1. User privacy and data protection
- Your personal data is collected and processed only when absolutely necessary.
- We respect your privacy. We will never sell, rent or distribute your personal information without your consent.
2. Relevant legislation
2.1. This website, together with our company’s business and internal computer systems, is designed to comply with the following national and international legislation with regard to data protection and user privacy:
- EU General Data Protection Regulation 2018 (2016/679 GDPR)
- Greek law for Data Protection 2019/4624
- UK Data Protection Act 1988 (DPA)
2.2 To provide our hotel services, we must collect some personal information according to Greek law.
3. Personal information we collect and process
We collect and process personal data for the following reasons:
3.1 To provide hospitality services in our hotel. We collect either at check-in, during the reservation process, or when you participate on any of the hotel activities. We collect personal data including your name, surname, home address, telephone, email address, ID or passport No, date of birth and any other special requests which you may have in order to make your stay unique. We also collect payment details, (credit card no) or any other details we need to collect for issuing the invoice for you. We collect arrival and departure dates as well.
3.2 We do not collect any “sensitive” personal data (genetic, biometric or health related) or data that may lead to that, unless you voluntarily provide them to make your stay better. For example, allergies or disabilities you may have to provide you the food and assistance you need.
3.3 We collect some personal data from our official pages in social media when you voluntarily use them.
3.4 Website visitation tracking.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find us and to see their journey through the site. Google does not provide us with any information which may identify/profile you.
3.5 Contact forms and email links
If you choose to contact us using the contact form or an email link, none of your personal data will be stored on the website or transferred in any third party data processors as defined in section 6. Instead, the data will be collected into an email and be sent to us over cryptographic encryption SSL. The content is decrypted at our local devices and computers.
If you are under 15 years old, you must obtain parental consent before we collect your personal data. Since it is technically impossible to check the age of people using this website, we suggest that parents inform us if it comes to their attention that the personal data of their children was processed without their consent.
4. How we use your personal data.
4.1 We collect your personal data to provide hospitality services according to Greek law.
4.2 To provide you with personalized services at our hotel making your stay unique.
4.3 If you choose to accept our special offers, we will communicate with you via the available channels, for example email newsletter. You can unsubscribe from our offers at any time.
4.4 To analyze and improve our services.
4.5 We may share some personal data with congress organizers or travel agencies only to verify hotel reservations.
4.6 When we use third party companies we share only the necessary personal data they need, in order to provide you services during your accommodation. For example: taxi services, car rental companies etc.
4.7 For communication with the authorities if required.
5. How we store, retain and secure your personal data
We store your personal data to our hotel information system (PMS) that is compatible with GDPR and is located at a secure area on the hotel’s premises. We maintain security measures of personal data by applying security policies in our premises’ network, backup policies, cryptography on wan connections and more, to ensure the personal data from any unauthorized access. We stay up to date on technical developments by rechecking and reforming our systems if necessary. Only authorized and trained personnel have access to your personal data. We retain your personal data as long as you are an active customer or as long as it is required by the applicable law.
We use HTTPS cryptography for the communication between our website and your browser
Our policy regarding retention of your personal data is:
- Pseudonymisation for inactive customer accounts: after 10 years
- Deletion of canceled bookings: after 10 years.
6. Our third party data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the relevant legislation set out in section 2.
We will report any unlawful data breach within 72 hours from the moment we will notice the breach.
8. Data Controller
Lucy Touristic Enterprises S.A. , Kavala, Greece.
9.0 Data Protection Officer
To communicate with the Data Protection Officer, you can use the following email: firstname.lastname@example.org
This policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our customers. Instead, we recommend that you check this page occasionally for any changes.
Revised: October 2019