At the Egnatia City Hotel & Spa we collect and process the personal data of Hotel customers with full respect and a high level of protection.
This policy contains an analysis of the personal data we collect for you, the hotel customers, meaning all the information which identify you or can identify you directly or indirectly, the manner of collecting and protecting it, the manner and purpose of processing it, as well as your rights according to the legislation in force on the protection of data, the General Regulation for the Protection of Data (EU) 2016/679 (henceforth “GRPD”), as well as the remaining European and National Legislation.
This policy is observed strictly and you are kindly requested to visit our website regularly in order to be updated on the manner we process and protect your personal data.
Details to our company
The Responsible for the Processing of Personal Data is the joint venture with the trade name “EGNATIA TOURISTIKI S.A.” and the distinctive title “Egnatia City Hotel & Spa”, based in Kavala, Prefecture of Kavala(7th Merarchias str.13965403, Greece), operating the hotel “Egnatia City Hotel & Spa”.
This policy concerns only the hotel customers
Information on the type of personal data we collect:
When you contact the hotel, we collect necessary data for the room reservation or rental, by filling in an electronic form or the room reservation card.
Additionally, in order to improve our hotel services and adapt them to your requirements, and in order to manage our communication after your stay, we collect and process additional communication data following your explicit consent.
Specifically, we obligatorily collect and process the following personal data:
Personal Data: indicatively full name, type and number of ID document (e.g. passport, police ID), phone number, residence address, e-mail (if the booking is made electronically), date of birth, nationality etc. credit card number and if an invoice is requested indicatively AFM (taxpayers ID no) and Tax Office
Invoicing Data: credit card number and if an invoice is requested indicatively AFM (taxpayers ID no) and Tax Office
Date of arrival and departure, type and number of residence.
Your preferences: such as non-smoking room, preferred floor, type of bed, or religious or other particularities, flight number
Medical data relevant to your health, for example food or other allergies, mobility issues, which are collected and recorded following your request, to provide you with the best services possible.
E-mail: if the booking is not made electronically and you wish to communicate with us by email. Date of arrival and departure, type and number of residence.
We also process the following data
Called phone numbers through the call center,
Information/images taken through CCTV operating lawfully on our premises for reasons of security and protection of individuals and goods, for which you are informed upon entering these areas from signposts.
When you visit our website, our web server records automatically data relevant to your visit (for example your IP address, the type of browser you use, the website pages you visit, the date and duration of your visit, location details), while it is it is possible that cookies are placed on your computer or your smart device every time you visit us on the internet (see below).
The data we collect for persons under 16 is communicated to us by parents/guardians.
Statement about the manner of collecting personal data of hotel customers
We collect the aforementioned personal data directly from you during the room booking procedure, arrival, check out, payment, during the use of hotel services (restaurants, services, entertainment), when you register for loyalty programs, participate in researches, contests and games, when you subscribe for the hotel newsletter, as well as when you submit any form of written or electronic registration etc. (either in the context of the room rental agreement concluded between us, or when you express interest and provide your explicit consent).
Finally, we also collect information from third parties, namely travel agencies, tourist operators, electronic and internet reservation systems.
We state that your personal data, in the context of a strictly controlled and safe procedure, is fully secured and do not constitute and may not be exploited or sold to third parties. Such data is collected and used only for the purposes described in our statement hereunder.
Statement for the processing of personal data of hotel costomers
Your personal data, collected in the manner described above, is used:
To provide residence, F&B and beauty services, as well as to carry out events from the hotel.
To process the financial transactions between us.
To comply with the obligations imposed by the individual legislation in force and our taxation obligations (e.g. issuance of invoice or receipt).
For the creation and your registration to the loyalty program, so that with your agreement and consent, to set up a profile and also to be able to contact and inform you about the current commercial activities (marketing and promotional), so you can participate in contests, lotteries, entertainment events and free benefits or offers. The manner of communication depends on your special selection, based on your written consent and finally,
To create statistical monitoring data and deduce conclusions in order to choose the best commercial practices for customer satisfaction and rewarding.
Statement for the legality of the processing of personal data
Collecting and processing the mandatory personal data carried out during your stay at the hotel, as well as providing any service to you, is based on the customer and hotel relationship, according with the legislative and regulative provisions in force, as well as the room rental agreement concluded between us and the provision of services.
The collection and processing of the optional personal data conducted for commercial reasons is based on your written consent for the aforementioned purposes and therefore similarly no legality issues exist for their processing since each customer has already been sufficiently informed.
