Privacy Policy

General information

In accordance with the General Data Protection Regulation (“GDPR”) (EU) 2016/679, we are committed to protecting and respecting your privacy. Please read this policy as it contains important information about how we use the personal data collected by us on our website or provided by you in the relevant forms. This Privacy Policy describes how we collect, use, process, and disclose personal data, including personal information about you (hereinafter, the “User”), in conjunction with your access to our website and its use. You are expected to read carefully this Privacy Policy, before providing personal data and providing consent for their processing.

Data Controller

For the purposes of General Data Protection Regulation (“GDPR”) (EU) 2016/679, our company – SPYRIDOULA MANOLITSI  with registered seat in EPISKOPOS LEFKADA, and tax registration number 044264746  – ,  that operates the THOMAIS BOUTIQUE HOTEL  is the Data Controller.

Data collected and processed

• Personal information about you (e.g. your name, email address, residence) that you provide us, so as to communicate with you and send you newsletter, offers, announcements and other advertising materials by means of direct messages (form of newsletter subscription).
• Personal information about you (e.g. your name, email address, telephone number, residence) that you provide us, so as to communicate with you and reply to your individual message or request (contact form).
• Personal information about you (e.g. your name, email address, telephone number, residence) that you provide us, so as to participate in an event or contest held by us.
• Personal information about you (e.g. your name, email address, telephone number CV, text, job position) that you provide us, so as to apply for a job.
• Personal information about you, requested when you use the booking engine (e.g. your name, email address, residence, telephone number, means of payment, dates of booking, special requests, etc).

 The data requested in the forms accessible from the booking engine are, in general, mandatory (unless specified otherwise in the required field) to meet the stated purposes. Accordingly, if they are not provided or are not provided correctly, we will be unable to process the request and provide the serviced requested. Privacy policy and relevant information concerning exclusively the processing of personal data in relation to the booking engine are provided before the completion of the booking.

Special Categories of Personal Data

We do not collect data as described in article 9 of the General Data Protection Regulation (“GDPR”) (EU) 2016/679.

Use of Services by Minors

Individuals under the age of sixteen (16) cannot provide us personal data or consent to the processing of personal data. Therefore, only their legal guardian can provide consent on their behalf to the processing of personal data.

Purpose of processing personal data

Depending on the user’s requests, the personal data collected will be processed in accordance with the following purposes:

• To send you our newsletter, offers, announcements and other direct advertising and informative material concerning the activities and services of our hotel.
• To reply to your request or message.
• To allow your participation in a contest or event held by us.
• To examine your job application.
• To manage the bookings made, including payment management (where applicable) and the management of the user’s requests and preferences, as explicitly explained in the Privacy Policy concerning our booking machine.

Data Retention

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy and perform the services requested by you. A longer retention period may be required or permitted by law.  As far as the newsletter subscription is concerned, the data are retained until the withdrawal of your consent.

Generally, the criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you.
• Whether there is a legal obligation to which we are subject (for example, legal obligation to keep accounting records of transactions for a certain period of time before we can delete them).
• Whether retention is advisable considering our legal position. (such as, for statutes of limitations, litigation or regulatory investigations).
• Withdrawal of consent.

Legitimate interest for processing your data

We will only process your personal data, if at least one of the following conditions applies:

• You have given your consent to the processing of your personal data for one or more specific purposes e.g. for marketing purposes and subscribing to receive newsletters
• Processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract e.g. to make a reservation and provide the products and services you request
• Processing is necessary for compliance with a legal obligation e.g. sharing your personal data with regulatory authorities
• Processing is necessary in order to protect your vital interests or those of another natural person e.g. in an emergency, an incident, illness or accident
• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, e.g. when it is necessary to protect our property or establish, exercise or defend legal claims.

The data processing required in fulfillment of the aforementioned purposes that require the user’s consent cannot be undertaken without said consent. Likewise, in the event that the user withdraws their consent to any of the processing, this will not affect the legality of the processing carried out previously. To revoke such consent, the user may contact us through the appropriate channels, by sending us a letter to the following address: info@thomaisboutiquehotel.com.  As far as the newsletter subscription is concerned, you may revoke your consent by clicking on the unsubscribe link or following the opt-out instructions included in the messages sent to you by us.

