The present statement provides a framework of understanding of the personal data collected by the company “K. EPANOMERITAKIS S.A.” under the distinctive title “ATHINA PALACE” (hereinafter, “the Controller”), established in the region of Ligaria, Irakleion, Crete, as required pursuant to the General Data Protection Regulation 2016/679 (GDPR) of the European Union and relates to the abovementioned data collected from our clients. The processing is carried out according to the legal provisions of the Regulation, in particular providing consent and ensuring compliance with a legal or contractual requirement or a condition for the conclusion of a contract, such as the execution of transactions with the clients of our hotel. We may process our client’s personal data to improve the provided services, promote advertising, e-mail communication, upgrade systems and prevent any unlawful act.

We ensure the protection of your personal data through administrative, technical and means from any accidental, unlawful or non-authorised destruction, loss, alteration, access, disclosure or use. In this regard, we apply the following measures: a) encryption of personal data during transfer, b) strict control for the identification of the user, c) enhanced network infrastructure, d) network monitoring applications.

We may share our client’s personal data with our suppliers and third parties executing services on our behalf and in accordance with our instructions. The latter may not use or disclose the information unless it is necessary for the provision of services on our behalf or compliance with the relevant legal requirements.

As data subject, you have the following rights pursuant to articles 15-22 of the General Data Protection Regulation:

1. Right of access: You may have access to the personal data concerning you, as well as if the processing is carried out in accordance with the Regulation.
2. Right to rectification: You may request the Controller to rectify inaccurate personal data concerning you.
3. Right to erasure: You may request the Controller to erase personal data concerning you and which are not necessary for the accomplishment of the company’s purposes.
4. Right to restriction of processing: You may request the restriction of processing of your personal data only to what it is strictly necessary.
5. Right to data portability: You may receive the personal data concerning you, which are kept by the Controller, in a machine-readable format (usb stick), as well as request the transmission of those data to another Controller.
6. Right to object: You may object at any time to the processing of your personal.
7. Right to obtain human intervention: You may request the processing of your personal data to be carried out by human factor and not automatically by technological means for the purpose of profiling etc.
8. Right to lodge a complaint with a supervisory authority: You may lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the Regulation.
9. Right to withdraw consent: You may withdraw your consent to the processing of your personal data (according to article 7 GDPR) at any time.

You may contact us at any time concerning our company’s policy for the protection of your personal data and the exercise of your rights by telephone 2810811800 or by e-mail dpo@athinapalace.com.gr