Privacy Notice
on the Processing of Personal Data of Customers and Website Users
01.04.2025
Introduction
This Privacy Policy applies to the processing of your personal data (hereinafter referred to as "Personal Data"), as a hotel guest or visitor to our Website (hereinafter referred to as "Customer" or "Visitor" or "you"), carried out by the company "TNEE POLLIAS SA" (hereinafter referred to as "Hotel" or "Hotel Delfinia Resort" or "we").
As a hotel guest or visitor to our Website, you have the right to the protection of your Personal Data. The Hotel respects your privacy and your personal data and always acts in compliance with the Personal Data Protection Legislation. The hotel is also committed to acting transparently regarding the way in which data is collected and used in the context of fulfilling its obligations.
By the term "Personal Data Protection Legislation" (hereinafter "Legislation") we mean all laws, regulations, directives, etc., Greek or European, concerning the processing of Personal Data, its privacy and security.
Basic but not exclusive legislative acts are the General Data Protection Regulation (GDPR), the ePrivacy Directive for the protection of privacy in electronic communications, as well as any other Opinion or Guideline issued by the Hellenic Data Protection Authority (HDPA).
The COMPANY is committed to operating with transparency regarding the manner in which data is collected and used in the context of fulfilling its data protection obligations.
It is important that you carefully read and keep this policy which clearly explains how and why we collect your Personal Data, what we do with it, how long we keep it, who we share it with, how we protect it, and the choices you can have regarding it. This way you will always be fully informed about how and why we use this data and your rights under the Law.
Data Controller
The Company is acting as a "Data Controller” in accordance with the General Data Protection Regulation. This means that the Company is responsible for deciding how and why it will collect and use ("process") your personal data.
Our contact details are as follows:
TNEE POLLIAS SA
Definia Resort
Kolymbia, Rhodes, 85103, Greece
E: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.delfiniaresort.com
Processing Principles
As part of our policy to act in compliance with the Data Protection Legislation, we make all reasonable efforts to:
Process your personal data in a fair, legitimate, clear, objective and transparent manner.
We only collect your data for specific, explicit and legitimate purposes, which we consider appropriate and have been thoroughly explained to you. We also assure you that your data will not be howsoever used for any other purpose.
We collect and keep as little data as possible, namely only data which is appropriate, relevant and strictly necessary for processing purposes.
We verify the accuracy of your data and keep an up-to-date, accurate record thereof.
We shall only retain your data for as long as this is imperative to meet our processing objectives.
We shall make sure that your data is stored with utmost security.
We process your data in a manner which ensures that it will not be used unlawfully or against your will.
Legal Basis of Processing
Processing of your Personal Data shall be conducted on at least one or more of the following legal bases:
Processing of your Personal Data is necessary for the performance of the contract that is in place between us.
Processing is conducted on the basis of your consent, which has been given by you for one or more specific purposes.
Processing is imperative for reasons of compliance with the applicable legal framework, which requires the Company to keep and process specific categories of personal data.
Processing is necessary to safeguard your vital interests or those of any other individuals.
Processing is necessary to protect the legitimate interests of the Company or any third parties, as long as it does not infringe upon your own private interests or your fundamental data protection rights and freedoms.
Processing is necessary to perform any duties that serve the public interest or exercise any form of public authority which is vested to the Company.
Categories of Personal Data we Collect and Process
Personal Data is any information that relates to you as an identifiable individual. The categories of Personal Data we collect and process are thoroughly described below:
Identification details (name, surname, sex, date of birth, marital status, identity card or passport number, nationality, country of residence, occupation, etc.);
Contact details (home address, telephone or fax numbers, email address, etc.);
Information concerning your stay (room preferences, arrival and departure dates, names and surnames, birth dates and ID or passport numbers of any people staying in the room);
Information concerning the consumption of products (food, beverages), any services offered (travel, spa, recreational services, etc.), participation in activities on the Company premises and related charges;
Financial information such as details of payment method, credit card details, tax registration number, detailed costs and transactions history;
Any special requests or preferences during your stay, relating to any particular circumstances (business, health, social, leisure, religious, etc.);
Information concerning your health, any allergies, food preferences, etc.
