Declaration of confidentiality
Information on the processing of personal data
We would like to assure you that for The Tanneries Hotel & Spa, member of Mantonanakis IKE, the protection of our customers’ personal data is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by those third parties that process personal data on behalf of the company.
What is GDPR ?
The General Data Protection Regulation (GDPR) is the new regulatory framework of the European Union (EU) in the area under consideration. The purpose of the law is to lay down the conditions for the processing of personal data to protect the rights and freedoms of natural persons, and, in particular, the right to the protection of personal data.
Head of Processing – Data Protection Officer (DPO)
The company Mantonanakis IKE, having its seat in Chania, Greece, at Vivilaki 19-25, Postal Code 73133, with TIN 9999995320, email: firstname.lastname@example.org, tel: +30 2821 088 442, website: https://www.thetannerieshotel.gr/, as duly represented, informs that, for the purposes of its business activities, processes the personal data of its clients & associates in accordance with applicable national law and European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”), as such is in force.
Which is the legitimate ground for processing your personal data; and how do we process them?
We are processing the personal data that you directly provide us with, as well as the data that booking engines and travel agencies forward to our hotel, so that you can enjoy our hotel services. Specifically, but not exhaustively, we are collecting and processing your full name, email address, mobile and landline phone numbers, credit card number, date of birth, information relating to your preferences regarding your staying at the hotel, i.e. preferences on the rooms, favorite activities, dietary habits, health conditions dictating special room arrangements.
Legitimate grounds for processing your personal data constitute:
(a) the provision of accommodation, F&B establishment, and entertainment services that you wish to receive from us. As legitimate grounds can also be considered: the provision of information concerning our hotels’ services, room reservations, services concerning your arrival and departure, use of our facilities, and anything that can contribute to the fulfillment of our contractual obligations in this context;
(b) the safeguarding and protection both of your, as well as our, legal interests. Thus, we use CCTV and security cameras, in order to be able to protect the safety and security of individuals, materials, facilities, as well as special security software to detect and prevent malicious actions. Cameras are to be found only in the hotels’ outdoor premises;
(c) the compliance with an obligation imposed by the law. Specifically, we maintain personal data records of all of our customers staying at our hotel (full name, address, Passport or ID number). In addition, we maintain copies of proves of payments for twenty (20) years;
(d) the consent you provide under the specific conditions set out in the legal framework, in order to receive information on the activity, products, services, etc. of The Tanneries Hotel & Spa.
Do we share your personal data ?
Our company shares your data with third parties, which have been assigned the processing of your data on our behalf. In those cases, our company remains responsible for your data processing, and defines the specifics of the processing. Our company concludes data processing agreements with the third parties, in order to ensure the compliance of the process with the current legal framework, and the exercise of the rights of every natural person.
Our company shares your data within our Group, as well as with cooperating third companies for purposes of advertising, product and services information and updates, as well as for promotions, under the condition that your consent has been provided.
Finally, we share your data with consulting firms, accounting firms, as well as with cooperating banks.
Personal Data storage period
The data storage time is decided on the basis of the following specific criteria, as the case may be:
When processing is imposed as a requirement under provisions of the applicable legal framework, your personal data shall be stored for as long as required by the relevant provisions.
When processing is done on a contractual basis, your personal data will be stored for as long as necessary for the performance of the contract and for the foundation, exercise, and / or support of legal claims under the contract.
For marketing purposes, your personal data shall be kept until your consent is revoked. The revocation shall take place at any time, and does not affect the legality of consent-based processing in the period prior to the said revocation.
You can also use the unsubscribe options, by clicking on the corresponding link in our electronic communications.
What are your rights in respect with your personal data
Every natural person whose data are being processed by (The Tanneries Hotel & Spa) enjoys the following rights:
Right of Access:
You have the right to be aware and verify the legitimacy of the processing. Thus, you have the right to access the data and get additional information about their processing.
Right to Correct:
You have the right to study, correct, update or modify your personal data. You can come in contact with our DPO using the above-mentioned contact details.
Right to Delete:
You have the right to request the deletion of your personal data when we process it based on your consent or in order to protect our legitimate interests. In all other cases (such as, by way of indication, where there is a contract, obligation to process personal data required by law, public interest), such right shall be subject to specific restrictions or shall not exist, as the case may be.
Right to limit processing:
You have the right to request the limitation of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is questioned and until such data is verified, (b) when you object to the deletion of personal data and request the limitation of their use rather than their deletion, (c) when such personal data are not needed for processing purposes, they are, however, indispensable for the foundation, exercise, support of legal claims, and (d) when you oppose to the processing and until it is verified that there are legitimate grounds that concern us and supersede the reasons for which you are opposed to the processing.
Right to oppose the processing:
You are entitled to oppose the processing of your personal data, at all times, in case where, as described above, this is necessary for the purposes of legitimate interests pursued by us as controllers, as well as in the processing for direct marketing purposes and consumer profile training.
Right to portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. Moreover, you have the right to ask us, if technically feasible, to pass the data directly to another controller. Such right to do so exists for the data you have provided to us and their process is carried out by automated means based on your consent or performance of a relevant contract.
Right to lodge a complaint to the data protection authority
Security of Personal Data
The Tanneries Hotel & Spa shall implement appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and the unauthorized and/or unlawful access to, use, modification or disclosure thereof. In any case, the way in which internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures gaining access and, possibly, using personal data for unauthorized and/or unfair purposes.