Any further collection and processing of personal data is lawful if it is imposed for general vested interest purposes or in order to harmonize our operation with the National or EU legislation
Statement for the period of keeping the personal data
We will keep and process your Personal Data for the purposes mentioned above only for as long as it is necessary based on agreement or based on the legislation in force. To determine the suitable period of keeping the data we take into consideration also the quantity, the nature and sensitivity of personal data, as well as the time periods for which it may be necessary to keep the data to deal with any requests / disputes / controls and to protect our lawful rights in the case of any claims.
Statement for the protection and guarantee of personal
The personal data provided by customers to the hotel is entered on computer systems which provide sufficient security and are used by specially trained and authorized employees (users), in order to achieve the maximum possible protection of the recorded data, in the modern digital environment.
The safety and protection of all data is strengthened with the use and coexistence of additional programs for their safety.
Furthermore we implement strict organizational measures and procedures for the protection of the personal data from possible distortion, loss, not stipulated or illegal processing, on the one hand with the installation of servers on the building premises, where limited and controlled access is permitted, and on the other hand with the provision of limited user rights to the absolutely minimum necessary access level.
To ensure that the website functions properly, we sometimes install small data files on your computer, the so-called “cookies”. The most major websites do the same.
What are cookies?
Cookies are small text files stored by a website on your computer or your mobile device when you visit the website concerned. Thus the website remembers your actions and preferences (such as connection code, language, font size and other presentation preferences) for a period of time, so you do not have to enter these preferences every time you visit the website or browse its pages.
The Cookies used by our website are:
-First party cookies, for the website to recognize the preferences of the user so that s/he does not have to enter the same selections on every visit (e.g. language selection).
-Third Party Cookies, to analyze the performance of our websites, so that we know which areas of our site are popular or useful (Google Analytics).
-Third Party Cookies, to analyze behaviors so that ads relevant to the user’s interest appear (Google Ads, Facebook Pixel)
How to control cookies
You can delete all the cookies found already on your computer. To delete the performance analysis: If you wish to delete such cookies, check out this link tools.google.com/dlpage/gaoptout. Also you can adjust most web browsers in such a way so that they do not allow the installation of cookies. However in such a case you may have to adjust yourselves certain preferences every time you visit a website and also certain services will possibly not function.
We use the service GoogleAnalytics to acquire data regarding our ads (e.g. demographics) and we observe the specifications of the Google policy “Policy requirements for the advertising features of “Google Analytics.
Communicating personal data to third parties
In the context of exercising our business activities, it may be necessary to provide limited personal data to third parties, with fully defined exclusive purpose. It concerns cases of specialized services provided to the hotel by third parties, specifically for mass communication of our promotional activities to you – our customers – through sms and emails. To be informed about any offers etc. you must provide first your explicit consent as described above. Therefore, it is not a case where all the personal data is provided, notably the data which is not necessary for the provision of the aforementioned service that we ask to be provided from the third parties concerned. The provision of data is governed by a prior written agreement between the hotel and the third parties on the condition that they make a commitment to implement the data protection policy and undertake the responsibilities arising from our legislation.
Furthermore the hotel, like any other company, may be mandated to provide personal data to the competent State, Judicial, Police etc. authorities, in the case of summons, search warrant, other judicial procedure, conformity with court, regulative or administrative decisions, in cases of protecting and defending the company itself, its managers, directors and employees, as well as its associate lawyers when lawsuits, claims or disputes are filed. Also we cooperate with third parties (service providers for the management of our webpage, maintenance of our call center, control and management of our information systems etc.), all of whom ensure the confidentiality of our data and provide the relevant guarantees for its protection and safety with written agreements between us.
It is possible to send information which concern you to third parties or/and exchange information, in the context of managing your reservation, when travel agencies, tourist agents or online accommodation booking service providers through which you book a room electronically / online, intervene.
Customer rights / Procedure of exercising them
You may exercise your rights in writing through the Subject Access Request Form which you can find at the Hotel Reception and you can submit it in person, or send it by post or send it to the Data Protection Officer at firstname.lastname@example.org which your certified signature. Rights are exercised free of charge unless the request is obviously unfounded or exaggerated.
You can submit any other question relevant to your personal data to the DPO, as mentioned above.
To process the request to exercise your right, a procedure is followed which includes necessarily an ID check.
Similarly our legislation provides the right to submit a denunciation to the competent Data Protection Authority, www.dpa.gr.