Any preferences you may have in terms of how the Company can contact you, e.g. in order to provide you with informational material.
Information collected from the Company and Customers security control systems, e.g. through our CCTV system.
Health data, calls for physicians, symptoms, medical record, private physician’s details collected from you or from your relatives or friends in the event of sickness, injury, accident or emergency during your stay at the Company.
Information concerning any reports, complaints or objections you may have submitted.
Information concerning your level of satisfaction in relation to our products, services and your general experience during your stay.
Whenever you make use of our Website, certain types of information, including information that may constitute personal data, are collected automatically. Such information includes information about your language settings, IP address, location, device settings, device operating system, time of access, redirecting URL, etc. We may also collect data through cookies. Cookies are small files that are stored on the user's computer, which are accessed by the Website for the purpose of analysing user behaviour. The types of Cookies we use and the type of processing that is conducted are described in a separate policy (Cookies Policy).
Processing of Special Categories of Data
The General Data Protection Regulation defines specific categories of data that are subject to stricter processing procedures, e.g. health data. We only process this type of data with your request (e.g. information concerning food allergies) or in any situations where such processing is required under the applicable laws or regulations.
Collection Method and Source of Personal Data
Your personal data is normally collected from you; however, we may also collect Personal Data from other sources, such as:
Travel agents, business partners and third-party systems (e.g. booking platforms).
Information about you created when you make use of our products and services.
Family members, colleagues or beneficiaries of products and services.
Our Website.
Business partners (for example, financial institutions, insurers), account holders or other parties involved in the supply of our goods and services.
Purpose of Collection and Processing
We process and use your personal data for one or more of the following purposes:
For the performance of the contract that is in place between us and to meet our contractual obligations, e.g. to effect and complete reservations, including the handling of payments, and provide the accommodation services contractually agreed or any additional services you may have requested;
To manage any requests you may have submitted;
To address any specific requests or preferences concerning your stay more effectively, in order to meet any particular requirements (professional, health, social, entertainment, religious, etc.);
To protect your vital interests;
To protect the public interest;
To protect the legitimate interests of the Company (or third parties), insofar as this does not infringe upon the private interests or the fundamental data protection rights and freedoms of Users;
To manage your communication requests through channels available for that purpose;
To comply with any regulations requiring the Company to maintain and process specific categories of personal data, e.g. to comply with any legitimate requests of law enforcement authorities like the police or the tax authorities;
To handle any complaints, observations, reports, incidents, sicknesses, accidents, injuries or emergencies during your stay at the Company;
To be able to contact you or any other available contact in case of an emergency;
To provide customised information, offers and services during your stay;
For direct marketing activities, e.g. to send you newsletters and promotional communications relating to new products and services, or any other offers which we believe may be of some interest to you, by post, email, through mobile devices or social networks (subject to your consent);
For direct marketing activities, by publicising photos or videos on any electronic or printed medium (subject to your consent);
To evaluate the effectiveness of our promotional campaigns and advertising;
To identify, investigate and prevent fraud and other illegal activities. For these purposes, your personal data may be disclosed to third parties, e.g. to law enforcement authorities or external consultants;
To improve our guests’ experience and our operational performance as well as that of our partners, by developing new products and services and reviewing or improving our existing products and services and promotional activities, on the basis of information drawn from your reviews and ratings;
For your own security and protection and to prevent unlawful actions against you.
Some of the above types of processing may partly overlap, but they altogether constitute the legal bases and legitimate purposes that govern our processing of your personal data.
Your personal data will be used exclusively for the purposes for which it was originally collected or for other purposes consistent with such original purpose. If a need arises to make use of your personal data for any other purpose, you will be notified accordingly and you will be made aware of the legal basis on which such processing will be conducted or may even be requested to grant your consent.
In any case, your personal data shall be processed in accordance with the rules laid down in this policy and those applicable under the Data Protection Legislation.
