Our company respects the right to privacy and acknowledges the importance of protecting personal information. That is why we ensure your privacy and protect your personal data. Our intended objective is to be transparent as regards the processing of your personal data. In this context, we adhere to this policy that defines how we process and protect your data while you are browsing our website, www.villapyxida.com. We use all personal data you provide us in accordance with the General Data Protection Regulation (EU 2016/679) and the applicable personal data protection laws, for the purposes set out in this policy.
Who is responsible for the collection, handling and processing your personal data?
As the data controller, “VILLA PYXIDA” is responsible for the processing of your personal data via the website “www.villapyxida.com” and for the security of your data under the applicable personal data protection laws.
DETAILS OF DATA CONTROLLER
Corporate Name: “VILLA PYXIDA”
Address: Ethniki Odos Karditsas Volou, Nea Anchialos, 37400
What personal data do we collect?
A. Personal Data
The following table presents the personal data our company collects through its website, depending on the type of each user’s activity.
Reservation information: name, surname, email, telephone number, country, address, city, PC, number of persons, reservation history.
Billing information:cardholder name, card number, card expiry date and month, card CVC.
Technical Data: IP address, login details, browser type and version, time zone and location, types and versions of additional browsers, operating system and platform and other technology on the devices used to access the website.
Contact Data: name and email.
Email and reservation code (personal).
Use of “Cookies”
Cookie ID, IP Address, Website user browsing history and behaviour.
B. Sensitive Personal Data
Through its website, our company does not ask you to disclose sensitive personal data, i.e. data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data or data concerning your health or sex life or sexual orientation.
C. Data of Children
Our website and services are aimed exclusively at adults (i.e. people aged 18 or more). Our company does not seek and does not receive (at least in its knowledge) personal data directly from minors. However, since it is impossible to always check the age of the persons entering or using the website, we recommend that the parents and guardians of minors contact us if they note any unauthorised disclosure of data by minors for whom they are responsible, in order for them to exercise their rights, such as the right to erasure. Therefore, if you are a minor, do not use or provide any information on this website and do not provide any information about yourself to us. If we note that we have collected or received personal data from a minor, we will delete this information immediately. If you believe that we may have information originating from or concerning a minor, please contact us.
Why do we process your personal data?
Your personal data is processed by our company in the framework of legitimate purposes and provided that the law permits it. Specifically, we process your personal data:
- For the performance of a contract or in order to take steps prior to entering into a contract,
- For complying with our legal obligations,
- For pursuing our legitimate interests or the interests of third parties, provided that your interests and fundamental rights do not override our own interests.
- When you have given us your explicit consent to the processing.
Our company relies on your explicit consent as the legal basis for processing your personal data only for sending updates and promotional material and for using certain cookies (see Cookies Policy). In these cases, you always have the right to withdraw your consent at any time, by contacting us. Where your consent is the sole legal basis for the processing of personal data, we will stop the processing following its withdrawal.
How long do we store your data for?
We retain your data for no longer than is necessary for the purposes for which the personal data are collected. To determine the necessary retention period of your personal data, we check the purposes for which we process your data, the ability to fulfil these purposes with other, less restrictive means, our applicable legal obligations, the quantity, nature and sensitivity of the data, as well as the potential risk of harm from their unauthorised use or disclosure. Different retention periods apply for different types of personal data. However, the maximum retention period of your personal data is twenty (20) years. For more details on the retention periods for each category of personal data, please contact us.
Who has access to your personal data?
In order to better serve you and ensure the uninterrupted provision of our services, we reserve the right to share some of your personal data with our partners who provide us with support services or help us promote our services. These third-party partners are (natural or legal) persons that process your personal data on our behalf. Our partners include the company LAB 21, which manages the website and the online booking system WebHotelier for us. Our partners are bound by contract not to use your personal information for other purpose than the one pursued and to implement appropriate technical and organisational measures for data safety, always in compliance with the applicable personal data protection legislation.
We will never transfer, sell, lease or exchange your personal data to other companies or organisations for marketing purposes.
