store and process the information you share with us.
TOXOTIS S.A. and our affiliates protect your personal data through technical data security measures, internal management procedures, and physical data protection measures. We continually strive to improve our systems and procedures so that they stand out above all others.
Thank for your continued interest and support.
"Personal data" means any information that is collected or recorded in a way that may allow direct (e.g. surname) or indirect (e.g. phone number) identification of a natural person.
This "Customer Personal Data Protection Charter" is a part of the terms and conditions that govern our hotel services. By accepting these terms and conditions, you explicitly accept the provisions of this Charter.
3. For what purposes do we collect data?
We collect and use personal data to manage your relation with TOXOTIS S.A.and to offer our Services to you. Certain personal data is collected to provide you with personalised and improved services.
We collect personal data with the following purposes:
a) To manage reservations and other hospitality services
• Create and store legal documents in accordance with applicable law.
• Collect data to meet requests relating to your stay (e.g. room preferences).
b) To manage of your hotel stay
• Manage the access to your room.
• Monitor the use of services (room telephone, Wi-Fi access, etc.).
• Manage lists with customers’ personal data for operational purposes, e.g. daily customer arrival and departure lists and a list of special category customers (e.g. VIP, repeater guests, guests with disabilities, time share owners & exchangers, etc.).
c) To improve our hotel services and tailor products and Services to better meet your requirements.
d) To improve our services
• Manage customers’ claims and complaints.
e) To improve system security
• Record data to ensure security and to prevent fraud.
f) To comply with Greek and European law
What personal data do we collect?
We are obliged to request the following details about you and/or your family members:
• Contact details (e.g. surname, given name, father’s name, passport number, ID-card details, telephone, home address, email)
• Personal data (e.g. date of birth, nationality, place of birth)
• Information regarding your children (e.g. given name, date of birth, passport number)
• Billing details (e.g. credit card number, VAT number)
• Date of arrival and departure, flight number, and room number
• Preferences and interests (e.g. non-smoking room, preferred floor, type of bed, sports, cultural interests)
• Data about your health, such as medicine reports and certifications, medical test results, data on pathological diseases, etc.
• Questions and comments submitted during or after your stay in one of our Hotels.
The data we collect on persons under the age of 16 are restricted to given name, surname, nationality, and date of birth. This data can only be provided by an adult or guardian. We thank you for your efforts to ensure that children do not send us personal data without your consent, especially through the internet. Should any information of this type be sent to us, you can communicate with the Data Privacy department (see section “Questions and contact”) to arrange for the deletion of such information.
Moreover, information such as your passport number, recreational activities, hobbies, health issues, or whether you are a smoker or not can be described as sensitive. We retain such information only if we are obliged to do so by applicable law or if you have explicitly given us your consent (e.g. to provide you with an appropriate Service, such as a special diet).
Information on your use of our Services
Apart from the information you provide directly, we may collect information on your use of our Services through the software of your device or by other means. For example, we may collect:
• Audiovisual information, such as information collected through closed circuit television (CCTV) for security reasons.
Information from third parties
We may receive information about you from available public and commercial sources. This, we may combine with other information that we receive directly from you or in relation to you. We may also receive information about you from third party social networking services when you choose to connect to such services.
You may choose not to provide certain types of information, but this may limit your access to certain Services.
4. When do we collect personal data?
We collect personal data in various cases, such as:
a) Hotel activities
• Room reservation
• Check-in and payment
• Various requests, complaints, and/or disputes
b) Transmission of information from third parties
• Tourist agencies, tourist offices, GDS reservation systems, online reservation systems (e.g. booking.com, expedia.com, etc.), and other reservation systems
c) Actions through electronic devices
• Login on our websites
• Connection to our WiFi network of our hotels
• Completion of online forms (e.g. reservation forms, precheck-in forms, satisfaction survey forms, etc.)
5. Third party access terms to your personal data
TOXOTIS S.A.and its affiliates do not disclose your information to third parties for their own business or marketing purposes without prior your consent.
However, we may disclose your information to the following entities:
• Affiliates. Your information may be shared between affiliates of TOXOTIS S.A.
• Service providers and/or any third parties that may process information on our behalf. We may also share your information with companies that provide services on our account or behalf, such as IT contractors, bulk mailers, banks, credit card institutions, law firms, mail service companies, printing services companies, etc.
• Other third parties, if so required by law or in order to protect our Services. Situations may arise in which we share your information with other third parties:
- To comply with the law or mandatory legal procedure (such as search warrants or other court orders)
- To confirm or implement our compliance with the policies governing our Services
- To protect the rights, ownership or security of TOXOTIS S.A.or any of our affiliates, business partners, or customers
To provide you the best possible service, we allow access to your personal data or to certain categories to competent, authorised members of our personnel. This includes:
• Hotel staff
• Reservations departments
• IT department
• Marketing/Guest Relations department
• Legal Services department, if and when required
• Medical Services, if and when required
6. Protection of personal data during international transfers
For the purposes set out in Article 3 of this Charter, we may transfer your personal data to internal or external recipients who may be located in countries that offer different levels of protection for personal data.
Please note that data protection and other laws in the countries to which your information may be transferred may not be as protective as those in your country. To protect your privacy, the transfer will take place according to the legislation governing the processing of personal data.
TOXOTIS S.A.takes all reasonable measures to safeguard the transfer of personal data to an external recipient in a country that offers a different level of privacy than the country where the personal data is collected.
7. What we do to keep your information safe?
We have taken organisational and technical measures to protect the information that we collect in relation to our Services, especially sensitive personal data. Our IT department implements international standards and practices to ensure the safety of networks and the encryption of data.
However, please bear in mind that despite the reasonable measures that we take to protect your information, no website, internet transmission, computer system or wireless connection is ever completely safe.
8. Data storage
We take reasonable measures to ensure that your personal information will be stored no longer than needed for the purpose which it has been collected and no longer than required by the contract or the applicable legislation.
9. Access and correction of your data – right to erasure (‘right to be forgotten’)
In addition to existing lawful user rights, according to the legislation in certain jurisdictions, you may also be entitled to request details on the information that we collect and to correct any inaccuracies that may be contained in such information. If permitted by law, we may charge you a small fee for the provision of this possibility. We may refuse to handle requests that are repeated to an unreasonable degree, require disproportional technical effort, jeopardise the privacy protection of others, are extremely impractical, or involve access that is not otherwise required by domestic law. If you wish to submit a request for access to your data, please contact the Data Privacy department (see section “13 .Questions and contact”).
Υου have the right to obtain the erasure of your personal data from the controller according to the provisions set in this policy.
11. Questions and contact
If you have any questions regarding this policy or the protection of data at TOXOTIS S.A.and our affiliates, please contact the Data Private Department at the following address:
Data Privacy department – At the attention of Mr. Alexis Kokolakis
Adamaki Str, 70014 Hersonissos, Crete, Greece
Telephone: +30 28970 22881
Fax: +30 28970 22781