Automated decision-making process, including profiling
We make no decisions which might have a significant impact on you, including profiling, under automated procedures (decision-making procedures conducted through use of a computerised system without human intervention).
When and how we share or disclose any Personal Data we receive with/to third parties
In the context of our operations and with a view to meeting our contractual and legal obligations for the purposes set out in this Privacy Policy, we may disclose certain personal data to third parties, including to credit institutions, tax authorities, accounting offices, travel agents, suppliers, associated private insurers, physicians, attorneys, health care providers, maintenance service providers, other service providers, etc. or to such other parties as may need to gain knowledge of your data in order to comply with any regulatory or legal obligations.
Such disclosure shall be made in a manner which ensures (where possible) that the third parties concerned will process your data with strict confidentiality, applying all security measures necessary to protect it in accordance with our policies, and that they shall not use your personal data for their own purposes or for any purposes other than those explicitly authorised.
Specific categories of data may be disclosed to your relatives with your prior consent or in case of an emergency.
In addition to the above, we shall not share your personal data with any third parties, save where we bear a statutory obligation in this regard or where such disclosure is necessary in order to meet any contractual or legal obligations (e.g. disclosure to tax authorities or the police, or for compliance with audit requirements).
The Company shall under no circumstances sell your personal data to third parties or allow any third parties to sell any data which is forwarded to them by the Company.
We work together with third parties (such as booking.com or Web Companyier and the Channel Managers) to offer you online booking services. All content posted on those websites is supplied from us and you are able to make reservations directly with us; however, bookings are subject to processing by third parties. Any data you provide to such third parties is stored in one or more databases that are hosted by them. Such third parties do not use or access your personal data for any purposes other than to manage reservations.
Personal Data Disclosure
We shall use and shall disclose your personal data to the following parties, in the manner we consider necessary or appropriate:
Law enforcement or other government authorities, to the extent this is required by law or essentially required in order to prevent, identify or prosecute any criminal offences or fraud;
To comply with the applicable laws, including any laws applicable outside your country of residence;
To comply with applicable legal formalities;
To address any requests from public or government authorities, including from any authorities outside of your country of residence, and comply with applicable national security or law enforcement requirements;
To deal with emergencies.
International Transfers of Personal Data to Third Countries
Your personal information may be sometimes transferred to third countries outside the EU for the purposes described in this policy. Personal data may be transferred to third countries or international organisations in any situations where the European Commission has determined that these countries offer an adequate level of protection or effective safeguards and guarantees (e.g. standard contractual clauses approved by the European Commission), provided that you are afforded enforcement options and effective legal remedies.
Data Retention Period
We shall retain your Personal Data for as long as it is necessary for the purposes described in this Privacy Policy, insofar as this is necessary to perform our contractual and legal obligations, unless a longer retention period is prescribed or permitted under the law or a User requests their data’s withdrawal or opposes or revokes their consent.
The data retention period is defined among others on the basis of the following criteria:
The time period for which we maintain a business relationship with you and provide you with our Services;
Whether you have made a reservation which has not yet been completed;
Whether we bear a legal obligation to keep your data for a particular period of time (for example, some laws require us to keep record of our transactions for a certain period of time before we delete them);
Whether retention of your data is advisable for legal or tax purposes;
Our reasonable business needs, e.g. managing our relationship with you and our operations;
Whether there is a possibility of third parties taking any legal action against us;
Any retention requirements applicable under any laws, regulations or directives.
If your data was collected on the basis of your consent, it may be erased any time after your consent is withdrawn.
Your data may also be erased in any of the following situations:
If it is no longer necessary for the purposes it was originally collected;
If erasure is imperative for reasons of compliance with any statutory requirements;
At your request, as long as there are no compelling legal reasons dictating their retention.
Your data shall be safely destroyed when it is no longer necessary. We may need to keep certain financial information for legitimate purposes (e.g. for accounting purposes).