It is possible that we may disclose your data to state organisations, regulatory bodies, law enforcement authorities, courts, banking institutions, but only when it is necessary, specifically:
- to ensure compliance with our legal obligations.
- to exercise our legal rights.
- to prevent, identify, investigate crimes or prosecute offenders.
Note that in case of a change in our company (e.g. acquisition or merger with another company), the new owners have the right to use your personal data in the same manner as set out in this privacy statement.
Do we transfer your data to non EU countries?
Our company does not transfer the personal data it collects via its website to non EU or non EEA countries.
How do we protect your data?
We implement appropriate technical and organizational measures to ensure your personal data is always protected and safe, preventing any accidental loss, change, disclosure, use or access thereof in an unauthorized manner. Our safety measures include data encryption, regular cyber-safety assessments by all service providers who may handle your personal data, safety audits protecting our overall technical infrastructure against external attacks and unauthorized access and internal policies setting out the method that ensures your personal data protection and the training of our employees. Our company has adopted a policy and procedures for addressing personal data breach incidents, ensuring that you and the supervisory authority are immediately notified, when required by law.
What are your rights?
- Right to access:you have the right to access your personal data. By applying for access, you can be informed of the purposes of the processing, the categories of personal data concerned, the recipients to whom your data have been or will be disclosed, its retention period, the existence of your right to rectification or erasure of data or restriction of processing or to object to processing, information on the origin of data and the existence of automated decision making, including profiling, and meaningful information about the logic involved.
- Right to rectification: You have the right to obtain the rectification of inaccurate data and to complete incomplete personal data.
- Right to erasure (“right to be forgotten”): when you no longer wish your personal data to be processed and kept, you have the right to obtain its erasure, provided that the data is not kept for a specific lawful and stated purpose.
- Right of restriction of processing: You have the right to obtain restriction of processing of your data, when specific reasons are applied (e.d. if you contest our legitimate interest or if your personal data is incorrect or if you think that the processing is unlawful or if we no longer need your data).
- Right to portability: you have the right to receive a copy or obtain to transmit your data, in a machine – readable format, to another controller, if you wish to. This right includes only the personal data you have provided us yourself.
- Right to object to the processing under legal interest: You have the right to object, at any time, to the processing of your personal data that is based on our legitimate interest. We will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests and rights or we have legal claims.
- Right to object to direct marketing: You have the right to object to direct marketing, including profiling made for direct marketing purposes. You have the option to opt out from direct marketing.
- Right to consent withdrawal: in case we have your explicit consent for the processing of your personal data, you have the right to withdraw it at any time. Where your consent is the sole legal basis for the processing, we will stop processing your data following its withdrawal.
How can you exercise your rights?
If you wish to exercise any of your above rights, contact us using our contact information. You are not required to pay us any fee or charge to exercise any of your rights. However, we reserve the right to charge a reasonable fee, if your request is manifestly unfounded, repeated or excessive. In these cases, we also reserve the right to refuse to comply with your request.
In case you exercise any of your rights, our company is required to respond within a period of one (1) month from the submission of your request. If your request is particularly complex or you have submitted a number of requests, we may need more time to respond. In this case, we will inform you.
If you think that our company processes your personal data incorrectly, please contact us. You also have the right to lodge a complaint with a supervisory authority. Noted that the Greek supervisory authority is the Hellenic Data Protection Authority, seated in Athens, at 1-3 Kifissias Street, P.C. 11523, www.dpa.gr.
We reserve the right to update or modify this Policy at any time. For this reason, you are required to regularly check this Policy. Its latest edition is always available on our website and replaces all previous editions. In case of any crucial modification to this policy, such as modifications concerning the purpose for which we use your personal data, the identity of the controller or your rights, we will notify you by publishing the modifications on our website.
If you have any questions regarding the way in which we collect or use your personal data that was not answered here or if you want to exercise your rights regarding your personal data, please contact us by e-mail firstname.lastname@example.org