Privacy Policy
WHO WE ARE
Our web address is: https://www.kouros-village.gr
Kouros Village Hotel, a private company with registered address in Antiparos Port, 84007 Antiparos, Cyclades, Greece, treats and processes your personal data with the strictest confidentiality and respect for your privacy and has in place all the technical and organisational measures necessary to further protect them.
WHAT IS PERSONAL DATA
“Personal Data” means any information relating to an identified or identifiable natural person, such as name, postal address, e-mail address, contact number, etc., hereinafter referred to as “Personal Data or Data”.
WHAT IS PERSONAL DATA PROCESSING
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
DATA PROTECTION OFFICER
The DPO is Iliada Stavrinidi.
WHAT TYPE OF DATA WE COLLECT
We only collect Personal Data we actually need from you for explicit and legitimate purposes.
In particular, we may collect: a) Identification data (i.e. name, surname, age) b) Contact details (i.e. phone number, email address).
We do not collect data from minor users. If we find out that personal information has been collected from a minor, we make sure to delete it.
WHY WE COLLECT YOUR PERSONAL DATA
We collect your Personal Data to:
- execute an order
- contact you regarding your queries
- send you our newsletter
- manage our website and associated applications
- provide third parties with statistics regarding the use of our website, without enabling the identification of a user
- keep our website and associated applications safe and secure, and prevent fraud
- allow you to send us your feedback
WHICH LEGAL BASIS WE USE FOR THE PROCESSING OF YOUR PERSONAL DATA
We process your Personal Data in accordance with:
- the terms of our contractual relationship, i.e. the sale of products and/or services;
- your consent, where necessary;
- the Company’s obligations under law (i.e. tax laws);
- the Company’s legitimate interests
WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA
Only Company employees with a “right to know” have access to your Personal Data and they are bound by a duty of confidentiality.
Furthermore, we may disclose your Personal Data to associate companies providing website development, maintenance and hosting services, including newsletter management and sending services, which act as Processors.
HOW DO WE ENSURE THAT PROCESSORS RESPECT YOUR PERSONAL DATA
Our Processors have agreed to and are bound to:
- maintain personal data in the strictest confidence;
- not to transfer your Personal Data to third parties without the Company’s permission;
- take any appropriate security measures;
- comply with the legal framework for the protection of personal data, especially Regulation 979/2016/EU (GDPR).
DO WE TRANSMIT YOUR DATA OUTSIDE THE EU?
Your Personal Data is stored and processed only within the EU. We do not transmit your Personal Data outside the EU.
WHEN DO WE ERASE YOUR DATA
The Personal Data you provide us is retained / stored by our Company for no longer than necessary to fulfill the purpose for which you have shared your Personal Data to us, unless legal claims or legal obligations compel us to retain them for longer. At the end of such retention period, your Personal Data will be deleted or anonymised so that it can be used for statistical analysis and business planning.
We maintain your newsletter sign-up form for as long as you are receiving a newsletter from our Company and under no circumstances longer than six (6) months from our last newsletter to you.
ARE YOUR PERSONAL DATA SAFE?
Acknowledging the importance of having your Personal Data safe, we have put in place all appropriate organisational and technical measures to secure and protect your Data from any unauthorised access, misuse, alteration, restricted dissemination, disclosure, loss or inadvertent / unlawful destruction and any other form of unlawful processing. These measures are reviewed and amended where necessary.
WHAT ARE YOUR RIGHTS?
You have:
a) the right of access means the right to be informed about the processing of your personal data;
b) the right to rectification means the right to have inaccurate personal data rectified;
c) the right to erasure means the right to have your personal data erased;
d) the right to restriction of processing when the accuracy of the personal data is contested, unlawful or for other reasons;
e) the right to data portability means the right to receive the personal data you have provided in a structured, commonly used and machine readable format and also request that this data is transmitted to another controller; and
f) the right to object to the processing of your personal data, unless there are compelling and legitimate processing reasons that outweigh your interests, rights and freedoms.
12. HOW CAN YOU EXERCISE YOUR RIGHTS
You may exercise your rights by sending an email at [email protected].
13. WHEN DO WE RESPOND TO YOUR REQUESTS
We will respond to your Request free of charge and without undue delay, and in any case within one (1) month from receiving your request. However, if your request is complicated or you have sent us a large number of Requests, we will inform you within the same month if we need to delay response by another (2) two months within which we will make sure to respond to you.
If your Requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing information or performing the requested action, or refuse to follow up on a Request providing the necessary justification.
If you do not receive a response within the time-limit provided above, or the response you received was unsatisfactory, or your issue has not been resolved, you may contact the Data Protection Authority (www.dpa.gr).
14. WHAT IS THE APPLICABLE LAW FOR THE PROCESSING OF YOUR PERSONAL DATA BY US
The Greek law, following its alignment with the General Regulation for the Protection of Personal Data 2016/679/EU, is the applicable law, and also, more generally, the current national and European legislative and regulatory framework for the protection of personal data. Any disputes relating to your Data will be heard by the competent courts of Athens.
15. HOW CAN YOU BE INFORMED ABOUT ANY UPDATES TO THIS POLICY
We update this Privacy Policy whenever this is necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will post this update on our website before the changes take effect and we will notify you by all possible means. We encourage you to consult this Policy regularly to be informed how your Personal Data is protected.
This Privacy and Personal Data Protection Policy was last updated on 1/5/2022.