Rights of the Data Subjects
Subject to particular conditions laid down in this Privacy Policy, you have the following rights in relation to your personal data:
Right to Transparency: You have α right to know who is processing your data; how they are processing it; what type of data is being processed and for what purpose.
Right of access. You have α right to demand free access to your personal data.
Right to rectification. You have a right to demand rectification of inaccurate personal data and to have incomplete personal data completed.
Right to erasure (“right to be forgotten”). You have a right to demand the erasure of your personal data under certain conditions, such as when your data are no longer necessary in relation to the purposes for which they were collected, you have withdrawn your consent and there is no other legal basis for processing, the data have been unlawfully processed, etc. Erasure may not take place if processing is necessary, among others, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company, for reasons of public interest in the area of public health, or for the establishment, exercise or defence of legal claims, etc.
Right to restriction of processing. You have a right to demand restriction of processing where: the accuracy of the personal data is contested; the processing is unlawful; the controller no longer needs the personal data for the purposes of the processing; you have objected to automated processing.
Right to data portability. You have a right to demand the transfer of your data to another controller where this is technically feasible.
Right to object. You have a right to object to the processing of your personal data, provided that this causes no impairment to the public interest. You have a right to oppose certain forms of processing of your personal data to ensure that your data is not subject to the legal effects of automated processing or formatting.
Moreover, in any situations where we process your personal data on the basis of a legal interest or a public interest, you have a right to object to such use of your data any time, as per the applicable regulations.
If you have given your consent to the use of certain data, you have an unrestricted right to withdraw your consent at any time. Withdrawing your consent means that we will terminate the processing of any data in respect of which we had obtained your consent. Of course, we reserve the right to determine which information needs to be retained for reasons of compliance with our general tax and legal obligations. Withdrawing your consent shall entail no effects other than our inability to carry out processing.
You may exercise your rights by contacting the Company or by email (Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.). If you exercise any of your rights by filing a request, we shall make all reasonable endeavours to process your request within thirty (30) days of receipt and to inform you of the positive outcome or of any reasons preventing us from granting your request. If you do not hear from us in 30 days or if you are not happy with our response, you have a right to file a complaint with the Data Protection Authority.
You have a right to file a complaint with the Data Protection Authority, which is responsible for enforcing the data protection legislations, if you have any concerns as to how we are processing your personal data or if you are not happy with our response to your complaint or request.
HELLENIC DATA PROTECTION AUTHORITY
1-3, Kifissias Ave., 115 23, Athens
Tel.: +30-210 6475600
Fax: +30-210 6475628
Protection of your Personal Data
Your data is stored in different resources, including in a physical record, on our Website, on the Property Management System and on other computer systems (including in email applications). Your data is stored in its entirety, in the form it was submitted to us, without any interference in their content.
We have a series of technical and organisational security procedures in place to prevent any unauthorised or unlawful use of, or access to, your personal data, as well as any accidental loss or damage, modification or disclosure of your data. In addition, we only allow access to your personal information strictly on a need-to-know basis. Any third parties shall process your personal data in accordance with our instructions and shall be bound by a confidentiality obligation. Your Personal Data shall only be processed by a third party Processor only if the latter agrees to apply our technical and organisational security measures.
In case of a data security breach, we will notify you and the competent regulatory authorities, where we bear a legal obligation to that effect.
Questions, Concerns and Complaints
If you have any questions about this Privacy Policy or if you would like to complain about how we or our business partners process your data, you have a right to contact us. Our contact details are set forth in the Sections entitled Data Controller of this Policy.
Amendments
The Hotel reserves the right to modify this Privacy Policy and its related practices at any time in order to respond to changes in the regulatory environment, business needs or to meet the needs of subjects, properties, strategic partners and service providers without notice. Such changes, modifications, additions or deletions to the Privacy Policy will supersede previous disclosures and will be effective immediately upon their publication.
Updated versions will be posted on the Hotel Website and will bear the publication date, so that you will always know when the policy was last updated.
We encourage you to check our website frequently to see the current privacy policy and to ensure that you are in agreement with any changes that have been made to it. For older versions, you can contact us.
fr