The aim of this Privacy Policy
This Privacy Policy is applicable to all digital environments owned by Stefan Village or operated for Stefan Village, related to our activities.
Stefan Village is the Data Controller (except for specific cases mentioned in this Privacy Policy) and can be contacted at T. +30 28210 68130 or https://stefanvillage.com/
Stefan Village in compliance with the applicable national and European legal framework on data protection, especially the General Data Protection Regulation (EU) 2016/679 (GDPR) and the national law 4624/2019, wishes to inform you in a lawful, fair and transparent manner on the personal data we collect, how we use it, and how the use of this information can benefit your experience while visiting our premises and/or our online platforms (website).
This Privacy Policy may be updated from time to time, in case that a new processing activity is added. For this reason, we urge you to read our Privacy Policy each time you wish to use our services.
Collection and processing of personal data.
1 Data collected for booking purposes
- Online booking engine through our website:
If you decide to make a booking reservation through our website (https://stefanvillage.com/), we will collect your First name and Last name, phone number, email address, credit card details (card type, card number, CVC code, expiration date, Cardholder’s name), arrival date and departure date. If you wish, you may provide us with some extra information such as your postal code address, city, country, any special requests you may have, purpose of stay, company etc.
1.1. Purposes of processing and legal basis
We collect your booking data in order to:
- Process and complete your booking reservation and the payment of the relevant services, fees and charges, including any communication with you on this matter. Our legal basis is that processing is necessary for the performance of a contract with you (GDPR 6 par.1 (b)).
- Collect and recover money owed to us or use them in case of disputes. Our legal basis is our legitimate interest (GDPR 6 par.1 (f)).
- Organize airport /port transfer, if you make a request for that. The legal basis for the processing is the performance of a contract with you (GDPR 6 par.1 (b)).
2 Data collected through our website or online platforms
2.1. Agents’ Data
2.2. Purposes of processing and legal basis
We use data you provide us via our Travel Agent account Login in order to give you the opportunity to buy directly from the hotel’s online booking engine and provide your clients the best available internet rates. Our legal basis is our legitimate interest.
3 Personal data from our website
At Stefan Village’ s website, we may use cookies, invisible pixels, and web beacons to obtain information about you while visiting our websites. For more information on our use of cookies, please read our Website’s Cookies Policy. The legal basis is our legitimate interest (GDPR 6 par.1(f)).
Special Categories of Personal Data
“Special categories of personal data” are the personal information that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation. Please note that we do not collect or process special categories of personal data from our website.
Protection of Minors
We do not seek or collect directly via our website, any information related to or provided by minors, unless they are provided by their legal guardian. In case it comes to our attention that a minor uses our website without his or her parent’s or legal guardian’s consent, we will put every reasonable effort in order to delete as soon as possible any data or other information provided by the minor and to ensure that these data will not be communicated to any third parties. However, as it is impossible to always determine the age of persons who access and use our websites, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors in order to exercise accordingly their rights such as deletion of their data.
Transfer of Personal Data
We treat all personal information you provide us as strictly confidential. We may share your information with companies and public services only in the context of the above-mentioned purposes. We may further disclose your personal data to third parties (legal entities or individuals) which process those data under our written order and clarifications (Data Processors). We always guarantee that these third parties apply the same measures for the protection of your personal data and act only under our written orders with respect to your personal data.
In this context your personal data may be transferred to:
- third parties (service providers). Whenever we cooperate with third parties that process your personal data, we ensure that they provide security measures to safeguard the security and confidentiality of your personal data. Public authorities
- Public authorities. We may disclose your personal data to Judicial, tax Authorities, public insurance entities and institutions or other government entities authorized to access and/or obtain your personal data.
When information is transferred as mentioned, we limit the extend of information that is being disclosed, to the strictly necessary for the performance of the specific purpose. In addition, given that some of our activities are processed by third parties, we ensure by contractual assurances that personal data processing is secure and fully compatible with this privacy policy.
When the transfer of data concerns a country outside the European Union (EU) or the European Economic Area (EEA), we always check whether:
- The Commission has issued an adequacy decision on the third country to which the transfer is addressed to.
- Appropriate safeguards are in place in accordance with the Regulation for the transfer of such data.
In any other case, the transfer to a third country is not allowed and we may not transfer personal data unless any of the specific derogations provided for in the Regulation apply (e.g. explicit consent of the data subject, upon informing him/her on the risks of the transfer, the transfer is necessary for the performance of a contract at the request of the subject, there are reasons of public interest, it is necessary to support the legal claims and the vital interests of the subject etc.).
Third-Party Websites
Our website may contain links to other websites operated by external third parties. We take all necessary measures in order to ensure that our website is only linked to websites of external third parties which maintain and enforce the same standards and criteria on privacy and security. Note that we bear no responsibility for the content and/or the privacy and/or personal data protection practices of websites operated by external third parties.
Your Rights
At Stefan Village, we protect and respect your rights, as set forth by General Data Protection Regulation, including more specifically:
(i) your right to be informed on the processing of your personal information (i.e. right of access) and to request and obtain further information on the processing applied;
(ii) your right to request for correction of their inaccurate personal data;
(iii) your right to request for deletion of personal information provided, unless prohibited by legitimate reasons;
(iv) your right to request for limitation of processing;
(v) your right to request for portability of your personal information; and
(vi) your right to objection/opposition to further processing thereof.
(vii) If the data processing is based on your prior consent, you may withdraw your consent at any time, without affecting the legality of the processing already performed.
In these cases, Stefan Village will respond in writing within 1 month upon receipt and identification of the request.
In case you exercise one or more of the above-mentioned rights of correction, deletion and restriction of your data, these requests shall also be forwarded to any third-party recipient to whom the personal information may have been disclosed in the scope of pursuance of the before mentioned processing purposes.
Communication for data protection matters
In order to ensure that your personal information is being efficiently protected, Stefan Village has a dedicated contact line to which data subjects may address their requests and questions in relation to this Privacy Policy, as follows:
STEFAN VILLAGE HOTEL APARTMENTS
Agia Marina, Chania, Crete, Greece, 73014
In case you consider that we have not properly responded to your request, you can always contact the relevant Greek Data Protection Authority (www.dpa.gr).
Security Measures
We make all efforts to implement all appropriate organizational and technical measures for the security and protection of your personal data, taking into account the latest developments, the cost of implementation and the nature, scope, and risks of a different likelihood of occurrence and seriousness of the rights and freedoms of natural persons, in order to ensure the confidentiality, integrity, availability and resilience of our systems involved in the processing of your personal data.
Retention Period
We won’t retain or process your personal data for a longer period than is strictly necessary in order to carry out the purposes and obligations as set out in this Policy, after the end of which we shall destroy/delete your personal data unless their further retention and storage is required otherwise by the applicable legislation.
Updates to the Privacy Policy
Stefan Village may amend this Privacy Policy from time to time in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our guests, properties, strategic marketing partners, and service providers. Updated versions will be uploaded to our website and date stamped so that you are always aware of when our Privacy Policy was last updated.
April 2020