Data Disclosure

We will use and disclose personal data only if necessary or appropriate according to applicable law. For example:

• to comply with applicable law, including laws outside your country of residence
• to comply with legal process
• to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements and to meet national security or law enforcement requirements
• to allow us to pursue available remedies or limit the damages that we may sustain.

Transfer of personal data

We only share your personal data when this is necessary so as to conduct our business or to fulfill an obligation imposed by law. We may share your information with: i) Our third-party partners, service providers, tour operators, suppliers, bankers and retail partners exclusively to the extent that is necessary for the purposes of operating and providing you with the products and services that you have requested ii) Professional advisors and auditors for the purpose of meeting our audit and tax responsibilities iii) Any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts, tax, regulatory or other public authorities.

When we share personal data with other organizations and third-parties, we ensure that they keep them safe. Third parties are authorized to retain these data for the purposes listed above and are not allowed to use your personal data for other purposes. Such sharing or transfer of personal data will be protected by appropriate measures (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of personal data, etc.). If the recipient operates outside the EEA, appropriate protections will be put in place to make sure your personal data remains adequately protected including appropriate contract clauses, such as standard contract clauses approved by European Commission.  We may transfer your personal information to our data processor(s) or/and sub-processor(s) based in the EEA, for the purposes described in this policy. If we do this, your personal information will continue to be subject to appropriate safeguards set out in the law. All our data processors act on our behalf on basis of legal agreement and provide for the safety of your personal data.  Further information about the data transfer, in case of using our booking machine, can be provided in the relevant Privacy Policy.

User’s Responsibility

The User guarantees that they are of legal age, fully capable, and that the information furnished to us is true, accurate, complete and up-to-date. For these purposes, the User is responsible for the truthfulness of all the data communicated and is expected to keep the information updated, so that given data reflects their actual situation. The User will be responsible for false or inaccurate information provided through the website and for damages, whether direct or indirect, that this may cause to us or third parties.

Exercise of User’s Rights

The User may contact us at any time, so as to exercise his rights. The User can send us a letter to Episkopos Lefkada, Greece (THOMAIS BOUTIQUE HOTEL) so as:

• To obtain confirmation about whether or not personal data concerning the User are being processed by us.
• To access their personal details.
• To rectify any inaccurate or incomplete data.
• To request the deletion of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
• To state or confirm revocation of consent.
• To obtain from us the limitation of data processing, when any of the conditions provided in the data protection regulations are met.
• To request the portability of data.

The User will be appropriately informed by us about his request in 30 days upon receipt of the request made. Likewise, the User is informed that at any time he may file a complaint, regarding the protection of their personal data, before the competent Hellenic Data Protection Authority (www.dpa.gr).

Security Measures

We will process the User’s data at all times in an absolute confidential way, maintaining the mandatory duty to secrecy with regard to the data, in accordance with the provisions set out in applicable regulations. We adopt the measures of a technical and organizational nature required to guarantee the security of data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.

Updates to the Privacy Policy

By requesting our services, you agree to our privacy practices as set out in this privacy statement. We may change this policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version.

Cookies

A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Cookies collect information about your use of our website, including things like your connection speed, details of your operating system, the time and duration of your visit and your IP address. We use this information to identify you when you visit the website and to improve your browsing experience.

We use either of those two types of cookie for the following purposes: i) To enhance performance of the website: These cookies collect information about how you use the website, for instance which pages you go to most often, and those pages where you experience an error message. These cookies don’t collect information about you – all the information collected is anonymous and is only used to improve how the website works. ii) To improve the functionality of the website: These cookies are used to provide services or to remember settings that you saved to improve your visit to the website. For example, when you fill in a form with your name or other details, these cookies remember that, so you don’t have to type it in each time you come back. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies (such as restricting third party cookies for instance). However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the site and the functionality of the site may be impaired.