PRIVACY NOTICE

Our Company fully shares your concern regarding your personal data. Recently, we have introduced several changes that reflects the enhanced requirements of the EU’s General Data Protection Regulation (a.k.a. GDPR). Our aim is to be as honest and transparent as possible regarding the personal data we collect and the way we process it.

Ι. Types of personal data collected – Purposes
Our company collects and processes personal data in order to provide (potential) customers with our products and services, in addition to being able to fulfil its obligations to them and to our suppliers.
Especially on the present website, personal data are being collected and processed for the following purposes:

Contact
On our website we collect data through the specially designated contact form. More specifically, if you wish to contact us for any reason whatsoever, we shall collect your name, e-mail or any other data included in the relevant message field.

Personal data may be collected during the process of any communication that takes place either by telephone, through the number mentioned on our website, or by sending us an e-mail to the relevant addresses.

Reviewing your stay
If you so wish, you may share your comments with us regarding your stay at our hotel, either by using the contact form or by sending us an e-mail. In such a case, we will collect your name, e-mail and any additional personal data you choose to share. Your review may be uploaded on our web site.

Social Plugins
Social Plugins are in use on our website. Through the use of the said plugins, we are granted access only to publicly shared information found on the respective Social Media platforms. The use of the plugins found on our website is governed by the terms and conditions of each platform.

ΙΙ. Legal basis for the data processing we conduct
Our Company collects and processes personal data when at least one of the following conditions are present:

• Execution of a contract: Processing is essential for the performance of the contract or for action to be taken on the request of a natural person prior to the conclusion of a contract. For example, we collect and process your personal data to offer you our products and services, to respond adequately to any queries you have submitted through our communication channels (contact form, phone, e-mail), etc.
• Legal Obligation: processing is necessary so that we can comply with obligations established by the law.
• Legitimate interests of the Controller or third parties, provided that they are not overridden by the interests of the employee: Collection and processing are essential for the protection of our legitimate interests in order to ensure the smooth operation of our hotel, the achievement of our corporate goals and the defense of any legal claims.
• Vital interests: Processing is necessary to protect the life or any other vital interests of the data subject.
• Consent: In cases where required by law or when none of the above legal bases is applied, our company shall collect and process data after being given explicit, freely given, and informed consent by a natural person (the data subject) under the specific conditions provided by the GDPR. For example, we are given your consent for data collection through cookies.

III. How long your personal data is retained for
Personal data shall be retained for as long as necessary for data collection purposes, unless otherwise specified by law.

If retaining your data is not needed for an explicitly described and legal purpose, we safely delete and/or destroy them in accordance to our “Policy for Keeping and Deleting Personal Data”.

ΙV. Who your personal data are disclosed and/or transmitted to
Your personal data shall be disclosed to:
(a) Authorized employees of our Company.
(b) Entities entrusted with the execution of specific tasks such as, but not limited to, lawyers, product suppliers and/or IT service providers and/or support service providers of all kinds of computer-based information systems or electronic systems and networks, logistics companies, marketing companies, business consulting firms.
(c) Third parties cooperating with or rendering services to our Company, including, but not limited to, reservation management companies, transportation agencies, travel agencies.
(d) Supervisory, independent, judicial, prosecuting, public and/or other authorities, bodies or parties assigned to control/monitor the Company’s activities within the scope of their responsibilities.

V. Rights of the data subject
The General Data Protection Regulation provides you with rights and options that we are committed to satisfying. Thus, you may:
• request information about your stored personal data and the way it is processed. If you so wish, we shall provide a copy of your personal data undergoing processing, free of charge (Right of Access).
• request rectification of inaccuracies or errors, correction of incomplete data or an update of your data (Right to rectification).
• request erasure of personal data, if no longer retained for specific, legal or stated purposes (Right to erasure or Right to be forgotten).
• request restriction of processing a) when the accuracy of the personal data is contested, b) when the processing is unlawful (but you oppose the erasure of the data), c) when the data is no longer needed for the purposes of the processing, and d) for as long as the verification whether the legitimate grounds of the controller override those of the data subject are still pending.
• object on grounds relating to your particular situation, at any time, to processing of personal data, especially when this data is processed for direct marketing purposes or profiling. More specifically, you may object to a decision based solely on automated processing. In such a case, you may exercise your right of intervention (Right to object – Automated individual decision-making).
• receive your personal data in a structured, commonly used and machine-readable format or transmit this data to another controller at your behest, where technically feasible and at all times under the specific conditions of the law (Right to data portability).

• Revoke your once granted consent for your data processing at any time. As a result, we will not be allowed to continue the data processing based on this consent in the future.
You may send your requests to the email address: info@palmbeach.gr.
Our Company shall fulfill all your requests within one (1) month. In the extremely rare cases that such a fulfillment is proven unfeasible, we shall immediately inform you explaining the reasons in detail.

If you believe that the provisions for personal data are being violated, you may file a complaint to the Hellenic Data Protection Authority (www.dpa.gr).

VI. Contact Info
We shall remain at your disposal for any further query or clarification. Contact us.
Email: info@palmbeach.gr
Telephone: +30 224 202 1771

DATA CONTROLLER
Palm Beach Hotel Kos Greece
info@palmbeach.gr
Koon Olympionikon, Psalidi, 85300 Greece
+30 224 202 1771

VIII. Effective date – Amendments
Version 1.0, Posted on 26/06/2019